From azher at NIIT.EDU.PK Thu Sep 1 07:52:42 2005 From: azher at NIIT.EDU.PK (Azher Amin) Date: Thu Jan 12 21:30:40 2006 Subject: Mail Routing Message-ID: Hi, I have two email servers running sendmail and mailscanner. These are on 2 different DSL links, so if one link goes down then I can atleast keep getting emails from outside. My question is when the link 1 is down then sendmail on serevr 1 keeps the outgoing messages in queue till the link is up again. So in such link outage condition this server can forward the queued emails to second server whose DSL link is active ?? I can do this using smarthost in sendmail, but that I have to do manually, I want to get this auto, plz guide … Regards Azher ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 08:27:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:40 2006 Subject: Best practise? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 31 Aug 2005, at 23:06, Peter Russell wrote: > 2 questions > > I currently scan mail for a handful of domains and less than 2000 > users. I have primary and secondary MailScanner servers both with > own MX records of different weights. They are on 2 different > physical networks/sites, but one of those networks and the site is > being decommissioned. The second machine will moved to the same > rack as the primary. We have a another MailScanner machine that > handles outbound mail only. > > Should i just turn the secondary into a backup MX and simplify the > whole thing by having just one mailscanner and the backup mx > machines? Or is it better to continue to maintain two mailscanners? > My preference is for the ms+backupMX option but not sure of there > are drawbacks with this that i havent considered? Personally, I would go for having both machines running MailScanner. If you don't, then mail from outside that hits your secondary (which will be virtually all your spam) will get passed to the primary for MailScanning, and then onwards into your network. If the primary goes down, all your mail freezes as the secondary can't send it to the primary for MailScanning. Having all functionality on both servers allows them to work independently of each other, neither relying on the other to be up and running. Then you can temporarily take one of your mail servers down (e.g. for upgrading) and not lose any service. > My next question is that we provide a service that is an email > address for ex students for life. Its a subdomain of ours and there > is no mail storage, it is simply a forwarding/redirecting service. > There is a web gui that allows users to change their forwarding > address. The development guys dont like the system that does it now > and would prefer to output a text file from their app and let me > redirect this using Postfix on MailScanner. Is Virtual Alias maps > the best way? Can't help you here, you need a Postfix expert. (which sure ain't me!) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxatW/w32o+k+q+hAQH8+AgAupZxQMCLydw48dvJ2EXLSWzyh8fv4gIZ ksE7+Rp2R4G90K4NpimxJfP1Gl7utzssWri9x/g9XLxUroDajowvY4KWIz3pTseV q5mAXWXcxj/ZsOC4Djgew5EtMGu8Mp6OrtJaVr14UQkJdYmX8i7woYEVvu+2Ex8/ kred71pj3yvYB/yzlDaVjA/RHCit4EZM8sU5+yNwC+PFCCTIrp0Y7VVczH1JdWgu oVpmKPH29SV5LcHCamGS0dfSivtR43tyou2INULOE07eWBPu1goUxKtfQaZHlzxa IAw7FVxIO0hZ/w73P+BAZ1+fy0PFAfmHCJTnzUEQ61cdnS5GdPUFhA== =Tkmh -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 08:29:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:40 2006 Subject: Mail Routing Message-ID: [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can do this easily in sendmail using the "FallbackMX" setting. If a mail server is trying to deliver to the outside world and can't, it sends the mail onto the "FallbackMX" server instead. Which I believe is your scenario exactly. On 1 Sep 2005, at 07:52, Azher Amin wrote: Hi,   I have two email servers running sendmail and mailscanner. These are on 2 different DSL links, so if one link goes down then I can atleast keep getting emails from outside. My question is when the link 1 is down then sendmail on serevr 1 keeps the outgoing messages in queue till the link is up again. So in such link outage condition  this server can forward the queued emails to second server whose DSL link is active ??   I can do this using smarthost in sendmail, but that I have to do manually, I want to get this auto, plz guide ^Å   Regards Azher   ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From pete at ENITECH.COM.AU Thu Sep 1 09:12:09 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:40 2006 Subject: Best practise? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On 31 Aug 2005, at 23:06, Peter Russell wrote: > >>2 questions >> >>I currently scan mail for a handful of domains and less than 2000 >>users. I have primary and secondary MailScanner servers both with >>own MX records of different weights. They are on 2 different >>physical networks/sites, but one of those networks and the site is >>being decommissioned. The second machine will moved to the same >>rack as the primary. We have a another MailScanner machine that >>handles outbound mail only. >> >>Should i just turn the secondary into a backup MX and simplify the >>whole thing by having just one mailscanner and the backup mx >>machines? Or is it better to continue to maintain two mailscanners? >>My preference is for the ms+backupMX option but not sure of there >>are drawbacks with this that i havent considered? > > > Personally, I would go for having both machines running MailScanner. > If you don't, then mail from outside that hits your secondary (which > will be virtually all your spam) will get passed to the primary for > MailScanning, and then onwards into your network. If the primary goes > down, all your mail freezes as the secondary can't send it to the > primary for MailScanning. > > Having all functionality on both servers allows them to work > independently of each other, neither relying on the other to be up > and running. > > Then you can temporarily take one of your mail servers down (e.g. for > upgrading) and not lose any service. Thank you for you valuable time and advice - funny how these things always make a lot more sense when some one else says it. Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 09:54:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:40 2006 Subject: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have just released the latest stable version of MailScanner 4.45. The major new features this month include: - - Added new configuration options to control whether you want to highlight phishing fraud links or modify the subject line or both. New options are :- Highlight Phishing Fraud (= yes by default) Phishing Modify Subject (= "{Fraud?}" by default) Phishing Subject Text (= no by default) - - New "Quarantine Modified Body" setting, default is "no". This will cause all modified messages to be quarantined, including messages which have had their HTML disarmed. Also optimised this so it never archives twice. - - Phishing detection now handles URL's containing %xx characters pointing to web site names with é in them (and characters written like that). Download as usual from www.mailscanner.info. The full Change Log is here: * New Features and Improvements * - - Added MCP patches for SpamAssassin 3.0.4. - - Added extra output about nodeps switch with install.sh for RPM. - - Added "no bytes" lines to cancel out "use bytes" as it causes problems with multi-lingual subject lines. - - Improved phishing net so that when you have multiple MailScanner servers all handling your incoming mail, links caught by the first one won't also be caught by the following ones. This caused the final message to contain multiple warnings about the same link. There is now just 1 warning. - - New "Quarantine Modified Body" setting, default is "no". This will cause all modified messages to be quarantined, including messages which have had their HTML disarmed. Also optimised this so it never archives twice. - - Added syslog-ing to BitDefender updater. - - Improved web bug handler when disarmed by multiple MailScanners. - - Added new configuration options to control whether you want to highlight phishing fraud links or modify the subject line or both. New options are :- Highlight Phishing Fraud (= yes by default) Phishing Modify Subject (= "{Fraud?}" by default) Phishing Subject Text (= no by default) - - Phishing detection now handles URL's containing %xx characters pointing to web site names with é in them (and characters written like that). * Fixes * - - Corrected bayes_file_mode in spam.assassin.prefs.conf on advice from Matt Kettler. - - 'MailScanner -v' now prints out the version number of Convert::TNEF. - - Group memberships problem on BSD fixed. Spam quarantine membership should now always be correct on BSD systems. - - Tweaked ClamAV+SpamAssassin package so it skips the zlib-vcheck version check, it doesn't appear to be important and holds up newbies, which is a Bad Thing(TM). - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxbBtfw32o+k+q+hAQF4Igf/dQxsDqv3T0WW1thHWecZA7XbzCDtqxYd onz4cda570j87YqVc0gIWh5J+bn2F8FjuR3pUeHvwvF3g6Qp327y2wIMC00b51mN 9R5olVmsgz0aJBgoCXqF6ZGayXOAhCIGPtvN/wiSauOHIulJBf8obFtBjkezkJ73 qOQYcnQ1zLxVTerL7xQJfC/eMSekN5htsJCkz0lHWnd2Mx59f+GqnolRmetosKKm fYCUgfh15dntKRcR5DXLLaEr7x5hooFDGpCwFaB+fACzE62ViXnHPVS2Lexi4dBR TX8f0uqoWU+wDjGkttiy+pTCPXb62yn1m5JDsS+bdOv2M3xRvewDUw== =CHGq -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Thu Sep 1 11:22:04 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:30:41 2006 Subject: Mailscanner URL listed in SURBL ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've been testing a few rule changes to spamassassin and wondered why email from the mailscanner list is now showing up like this ? Spam Report: Score Matching Rule Description -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.00 HTML_MESSAGE HTML included in message 0.06 HTML_TEXT_AFTER_BODY HTML contains text after BODY close tag 0.03 HTML_TEXT_AFTER_HTML HTML contains text after HTML close tag 0.04 MIME_QP_LONG_LINE Quoted-printable line longer than 76 chars 0.42 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist 3.21 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 1.46 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist 0.27 USERPASS URL contains username and (optional) password All I did was add the following lines to /etc/mail/spamassassin/local.cf score MIME_BASE64_TEXT 1.9 score URIBL_SBL 3.0 Because I wanted any BASE64 text to get a higher score (which seems to work well and it gets all of those 'penny stock' spams for example), and I wanted any URLs listed in SURBL to get a higher score. Does anyone know if/why is the mailscanner site/url listed in these BLs ? Or am I missing something ? Cheers, Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Sep 1 11:50:33 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:30:41 2006 Subject: Mailscanner URL listed in SURBL ? Message-ID: Hi! > score MIME_BASE64_TEXT 1.9 > score URIBL_SBL 3.0 > > > Because I wanted any BASE64 text to get a higher score (which seems to work > well and it gets all of those 'penny stock' spams for example), and I wanted > any URLs listed in SURBL to get a higher score. > > Does anyone know if/why is the mailscanner site/url listed in these BLs ? > > Or am I missing something ? I think so yea, either you are struggling from the Sa bug or something else is wrong. I have whitelisted the mailscanner domains so it would sound rather strange they would be listed. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-user at NELAND.DK Thu Sep 1 12:12:59 2005 From: mailscanner-user at NELAND.DK (Leif Neland) Date: Thu Jan 12 21:30:41 2006 Subject: Mail Routing Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > On 1 Sep 2005, at 07:52, Azher Amin wrote: > >> Hi, >> >> >> I have two email servers running sendmail and mailscanner. These >> are on 2 different DSL links, so if one link goes down then I can >> atleast keep getting emails from outside. My question is when the >> link 1 is down then sendmail on serevr 1 keeps the outgoing >> messages in queue till the link is up again. So in such link outage >> condition this server can forward the queued emails to second >> server whose DSL link is active ?? >> >> >> I can do this using smarthost in sendmail, but that I have to do >> manually, I want to get this auto, plz guide ^Å >> > You can do this easily in sendmail using the "FallbackMX" setting. If > a mail server is trying to deliver to the outside world and can't, it > sends the mail onto the "FallbackMX" server instead. Which I believe > is your scenario exactly. > But if the host you are trying to send to is down, won't both sendmails try to send it to the other, so the mail bounces back between the two until it is killed with the message "too many hops"? You need to only send to the other if the link is down, not if the recipient host is down. So you need some kind of scripting, in connection with your monitoring system, eg Big Brother or Nagios. Leif -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Thu Sep 1 12:20:34 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:30:41 2006 Subject: Hosting MS and email on the same server? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Has anyone done this? I have a small site with about 20 users using IMAP and pop Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From h.g.eriksen at USIT.UIO.NO Thu Sep 1 12:42:45 2005 From: h.g.eriksen at USIT.UIO.NO (Haakon Eriksen) Date: Thu Jan 12 21:30:41 2006 Subject: Best practise? Message-ID: Peter Russell writes: > 2 questions Which Julian has already answered. I'm pretty much just re-posting the mail I wrote this morning to see if I've gotten my list subscription to work correctly :) > I currently scan mail for a handful of domains and less than 2000 > users. I have primary and secondary MailScanner servers both with own > MX records of different weights. They are on 2 different physical > networks/sites, but one of those networks and the site is being > decommissioned. The second machine will moved to the same rack as the > primary. We have a another MailScanner machine that handles outbound > mail only. > > Should i just turn the secondary into a backup MX and simplify the > whole thing by having just one mailscanner and the backup mx machines? > Or is it better to continue to maintain two mailscanners? My > preference is for the ms+backupMX option but not sure of there are > drawbacks with this that i havent considered? If you have two MS-boxes, you'd have (or could quite easily get) some sort of redundancy, which gives you more time when the primary box goes belly up. It would also make it a bit easier to scale to more boxes if that's needed for some reason. OTOH, if you have two machines doing the same thing it's nice to have things like automatic synchronization of config files and stuff like that, which can really add to the complexity of your setup. Or you might already have a system for that. > My next question is that we provide a service that is an email address > for ex students for life. Its a subdomain of ours and there is no mail > storage, it is simply a forwarding/redirecting service. There is a web > gui that allows users to change their forwarding address. The > development guys dont like the system that does it now and would > prefer to output a text file from their app and let me redirect this > using Postfix on MailScanner. Is Virtual Alias maps the best way? Sounds OK to me, assuming Postfix is comfortable with it. If you're having performance issues you could probably speed things up by using CDB tables or something instead, but that would also add complexity. Especially if you'd have to convert from the text files you get from the web app. -- Haakon Eriksen [ h.g.eriksen@usit.uio.no ] Central Computing Services, University of Oslo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Sep 1 13:09:35 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:41 2006 Subject: Hosting MS and email on the same server? Message-ID: MailScanner mailing list <> scribbled on Thursday, September 01, 2005 6:21 AM: > Has anyone done this? > > I have a small site with about 20 users using IMAP and pop > > Thanks > > Lance > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! I do it in several places. Works just fine ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Thu Sep 1 14:08:55 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:30:41 2006 Subject: Hosting MS and email on the same server? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike, Any documentation on how? and what you used? Lance Mike Kercher wrote: MailScanner mailing list <> scribbled on Thursday, September 01, 2005 6:21 AM: Has anyone done this? I have a small site with about 20 users using IMAP and pop Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! I do it in several places. Works just fine ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jason.broome at FREECOM.NET Thu Sep 1 14:14:55 2005 From: jason.broome at FREECOM.NET (Jason Broome) Date: Thu Jan 12 21:30:41 2006 Subject: Signing outgoing messages Message-ID: Hi We have some customers who send their outgoing mail through a MailScanner box. Certain customers with certain domains would like to have a disclaimer on the bottom of these emails. Does MailScanner allow you to do this? If so is there an example as a disclaimer for company A would be different to a disclaimer for company B. Any help would be greatly appreciated. Thanks Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From denis at CROOMBS.ORG Thu Sep 1 14:23:19 2005 From: denis at CROOMBS.ORG (Denis Croombs) Date: Thu Jan 12 21:30:41 2006 Subject: Hosting MS and email on the same server? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Mike, > > Any documentation on how? and what you used? > > Lance > > Mike Kercher wrote: > >>MailScanner mailing list <> scribbled on Thursday, September 01, 2005 >> 6:21 >>AM: >> >> >> >>>Has anyone done this? >>> >>>I have a small site with about 20 users using IMAP and pop Hi I have done it many times, I installed Centos (Redhat clone) used sendmail with smtp auth & pop before smtp & then installed clamav, bitdefender, DCC, razor, mailscanner * Spamassassin. Regards Denis Croombs ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Thu Sep 1 14:32:49 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:30:41 2006 Subject: Signing outgoing messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Yes this is possible. You can sign outgoing mail in a ruleset. # Add the "Inline HTML Signature" or "Inline Text Signature" to the end # of uninfected messages? # This can also be the filename of a ruleset. Sign Clean Messages = no Regards, Remy Jason Broome wrote: >Hi > >We have some customers who send their outgoing mail through a MailScanner >box. > >Certain customers with certain domains would like to have a disclaimer on >the bottom of these emails. Does MailScanner allow you to do this? If so >is there an example as a disclaimer for company A would be different to a >disclaimer for company B. > >Any help would be greatly appreciated. > >Thanks > >Jason > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 3.9KB. ] [ Unable to print this part. ] From michele at BLACKNIGHT.IE Thu Sep 1 14:52:06 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:30:41 2006 Subject: Hosting MS and email on the same server? Message-ID: Lance Haig <> said on 01 September 2005 12:21: > Has anyone done this? > > I have a small site with about 20 users using IMAP and pop No reason why not. We do it on shared hosting servers all the time Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KevinS at BMRB.CO.UK Thu Sep 1 15:03:06 2005 From: KevinS at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:30:41 2006 Subject: Signing outgoing messages Message-ID: You need to look at Sign Clean Messages. You can use rulesets for this. I do this (under protest!) for several of our domains I use a ruleset for 'Sign Clean Messages' which decides - based on the originating IP - whether a message should be signed. I then use a ruleset for 'Inline HTML Signature' and 'Inline Text Signature' which determines which signature file to use for each domain. I have an empty (blank) signature file which I use as the default rule, just in case. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jason Broome Sent: 01 September 2005 14:15 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Signing outgoing messages Hi We have some customers who send their outgoing mail through a MailScanner box. Certain customers with certain domains would like to have a disclaimer on the bottom of these emails. Does MailScanner allow you to do this? If so is there an example as a disclaimer for company A would be different to a disclaimer for company B. Any help would be greatly appreciated. Thanks Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ================================================================= BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From liste at ALIXEN.FR Thu Sep 1 15:15:53 2005 From: liste at ALIXEN.FR (Benoit Guguin) Date: Thu Jan 12 21:30:41 2006 Subject: mailscanner with spamassassin : error on subject with [SPAM] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I have a little probleme. I m using postfix with mailscanner, spamassassin and clamav. Some mails are receive with a subject [SPAM] other_thing. And effectively it's some spam. But the users of the server receive them in their mailboxes ... So to workaround this probleme I have add in spam.assassin.prefs.conf (like the mailscanner wiki says) these lines : describe UDES_HEADER Check_header_content_SPA header UDES_HEADER Subject =~ /SPAM/i score UDES_HEADER 100.0 After restarting MailScanner, Mails with the string SPAM in their subject are correctly detected. But (something made me crazy) Mails with in their subject [SPAM] are send in the user's mailboxes *without* the string [SPAM] in their subject .... I have also test, for same effect, with this : describe UDES_HEADER Check_header_content_SPA header UDES_HEADER Subject =~ /\[SPAM\]/i score UDES_HEADER 100.0 describe UDES_HEADER Check_header_content_SPA header UDES_HEADER Subject =~ /.*SPAM.*/i score UDES_HEADER 100.0 Any idea please ? thank you in advance Regards, -- Guguin Benoit Société Alixen 2 rue Jean Rostand 91 893 Orsay Cedex France Tel : 01 69 85 24 13, Fax : 01 69 85 24 10 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vosburgh at DALSEMI.COM Thu Sep 1 15:23:50 2005 From: vosburgh at DALSEMI.COM (David Vosburgh) Date: Thu Jan 12 21:30:41 2006 Subject: mailing address Message-ID: Julian, I've recently been paid for some mail server work I did on the side, and it seems appropriate to tithe several of the open source projects most responsible for filling my coffers. If you can provide a mailing address, I would be more than happy to send you a check...err...cheque. If there are any particulars on how you'd like the payment made out, please let me know. Thanks again for such a great piece of software. Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Sep 1 16:22:50 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:41 2006 Subject: mailscanner with spamassassin : error on subject with [SPAM] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Benoit Guguin wrote: > Hello, > > I have a little probleme. I m using postfix with mailscanner, > spamassassin and clamav. > > Some mails are receive with a subject [SPAM] other_thing. And > effectively it's some spam. > But the users of the server receive them in their mailboxes ... > > So to workaround this probleme I have add in spam.assassin.prefs.conf > (like the mailscanner wiki says) these lines : > > describe UDES_HEADER Check_header_content_SPA > header UDES_HEADER Subject =~ /SPAM/i > score UDES_HEADER 100.0 > > After restarting MailScanner, Mails with the string SPAM in their > subject are correctly detected. > > But (something made me crazy) Mails with in their subject [SPAM] are > send in the user's mailboxes *without* the string [SPAM] in their > subject .... > > I have also test, for same effect, with this : > describe UDES_HEADER Check_header_content_SPA > header UDES_HEADER Subject =~ /\[SPAM\]/i > score UDES_HEADER 100.0 > > describe UDES_HEADER Check_header_content_SPA > header UDES_HEADER Subject =~ /.*SPAM.*/i > score UDES_HEADER 100.0 > > Any idea please ? > thank you in advance > > Regards, > Benoit, Make sure you don't have many SA rules with the same name. I use UDES_RULE1, UDES_RULE2, and so on to make sure they are all different from one another. BTW, UDES is the name of our University (Université de Sherbrooke) so you may use something more local to you. Now for your rules: the first one will match every time the others do. So no need to use any other rule than the first. If those mails are being delivered to your users it must be because: High Scoring Spam Actions = deliver Set it to delete and it should do so. You can also use «store delete» to quarantine them or «delete forward me@some.address». Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From Denis.Beauchemin at USHERBROOKE.CA Thu Sep 1 16:26:02 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:41 2006 Subject: mailscanner with spamassassin : error on subject with [SPAM] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Benoit Guguin wrote: > Hello, > > I have a little probleme. I m using postfix with mailscanner, > spamassassin and clamav. > > Some mails are receive with a subject [SPAM] other_thing. And > effectively it's some spam. > But the users of the server receive them in their mailboxes ... > > So to workaround this probleme I have add in spam.assassin.prefs.conf > (like the mailscanner wiki says) these lines : > > describe UDES_HEADER Check_header_content_SPA > header UDES_HEADER Subject =~ /SPAM/i > score UDES_HEADER 100.0 > > After restarting MailScanner, Mails with the string SPAM in their > subject are correctly detected. > > But (something made me crazy) Mails with in their subject [SPAM] are > send in the user's mailboxes *without* the string [SPAM] in their > subject .... > > I have also test, for same effect, with this : > describe UDES_HEADER Check_header_content_SPA > header UDES_HEADER Subject =~ /\[SPAM\]/i > score UDES_HEADER 100.0 > > describe UDES_HEADER Check_header_content_SPA > header UDES_HEADER Subject =~ /.*SPAM.*/i > score UDES_HEADER 100.0 > > Any idea please ? > thank you in advance > > Regards, > One last note I forgot: if you keep the first SA rule you will delete any message with SPAM in its subject, such as "great new SPAM control software" or "new SpamAssassin version released", which may get your users in a bad mood... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Sep 1 16:51:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: mailing address Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have just replied off-list to you. Thankyou! On 1 Sep 2005, at 15:23, David Vosburgh wrote: > I've recently been paid for some mail server work I did on the > side, and it seems appropriate to tithe several of the open source > projects most responsible for filling my coffers. If you can > provide a mailing address, I would be more than happy to send you a > check...err...cheque. If there are any particulars on how you'd > like the payment made out, please let me know. > > Thanks again for such a great piece of software. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxcjZ/w32o+k+q+hAQEQbgf/b9DOVo29SLKlUFf13+f2JiFLRpR24vlm 71NDIwc+NJO5Xby55tA85CP/TH4Il9tJPbf+Tl7N8fUVdd/rosAcx2xTk3yQewlF jus7/tsnMRzR3qOOC3V5ZUpFAGICTpA4TDw6mO0ivXGaeRrsyVcOZ80wCQsK51m7 gDJY3CSqKJLFT87NfrlvuY4MHAxr0DF3CEeC2PJfmex1VxQ9KyZQQwsp8BzNs0DN g8QRfkGY/UvOcv4GYbesVmeGQ+P9ysZ2CAUx12qFrizlGauv3qPhxg8Ei9+Se52L 6sKQ3xyq3uaPOkzehSIcjR9Jg6Ve44B6ZqNQ8YJiHTo2L9LeIoXshw== =++G5 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Thu Sep 1 17:00:03 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:41 2006 Subject: Missing file with 4.45.4-1 Message-ID: Have installed 4.45.4-1 on 4 RedHat AS4 systems. Needed to install latest MIME::Base64 (3.05) first, which I did from CPAN, but otherwise installed OK on 3 of the systems. On the 4th system I get consistently: Missing file /usr/src/redhat/RPMS/i386i386/MailScanner-perl-MIME-Base64-3.05-5.i386i3 86.rpm Why? How can I sort this? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine. The University can get its own. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 17:19:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Missing file with 4.45.4-1 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I wonder why the i386i386 is happening? Haven't seen this before. I'm about to try it on a blank i386 RHEL4 system myself, I'll let you know what happens. But going home first :-) On 1 Sep 2005, at 17:00, Quentin Campbell wrote: > Have installed 4.45.4-1 on 4 RedHat AS4 systems. Needed to install > latest MIME::Base64 (3.05) first, which I did from CPAN, but otherwise > installed OK on 3 of the systems. > > On the 4th system I get consistently: > > Missing file > /usr/src/redhat/RPMS/i386i386/MailScanner-perl-MIME- > Base64-3.05-5.i386i3 > 86.rpm > > Why? How can I sort this? > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ---------------------------------------------------------------------- > -- > Any opinion expressed above is mine. The University can get its own. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxcqI/w32o+k+q+hAQEFigf/Rvg+sJJKyuY2ZKfGoLIi1UuECF0Pa3eX GOGOX/t3L613zc1FlvQuM1Wk6kt2Rs5ZHBOiq2A8XKrEU6+hhB88B9M2Gfq2eK0r w2nviFVmmpDlbGC1Qn6WWaZszC5QLq+MmzLtb+NeP8/cOAtZofjQ1J7Pa16kAcOR eArPIWUzLk+sM1z5zAf9kL5ec1zErtjvCxFMDhWpCMpVY8Er1KhsSuBynX3vGhDn hROd2QPQntoY94ohdl78SFBXVdQubPfUmLyO+makdwKMDmHEpuhv8j52HwR7oU6Q HcPggWMC14O5pkXva8w/3k2l4uQHZovXAsQzuW9/DiHakAYnKQgLvg== =TR3g -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From david.hooton at GMAIL.COM Thu Sep 1 18:41:20 2005 From: david.hooton at GMAIL.COM (David Hooton) Date: Thu Jan 12 21:30:41 2006 Subject: Mail loss after upgrading to 4.40.11-1 due to missing .rules suffix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > >Just upgraded an old version of SpamAssassin to the latest stable 4.40.11-1 > > > >The config file between this version and the old version I was installing > >from had changed the ""Spam Actions", "High Scoring Spam Actions", and > >associated items to now enforce a .rule or .rules suffix. Not having the > >suffix causes the mail to be "lost", no error and causes output in the log > >file of the action as being the filename converted to lower case (thus very > >confusing). Only after some code debugging did I spot the change, if only I > >had spotted the comment in the config file :) > > > >May be worth highlighting this in the upgrade_MailScanner_conf script so > >others dont make the same mistake. Julian, Is it possible to make MailScanner not load in this situation then? I have just spent hours chasing this issue and lost some mail as a result. Unfortunately I've been off on extended leave and had missed this email so didn't know why messages were vanishing, probably not the most graceful way to force a file naming convention. -- Regards, David Hooton ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 19:19:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Mail loss after upgrading to 4.40.11-1 due to missing .rules suffix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Hooton wrote: >>>Just upgraded an old version of SpamAssassin to the latest stable 4.40.11-1 >>> >>>The config file between this version and the old version I was installing >>> >>> >>>from had changed the ""Spam Actions", "High Scoring Spam Actions", and >> >> >>>associated items to now enforce a .rule or .rules suffix. Not having the >>>suffix causes the mail to be "lost", no error and causes output in the log >>>file of the action as being the filename converted to lower case (thus very >>>confusing). Only after some code debugging did I spot the change, if only I >>>had spotted the comment in the config file :) >>> >>>May be worth highlighting this in the upgrade_MailScanner_conf script so >>>others dont make the same mistake. >>> >>> > >Julian, > >Is it possible to make MailScanner not load in this situation then? I >have just spent hours chasing this issue and lost some mail as a >result. > >Unfortunately I've been off on extended leave and had missed this >email so didn't know why messages were vanishing, probably not the >most graceful way to force a file naming convention. > > The convention is only needed for a few of the configuration options, but I will take a look at working out where it needs enforcing and add some more error checks there. I suspect insisting on it where the configuration option refers to a filename may be all that's needed. Do you know of any places it has to be right? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 19:24:06 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Mail loss after upgrading to 4.40.11-1 due to missing .rules suffix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > David Hooton wrote: > >>>> Just upgraded an old version of SpamAssassin to the latest stable >>>> 4.40.11-1 >>>> >>>> The config file between this version and the old version I was >>>> installing >>>> >>>> from had changed the ""Spam Actions", "High Scoring Spam Actions", and >>> >>> >>> >>>> associated items to now enforce a .rule or .rules suffix. Not >>>> having the >>>> suffix causes the mail to be "lost", no error and causes output in >>>> the log >>>> file of the action as being the filename converted to lower case >>>> (thus very >>>> confusing). Only after some code debugging did I spot the change, >>>> if only I >>>> had spotted the comment in the config file :) >>>> >>>> May be worth highlighting this in the upgrade_MailScanner_conf >>>> script so >>>> others dont make the same mistake. >>>> >>> >> >> Julian, >> >> Is it possible to make MailScanner not load in this situation then? I >> have just spent hours chasing this issue and lost some mail as a >> result. >> >> Unfortunately I've been off on extended leave and had missed this >> email so didn't know why messages were vanishing, probably not the >> most graceful way to force a file naming convention. >> >> > The convention is only needed for a few of the configuration options, > but I will take a look at working out where it needs enforcing and add > some more error checks there. I suspect insisting on it where the > configuration option refers to a filename may be all that's needed. > > Do you know of any places it has to be right? > One place is clear, the "other" type which can accept arbitrary strings of words. That would cover the Spam Actions and High Scoring Spam Actions. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Thu Sep 1 20:31:58 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:30:41 2006 Subject: Hosting MS and email on the same server? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Guys I will see if I can do this Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 1 21:24:33 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:41 2006 Subject: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I have just released the latest stable version of MailScanner 4.45. > Upgraded and a couple of hours later all hell breaks out. For some reason internal TNEF seems broken. Using MailWatch I noticed the same {SPAM?} message being sent over and over and over and over again to the same user same subject. I would stop MS and then restart and the first thing I notice is: Expanding TNEF archive at /var/spool/MailScanner/incoming/... repeating over and over every few seconds, more than are being sent or received. I finally changed from: TNEF Expander = internal to TNEF Expander = /usr/bin/tnef --maxsize=100000000 restart MS and all is back to normal. Was there any change to the internal TNEF??? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 21:43:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Mail loss after upgrading to 4.40.11-1 due to missing .rules suffix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try the attached patch for Message.pm. David Hooton wrote: >>>Just upgraded an old version of SpamAssassin to the latest stable 4.40.11-1 >>> >>>The config file between this version and the old version I was installing >>> >>> >>>from had changed the ""Spam Actions", "High Scoring Spam Actions", and >> >> >>>associated items to now enforce a .rule or .rules suffix. Not having the >>>suffix causes the mail to be "lost", no error and causes output in the log >>>file of the action as being the filename converted to lower case (thus very >>>confusing). Only after some code debugging did I spot the change, if only I >>>had spotted the comment in the config file :) >>> >>>May be worth highlighting this in the upgrade_MailScanner_conf script so >>>others dont make the same mistake. >>> >>> > >Julian, > >Is it possible to make MailScanner not load in this situation then? I >have just spent hours chasing this issue and lost some mail as a >result. > >Unfortunately I've been off on extended leave and had missed this >email so didn't know why messages were vanishing, probably not the >most graceful way to force a file naming convention. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-GZIP 578bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Sep 1 21:44:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A problem with the internal TNEF decoder has come to light recently. For new installations, I have changed the TNEF Expander to the external one, to stop new users hitting this problem. I have as yet been unable to get hold of a TNEF message that exhibits this problem, no-one has kept any. If you have one that you can put on a website for me to copy, that would be very helpful. Ed Bruce wrote: > Julian Field wrote: > >> I have just released the latest stable version of MailScanner 4.45. >> > Upgraded and a couple of hours later all hell breaks out. For some > reason internal TNEF seems broken. Using MailWatch I noticed the same > {SPAM?} message being sent over and over and over and over again to > the same user same subject. I would stop MS and then restart and the > first thing I notice is: > > Expanding TNEF archive at /var/spool/MailScanner/incoming/... > repeating over and over every few seconds, more than are being sent or > received. I finally changed from: > > TNEF Expander = internal > > to > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > restart MS and all is back to normal. Was there any change to the > internal TNEF??? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 21:47:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Missing file with 4.45.4-1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just installed on a new RHEL4 box and it all installed just fine. I don't know where your i386i386 is coming from. You should find you have a /usr/src/redhat/RPMS/i386/MailScanner-perl-MIME-Base64-3.05-5.i386.rpm which you can just install using "rpm -Uvh" manually. Quentin Campbell wrote: >Have installed 4.45.4-1 on 4 RedHat AS4 systems. Needed to install >latest MIME::Base64 (3.05) first, which I did from CPAN, but otherwise >installed OK on 3 of the systems. > >On the 4th system I get consistently: > >Missing file >/usr/src/redhat/RPMS/i386i386/MailScanner-perl-MIME-Base64-3.05-5.i386i3 >86.rpm > >Why? How can I sort this? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 1 21:55:21 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:41 2006 Subject: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > A problem with the internal TNEF decoder has come to light recently. > For new installations, I have changed the TNEF Expander to the > external one, to stop new users hitting this problem. > > I have as yet been unable to get hold of a TNEF message that exhibits > this problem, no-one has kept any. If you have one that you can put on > a website for me to copy, that would be very helpful. I archive all messages for a few days. Is there a way I can test them in the archive to see which one(s) caused the problem??? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 1 22:00:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Julian Field wrote: > >> A problem with the internal TNEF decoder has come to light recently. >> For new installations, I have changed the TNEF Expander to the >> external one, to stop new users hitting this problem. >> >> I have as yet been unable to get hold of a TNEF message that exhibits >> this problem, no-one has kept any. If you have one that you can put >> on a website for me to copy, that would be very helpful. > > > I archive all messages for a few days. Is there a way I can test them > in the archive to see which one(s) caused the problem??? Start by finding the TNEF messages which will contain "winmail.dat" attachments. That may find it on its own. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Thu Sep 1 23:25:55 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:30:41 2006 Subject: Best practise? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > OTOH, if you have two machines doing the same thing it's nice to have > things like automatic synchronization of config files and stuff like > that, which can really add to the complexity of your setup. Or you > might already have a system for that. The only problem i have with thsi is the machines are different spec, so stuff like child processes would be incorrect set on one of the machines? I already do shared bayes using sql. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Sep 1 23:29:09 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:41 2006 Subject: Best practice? Message-ID: MailScanner mailing list <> scribbled on Thursday, September 01, 2005 5:26 PM: >> OTOH, if you have two machines doing the same thing it's > nice to have >> things like automatic synchronization of config files and > stuff like >> that, which can really add to the complexity of your setup. Or you >> might already have a system for that. > > The only problem i have with thsi is the machines are > different spec, so stuff like child processes would be > incorrect set on one of the machines? I already do shared > bayes using sql. > How many boxen do you share your bayes between? How many emails per day do you process? What kind of load does your mysql server exhibit? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wintermutecx at gmail.com Thu Sep 1 23:37:31 2005 From: wintermutecx at gmail.com (Dave) Date: Thu Jan 12 21:30:41 2006 Subject: Best practise? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In addition to what has already been stated. I like to do an upgrade on a secondary server incase something should happen the primary is still there. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From edward.ortiz at UTSA.EDU Fri Sep 2 00:19:28 2005 From: edward.ortiz at UTSA.EDU (Edward Ortiz) Date: Thu Jan 12 21:30:41 2006 Subject: Mailscanner/SunONE Messaging Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello to all, I'm currently setting up a system that will run Sun's 'SunOne Messaging Server' to handle our email. I'd like to configure a second system running MailScanner and McAfee to do virus scanning, attachment blocking, etc...Email will come into the Messaging server, get forwarded to the MailScanner system via Sun's "aliasdetourhost" setting, then sent back from the MailScanner system. Is anyone doing anything similar and have any tips, tricks, gotcha's etc... Thanks in advance, Ed ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From david.hooton at GMAIL.COM Fri Sep 2 03:52:34 2005 From: david.hooton at GMAIL.COM (David Hooton) Date: Thu Jan 12 21:30:41 2006 Subject: Mail loss after upgrading to 4.40.11-1 due to missing .rules suffix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 9/2/05, Julian Field wrote: > >Is it possible to make MailScanner not load in this situation then? I > >have just spent hours chasing this issue and lost some mail as a > >result. > > > The convention is only needed for a few of the configuration options, > but I will take a look at working out where it needs enforcing and add > some more error checks there. I suspect insisting on it where the > configuration option refers to a filename may be all that's needed. > > Do you know of any places it has to be right? The Spam, HighScoring Spam and Clean message actions for a start. I'm no sure about the rest, these are the only ones which caught me out so far. -- Regards, David Hooton ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Sep 2 03:38:45 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:41 2006 Subject: Mailscanner/SunONE Messaging Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Edward Ortiz wrote: > Hello to all, I'm currently setting up a system that will run Sun's > 'SunOne Messaging Server' to handle our email. I'd like to configure a > second system running MailScanner and McAfee to do virus scanning, > attachment blocking, etc... Ok, good idea. > Email will come into the Messaging server, > get forwarded to the MailScanner system via Sun's "aliasdetourhost" > setting, then sent back from the MailScanner system. Why would you accept mail directly on the Sun server? I think you should accept mail from the internet on the MailScanner, then send it to the sun server once processed. And set your MailScanner as a smart host for the sun server it you want to scan outbound e-mails. Ugo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Q.G.Campbell at NEWCASTLE.AC.UK Fri Sep 2 07:53:58 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:41 2006 Subject: Missing file with 4.45.4-1 Message-ID: Julian Thanks for the response. As I expected the "rpm -Uvh /usr/src/redhat/RPMS/i386/MailScanner-perl-MIME-Base64-3.05-5.i386.rpm" gives a "package MailScanner-perl-MIME-Base64-3.05-5 is already installed file /usr/lib/MailScanner/utils/lib/perl5/site_perl/5.8.5/i386-linux-thread-m ulti/auto/MIME/Base64/Base64.so from install of MailScanner-perl-MIME-Base64-3.05-5 conflicts with file from package MailScanner-perl-MIME-Base64-3.05-5". The problem seems to be the install.sh script and the "i386i386" string interpolated in the file and path name it is checking for. Since the 4.45.4-1 install works OK on three other RHAS4 systems here I guess I will have to reinstall RHAS4. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine. The University can get its own. >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 01 September 2005 21:48 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Missing file with 4.45.4-1 > >I have just installed on a new RHEL4 box and it all installed >just fine. >I don't know where your i386i386 is coming from. You should find you >have a >/usr/src/redhat/RPMS/i386/MailScanner-perl-MIME-Base64-3.05-5.i386.rpm >which you can just install using "rpm -Uvh" manually. > >Quentin Campbell wrote: > >>Have installed 4.45.4-1 on 4 RedHat AS4 systems. Needed to install >>latest MIME::Base64 (3.05) first, which I did from CPAN, but otherwise >>installed OK on 3 of the systems. >> >>On the 4th system I get consistently: >> >>Missing file >>/usr/src/redhat/RPMS/i386i386/MailScanner-perl-MIME-Base64-3.0 >5-5.i386i3 >>86.rpm >> >>Why? How can I sort this? >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From liste at ALIXEN.FR Fri Sep 2 08:42:10 2005 From: liste at ALIXEN.FR (Benoit Guguin) Date: Thu Jan 12 21:30:41 2006 Subject: mailscanner with spamassassin : error on subject with [SPAM] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok thank you. So I will use my second rules. For High scoring Spam I use forward delete and it's work great for lots of mails except for mail with [SPAM] in their subjet... Perhaps Interscan modify the header of thoses mails, and thoses header are misunderstand by mailscanner (or spamassassin) and lead to a wrong operation ? -- Guguin Benoit Société Alixen 2 rue Jean Rostand 91 893 Orsay Cedex France Tel : 01 69 85 24 13, Fax : 01 69 85 24 10 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Fri Sep 2 08:42:27 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:30:41 2006 Subject: Wrapper for avast antivirus? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Is anyone using avast (www.avast.com) together with MailScanner? If so, I can write a wrapper for it. Avast is currently available for Linux of FreeBSD servers. http://www.avast.com/eng/avast_for_linux_serv.html Please contact me if you would like to have a wrapper for avast. Regards, Remy. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Fri Sep 2 09:03:38 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:41 2006 Subject: mailscanner with spamassassin : error on subject with [SPAM] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > For High scoring Spam I use forward delete and it's work great for > lots of mails except for mail with [SPAM] in their subjet... Maybe a bit offtopic, but I wonder why I hear everybody using forward AND delete as spamaction. I use only forward and there is no copy on the server anymore, or am I missing something?? What's the extra to also define delete as action??? Thanx, Joost Waversveld ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 2 08:52:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:41 2006 Subject: Mailscanner/SunONE Messaging Message-ID: Ed I'd second Ugo's comments, make the MS machine the email gateway physically by routing all external (internet) email through it then forward onto the Sun messaging server. The way any problems with the SUN messaging server can't be exploited remotely and there's less chance of viruses/spam etc clogging the thing up. Also I'd add ClamAV to McAffee, two is always better than one.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Edward Ortiz Sent: 02 September 2005 00:19 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Mailscanner/SunONE Messaging Hello to all, I'm currently setting up a system that will run Sun's 'SunOne Messaging Server' to handle our email. I'd like to configure a second system running MailScanner and McAfee to do virus scanning, attachment blocking, etc...Email will come into the Messaging server, get forwarded to the MailScanner system via Sun's "aliasdetourhost" setting, then sent back from the MailScanner system. Is anyone doing anything similar and have any tips, tricks, gotcha's etc... Thanks in advance, Ed ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 2 09:59:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: On 1 Sep 2005, at 22:00, Julian Field wrote: > Ed Bruce wrote: >> Julian Field wrote: >>> A problem with the internal TNEF decoder has come to light >>> recently. For new installations, I have changed the TNEF Expander >>> to the external one, to stop new users hitting this problem. >>> >>> I have as yet been unable to get hold of a TNEF message that >>> exhibits this problem, no-one has kept any. If you have one that >>> you can put on a website for me to copy, that would be very helpful. >>> >> >> >> I archive all messages for a few days. Is there a way I can test >> them in the archive to see which one(s) caused the problem??? >> > > Start by finding the TNEF messages which will contain "winmail.dat" > attachments. That may find it on its own. Please try the attached patch for TNEF.pm. There is a bug in the directory permissions set by the Convert::TNEF module on its temporary directory. It fails when it cannot find any files in the TNEF archive when it is run as a user other than root. So Postfix and Exim users may see this problem. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 1.2, Application/X-GZIP 838bytes. ] [ Unable to print this part. ] [ Part 1.3: "Attached Text" ] -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From Q.G.Campbell at NEWCASTLE.AC.UK Fri Sep 2 11:20:05 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:41 2006 Subject: Missing file with 4.45.4-1 Message-ID: Julian The "i386i386" problem appearing in the path and filename of the MIME::Base64 RPM file appears to be the result of a corrupted RHAS4 installation. Have re-installed RHAS4 on the affected system and 4.45.4-1 has installed OK this time. Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine. The University can get its own. >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Quentin Campbell >Sent: 02 September 2005 07:54 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Missing file with 4.45.4-1 > >Julian > >Thanks for the response. > >As I expected the "rpm -Uvh >/usr/src/redhat/RPMS/i386/MailScanner-perl-MIME-Base64-3.05-5.i386.rpm" >gives a > >"package MailScanner-perl-MIME-Base64-3.05-5 is already installed > file >/usr/lib/MailScanner/utils/lib/perl5/site_perl/5.8.5/i386-linux >-thread-m >ulti/auto/MIME/Base64/Base64.so from install of >MailScanner-perl-MIME-Base64-3.05-5 conflicts with file from package >MailScanner-perl-MIME-Base64-3.05-5". > >The problem seems to be the install.sh script and the "i386i386" string >interpolated in the file and path name it is checking for. > >Since the 4.45.4-1 install works OK on three other RHAS4 systems here I >guess I will have to reinstall RHAS4. > >Quentin >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >--------------------------------------------------------------- >--------- >Any opinion expressed above is mine. The University can get its own. > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 01 September 2005 21:48 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Missing file with 4.45.4-1 >> >>I have just installed on a new RHEL4 box and it all installed >>just fine. >>I don't know where your i386i386 is coming from. You should find you >>have a >>/usr/src/redhat/RPMS/i386/MailScanner-perl-MIME-Base64-3.05-5. >i386.rpm >>which you can just install using "rpm -Uvh" manually. >> >>Quentin Campbell wrote: >> >>>Have installed 4.45.4-1 on 4 RedHat AS4 systems. Needed to install >>>latest MIME::Base64 (3.05) first, which I did from CPAN, but >otherwise >>>installed OK on 3 of the systems. >>> >>>On the 4th system I get consistently: >>> >>>Missing file >>>/usr/src/redhat/RPMS/i386i386/MailScanner-perl-MIME-Base64-3.0 >>5-5.i386i3 >>>86.rpm >>> >>>Why? How can I sort this? >>> >>> >> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Fri Sep 2 12:39:24 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:30:41 2006 Subject: The book Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on 16-8-2005 17:16: > No. You can only buy it from the USA, but www.mailscanner.info > will place the order direct with the > publishers, you just have to pay the shipping costs. I have received something to read this weekend. ;-) -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From R.A.Gardener at SHU.AC.UK Fri Sep 2 12:57:13 2005 From: R.A.Gardener at SHU.AC.UK (Ray Gardener) Date: Thu Jan 12 21:30:41 2006 Subject: Virus scanning / Upgrade to version 4.45 Message-ID: Hi, This morning I upgraded to version 4.45 on a Solaris 9 machine. I tested the upgrade with a message carrying a eicar ladened attachment. The upgraded installation has not picked this test virus up. There is no urgent issue as this is just one of several hubs and the others are working. However I need to have this machine back in line, fairly soon. The mailscanner logs which are going to /var/log/syslog don't show a problem and claim that mail is being virus scanned; my scanner type is set to sophos. Is there a way that I can configure syslogging to show wht underlying processes are being called in more detail? I have not tested the anti-spam scanning and I have no alternative anti-virus engines on the machine to see whether this issue is specific to sophos. (Note that the scanning did work before the upgrade!). Regards, Ray Gardener, LITS, Sheffield Hallam University, 0114 225 4926 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 2 14:01:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Virus scanning / Upgrade to version 4.45 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Do the logs say it has been cleaned and delivered? Or do they say it has been delivered as uninfected? I have just done a quick sanity test on a new box I have just built with 4.54 on it and it works fine with Sophos, ClamAV and F-Prot on it. All of them detect what I expect them to. On 2 Sep 2005, at 12:57, Ray Gardener wrote: > Hi, > > This morning I upgraded to version 4.45 on a Solaris 9 machine. I > tested the upgrade with a message carrying a eicar ladened > attachment. The upgraded installation has not picked this test > virus up. There is no urgent issue as this is just one of several > hubs and the others are working. However I need to have this > machine back in line, fairly soon. > > The mailscanner logs which are going to /var/log/syslog don't show > a problem and claim that mail is being virus scanned; my scanner > type is set to sophos. Is there a way that I can configure > syslogging to show wht underlying processes are being called in > more detail? > > I have not tested the anti-spam scanning and I have no alternative > anti-virus engines on the machine to see whether this issue is > specific to sophos. (Note that the scanning did work before the > upgrade!). - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxhNGvw32o+k+q+hAQHaXggAnCIGevNDF6+ld56oO9Bik0o7CvLyBTb3 J3MH1AjGQbEBdbd4b9ytHzrvfPgdO+gTLl1LJ1vm87D5DdWJdOuC8pvmjav1HDvY 3Kfw8eoMc+0oM7Mejo+LYlOO/rx8d0CL9EVORgjuyuO7A7dwSwCHg/ARPEBe8vcq bBhFPYrOtgoR904vK7tXksv48q+CYLx34HmoMUWUOvADhThm6jeutHcooaiH+g7m hwLqGQKq6c+JyPLH/gezIDOjGQu/ti83gRWtF9CH9+g+DCTP2rLcLGH52OG4jx8T z0RCOWus3X6u999sgkwvwZzj5Sf73OREtC1z5xU82tXXPc0w917IPA== =/eYc -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chardlist at CHARD.NET Fri Sep 2 15:20:31 2005 From: chardlist at CHARD.NET (chardlist) Date: Thu Jan 12 21:30:41 2006 Subject: S/MIME Encryption Message-ID: A client of mine wants to start using S/MIME signatures/encryption on their messages. Will MailScanner still be able to perform all of it's functions with their mail traffic or is some custom work needed? -Brendan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 2 16:17:01 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:41 2006 Subject: S/MIME Encryption Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] chardlist wrote: > A client of mine wants to start using S/MIME signatures/encryption on their > messages. Will MailScanner still be able to perform all of it's functions > with their mail traffic or is some custom work needed? > > -Brendan As long as you don't use any of MS's "sign cleaned" features, and you can accept that any virus or filename tagged messages will break the s/mime signature you'll be fine. In general s/mime is rather intolerant of any message body changes. This includes footers like "this message scanned by.." pasted at the bottom, etc. As long as you can avoid settings which make body changes, you should be fine. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ralexand at HOODINDUSTRIES.COM Sat Sep 3 15:00:03 2005 From: ralexand at HOODINDUSTRIES.COM (Richard Alexander) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: Corporate office was hit by Hurricane Katrina. Systems were not damaged, but lost power and T1 lines and will be down for several weeks. We have reloaceted the mail server to a disaster recovery site and have our linus mail server(MailScanner, SA, etc) located here. I can receive mail from the internet and send and receive from the inside, however I cannot send to the internet. Out mail server is normally a 208.24.x.x address which this disaster site cannot host. I have redirected my mx records to a 32.97.x.x which are the available IPs here. We created a NAT in the firewall that translates the 32.x to the 208.x. When i try to send out, mail sits in the mailq for 2 hours and kicks back. Error in mailq says Deferred: connection refused by whatever.host.com I know this is not MailScanner related, but I feel the receiving box is trying a reverse lookup and then rejected because of the Natd address. Any help would be greatly appreciated. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Sat Sep 3 15:26:35 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Corporate office was hit by Hurricane Katrina. Systems were not damaged, > but lost power and T1 lines and will be down for several weeks. We have > reloaceted the mail server to a disaster recovery site and have our linus > mail server(MailScanner, SA, etc) located here. I can receive mail from > the internet and send and receive from the inside, however I cannot send > to the internet. > > Out mail server is normally a 208.24.x.x address which this disaster site > cannot host. I have redirected my mx records to a 32.97.x.x which are the > available IPs here. We created a NAT in the firewall that translates the > 32.x to the 208.x. > > When i try to send out, mail sits in the mailq for 2 hours and kicks back. > Error in mailq says Deferred: connection refused by whatever.host.com > > I know this is not MailScanner related, but I feel the receiving box is > trying a reverse lookup and then rejected because of the Natd address. > > Any help would be greatly appreciated. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Are all the network settings correct on the server, like the default gateway and so on. Is the firewall blocking any outgoing traffic?? Is the DNS on the server working correctly? Just some simple things to check. Good luck, Joost Waversveld ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Sat Sep 3 15:26:25 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This wouldn't result in a connection refused message. Have you tried telnetting to some of these hosts on port 25 ?? Is the firewall allowing this through ? ________________________________ From: MailScanner mailing list on behalf of Richard Alexander Sent: Sat 03/09/2005 15:00 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Disaster recovery assistance Corporate office was hit by Hurricane Katrina. Systems were not damaged, but lost power and T1 lines and will be down for several weeks. We have reloaceted the mail server to a disaster recovery site and have our linus mail server(MailScanner, SA, etc) located here. I can receive mail from the internet and send and receive from the inside, however I cannot send to the internet. Out mail server is normally a 208.24.x.x address which this disaster site cannot host. I have redirected my mx records to a 32.97.x.x which are the available IPs here. We created a NAT in the firewall that translates the 32.x to the 208.x. When i try to send out, mail sits in the mailq for 2 hours and kicks back. Error in mailq says Deferred: connection refused by whatever.host.com I know this is not MailScanner related, but I feel the receiving box is trying a reverse lookup and then rejected because of the Natd address. Any help would be greatly appreciated. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner is part of the Mail Filtering service from Nexent Internet. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ralexand at HOODINDUSTRIES.COM Sat Sep 3 16:08:25 2005 From: ralexand at HOODINDUSTRIES.COM (Richard Alexander) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: I have had some guys here helping with firewall config, but i'm no expert. we had the following access-list outside_access_in permit icmp any any access-list outside_access_in permit ip any host 32.97.100.3 access-list outside_access_in permit ip any host 32.97.100.100 access-list outside_access_in permit tcp any host 32.97.100.100 eq smtp access-list outside_access_in permit tcp any host 32.97.100.100 eq www access-list outside_access_in permit tcp any host 32.97.100.100 eq pop3 access-list dmz_access_inside permit ip any 192.168.0.0 255.255.0.0 access-list dmz_access_inside permit icmp any any access-list dmz_access_inside permit udp any any but, i cannot telnet to outside mail server. Thanks for response ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Sep 3 17:02:21 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: MailScanner mailing list <> scribbled on Saturday, September 03, 2005 10:08 AM: > I have had some guys here helping with firewall config, but > i'm no expert. > > we had the following > > access-list outside_access_in permit icmp any any access-list > outside_access_in permit ip any host 32.97.100.3 access-list > outside_access_in permit ip any host 32.97.100.100 > access-list outside_access_in permit tcp any host > 32.97.100.100 eq smtp access-list outside_access_in permit > tcp any host 32.97.100.100 eq www access-list > outside_access_in permit tcp any host 32.97.100.100 eq pop3 > access-list dmz_access_inside permit ip any 192.168.0.0 > 255.255.0.0 access-list dmz_access_inside permit icmp any any > access-list dmz_access_inside permit udp any any > > but, i cannot telnet to outside mail server. > > Thanks for response You stated that you created a NAT that translates 32.97.x.x to your 208.24.x.x, but your firewall rules only mention 192.168.0.x What is the IP address of your NAT'd server right now? I live in Baytown, TX and we have a LOT of survivors of the hurricane here. My family is driving to different camps here delivering pizzas and supplies as our pockets allow. I'd like to work with you on this until we get it going. If you need a SmartHost to relay through, I'll be happy to provide that for you if we can get you to access port 25 on just one of my boxes or even port 587. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Sep 3 17:14:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Kercher wrote: >I live in Baytown, TX and we have a LOT of survivors of the hurricane here. >My family is driving to different camps here delivering pizzas and supplies >as our pockets allow. I'd like to work with you on this until we get it >going. If you need a SmartHost to relay through, I'll be happy to provide >that for you if we can get you to access port 25 on just one of my boxes or >even port 587. > > Mike, If I can be of any assistance, including financial, please do let me know. I am wary of donating to large charities as I don't want to support their overheads and costs, but wish my donations to go directly to help those affected. I may be able to secure hosting as well as simple financial support. Please contact me if I can help you. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQxnMAxH2WUcUFbZUEQJa0ACg0sZuS94zMsoOBl1YpM1xCaGc6VgAnjFM mHTn6TsMGog2IzAF2aa+4Fnd =TCiV -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Sep 3 17:31:31 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: MailScanner mailing list <> scribbled on Saturday, September 03, 2005 11:15 AM: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mike Kercher wrote: > >> I live in Baytown, TX and we have a LOT of survivors of the > hurricane here. >> My family is driving to different camps here delivering pizzas and >> supplies as our pockets allow. I'd like to work with you on > this until >> we get it going. If you need a SmartHost to relay through, I'll be >> happy to provide that for you if we can get you to access port 25 on >> just one of my boxes or even port 587. >> >> > Mike, > > If I can be of any assistance, including financial, please do > let me know. I am wary of donating to large charities as I > don't want to support their overheads and costs, but wish my > donations to go directly to help those affected. I may be > able to secure hosting as well as simple financial support. > > Please contact me if I can help you. > > - -- > Julian Field Julian, I truly appreciate your offer. I am attaching a PDF of a letter we received just the other day from one of our chilrens' schools. As it states, children from the disaster area will be enrolled in our schools here. Naturally, these kids have no clothing, school supplies, etc. If you or anyone would like to help, these kids are really in need. They have NOTHING and we really feel for them. For anyone in the stricken area that has any hosting needs, I have plenty of servers in datacenters for web/mail. Just let me know how I can help. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PDF 48KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Sat Sep 3 17:46:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Kercher wrote: >MailScanner mailing list <> scribbled on Saturday, September 03, 2005 11:15 >AM: > > > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Mike Kercher wrote: >> >> >> >>>I live in Baytown, TX and we have a LOT of survivors of the >>> >>> >>hurricane here. >> >> >>>My family is driving to different camps here delivering pizzas and >>>supplies as our pockets allow. I'd like to work with you on >>> >>> >>this until >> >> >>>we get it going. If you need a SmartHost to relay through, I'll be >>>happy to provide that for you if we can get you to access port 25 on >>>just one of my boxes or even port 587. >>> >>> >>> >>> >>Mike, >> >>If I can be of any assistance, including financial, please do >>let me know. I am wary of donating to large charities as I >>don't want to support their overheads and costs, but wish my >>donations to go directly to help those affected. I may be >>able to secure hosting as well as simple financial support. >> >>Please contact me if I can help you. >> >>- -- >>Julian Field >> >> > > >Julian, > >I truly appreciate your offer. I am attaching a PDF of a letter we received >just the other day from one of our chilrens' schools. As it states, >children from the disaster area will be enrolled in our schools here. >Naturally, these kids have no clothing, school supplies, etc. If you or >anyone would like to help, these kids are really in need. They have NOTHING >and we really feel for them. > >For anyone in the stricken area that has any hosting needs, I have plenty of >servers in datacenters for web/mail. Just let me know how I can help. > > Being in the wrong country in this situation, the easiest way for me to donate is via Paypal and/or credit card. If you have a means whereby I could make a donation to you by credit card, which you then passed onto the school and the children, that sounds the easiest way of me going about it. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQxnTfBH2WUcUFbZUEQL0mgCdFHgFwncL5pyioftZAaT8Edh/W4wAn2RF JXxHrwwEkGj68k4tuMnoIpCc =Y0+/ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Sep 3 18:00:45 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: MailScanner mailing list <> scribbled on Saturday, September 03, 2005 11:47 AM: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mike Kercher wrote: > >> MailScanner mailing list <> scribbled on Saturday, September > 03, 2005 >> 11:15 >> AM: >> >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Mike Kercher wrote: >>> >>> >>> >>>> I live in Baytown, TX and we have a LOT of survivors of the >>>> >>>> >>> hurricane here. >>> >>> >>>> My family is driving to different camps here delivering pizzas and >>>> supplies as our pockets allow. I'd like to work with you on >>>> >>>> >>> this until >>> >>> >>>> we get it going. If you need a SmartHost to relay > through, I'll be >>>> happy to provide that for you if we can get you to access > port 25 on >>>> just one of my boxes or even port 587. >>>> >>>> >>>> >>>> >>> Mike, >>> >>> If I can be of any assistance, including financial, please > do let me >>> know. I am wary of donating to large charities as I don't want to >>> support their overheads and costs, but wish my donations to go >>> directly to help those affected. I may be able to secure hosting as >>> well as simple financial support. >>> >>> Please contact me if I can help you. >>> >>> - -- >>> Julian Field >>> >>> >> >> >> Julian, >> >> I truly appreciate your offer. I am attaching a PDF of a letter we >> received just the other day from one of our chilrens' > schools. As it >> states, children from the disaster area will be enrolled in > our schools here. >> Naturally, these kids have no clothing, school supplies, > etc. If you >> or anyone would like to help, these kids are really in need. > They have >> NOTHING and we really feel for them. >> >> For anyone in the stricken area that has any hosting needs, I have >> plenty of servers in datacenters for web/mail. Just let me > know how I can help. >> >> > Being in the wrong country in this situation, the easiest way > for me to donate is via Paypal and/or credit card. If you > have a means whereby I could make a donation to you by credit > card, which you then passed onto the school and the children, > that sounds the easiest way of me going about it. > Julian, My Paypal address is SS2061@CamaroSS.net My kids are going through their rooms as we speak collecting clothes and toys to take to a shelter in a little while. We are also going to take a couple of laptops with us to let people there send email to anyone they wish just to let someone know they are alive and well. We will collect any funds via Paypal for as long as we can. On Tuesday, when schools are open again (holiday weekend here), we will take the monies to the school for them to disburse as they see fit. I thank you for your support and thank you on behalf of the beneficiaries. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Sep 3 18:17:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Kercher wrote: >MailScanner mailing list <> scribbled on Saturday, September 03, 2005 11:47 >AM: > > > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Mike Kercher wrote: >> >> >> >>>MailScanner mailing list <> scribbled on Saturday, September >>> >>> >>03, 2005 >> >> >>>11:15 >>>AM: >>> >>> >>> >>> >>> >>>>-----BEGIN PGP SIGNED MESSAGE----- >>>>Hash: SHA1 >>>> >>>>Mike Kercher wrote: >>>> >>>> >>>> >>>> >>>> >>>>>I live in Baytown, TX and we have a LOT of survivors of the >>>>> >>>>> >>>>> >>>>> >>>>hurricane here. >>>> >>>> >>>> >>>> >>>>>My family is driving to different camps here delivering pizzas and >>>>>supplies as our pockets allow. I'd like to work with you on >>>>> >>>>> >>>>> >>>>> >>>>this until >>>> >>>> >>>> >>>> >>>>>we get it going. If you need a SmartHost to relay >>>>> >>>>> >>through, I'll be >> >> >>>>>happy to provide that for you if we can get you to access >>>>> >>>>> >>port 25 on >> >> >>>>>just one of my boxes or even port 587. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>Mike, >>>> >>>>If I can be of any assistance, including financial, please >>>> >>>> >>do let me >> >> >>>>know. I am wary of donating to large charities as I don't want to >>>>support their overheads and costs, but wish my donations to go >>>>directly to help those affected. I may be able to secure hosting as >>>>well as simple financial support. >>>> >>>>Please contact me if I can help you. >>>> >>>>- -- >>>>Julian Field >>>> >>>> >>>> >>>> >>>Julian, >>> >>>I truly appreciate your offer. I am attaching a PDF of a letter we >>>received just the other day from one of our chilrens' >>> >>> >>schools. As it >> >> >>>states, children from the disaster area will be enrolled in >>> >>> >>our schools here. >> >> >>>Naturally, these kids have no clothing, school supplies, >>> >>> >>etc. If you >> >> >>>or anyone would like to help, these kids are really in need. >>> >>> >> They have >> >> >>>NOTHING and we really feel for them. >>> >>>For anyone in the stricken area that has any hosting needs, I have >>>plenty of servers in datacenters for web/mail. Just let me >>> >>> >>know how I can help. >> >> >>> >>> >>Being in the wrong country in this situation, the easiest way >>for me to donate is via Paypal and/or credit card. If you >>have a means whereby I could make a donation to you by credit >>card, which you then passed onto the school and the children, >>that sounds the easiest way of me going about it. >> >> >> > > >Julian, > >My Paypal address is SS2061@CamaroSS.net My kids are going through their >rooms as we speak collecting clothes and toys to take to a shelter in a >little while. We are also going to take a couple of laptops with us to let >people there send email to anyone they wish just to let someone know they >are alive and well. > >We will collect any funds via Paypal for as long as we can. On Tuesday, >when schools are open again (holiday weekend here), we will take the monies >to the school for them to disburse as they see fit. > >I thank you for your support and thank you on behalf of the beneficiaries. > > You should just have got an email to that address from Paypal. Let me know if there are any problems completing the transaction. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQxnarhH2WUcUFbZUEQIVDQCdFJtJLd/KyWIJzxjiaBtEXE8WReEAniTm jj5wLhc5KWneNGyQPCYuBfp/ =bmGr -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Sep 3 18:22:40 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: MailScanner mailing list <> scribbled on Saturday, September 03, 2005 12:18 PM: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mike Kercher wrote: > >> MailScanner mailing list <> scribbled on Saturday, September > 03, 2005 >> 11:47 >> AM: >> >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Mike Kercher wrote: >>> >>> >>> >>>> MailScanner mailing list <> scribbled on Saturday, September >>>> >>>> >>> 03, 2005 >>> >>> >>>> 11:15 >>>> AM: >>>> >>>> >>>> >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Mike Kercher wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> I live in Baytown, TX and we have a LOT of survivors of the >>>>>> >>>>>> >>>>>> >>>>>> >>>>> hurricane here. >>>>> >>>>> >>>>> >>>>> >>>>>> My family is driving to different camps here delivering > pizzas and >>>>>> supplies as our pockets allow. I'd like to work with you on >>>>>> >>>>>> >>>>>> >>>>>> >>>>> this until >>>>> >>>>> >>>>> >>>>> >>>>>> we get it going. If you need a SmartHost to relay >>>>>> >>>>>> >>> through, I'll be >>> >>> >>>>>> happy to provide that for you if we can get you to access >>>>>> >>>>>> >>> port 25 on >>> >>> >>>>>> just one of my boxes or even port 587. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> Mike, >>>>> >>>>> If I can be of any assistance, including financial, please >>>>> >>>>> >>> do let me >>> >>> >>>>> know. I am wary of donating to large charities as I don't want to >>>>> support their overheads and costs, but wish my donations to go >>>>> directly to help those affected. I may be able to secure > hosting as >>>>> well as simple financial support. >>>>> >>>>> Please contact me if I can help you. >>>>> >>>>> - -- >>>>> Julian Field >>>>> >>>>> >>>>> >>>>> >>>> Julian, >>>> >>>> I truly appreciate your offer. I am attaching a PDF of a > letter we >>>> received just the other day from one of our chilrens' >>>> >>>> >>> schools. As it >>> >>> >>>> states, children from the disaster area will be enrolled in >>>> >>>> >>> our schools here. >>> >>> >>>> Naturally, these kids have no clothing, school supplies, >>>> >>>> >>> etc. If you >>> >>> >>>> or anyone would like to help, these kids are really in need. >>>> >>>> >>> They have >>> >>> >>>> NOTHING and we really feel for them. >>>> >>>> For anyone in the stricken area that has any hosting needs, I have >>>> plenty of servers in datacenters for web/mail. Just let me >>>> >>>> >>> know how I can help. >>> >>> >>>> >>>> >>> Being in the wrong country in this situation, the easiest > way for me >>> to donate is via Paypal and/or credit card. If you have a means >>> whereby I could make a donation to you by credit card, > which you then >>> passed onto the school and the children, that sounds the > easiest way >>> of me going about it. >>> >>> >>> >> >> >> Julian, >> >> My Paypal address is SS2061@CamaroSS.net My kids are going through >> their rooms as we speak collecting clothes and toys to take to a >> shelter in a little while. We are also going to take a couple of >> laptops with us to let people there send email to anyone > they wish just >> to let someone know they are alive and well. >> >> We will collect any funds via Paypal for as long as we can. On >> Tuesday, when schools are open again (holiday weekend here), we will >> take the monies to the school for them to disburse as they see fit. >> >> I thank you for your support and thank you on behalf of the > beneficiaries. >> >> > You should just have got an email to that address from > Paypal. Let me know if there are any problems completing the > transaction. > > - -- > Julian Field I did get the email and thank you again for your MOST generous donation! This amount will go a LONG way to help these people! Local retailers are helping by providing school supplies at significant discounts (even though you'd think WalMart could afford to GIVE them away). Not to detract from the OP's request for help. We are still here and waiting to help you with your networking needs. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ralexand at HOODINDUSTRIES.COM Sat Sep 3 20:00:07 2005 From: ralexand at HOODINDUSTRIES.COM (Richard Alexander) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: Thanks to everyone for suggestions. I went back thought the firewall logs and created another permit tcp any any on the dmz_access_in list and now can send and receive email from the internet. We have about 20 sites that connect to us through lan to lan vpns and they cannot ping or pop the mail server here. kinda crazy but from the vpn 3030 i can ping to the mail server, and I can also ping from the 3030 back to the remote pc. But i cannot ping from remote pc all the way back to the mail server and of course pop3 is not working. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Sep 3 23:56:45 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: MailScanner mailing list <> scribbled on Saturday, September 03, 2005 12:18 PM: >> Julian, >> >> My Paypal address is SS2061@CamaroSS.net My kids are going through >> their rooms as we speak collecting clothes and toys to take to a >> shelter in a little while. We are also going to take a couple of >> laptops with us to let people there send email to anyone > they wish just >> to let someone know they are alive and well. >> >> We will collect any funds via Paypal for as long as we can. On >> Tuesday, when schools are open again (holiday weekend here), we will >> take the monies to the school for them to disburse as they see fit. >> >> I thank you for your support and thank you on behalf of the > beneficiaries. >> >> > You should just have got an email to that address from > Paypal. Let me know if there are any problems completing the > transaction. > > - -- > Julian Field For those making donations through me, we have contacted the schools here and they will allow us to specify how we would like a donation distributed. We can specify an amount we wish to be used for food, clothing, school supplies, backpacks, etc. If you make a donation and wish to specify how it is used, please note that in your Paypal payment. Julian, your EXTREMELY generous donation will go a long way in all needed areas. I hesitate to disclose the amount in this forum. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Sep 4 12:18:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Kercher wrote: >MailScanner mailing list <> scribbled on Saturday, September 03, 2005 12:18 >PM: > > > >>>Julian, >>> >>>My Paypal address is SS2061@CamaroSS.net My kids are going through >>>their rooms as we speak collecting clothes and toys to take to a >>>shelter in a little while. We are also going to take a couple of >>>laptops with us to let people there send email to anyone >>> >>> >>they wish just >> >> >>>to let someone know they are alive and well. >>> >>>We will collect any funds via Paypal for as long as we can. On >>>Tuesday, when schools are open again (holiday weekend here), we will >>>take the monies to the school for them to disburse as they see fit. >>> >>>I thank you for your support and thank you on behalf of the >>> >>> >>beneficiaries. >> >> >>> >>> >>You should just have got an email to that address from >>Paypal. Let me know if there are any problems completing the >>transaction. >> >>- -- >>Julian Field >> >> > > >For those making donations through me, we have contacted the schools here >and they will allow us to specify how we would like a donation distributed. > >We can specify an amount we wish to be used for food, clothing, school >supplies, backpacks, etc. > >If you make a donation and wish to specify how it is used, please note that >in your Paypal payment. > >Julian, your EXTREMELY generous donation will go a long way in all needed >areas. I hesitate to disclose the amount in this forum. > Continue to hesitate :-) It's great to be able to put my book profit to a very good use. I would rather it went mostly towards clothing and things like that which are going to last a while. These kids are going to need long-term help and I would much rather fund that. With a bit of practice people can eat very cheaply, but they can't cut much off the budget for clothes, backpacks, or things for school. It is vital their education is impacted as little as possible, else you run the risk of having an entire generation in the area who are not properly educated because of what has happened. That has a very long-term impact, and must be avoided. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQxrYExH2WUcUFbZUEQLtlgCeL96wXECbhpywu8H6JlT40IGacsoAoMC5 D8mKYZ3XbXJx08LoFYrd2Eqf =s57p -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From SJCJonker at SJC.NL Sun Sep 4 14:28:21 2005 From: SJCJonker at SJC.NL (Stijn Jonker) Date: Thu Jan 12 21:30:41 2006 Subject: Disaster recovery assistance Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard & The list (Forgot on the first email), More then willing to help, but could you post a little more info? What routers are we talking about, a "show run" with the ip, snmp community etc obfusced A small description what's out there. The only thing "we" are aware of, a server is relocated/rebuild in an other location and due to networking issues it's not working right. With you feeding tidbits of info. I think there are enough networking ppl here that can solve the issue in one go if you describe what is required and what's out there. SJ On 03-Sep-2005 21:00, Richard Alexander wrote: > Thanks to everyone for suggestions. I went back thought the firewall logs > and created another permit tcp any any on the dmz_access_in list and now > can send and receive email from the internet. > > We have about 20 sites that connect to us through lan to lan vpns and they > cannot ping or pop the mail server here. kinda crazy but from the vpn > 3030 i can ping to the mail server, and I can also ping from the 3030 back > to the remote pc. But i cannot ping from remote pc all the way back to > the mail server and of course pop3 is not working. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Sun Sep 4 14:35:52 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:41 2006 Subject: destination host is loopback Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Kevin Miller spake the following on 8/26/2005 8:55 AM: > > >>Joost Waversveld wrote: >> >> >> >>>>I'm getting a number of errors everyday in my logs of the sort: >>>> >>>>mail.eastrolog.com. config error: mail loops back to me (MX problem?) >>>> >>>>sure enough, if I do a DNS lookup for the above host, it resolves to >>>>127.0.0.1. Is there anything I can do about this? I get about half a >>>>dozen different hosts like this per relay per day. >>>> >>>> >>>> >>>----- Einde bericht van gmatt@NERC.AC.UK ----- >>> >>>Are you using mailertable?? Then, be sure to put the >>>hostnames/ipaddressess between [ and ] brackets... Otherwise sendmail >>>will perform another MX lookup through DNS and will give you this >>>error... >>> >>>For Example: >>> >>>[root@bb ~]# cat /etc/mail/mailertable >>>domain.tld esmtp:[192.168.12.251] >>>domain2.tld esmtp:[mail.domain2.tld] >>>etc... >>> >>> >>Not sure that's his problem. If I'm reading it right, I think that's mail >>from outside his system - probably NDR replies. >> >>I had a similar situation a couple years ago. The spammer had >>intentionally set their reply-to address to a domain that *they* resolved to >>127.0.0.1 so that they never had to bother with bounce messages and >>complaints. Sleaze bags. >> >>My present solution is to reject any connections from that domain in >>sendmail's access table. At the time I wasn't running sendmail, and the >>stupid program I was using just kept sending NRDs to itself, which weren't >>accepted so it sent an NDR for the NDR, etc. Didn't take long to fill up >>the disk! Thankfully sendmail is a bit smarter about it! >> >>HTH... >> >>...Kevin >> >> >This looks to be a horoscope site, so the sleasebag spammer comment >above probably applies. >They might have thought resolving to the loopback address might fool >SOME scanning systems. > > > isn't there some sort of milter that can do this? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Sun Sep 4 14:37:17 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:41 2006 Subject: Fragmented messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Venkatesh.S wrote: >hi glenn steen > >thank u very much for your advice.. > >regards >venkatesh > > > > And try to get the other person to fix their e-mail program. They probably have it set for "break messages apart if they're bigger than 60k" or something like that - and you're not the only one they won't be able to send messages to until they fix it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-user at NELAND.DK Mon Sep 5 07:21:37 2005 From: mailscanner-user at NELAND.DK (Leif Neland) Date: Thu Jan 12 21:30:41 2006 Subject: S/MIME Encryption Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > chardlist wrote: >> A client of mine wants to start using S/MIME signatures/encryption >> on their messages. Will MailScanner still be able to perform all of >> it's functions with their mail traffic or is some custom work needed? >> >> -Brendan > > As long as you don't use any of MS's "sign cleaned" features, and you > can accept that any virus or filename tagged messages will break the > s/mime signature you'll be fine. > > In general s/mime is rather intolerant of any message body changes. > This includes footers like "this message scanned by.." pasted at the > bottom, etc. > > As long as you can avoid settings which make body changes, you should > be fine. How about a "don't sign encrypted messages"? Leif -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Sep 5 09:25:28 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:41 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone else seeing this? I did a quick check at www.dnsstuff.com, and it seems that webcentre.net has some kind of problems... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Sep 5 09:25:28 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:41 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone else seeing this? I did a quick check at www.dnsstuff.com, and it seems that webcentre.net has some kind of problems... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Mon Sep 5 09:31:28 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:41 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Anyone else seeing this? > I did a quick check at www.dnsstuff.com, and it seems that > webcentre.net has some kind of problems... > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Yes, here also... I noticed this yesterday already. I just thought the webserver was down, but it seems to be the DNS.... Let's hope it's back online soon! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 5 09:38:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Our little commercial leased line has failed completely and BT are working on it right now. On 5 Sep 2005, at 09:31, Joost Waversveld wrote: >> Anyone else seeing this? >> I did a quick check at www.dnsstuff.com, and it seems that >> webcentre.net has some kind of problems... >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> > > Yes, here also... I noticed this yesterday already. I just thought > the webserver > was down, but it seems to be the DNS.... Let's hope it's back > online soon! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxwD9fw32o+k+q+hAQG34Af+M4VwNnDYahAulT+QFqXz9X/O6PdTIfz+ BJKZ34IgwNNVdr/VeEtbPOVsrG+m7azuB+mKnxgPKDpsVGeZfgjnzqXC58g+LPJ6 PRYS2VFQe+jt24T5t98hjxBJ5vTzTvA8zj+I7NIezS2+XjR/wQfF5yNHtpwocUl/ yPQlNG8gY3tiR1iToW0Ig66LdVvomSazf3dvYl2kUcDRMJmGra1cC71Pu6yp/af8 M/BWPG0tE7inSBsYiNh5MduCmiO8vYTO6/Ua7PgC0pGntABSFRary9X3Xbp2tOOv 8+H4GVsZP5DhdwWaZifGrEOIpFIRjMKaH2L2mbo5xGMVrMG90FwSiA== =3f0Y -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Sep 5 09:36:37 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:41 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 05/09/05, Joost Waversveld wrote: > > Anyone else seeing this? > > I did a quick check at www.dnsstuff.com, and it seems that > > webcentre.net has some kind of problems... > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Yes, here also... I noticed this yesterday already. I just thought the > webserver > was down, but it seems to be the DNS.... Let's hope it's back online soon! > Yeah... I was planning to do some installing today, but without the latest stable ... Oh well, I'kll just need find something else to do then:-). BTW, since it's DNS, .mailscanner.info and .mailscanner.biz seem to be affekted (the wiki, commercial site ...). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 5 09:52:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Sep 2005, at 09:36, Glenn Steen wrote: > On 05/09/05, Joost Waversveld wrote: > >>> Anyone else seeing this? >>> I did a quick check at www.dnsstuff.com, and it seems that >>> webcentre.net has some kind of problems... >>> -- >>> -- Glenn >>> email: glenn < dot > steen < at > gmail < dot > com >>> work: glenn < dot > steen < at > ap1 < dot > se >>> >> >> Yes, here also... I noticed this yesterday already. I just thought >> the >> webserver >> was down, but it seems to be the DNS.... Let's hope it's back >> online soon! >> >> > Yeah... I was planning to do some installing today, but without the > latest stable ... Oh well, I'kll just need find something else to do > then:-). > BTW, since it's DNS, .mailscanner.info and > .mailscanner.biz seem to be affekted (the wiki, commercial > site ...). You can add this to your /etc/hosts file: 152.78.68.160 www.mailscanner.info - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxwHQvw32o+k+q+hAQE0hAf7B3GPyAG9x4YLCrA/eWxc2oi7DWAW9L5F +U86Qdr/dtpaxOqNKDcaGMiei2P7ZbK32+mh2FpO6B9rbPwZQaj8ZEcU54j0ppbp zIZU/rbM8zSNTiXmUNZVvsDxXTQQXUe5NW9QXFJm3NcvYaIza9mfmy8srVjNwqE2 VxmnsZt6oBcmhoBhUK7V8a6kAEkzeqqi00ZZmfUV7N/5GH0b3Ps1gnroe9sG7hS7 unhawKOvi7L+EEkxjr6Kejvbro3nXY1pHj6bghdGxQZwvhI7My79AVJs429GIX0Q PkmloP3Kj1YQMCGElZjE7KS3Qf2+RaVTjAIJL4W+e1gsmzBYfHBsnw== =Rfi5 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Mon Sep 5 09:54:42 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:41 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > On 05/09/05, Joost Waversveld wrote: >> > Anyone else seeing this? >> > I did a quick check at www.dnsstuff.com, and it seems that >> > webcentre.net has some kind of problems... >> > -- >> > -- Glenn >> > email: glenn < dot > steen < at > gmail < dot > com >> > work: glenn < dot > steen < at > ap1 < dot > se >> >> Yes, here also... I noticed this yesterday already. I just thought the >> webserver >> was down, but it seems to be the DNS.... Let's hope it's back online soon! >> > Yeah... I was planning to do some installing today, but without the > latest stable ... Oh well, I'kll just need find something else to do > then:-). > BTW, since it's DNS, .mailscanner.info and > .mailscanner.biz seem to be affekted (the wiki, commercial > site ...). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > I've already downloaded the latest stable version, you can download it on http://www.waversveld.nl/downloads/MailScanner-4.45.4-1.rpm.tar.gz. It's the RPM-based verion for RedHat, etc. It's an server with an ADSL connection, so the upload is not very high, sorry for that ;-) Good Luck, Joost Waversveld ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 5 10:06:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: MailScanner ANNOUNCE: printed black t-shirts Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Finally, they are available!!! You can now buy printed black t-shirts at a reasonable price. I have made them as cheap as I possibly can. Please buy them and wear them with pride! Demonstrate your support of the world's most widely used mail gateway scanner. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxwKm/w32o+k+q+hAQHkGwgAqjyulKLw9M2r7GNyezWOz4cRXVPBXR2F DXpMfQheVKr7G8a7UQK4Mz32mNbq6O/JYCtC+P9ppnld0b535iyI1p6iVYnju2xq jNf6EwbeWQWsQA2+jzYGxONwZvkSJSVaiwAS2ogTJY7yN1ue83KkpNReFRg4Ob41 t4fDxVXPz9h20BPd5R4WAM9vafknd+L8hFtcdtjXu77Vg6+lS6+Fuq96hLLL0zhE kg1OR2HuvdU3dUoXtimJIoAB0YkgX+vfXAsEvAa1rDucK1XCUnM+x3kI3Lwo4IXA ltvWn/um6FN4HWL5eJrdsklMwzYaMHRE1CJLXsi/M2dh2mDWJ3fCIw== =Qfk9 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 5 10:09:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:41 2006 Subject: MailScanner ANNOUNCE: Oops, forgot the URL Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Get your T-shirts from mailscanner.spreadshirt.net Wear them with pride! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxwLM/w32o+k+q+hAQEgjwgAnYMPOjcrOIJa7w8FVFxOlr7AAKC6+Zhz sL1hE+ieU/uCy//crSJxuepBcnhuFr7kRwcJNGP/dfv2fTgp+/b4M8/5O9EOEWXK SUhsJlGKuARJjv89sxPpe8VOpUuxpDEyehL/XVkVWt4ALernKB7/qkkUeDOrH41R Ns6YSa38bJOwMNNwtcwCUQHkKb646tBAK/tSC5AU1P6SmdukG+6NbYajw1NBYT2U eJGyIlPzR7Bo7sXuNhNWxPC1spmKAy/r/3J5tZMeOCCE0iXcMnms6g5g2L4/DBJp NXqIBT/J/NmD7HoEiB+MJNE9JJv1EmUtf8a20YIYFxhC5N9bYD0XAg== =x+My -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Mon Sep 5 10:04:29 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:42 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > You can add this to your /etc/hosts file: > 152.78.68.160 www.mailscanner.info > Also add 152.78.68.160 www.sng.ecs.soton.ac.uk to the hosts file, otherwise it will still not work. www.mailscanner.info seems o be an CNAME from that domainname ;-) Then you can reach the website :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Sep 5 10:26:21 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:42 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 05/09/05, Joost Waversveld wrote: > > On 05/09/05, Joost Waversveld wrote: > >> > Anyone else seeing this? > >> > I did a quick check at www.dnsstuff.com, and it seems that > >> > webcentre.net has some kind of problems... > >> > -- > >> > -- Glenn > >> > email: glenn < dot > steen < at > gmail < dot > com > >> > work: glenn < dot > steen < at > ap1 < dot > se > >> > >> Yes, here also... I noticed this yesterday already. I just thought the > >> webserver > >> was down, but it seems to be the DNS.... Let's hope it's back online soon! > >> > > Yeah... I was planning to do some installing today, but without the > > latest stable ... Oh well, I'kll just need find something else to do > > then:-). > > BTW, since it's DNS, .mailscanner.info and > > .mailscanner.biz seem to be affekted (the wiki, commercial > > site ...). > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > > > I've already downloaded the latest stable version, you can download it on > http://www.waversveld.nl/downloads/MailScanner-4.45.4-1.rpm.tar.gz. It's the > RPM-based verion for RedHat, etc. > > It's an server with an ADSL connection, so the upload is not very high, sorry > for that ;-) > > Good Luck, > > Joost Waversveld > Thanks a bundle! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 5 11:58:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: Revised patch, was Re: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: On 2 Sep 2005, at 09:59, Julian Field wrote: > On 1 Sep 2005, at 22:00, Julian Field wrote: >> Ed Bruce wrote: >>> Julian Field wrote: >>> >>>> A problem with the internal TNEF decoder has come to light >>>> recently. For new installations, I have changed the TNEF >>>> Expander to the external one, to stop new users hitting this >>>> problem. >>>> >>>> I have as yet been unable to get hold of a TNEF message that >>>> exhibits this problem, no-one has kept any. If you have one that >>>> you can put on a website for me to copy, that would be very >>>> helpful. >>>> >>>> > > Please try the attached patch for TNEF.pm. There is a bug in the > directory permissions set by the Convert::TNEF module on its > temporary directory. It fails when it cannot find any files in the > TNEF archive when it is run as a user other than root. So Postfix > and Exim users may see this problem. Attached is a revised edition of the patch. This should fix problems caused by the last patch. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 1.2, Application/X-GZIP 1KB. ] [ Unable to print this part. ] [ Part 1.3: "Attached Text" ] -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Mon Sep 5 10:23:42 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:42 2006 Subject: TNEF Patch problems on FreeBSD Message-ID: Jules Just downloaded and tried to run the TNEF patch on my FreeBSD box (MailScanner installed using the tar.tz variant) on MS 4.45-1 and I get the following errors.. patch < ~martinh/TNEF.pm.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- TNEF.pm.old 2005-08-29 17:12:54.000000000 +0100 |+++ TNEF.pm 2005-09-02 09:54:12.264288883 +0100 -------------------------- Patching file TNEF.pm using Plan A... Hunk #1 failed at 124. Hunk #2 failed at 132. Hunk #3 failed at 141. 3 out of 3 hunks failed--saving rejects to TNEF.pm.rej done any ideas?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Mon Sep 5 12:52:26 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:30:42 2006 Subject: TNEF Patch problems on FreeBSD Message-ID: Hi, I've found a message that is breaking with the old tnef module (without the patch). Do you still want the unprocessed message? Saludos -- Leonardo Helman Pert Consultores Argentina On Mon, Sep 05, 2005 at 10:23:20AM +0100, Martin Hepworth wrote: > Jules > > Just downloaded and tried to run the TNEF patch on my FreeBSD box > (MailScanner installed using the tar.tz variant) on MS 4.45-1 and I get the > following errors.. > > patch < ~martinh/TNEF.pm.patch > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |--- TNEF.pm.old 2005-08-29 17:12:54.000000000 +0100 > |+++ TNEF.pm 2005-09-02 09:54:12.264288883 +0100 > -------------------------- > Patching file TNEF.pm using Plan A... > Hunk #1 failed at 124. > Hunk #2 failed at 132. > Hunk #3 failed at 141. > 3 out of 3 hunks failed--saving rejects to TNEF.pm.rej > done > > > > any ideas?? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Sep 5 13:06:21 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:42 2006 Subject: Revised patch, was Re: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: Jules That seemed to sort out 1/3 of the errant emails.. (flipping Outleek)... but I've still got 41 of the 63 messages stuck... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 05 September 2005 11:59 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Revised patch, was Re: MailScanner ANNOUNCE: Stable 4.45 released On 2 Sep 2005, at 09:59, Julian Field wrote: > On 1 Sep 2005, at 22:00, Julian Field wrote: >> Ed Bruce wrote: >>> Julian Field wrote: >>> >>>> A problem with the internal TNEF decoder has come to light >>>> recently. For new installations, I have changed the TNEF >>>> Expander to the external one, to stop new users hitting this >>>> problem. >>>> >>>> I have as yet been unable to get hold of a TNEF message that >>>> exhibits this problem, no-one has kept any. If you have one that >>>> you can put on a website for me to copy, that would be very >>>> helpful. >>>> >>>> > > Please try the attached patch for TNEF.pm. There is a bug in the > directory permissions set by the Convert::TNEF module on its > temporary directory. It fails when it cannot find any files in the > TNEF archive when it is run as a user other than root. So Postfix > and Exim users may see this problem. Attached is a revised edition of the patch. This should fix problems caused by the last patch. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 5 13:44:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: TNEF Patch problems on FreeBSD Message-ID: -----BEGIN PGP SIGNED MESSAGE----- No thanks, I have found the problem (bug in Convert::TNEF). On 5 Sep 2005, at 12:52, Leonardo Helman wrote: > Hi, I've found a message that is breaking with the old tnef module > (without > the patch). > Do you still want the unprocessed message? > > > Saludos > > -- > Leonardo Helman > Pert Consultores > Argentina > > > On Mon, Sep 05, 2005 at 10:23:20AM +0100, Martin Hepworth wrote: > >> Jules >> >> Just downloaded and tried to run the TNEF patch on my FreeBSD box >> (MailScanner installed using the tar.tz variant) on MS 4.45-1 and >> I get the >> following errors.. >> >> patch < ~martinh/TNEF.pm.patch >> Hmm... Looks like a unified diff to me... >> The text leading up to this was: >> -------------------------- >> |--- TNEF.pm.old 2005-08-29 17:12:54.000000000 +0100 >> |+++ TNEF.pm 2005-09-02 09:54:12.264288883 +0100 >> -------------------------- >> Patching file TNEF.pm using Plan A... >> Hunk #1 failed at 124. >> Hunk #2 failed at 132. >> Hunk #3 failed at 141. >> 3 out of 3 hunks failed--saving rejects to TNEF.pm.rej >> done >> >> >> >> any ideas?? >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >> ********************************************************************* >> * >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************* >> * >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxw9s/w32o+k+q+hAQFsGggAhgmG/4KirGExv4kzZdOdUQVXFs/3La7X DIdT/7PCf7QIM/fOvPnYLtZ32phOnY3mSyfBfuEjmgVNhozlBavJYQfVuaa/C75C F0+Fp1vrVxyJb4W+Fl/UTmmnryIBEJLrVexqFjkNLL80GlQ9DhKtFxqV8aDVO2Rf bjncmORq8xjudJ7qgS/jGl0VqoPYBkbL7dPQGKn+MkYFW2llRDKJHTJ4zW45QT5S cQAdOoLAzuSzsb1AVMQ1pRxl0l3b7LVo5fkID6Q9s319czIRj6H9cPear+9/eX4b tCXZiEGyWgoMZNwzTM2C+EQ3pnZAlf3CWe0g5Kz8/H6SCtCLjuSphg== =y8hn -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 5 13:45:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: Revised patch, was Re: MailScanner ANNOUNCE: Stable 4.45 released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Okay, send me one of the remaining stuck ones. On 5 Sep 2005, at 13:06, Martin Hepworth wrote: > Jules > > That seemed to sort out 1/3 of the errant emails.. (flipping > Outleek)... but > I've still got 41 of the 63 messages stuck... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On Behalf > Of Julian Field > Sent: 05 September 2005 11:59 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Revised patch, was Re: MailScanner ANNOUNCE: > Stable > 4.45 released > > On 2 Sep 2005, at 09:59, Julian Field wrote: > >> On 1 Sep 2005, at 22:00, Julian Field wrote: >> >>> Ed Bruce wrote: >>> >>>> Julian Field wrote: >>>> >>>> >>>>> A problem with the internal TNEF decoder has come to light >>>>> recently. For new installations, I have changed the TNEF >>>>> Expander to the external one, to stop new users hitting this >>>>> problem. >>>>> >>>>> I have as yet been unable to get hold of a TNEF message that >>>>> exhibits this problem, no-one has kept any. If you have one that >>>>> you can put on a website for me to copy, that would be very >>>>> helpful. >>>>> >>>>> >>>>> >> >> Please try the attached patch for TNEF.pm. There is a bug in the >> directory permissions set by the Convert::TNEF module on its >> temporary directory. It fails when it cannot find any files in the >> TNEF archive when it is run as a user other than root. So Postfix >> and Exim users may see this problem. >> > > Attached is a revised edition of the patch. This should fix problems > caused by the last patch. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxw91Pw32o+k+q+hAQE0LQf9HLmKnJOM1yHc0A72/REYnNmIrqE+AzZw ItKradLrYu7agRCiZqKgNWUdkQm8PQE3CZ2na8ykmIlF5Y4n+cG4pAfmX+fuD528 o8G6YOZW+FCQfUUklK9v8U3zfNxaAbU3YZZvApfTiZnk2FbSFS7EZLJwvZepjpuz 3BBJu2bfrOfEtjmjAUjqcpe/ptDY4LM86LhCtnnbqP2Hcl/bx/jvGchIP7ZJKH2q J+gGFl6bM+CZeKZiF/kjg1Q7KfO15/lbDD5nZRtTII8rERh0CVynTrm78c/8HOPC y13ZMOdtP3Cio3eXrUNTH8Hgu3/5XIELmPu4C0tcpCBcmSO8RB8/9A== =TcKk -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard at AK.PLANET.GEN.NZ Tue Sep 6 03:39:10 2005 From: richard at AK.PLANET.GEN.NZ (Richard Haakma) Date: Thu Jan 12 21:30:42 2006 Subject: Thanks from a grateful user Message-ID: Hi. I just want to say thanks to Julian and others who help with Mailscanner. The two problems I had, messages in the corrupt queue and the problem with it going to sleep appear to have been solved and Mailscanner has been running reliably since I updated. Regards, RH. -- Do NOT reply to SPAM. Do NOT buy anything that is offered by SPAM. Every time someone buys, the spammers can economically justify sending out thousands more messages. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schwartzw at GMAIL.COM Tue Sep 6 04:53:15 2005 From: schwartzw at GMAIL.COM (William Schwartz) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner Archives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm using MailScanner to archive all email for a particular domain in both maildir and mbox formats. In my archive.rules I have: FromOrTo: *@domain.com /data/mail_archive/domain.com/archive.mbx FromOrTo: *@domain.com /data/mail_archive/domain.com/ Everything appears to work great. I get daily directoies in /data/mail_archive/domain.com/ that contain the maildir files and I have a cron job that rotates the mbx file weekly. My question is what's the best way to read these? I've played with Thunderbird and Outlook express and I don't see a good way to import the archive. Is there another application out there that would allow for easy viewing of the archives? (both formats). Thanks, Bill ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 09:11:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: Thanks from a grateful user Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Thanks for your kind comment. It is much appreciated! Have you considered buying the book or a T-shirt? (black t-shirts now available) Jules. On 6 Sep 2005, at 03:39, Richard Haakma wrote: > Hi. > > I just want to say thanks to Julian and others who help > with Mailscanner. The two problems I had, messages in > the corrupt queue and the problem with it going to sleep > appear to have been solved and Mailscanner has been > running reliably since I updated. > > > Regards, > RH. > > > -- > Do NOT reply to SPAM. Do NOT buy anything that is offered by SPAM. > Every time someone buys, the spammers can economically justify > sending out thousands more messages. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQx1PFvw32o+k+q+hAQHoiwf/erJnSQHvq22pffBHQi+kBnwQmUtqhYPM g/Bwi1fGLpXFnwhq9M0OkNz2agbv5WYSg0hbJujpJpSsKyW+mS+BSKEDmHKG3TGH TYg6L8dLNd+q8ZTJMbWhxRIWc5C2iR0sj23CyBdiw3oLM6QzY9U4sWuhWbv4kXgO ecSq0FU9HKpIbjToMnKAha7RCtUQS6xcolTq4mP2tRBcE5taI9IrX+NaAQ1ZFoTl bJ9PHnWTjeVgR0AlJnlRefns6CPfW8qH123WLNXCqzyOJ9ORs9L7sOS7EwfVXQL/ HlSghx3ahjgem9MIEkKLkOWLhuoWrUD3V/bIlaGXiBhgtfSUxXRQ7A== =0zjT -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 09:12:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner Archives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Any Unix based mail client will be able to read the .mbx files. And any mail program can can import Unix mailboxes (or Eudora mailboxes as they are the same format) should be able to import them too. On 6 Sep 2005, at 04:53, William Schwartz wrote: I'm using MailScanner to archive all email for a particular domain in both maildir and mbox formats. In my archive.rules I have: FromOrTo: *@domain.com /data/mail_archive/domain.com/archive.mbx FromOrTo: *@domain.com /data/mail_archive/domain.com/ Everything appears to work great.  I get daily directoies in /data/mail_archive/domain.com/ that contain the maildir files and I have a cron job that rotates the mbx file weekly. My question is what's the best way to read these?  I've played with Thunderbird and Outlook express and I don't see a good way to import the archive.  Is there another application out there that would allow for easy viewing of the archives? (both formats). --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From glenn.steen at gmail.com Tue Sep 6 09:14:30 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner Archives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 06/09/05, William Schwartz wrote: > I'm using MailScanner to archive all email for a particular domain in both > maildir and mbox formats. > > In my archive.rules I have: > FromOrTo: *@domain.com > /data/mail_archive/domain.com/archive.mbx > FromOrTo: *@domain.com /data/mail_archive/domain.com/ > > > Everything appears to work great. I get daily directoies in > /data/mail_archive/domain.com/ that contain the maildir files and I have a > cron job that rotates the mbx file weekly. > > My question is what's the best way to read these? I've played with > Thunderbird and Outlook express and I don't see a good way to import the > archive. Is there another application out there that would allow for easy > viewing of the archives? (both formats). > > Thanks, > Bill > "mail -f " has always been a safe thing to use (and it's easy to use too:-). I used to use pine for a rather long time... Or one could use Sylpheed or even kmail... Trick is to either work on a copy or make very sure that the MUA don't mess up the file(s). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From R.A.Gardener at SHU.AC.UK Tue Sep 6 12:10:32 2005 From: R.A.Gardener at SHU.AC.UK (Ray Gardener) Date: Thu Jan 12 21:30:42 2006 Subject: Virus scanning / Upgrade to version 4.45 Message-ID: Julian, thanks for your response and apologies for the delay in getting back to you. I don't think that there is anything wrong with MailScanner in detecting eicar; but I do think that I may have configured the software wrongly and I want turn up the logging vevels to pinpoint the problem. The logs say Sep 6 11:10:03 sequoia MailScanner[24097]: Spam Checks: Starting Sep 6 11:10:03 sequoia MailScanner[24097]: Virus and Content Scanning: Starting Sep 6 11:10:03 sequoia MailScanner[24097]: Uninfected: Delivered 1 messages Sep 6 11:10:11 sequoia MailScanner[29384]: New Batch: Scanning 1 messages, 4656 bytes Note the pseudo-virus in the mail (eicar) is detected by the antivirus solution on the destination Exchange server. Regards, Ray Gardener, LITS, Sheffield Hallam University 0114 225 4926 _________________________________________________________________________ On Fri, 2 Sep 2005, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Do the logs say it has been cleaned and delivered? Or do they say it > has been delivered as uninfected? > > I have just done a quick sanity test on a new box I have just built > with 4.54 on it and it works fine with Sophos, ClamAV and F-Prot on > it. All of them detect what I expect them to. > > On 2 Sep 2005, at 12:57, Ray Gardener wrote: > >> Hi, >> >> This morning I upgraded to version 4.45 on a Solaris 9 machine. I >> tested the upgrade with a message carrying a eicar ladened >> attachment. The upgraded installation has not picked this test >> virus up. There is no urgent issue as this is just one of several >> hubs and the others are working. However I need to have this >> machine back in line, fairly soon. >> >> The mailscanner logs which are going to /var/log/syslog don't show >> a problem and claim that mail is being virus scanned; my scanner >> type is set to sophos. Is there a way that I can configure >> syslogging to show wht underlying processes are being called in >> more detail? >> >> I have not tested the anti-spam scanning and I have no alternative >> anti-virus engines on the machine to see whether this issue is >> specific to sophos. (Note that the scanning did work before the >> upgrade!). > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQxhNGvw32o+k+q+hAQHaXggAnCIGevNDF6+ld56oO9Bik0o7CvLyBTb3 > J3MH1AjGQbEBdbd4b9ytHzrvfPgdO+gTLl1LJ1vm87D5DdWJdOuC8pvmjav1HDvY > 3Kfw8eoMc+0oM7Mejo+LYlOO/rx8d0CL9EVORgjuyuO7A7dwSwCHg/ARPEBe8vcq > bBhFPYrOtgoR904vK7tXksv48q+CYLx34HmoMUWUOvADhThm6jeutHcooaiH+g7m > hwLqGQKq6c+JyPLH/gezIDOjGQu/ti83gRWtF9CH9+g+DCTP2rLcLGH52OG4jx8T > z0RCOWus3X6u999sgkwvwZzj5Sf73OREtC1z5xU82tXXPc0w917IPA== > =/eYc > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 12:26:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: Virus scanning / Upgrade to version 4.45 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Check your Sophos entry in /opt/MailScanner/etc/virus.scanners.conf. The last field on the line should be /usr/local/Sophos. Check your Sophos installation is okay by installing it again with / opt/MailScanner/bin/Sophos.install. You must not install it using the Sophos installation program, you must do it using my Sophos.install or it won't work. If you want to try it out, run this: cd /tmp /opt/MailScanner/lib/sophos-wrapper /usr/local/Sophos . (don't forget the "." at the end!) That should successfully scan /tmp. On 6 Sep 2005, at 12:10, Ray Gardener wrote: > Julian, > > thanks for your response and apologies for the delay in getting > back to you. > > I don't think that there is anything wrong with MailScanner in > detecting eicar; but I do think that I may have configured the > software wrongly and I want turn up the logging vevels to pinpoint > the problem. > > > The logs say > > Sep 6 11:10:03 sequoia MailScanner[24097]: Spam Checks: Starting > Sep 6 11:10:03 sequoia MailScanner[24097]: Virus and Content > Scanning: Starting > Sep 6 11:10:03 sequoia MailScanner[24097]: Uninfected: Delivered 1 > messages > Sep 6 11:10:11 sequoia MailScanner[29384]: New Batch: Scanning 1 > messages, 4656 > bytes > > > Note the pseudo-virus in the mail (eicar) is detected by the > antivirus solution on the destination Exchange server. > > > Regards, > > Ray Gardener, > LITS, > Sheffield Hallam University > 0114 225 4926 > ______________________________________________________________________ > ___ > > > > > On Fri, 2 Sep 2005, Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Do the logs say it has been cleaned and delivered? Or do they say it >> has been delivered as uninfected? >> >> I have just done a quick sanity test on a new box I have just built >> with 4.54 on it and it works fine with Sophos, ClamAV and F-Prot on >> it. All of them detect what I expect them to. >> >> On 2 Sep 2005, at 12:57, Ray Gardener wrote: >> >> >>> Hi, >>> >>> This morning I upgraded to version 4.45 on a Solaris 9 machine. I >>> tested the upgrade with a message carrying a eicar ladened >>> attachment. The upgraded installation has not picked this test >>> virus up. There is no urgent issue as this is just one of several >>> hubs and the others are working. However I need to have this >>> machine back in line, fairly soon. >>> >>> The mailscanner logs which are going to /var/log/syslog don't show >>> a problem and claim that mail is being virus scanned; my scanner >>> type is set to sophos. Is there a way that I can configure >>> syslogging to show wht underlying processes are being called in >>> more detail? >>> >>> I have not tested the anti-spam scanning and I have no alternative >>> anti-virus engines on the machine to see whether this issue is >>> specific to sophos. (Note that the scanning did work before the >>> upgrade!). >>> >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.2 (Build 2425) >> >> iQEVAwUBQxhNGvw32o+k+q+hAQHaXggAnCIGevNDF6+ld56oO9Bik0o7CvLyBTb3 >> J3MH1AjGQbEBdbd4b9ytHzrvfPgdO+gTLl1LJ1vm87D5DdWJdOuC8pvmjav1HDvY >> 3Kfw8eoMc+0oM7Mejo+LYlOO/rx8d0CL9EVORgjuyuO7A7dwSwCHg/ARPEBe8vcq >> bBhFPYrOtgoR904vK7tXksv48q+CYLx34HmoMUWUOvADhThm6jeutHcooaiH+g7m >> hwLqGQKq6c+JyPLH/gezIDOjGQu/ti83gRWtF9CH9+g+DCTP2rLcLGH52OG4jx8T >> z0RCOWus3X6u999sgkwvwZzj5Sf73OREtC1z5xU82tXXPc0w917IPA== >> =/eYc >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQx187vw32o+k+q+hAQFM8ggAiEhVMYuw1fErvWumNiNA6/VUfbTRsDfN JO6xLg2pG5hgwaq01JENGgWNp644RtwMRhLLiZXdSbbBG3CbagPWBAn8sjgdrMlc YP+uJiAG4UwBkbDXAR6Aj3nMOyrLku7+DPEd0QnsMYu6zSHQPhPwtcy938FTGOUV WsKKjnCe308rTxLxQbj27xtln71PWlu6qV2jdM0+2mkE6wBr12ZR8+S/P/iI/VdF Ey7Bu9t5ja6z0kP3pkFM4ctjD8Gc+6HBigVQwTzcoQyCs+uNSLJljTbkLlnlg/D8 i08aPGNtg1r63KwtUwtCS9c13kb7rPcWEkCubAiZh91G3FS1BkjUWA== =QUes -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Tue Sep 6 14:13:51 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:30:42 2006 Subject: MCP/SPAM Actions Message-ID: Hi, I've got a running problem here with spam actions on my system. Basically I have the following configuration spam actions - quarantine high spam actions - delete mcp actions - quarantine high mcp actions - quarantine Some of the messages we receive fall into the high scoring spam, and also trigger mcp. Rather than being deleted these messages get sent to quarantine (presumably due to mcp). I've tried playing with the "First Check = [spam|mcp]". Changing this value does indeed change the order in which the messages are scanned, but doesn't seem to affect whether or not they are quarantined. Have I missed a setting somewhere along the way, or have I mis-configured something? This is starting to give me a real headache (I get a lot of spam through the door) and any help/pointers would be appreciated. Richard. ----------------------- This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From R.A.Gardener at SHU.AC.UK Tue Sep 6 14:20:33 2005 From: R.A.Gardener at SHU.AC.UK (Ray Gardener) Date: Thu Jan 12 21:30:42 2006 Subject: Virus scanning / Upgrade to version 4.45 Message-ID: Many thanks for this, running /opt/MailScanner/lib/sophos-wrapper /usr/local/Sophos . revealed that /usr/local/Sophos/bin/sweep (the virus scanner) didn't exist. A slight concern was Mailscanner continued to process the incoming mail dir even though the configured virus scanner didn't exist. At a future release is it possible to have such a situation logged in the syslog? Regards, Ray Gardener LITS Sheffield Hallam University 0114 225 4926 ____________________________________________________________________________ On Tue, 6 Sep 2005, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Check your Sophos entry in /opt/MailScanner/etc/virus.scanners.conf. > The last field on the line should be /usr/local/Sophos. > Check your Sophos installation is okay by installing it again with / > opt/MailScanner/bin/Sophos.install. You must not install it using the > Sophos installation program, you must do it using my Sophos.install > or it won't work. > > If you want to try it out, run this: > cd /tmp > /opt/MailScanner/lib/sophos-wrapper /usr/local/Sophos . > (don't forget the "." at the end!) > > That should successfully scan /tmp. > > On 6 Sep 2005, at 12:10, Ray Gardener wrote: > >> Julian, >> >> thanks for your response and apologies for the delay in getting >> back to you. >> >> I don't think that there is anything wrong with MailScanner in >> detecting eicar; but I do think that I may have configured the >> software wrongly and I want turn up the logging vevels to pinpoint >> the problem. >> >> >> The logs say >> >> Sep 6 11:10:03 sequoia MailScanner[24097]: Spam Checks: Starting >> Sep 6 11:10:03 sequoia MailScanner[24097]: Virus and Content >> Scanning: Starting >> Sep 6 11:10:03 sequoia MailScanner[24097]: Uninfected: Delivered 1 >> messages >> Sep 6 11:10:11 sequoia MailScanner[29384]: New Batch: Scanning 1 >> messages, 4656 >> bytes >> >> >> Note the pseudo-virus in the mail (eicar) is detected by the >> antivirus solution on the destination Exchange server. >> >> >> Regards, >> >> Ray Gardener, >> LITS, >> Sheffield Hallam University >> 0114 225 4926 >> ______________________________________________________________________ >> ___ >> >> >> >> >> On Fri, 2 Sep 2005, Julian Field wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> Do the logs say it has been cleaned and delivered? Or do they say it >>> has been delivered as uninfected? >>> >>> I have just done a quick sanity test on a new box I have just built >>> with 4.54 on it and it works fine with Sophos, ClamAV and F-Prot on >>> it. All of them detect what I expect them to. >>> >>> On 2 Sep 2005, at 12:57, Ray Gardener wrote: >>> >>> >>>> Hi, >>>> >>>> This morning I upgraded to version 4.45 on a Solaris 9 machine. I >>>> tested the upgrade with a message carrying a eicar ladened >>>> attachment. The upgraded installation has not picked this test >>>> virus up. There is no urgent issue as this is just one of several >>>> hubs and the others are working. However I need to have this >>>> machine back in line, fairly soon. >>>> >>>> The mailscanner logs which are going to /var/log/syslog don't show >>>> a problem and claim that mail is being virus scanned; my scanner >>>> type is set to sophos. Is there a way that I can configure >>>> syslogging to show wht underlying processes are being called in >>>> more detail? >>>> >>>> I have not tested the anti-spam scanning and I have no alternative >>>> anti-virus engines on the machine to see whether this issue is >>>> specific to sophos. (Note that the scanning did work before the >>>> upgrade!). >>>> >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.2 (Build 2425) >>> >>> iQEVAwUBQxhNGvw32o+k+q+hAQHaXggAnCIGevNDF6+ld56oO9Bik0o7CvLyBTb3 >>> J3MH1AjGQbEBdbd4b9ytHzrvfPgdO+gTLl1LJ1vm87D5DdWJdOuC8pvmjav1HDvY >>> 3Kfw8eoMc+0oM7Mejo+LYlOO/rx8d0CL9EVORgjuyuO7A7dwSwCHg/ARPEBe8vcq >>> bBhFPYrOtgoR904vK7tXksv48q+CYLx34HmoMUWUOvADhThm6jeutHcooaiH+g7m >>> hwLqGQKq6c+JyPLH/gezIDOjGQu/ti83gRWtF9CH9+g+DCTP2rLcLGH52OG4jx8T >>> z0RCOWus3X6u999sgkwvwZzj5Sf73OREtC1z5xU82tXXPc0w917IPA== >>> =/eYc >>> -----END PGP SIGNATURE----- >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQx187vw32o+k+q+hAQFM8ggAiEhVMYuw1fErvWumNiNA6/VUfbTRsDfN > JO6xLg2pG5hgwaq01JENGgWNp644RtwMRhLLiZXdSbbBG3CbagPWBAn8sjgdrMlc > YP+uJiAG4UwBkbDXAR6Aj3nMOyrLku7+DPEd0QnsMYu6zSHQPhPwtcy938FTGOUV > WsKKjnCe308rTxLxQbj27xtln71PWlu6qV2jdM0+2mkE6wBr12ZR8+S/P/iI/VdF > Ey7Bu9t5ja6z0kP3pkFM4ctjD8Gc+6HBigVQwTzcoQyCs+uNSLJljTbkLlnlg/D8 > i08aPGNtg1r63KwtUwtCS9c13kb7rPcWEkCubAiZh91G3FS1BkjUWA== > =QUes > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Tue Sep 6 15:03:33 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:30:42 2006 Subject: Wrapper for avast antivirus? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, 2 Sep 2005 09:42:27 +0200 Remy de Ruysscher wrote: > Is anyone using avast (www.avast.com) together with MailScanner? If > so, I can write a wrapper for it. > Avast is currently available for Linux of FreeBSD servers. > > http://www.avast.com/eng/avast_for_linux_serv.html > > Please contact me if you would like to have a wrapper for avast. Yes, I'd like to have it. And of course it'd be nice to send it to Julian to include in future MS distributions. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 15:13:57 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: MCP/SPAM Actions Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I hope you mean "store" and not "quarantine". Otherwise, it is doing what you asked it to isn't it? You have asked it to store the message, and that's what it has done. On 6 Sep 2005, at 14:13, Gray, Richard wrote: > Hi, > > I've got a running problem here with spam actions on my system. > > Basically I have the following configuration > > spam actions - quarantine > high spam actions - delete > > mcp actions - quarantine > high mcp actions - quarantine > > > Some of the messages we receive fall into the high scoring spam, and > also trigger mcp. Rather than being deleted these messages get sent to > quarantine (presumably due to mcp). > > I've tried playing with the "First Check = [spam|mcp]". Changing this > value does indeed change the order in which the messages are scanned, > but doesn't seem to affect whether or not they are quarantined. Have I > missed a setting somewhere along the way, or have I mis-configured > something? > > This is starting to give me a real headache (I get a lot of spam > through > the door) and any help/pointers would be appreciated. > > Richard. > > ----------------------- > This email from dns has been validated by dnsMSS(TM) Managed Email > Security and is free from all known viruses. > > For further information contact email-integrity@dns.co.uk > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQx2kJ/w32o+k+q+hAQE0NAf9EglreOxreOemthVxLfloF6ouGd2e8S/q /9DmrcJBVZBBnGlIc1OAkA7oC8Y+31J1vDa6Jfre9bz4W9LhapMwY5go3le9WN17 jcr1xBF3M7zrSvzneLQpe2t1HJD2yqUeMc8w3evqYJbY5THaMZW7EIupyYK3+/bv pec7jV/hDsyujvyT6e8ukHAThR03SEYFi5O2Rh+Dej/8Kdnq84f3UM3gpDROL4oX CprtrvDGdlgabGc4HqciC495sb9QTzEXtNnpmCz0OaFJ3xHoOOVt+c7H3NvJNVGA X0EL+mdLLWat9lxrtMka9BMezQRyr6w63qTCx0FEH+6oTh2iD0VDXA== =A5Wa -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 15:16:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: Wrapper for avast antivirus? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 6 Sep 2005, at 15:03, Nerijus Baliunas wrote: > On Fri, 2 Sep 2005 09:42:27 +0200 Remy de Ruysscher ASP.COM> wrote: >> Is anyone using avast (www.avast.com) together with MailScanner? If >> so, I can write a wrapper for it. >> Avast is currently available for Linux of FreeBSD servers. >> >> http://www.avast.com/eng/avast_for_linux_serv.html >> >> Please contact me if you would like to have a wrapper for avast. >> > > Yes, I'd like to have it. And of course it'd be nice to send it to > Julian > to include in future MS distributions. The wrapper script is the trivial bit. The not-so-trivial bit is writing a reliable and robust parser for it. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQx2kvvw32o+k+q+hAQHrigf/ccAxiEG5OaNUVWrpfsNMZQ2PbW3/zmKN L+iFF+kgaZ5uxbq/iyevyZAH4yUDlmZIzIWOGIQmsGtUmWenqCOR41aAnbCGcVnT LJdsMadjWvCN2GvKdH0Rljg1W752XObWhLc9+ZbNjndS+cf9rGe/1wjL6RMm0Rs3 6ZfL2Vb+j00fXvyBBP7XHbEhs42pLU8Pi/gTOx2PTwVPQulcC3bvws1tw5j+BrM2 NvGGUH9s7SljXw7kbWos22wFuoemyIjcHHVUs9UzFM5lzOQpRQNVzkMxyu1mpMOG mM1KdOEq+agqZZXWE99vytFjJnfwapZOqNUICCzo9lha4UXqN13ocQ== =k4Im -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Tue Sep 6 16:22:42 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:30:42 2006 Subject: Wrapper for avast antivirus? Message-ID: On Tue, Sep 06, 2005 at 03:16:28PM +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On 6 Sep 2005, at 15:03, Nerijus Baliunas wrote: > > On Fri, 2 Sep 2005 09:42:27 +0200 Remy de Ruysscher > ASP.COM> wrote: > >> Is anyone using avast (www.avast.com) together with MailScanner? If > >> so, I can write a wrapper for it. > >> Avast is currently available for Linux of FreeBSD servers. > >> > >> http://www.avast.com/eng/avast_for_linux_serv.html > >> > >> Please contact me if you would like to have a wrapper for avast. > >> > > > > Yes, I'd like to have it. And of course it'd be nice to send it to > > Julian > > to include in future MS distributions. > > The wrapper script is the trivial bit. The not-so-trivial bit is > writing a reliable and robust parser for it. > - -- > Julian Field Okay, I'll start working on it this week, if time permits. I'll send my contributions to the mailinglist. Regards, Remy. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Tue Sep 6 16:40:08 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:30:42 2006 Subject: MCP/SPAM Actions Message-ID: Apologies, I did mean store and not quarantine, and I'm sorry to keep asking this question I can see what you mean about telling it to store the message, but I have also told it to delete the message. I'm guessing from observed behaviour here, but the current implementation works as follows: SPAM - Delete && MCP - Clean => Message Deleted SPAM - Delete && MCP - store => Message Stored in MCP SPAM - Delete && MCP - Delete => Message Deleted SPAM - Store && MCP - Clean => Message stored in SPAM SPAM - Store && MCP - store => Message stored in SPAM (and also in MCP?) SPAM - Store && MCP - Delete => Message stored in SPAM SPAM - Clean && MCP - Clean => Message Passed SPAM - Clean && MCP - store => Message stored in MCP SPAM - Clean && MCP - Delete => Message Deleted Have I finally got the whole thing twigged? R > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: 06 September 2005 15:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MCP/SPAM Actions > > -----BEGIN PGP SIGNED MESSAGE----- > > I hope you mean "store" and not "quarantine". Otherwise, it > is doing what you asked it to isn't it? You have asked it to > store the message, and that's what it has done. > > On 6 Sep 2005, at 14:13, Gray, Richard wrote: > > > Hi, > > > > I've got a running problem here with spam actions on my system. > > > > Basically I have the following configuration > > > > spam actions - quarantine > > high spam actions - delete > > > > mcp actions - quarantine > > high mcp actions - quarantine > > > > > > Some of the messages we receive fall into the high scoring > spam, and > > also trigger mcp. Rather than being deleted these messages > get sent to > > quarantine (presumably due to mcp). > > > > I've tried playing with the "First Check = [spam|mcp]". > Changing this > > value does indeed change the order in which the messages > are scanned, > > but doesn't seem to affect whether or not they are > quarantined. Have I > > missed a setting somewhere along the way, or have I mis-configured > > something? > > > > This is starting to give me a real headache (I get a lot of spam > > through the door) and any help/pointers would be appreciated. > > > > Richard. > > > > ----------------------- > > This email from dns has been validated by dnsMSS(TM) Managed Email > > Security and is free from all known viruses. > > > > For further information contact email-integrity@dns.co.uk > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQx2kJ/w32o+k+q+hAQE0NAf9EglreOxreOemthVxLfloF6ouGd2e8S/q > /9DmrcJBVZBBnGlIc1OAkA7oC8Y+31J1vDa6Jfre9bz4W9LhapMwY5go3le9WN17 > jcr1xBF3M7zrSvzneLQpe2t1HJD2yqUeMc8w3evqYJbY5THaMZW7EIupyYK3+/bv > pec7jV/hDsyujvyT6e8ukHAThR03SEYFi5O2Rh+Dej/8Kdnq84f3UM3gpDROL4oX > CprtrvDGdlgabGc4HqciC495sb9QTzEXtNnpmCz0OaFJ3xHoOOVt+c7H3NvJNVGA > X0EL+mdLLWat9lxrtMka9BMezQRyr6w63qTCx0FEH+6oTh2iD0VDXA== > =A5Wa > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ----------------------- This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 16:50:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: MCP/SPAM Actions Message-ID: -----BEGIN PGP SIGNED MESSAGE----- That sounds about right. Just about anything over-rides "delete", it will only delete the message if it is sure that is what you wanted to happen. Far better to save a few extra messages than start deleting things when it isn't sure you meant it. On 6 Sep 2005, at 16:40, Gray, Richard wrote: > Apologies, I did mean store and not quarantine, and I'm sorry to keep > asking this question > > I can see what you mean about telling it to store the message, but I > have also told it to delete the message. I'm guessing from observed > behaviour here, but the current implementation works as follows: > > SPAM - Delete && MCP - Clean => Message Deleted > SPAM - Delete && MCP - store => Message Stored in MCP > SPAM - Delete && MCP - Delete => Message Deleted > > SPAM - Store && MCP - Clean => Message stored in SPAM > SPAM - Store && MCP - store => Message stored in SPAM (and also in > MCP?) > SPAM - Store && MCP - Delete => Message stored in SPAM > > SPAM - Clean && MCP - Clean => Message Passed > SPAM - Clean && MCP - store => Message stored in MCP > SPAM - Clean && MCP - Delete => Message Deleted > > Have I finally got the whole thing twigged? > > R > > >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> Sent: 06 September 2005 15:14 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: MCP/SPAM Actions >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I hope you mean "store" and not "quarantine". Otherwise, it >> is doing what you asked it to isn't it? You have asked it to >> store the message, and that's what it has done. >> >> On 6 Sep 2005, at 14:13, Gray, Richard wrote: >> >> >>> Hi, >>> >>> I've got a running problem here with spam actions on my system. >>> >>> Basically I have the following configuration >>> >>> spam actions - quarantine >>> high spam actions - delete >>> >>> mcp actions - quarantine >>> high mcp actions - quarantine >>> >>> >>> Some of the messages we receive fall into the high scoring >>> >> spam, and >> >>> also trigger mcp. Rather than being deleted these messages >>> >> get sent to >> >>> quarantine (presumably due to mcp). >>> >>> I've tried playing with the "First Check = [spam|mcp]". >>> >> Changing this >> >>> value does indeed change the order in which the messages >>> >> are scanned, >> >>> but doesn't seem to affect whether or not they are >>> >> quarantined. Have I >> >>> missed a setting somewhere along the way, or have I mis-configured >>> something? >>> >>> This is starting to give me a real headache (I get a lot of spam >>> through the door) and any help/pointers would be appreciated. >>> >>> Richard. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQx26rPw32o+k+q+hAQGYlAf/R6QNqoPnraqzVnzFmFchFOi0wXBbgaiz fSUgH4mubpXYfJ7DFbxKoRLNwmvRq0eLLWxPOt7yK26qEh9Q0qyRy9sIMfhoACnf 5q6bkKmvfdvzqUvc9z1CeWVBsvmFmBEUiHrTCYZdNlcVyH0OUnC3WjVQlej5efud vZ4wO49LlRlgtKaWZFYzgggUenwO4l7WfMmUPQNl26u5Qu3mLD7+UWGzFNLDSSCk 88Ipy4KmjXA6XBshJ81aEoCBsNzJeek2rJwlEJaFmzjn7n2zrQA7f6eG/aCetB/C dQP8dNo7HF5u8bIWERZjoY0dn2nXMxfJ0+/QybHiz6CvL0AOsrs82w== =J11Y -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Tue Sep 6 17:09:58 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:42 2006 Subject: Wrapper for avast antivirus? Message-ID: > On Tue, Sep 06, 2005 at 03:16:28PM +0100, Julian Field wrote: >> The wrapper script is the trivial bit. The not-so-trivial bit is >> writing a reliable and robust parser for it. I know this would probably require a re-write, so it's probably not something to be done anytime soon ... but it seems to me, in an ADT type mindset, that the above is backward. There should be a protocol, of sorts (a standardized interface), between MailScanner and the AV wrappers. Meaning: instead of the wrapper returning whatever format the AV program does, the wrapper should translate to a standard response. Something like a multi-line output that says: $NUM_FOUND $EXPLOIT_1 $EXPLOIT_2 $EXPLOIT_3 ... $EXPLOIT_NUM_FOUND It doesn't have to be that format, but the point is, the wrapper should be the non-trivial bit that contains all AV-engine specific information. The code internal to MS should only need to read that one interface format. This simplifies the MS code, makes each AV-engine more modular, and easier to integrate new AV-engines and/or react to changes in AV-engine versions (if they change their output) without having to update MS itself (because you just update the wrapper instead). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Sep 6 17:19:24 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:42 2006 Subject: ByDomainSpamBlacklist wildcard Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, I notice this in CustomConfig.pm for the per domain black / white lists. # a list of entries, 1 per line, each one either being a full address: # user@domain.com ^^^^^^^^^^^^^^ [snip] Which indicates lack of wild-card support for email-address.. i am trying to add postmaster@* and mailer-daemon@* for one of my users whose been joe-jobbed, but it doesn't work. As suggested on the MS IRC, i could do this using rules.. but is there a workaround to this without abandoning the ByDomain feature. Running MS version 4.42.1 on Centos 4x Thanks in advance, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 17:25:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: ByDomainSpamBlacklist wildcard Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The reason the black+white per-domain and per-user code works as fast as it does is that it doesn't support all the combinations of address patterns allowed in rulesets. You could easily tweak it to allow user@* combinations, read the code and you should find it a fairly simple mod to make. On 6 Sep 2005, at 17:19, Dhawal Doshy wrote: > Hi Julian, > > I notice this in CustomConfig.pm for the per domain black / white > lists. > > # a list of entries, 1 per line, each one either being a full address: > # user@domain.com ^^^^^^^^^^^^^^ > [snip] > > Which indicates lack of wild-card support for email-address.. i am > trying to add postmaster@* and mailer-daemon@* for one of my users > whose been joe-jobbed, but it doesn't work. > > As suggested on the MS IRC, i could do this using rules.. but is > there a workaround to this without abandoning the ByDomain feature. > > Running MS version 4.42.1 on Centos 4x - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQx3C+fw32o+k+q+hAQFTEQgAt1JfCO/iZp3IfmSeFZYP3j4gdrG6MPVz Y2qG+ijCU2Z1410cjzf2bwXMTwcfxLOdjLO5+OJPnbY9Yy3CtvuGr+KPJ1X5Iz0J sBvz9vYQgHiLOr5rsUDMACrqHgT+xQW1MdwlmTGVVcZl5mAyzVWN833OICOFEBtJ +B1ni3vWX1DVq+zv08CkSJbNMSEI8w/Jg6OjzHRJbuW+pstYLLN2PLoyNmUa/VHZ 8qv+9LvWFgrmqIWnulUuNJShjVWQ+zzEX49qA9CcE2kJEBudYNhQgfAPNUVIlBUD EDnn5orUskPAY5cZD2+mHzXplJsI4Ti48gt6+tJpioE9YNZ5eFVEHQ== =pew6 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Tue Sep 6 19:56:05 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:42 2006 Subject: All mail has negative SA scores? Message-ID: I have just setup mailscanner with the mailwatch front end and although everything appears to be working fine, all the SA scores show up as negative numbers? Is this the correct behavior? Although I can get a positive score by sending a message through with gtube test, I have not seen any other mail get flagged as SPAM? ----------------------------------------------------------- Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office #301 - 1190 Hornby St. Vancouver, BC (V6Z-2K5) 604-806-8840 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Sep 6 20:02:02 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:42 2006 Subject: All mail has negative SA scores? Message-ID: ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Johnny Stork Sent: Tuesday, September 06, 2005 1:56 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: All mail has negative SA scores? I have just setup mailscanner with the mailwatch front end and although everything appears to be working fine, all the SA scores show up as negative numbers? Is this the correct behavior? Although I can get a positive score by sending a message through with gtube test, I have not seen any other mail get flagged as SPAM? ----------------------------------------------------------- Johnny Stork You may see better performance once your bayes kicks in. You might also consider installing, razor, pyzor and DCC. Are you using any RBL's? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Sep 6 20:05:48 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:42 2006 Subject: All mail has negative SA scores? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Johnny Stork wrote: I have just setup mailscanner with the mailwatch front end and although everything appears to be working fine, all the SA scores show up as negative numbers? Is this the correct behavior? Although I can get a positive score by sending a message through with gtube test, I have not seen any other mail get flagged as SPAM? Have you been getting a lot of email before you installed MS that you considered to be SPAM? When you run MW Recent Messages showing the last 50 messages, do any of them look like they should be SPAM? If so, then I would worry. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Sep 6 20:25:04 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner ANNOUNCE: Oops, forgot the URL Message-ID: Were would I go if I want to buy some shirts and get them deliverd to Canada ???? As the below site does not allow me to enter Canada ???? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, September 05, 2005 2:09 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner ANNOUNCE: Oops, forgot the URL -----BEGIN PGP SIGNED MESSAGE----- Get your T-shirts from mailscanner.spreadshirt.net Wear them with pride! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxwLM/w32o+k+q+hAQEgjwgAnYMPOjcrOIJa7w8FVFxOlr7AAKC6+Zhz sL1hE+ieU/uCy//crSJxuepBcnhuFr7kRwcJNGP/dfv2fTgp+/b4M8/5O9EOEWXK SUhsJlGKuARJjv89sxPpe8VOpUuxpDEyehL/XVkVWt4ALernKB7/qkkUeDOrH41R Ns6YSa38bJOwMNNwtcwCUQHkKb646tBAK/tSC5AU1P6SmdukG+6NbYajw1NBYT2U eJGyIlPzR7Bo7sXuNhNWxPC1spmKAy/r/3J5tZMeOCCE0iXcMnms6g5g2L4/DBJp NXqIBT/J/NmD7HoEiB+MJNE9JJv1EmUtf8a20YIYFxhC5N9bYD0XAg== =x+My -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Sep 6 20:28:06 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner ANNOUNCE: Oops, forgot the URL Message-ID: I just answerd my own question sorry... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Philip Parsons Sent: Tuesday, September 06, 2005 12:25 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner ANNOUNCE: Oops, forgot the URL Were would I go if I want to buy some shirts and get them deliverd to Canada ???? As the below site does not allow me to enter Canada ???? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Monday, September 05, 2005 2:09 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner ANNOUNCE: Oops, forgot the URL -----BEGIN PGP SIGNED MESSAGE----- Get your T-shirts from mailscanner.spreadshirt.net Wear them with pride! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQxwLM/w32o+k+q+hAQEgjwgAnYMPOjcrOIJa7w8FVFxOlr7AAKC6+Zhz sL1hE+ieU/uCy//crSJxuepBcnhuFr7kRwcJNGP/dfv2fTgp+/b4M8/5O9EOEWXK SUhsJlGKuARJjv89sxPpe8VOpUuxpDEyehL/XVkVWt4ALernKB7/qkkUeDOrH41R Ns6YSa38bJOwMNNwtcwCUQHkKb646tBAK/tSC5AU1P6SmdukG+6NbYajw1NBYT2U eJGyIlPzR7Bo7sXuNhNWxPC1spmKAy/r/3J5tZMeOCCE0iXcMnms6g5g2L4/DBJp NXqIBT/J/NmD7HoEiB+MJNE9JJv1EmUtf8a20YIYFxhC5N9bYD0XAg== =x+My -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Tue Sep 6 20:29:46 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner ANNOUNCE: Oops, forgot the URL Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip Parsons wrote: >Were would I go if I want to buy some shirts and get them deliverd to >Canada ???? As the below site does not allow me to enter Canada ???? > > Go to www.mailscanner.info/store and choose one of the other 2 stores. They are based in the USA, but do not unfortunately print black shirts. They do lots of white and light-coloured ones though. -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Sep 6 20:29:41 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:42 2006 Subject: All mail has negative SA scores? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Johnny Stork wrote: > I have just setup mailscanner with the mailwatch front end and although > everything appears to be working fine, all the SA scores show up as > negative numbers? Is this the correct behavior? Although I can get a > positive score by sending a message through with gtube test, I have not > seen any other mail get flagged as SPAM? That sounds wrong. Is all of your email hitting ALL_TRUSTED? Could you post a sample X-*-MailScanner-SpamCheck header? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From josephwatson at FSE.US Tue Sep 6 20:46:04 2005 From: josephwatson at FSE.US (Joseph Watson) Date: Thu Jan 12 21:30:42 2006 Subject: Small Typo in startup script for MailScanner 4.45 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I had a MailServer crash this weekend and took the opportunity to upgrade everything. I installed MailScanner 4.45 along with postfix and I must say it went very smooth, and that this version is very nicely done. I didn't have searching to make it work, just followed the simple and short directions for postfix MTA's and off I was. I was left thing "This was too easy!" Anyway Thanks very much!!! Wonderful product. In my review of the Startup Script, I noticed that because I was using the postfix hold queue, I should see the message "Assuming you are using a single Postfix instance (hold queue method)" when I started MailScanner. I wasn't...so here is a short diff file that corrected this for me. Now I get the message on the command line. - Regards Joseph Watson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "diff") 108bytes. ] [ Unable to print this part. ] From schwartzw at GMAIL.COM Tue Sep 6 20:48:00 2005 From: schwartzw at GMAIL.COM (William Schwartz) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner Archives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I realize it's easy to do with pine, mutt, elm or any one of a million unix apps (mutt fan myself). My dilema is that I'm providing the archives to a client who uses windows exclusively and I need to find an easy way for them to access the archives, both the mobx and the maildir ones. Are there any windows apps that can import from a maildir type archive like MailScanner creates? I'll play with using outlook Express to import eudora mailboxes and see if that takes care of the mbox ones. thanks, Bill On 9/6/05, Glenn Steen wrote: On 06/09/05, William Schwartz wrote: > I'm using MailScanner to archive all email for a particular domain in both > maildir and mbox formats. > > In my archive.rules I have: > FromOrTo: *@domain.com > /data/mail_archive/domain.com/archive.mbx > FromOrTo: *@domain.com /data/mail_archive/domain.com/ > > > Everything appears to work great. I get daily directoies in > /data/mail_archive/domain.com/ that contain the maildir files and I have a > cron job that rotates the mbx file weekly. > > My question is what's the best way to read these? I've played with > Thunderbird and Outlook express and I don't see a good way to import the > archive. Is there another application out there that would allow for easy > viewing of the archives? (both formats). > > Thanks, > Bill > "mail -f " has always been a safe thing to use (and it's easy to use too:-). I used to use pine for a rather long time... Or one could use Sylpheed or even kmail... Trick is to either work on a copy or make very sure that the MUA don't mess up the file(s). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 20:57:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: Small Typo in startup script for MailScanner 4.45 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joseph Watson wrote: >Hello, > I had a MailServer crash this weekend and took the opportunity to upgrade >everything. I installed MailScanner 4.45 along with postfix and I must say >it went very smooth, and that this version is very nicely done. I didn't >have searching to make it work, just followed the simple and short >directions for postfix MTA's and off I was. I was left thing "This was too >easy!" > >Anyway Thanks very much!!! Wonderful product. > > Glad you like it. I am thoroughly fed up with OSS that doesn't work, too! They expect people to use this stuff, and no-one but a complete expert can get it to work. (I'm battling with GForge 4.5 at the moment, it doesn't work at all) >In my review of the Startup Script, I noticed that because I was using the >postfix hold queue, I should see the message "Assuming you are using a >single Postfix instance (hold queue method)" when I started MailScanner. I >wasn't...so here is a short diff file that corrected this for me. Now I get >the message on the command line. > > Noted. Thanks. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 6 20:58:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner Archives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] William Schwartz wrote: > I realize it's easy to do with pine, mutt, elm or any one of a million > unix apps (mutt fan myself). My dilema is that I'm providing the > archives to a client who uses windows exclusively and I need to find > an easy way for them to access the archives, both the mobx and the > maildir ones. > > > Are there any windows apps that can import from a maildir type archive > like MailScanner creates? > > I'll play with using outlook Express to import eudora mailboxes and > see if that takes care of the mbox ones. Anything that can import Eudora mailboxes should be able to handle the mbox ones, I don't know of any that can handle the others though, sorry. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bob.dewildt at CYSONET.COM Tue Sep 6 21:55:25 2005 From: bob.dewildt at CYSONET.COM (Bob de Wildt) Date: Thu Jan 12 21:30:42 2006 Subject: All mail has negative SA scores? Message-ID: .Normal { MARGIN-TOP: 0pt; FONT-SIZE: 12pt; MARGIN-BOTTOM: 0pt; TEXT-INDENT: 0pt; FONT-FAMILY: Arial; TEXT-ALIGN: left } .Default_Paragraph_Font { FONT-WEIGHT: normal; FONT-SIZE: 12pt; COLOR: black; FONT-STYLE: normal; FONT-FAMILY: Arial; BACKGROUND-COLOR: white; FONT-VARIANT: normal; TEXT-DECORATION: none } DIV.ltTOCtitle { FONT-WEIGHT: bold; FONT-SIZE: 8pt; FONT-FAMILY: Verdana; TEXT-ALIGN: center } DIV.ltTOCl1 { FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-LEFT: 32pt; TEXT-INDENT: -32pt; FONT-FAMILY: Verdana } DIV.ltTOCl2 { FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-LEFT: 40pt; TEXT-INDENT: -32pt; FONT-FAMILY: Verdana } DIV.ltTOCl3 { FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-LEFT: 48pt; TEXT-INDENT: -32pt; FONT-FAMILY: Verdana } DIV.ltTOCl4 { FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-LEFT: 56pt; TEXT-INDENT: -32pt; FONT-FAMILY: Verdana } DIV.ltTOCl5 { FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-LEFT: 64pt; TEXT-INDENT: -32pt; FONT-FAMILY: Verdana } DIV.ltTOCl6 { FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-LEFT: 72pt; TEXT-INDENT: -32pt; FONT-FAMILY: Verdana } Try using the SPAMASSASSIN rules from: http://www.rulesemporium.com These rules are bound to give you positive SPAM.... Kind Regards, Bob de Wildt Systems Administrator Cyso Managed Hosting Baangracht 2 1811 DC Alkmaar tel: (+31) (0) 72-7513400 fax: (+31) (0) 72-7513401 e-mail: support@cysonet.com ________________________________________________________________________________ Van: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Namens Johnny Stork Verzonden: dinsdag 6 september 2005 20:56 Aan: MAILSCANNER@JISCMAIL.AC.UK Onderwerp: All mail has negative SA scores? I have just setup mailscanner with the mailwatch front end and although everything appears to be working fine, all the SA scores show up as negative numbers? Is this the correct behavior? Although I can get a positive score by sending a message through with gtube test, I have not seen any other mail get flagged as SPAM? ----------------------------------------------------------- Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office #301 - 1190 Hornby St. Vancouver, BC (V6Z-2K5) 604-806-8840 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Tue Sep 6 22:24:31 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:42 2006 Subject: just in case..... Message-ID: Hi, I know that this is a list to MailScanner questions, but I need ask you all, if anyone can help me, I have a problem installing SquidGuard, when I execute “make” this is the error: make[1]: Entering directory `/etc/squidguard/squidGuard-1.2.0/src' making all in src gcc -I.. -I. -I. -I/usr/local/BerkeleyDB/include -DHAVE_CONFIG_H -g -O2 -I/usr/local/BerkeleyDB/include -c sgDb.c sgDb.c: In function `sgDbInit': sgDb.c:101: warning: passing arg 2 of pointer to function from incompatible pointer type sgDb.c:101: warning: passing arg 4 of pointer to function makes pointer from integer without a cast sgDb.c:101: error: too few arguments to function sgDb.c:107: warning: passing arg 2 of pointer to function from incompatible pointer type sgDb.c:107: warning: passing arg 4 of pointer to function makes pointer from integer without a cast sgDb.c:107: error: too few arguments to function make[1]: *** [sgDb.o] Error 1 make[1]: Leaving directory `/etc/squidguard/squidGuard-1.2.0/src' make: *** [all] Error 1 What I’m doing wrong?? Please any help, Sorry by my English…. Raul.- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Tue Sep 6 22:39:11 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:30:42 2006 Subject: just in case..... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I suggest you drop Squidguard (outdated) and try Privoxy or Dansguard. Regards, Remy. Raul Urqueta Sierra wrote: Hi, I know that this is a list to MailScanner questions, but I need ask you all, if anyone can help me, I have a problem installing SquidGuard, when I execute “make” this is the error: make[1]: Entering directory `/etc/squidguard/squidGuard-1.2.0/src' making all in src gcc -I.. -I. -I. -I/usr/local/BerkeleyDB/include -DHAVE_CONFIG_H -g -O2 -I/usr/local/BerkeleyDB/include -c sgDb.c sgDb.c: In function `sgDbInit': sgDb.c:101: warning: passing arg 2 of pointer to function from incompatible pointer type sgDb.c:101: warning: passing arg 4 of pointer to function makes pointer from integer without a cast sgDb.c:101: error: too few arguments to function sgDb.c:107: warning: passing arg 2 of pointer to function from incompatible pointer type sgDb.c:107: warning: passing arg 4 of pointer to function makes pointer from integer without a cast sgDb.c:107: error: too few arguments to function make[1]: *** [sgDb.o] Error 1 make[1]: Leaving directory `/etc/squidguard/squidGuard-1.2.0/src' make: *** [all] Error 1 What I’m doing wrong?? Please any help, Sorry by my English…. Raul.- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From esandquist at IHMS.NET Tue Sep 6 23:10:12 2005 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner gateway system Message-ID: I am trying to get mailScanner setup using sendmail to relay all incoming traffic to our exchange server. I have all traffic coming into the MailScanner box with Sendmail for the MTA. But sendmail blocks our remote pop3 users from sending email outside the company. I need sendmail to collect all email, scan it with MailScanner/SpamAssassin/ClamAv, then pass it on to the exchange server, but our remote users need to authenticate in some way – either to sendmail with some kind of a lookup to AD in exchange or the remote users need to send email directly to the exchange server. The problem is that both the sendmail system and the exchange system are behind a firewall and the fire wall can only be portmapped to one of them. eric ________________________________________________________________________________ I am using the free version of SPAMfighter for private users. It has removed 34561 spam emails to date. Paying users do not have this message in their emails. Try SPAMfighter for free now! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Tue Sep 6 23:31:38 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner gateway system Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you have a VPN server? Your users could VPN into your network and then directly use Exchange. That's what our users do. Eric Sandquist wrote: > I am trying to get mailScanner setup using sendmail to relay all > incoming traffic to our exchange server. I have all traffic coming into > the MailScanner box with Sendmail for the MTA. But sendmail blocks our > remote pop3 users from sending email outside the company. I need > sendmail to collect all email, scan it with > MailScanner/SpamAssassin/ClamAv, then pass it on to the exchange server, > but our remote users need to authenticate in some way ^Ö either to > sendmail with some kind of a lookup to AD in exchange or the remote > users need to send email directly to the exchange server. The problem > is that both the sendmail system and the exchange system are behind a > firewall and the fire wall can only be portmapped to one of them. > > > > eric > > > ------------------------------------------------------------------------ > I am using the free version of SPAMfighter for private users. > It has removed 34561 spam emails to date. > Paying users do not have this message in their emails. > Try SPAMfighter for free now! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From damian at WORKGROUPSOLUTIONS.COM Tue Sep 6 23:40:35 2005 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner gateway system Message-ID: Put the sendmail server on the Internet side with it's own public IP address which your MX record will reference. Highly recommend using the Linux/Unix Firewall software. The sendmail server will forward messages to the existing SMTP IP address after scanning for viruses and spam. The POP3 users will continue using the existing IP address. Regards, Damian Mendoza SpamGate - http://www.spamgate.us -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dennis Willson Sent: Tuesday, September 06, 2005 3:32 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: MailScanner gateway system Do you have a VPN server? Your users could VPN into your network and then directly use Exchange. That's what our users do. Eric Sandquist wrote: > I am trying to get mailScanner setup using sendmail to relay all > incoming traffic to our exchange server. I have all traffic coming into > the MailScanner box with Sendmail for the MTA. But sendmail blocks our > remote pop3 users from sending email outside the company. I need > sendmail to collect all email, scan it with > MailScanner/SpamAssassin/ClamAv, then pass it on to the exchange server, > but our remote users need to authenticate in some way - either to > sendmail with some kind of a lookup to AD in exchange or the remote > users need to send email directly to the exchange server. The problem > is that both the sendmail system and the exchange system are behind a > firewall and the fire wall can only be portmapped to one of them. > > > > eric > > > ------------------------------------------------------------------------ > I am using the free version of SPAMfighter for private users. > It has removed 34561 spam emails to date. > Paying users do not have this message in their emails. > Try SPAMfighter for free now! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Wed Sep 7 02:22:19 2005 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:30:42 2006 Subject: How to filter certain spam Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday 07 September 2005 10:03, Jon Miller wrote: > Lately, I've been getting a heap of spam mail from various sources with the > same content (see below), like to know the following: > 1) is there a way to train MailScanner/SA to filter these e-mail Yes - run the following as the same user that MailScanner runs as: sa-learn -p /path/to/spam.assassin.prefs.conf -spam "sa-learn --help" for all the options. Just remember to always use your MailScanner spamassassin preferences file :) > 2) is there a ruleset already done? Not specifically, but using spamassassin 3.04 + my custom rules (files.grayonline.id.au) I get a score of 21.8...high scoring spam. > 3) where do I find out how to release qurantined mail. When I try to > release it the released mail never shows up and I'm not sure it stays in > qurantine. See the attached script. I have it in /root/bin on my mail gateways which run sendmail so it's based on a standard sendmail+MailScanner directory structure and assumes you "quarantine as queue files" (MailScanner.conf). The gist of it is: 1. Find the quarantined message 2. copy the QUEUE files from the quarantine folder to the outgoing mail queue. 3. Force a queue run to deliver outgoing mail. Hope this all helps :) Cheers, James -- "The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-ZIP 2KB. ] [ Unable to print this part. ] From kte at NEXIS.BE Wed Sep 7 06:28:37 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:30:42 2006 Subject: relay to 2 servers Message-ID: So I want to relay the same domain to 2 servers. With the same mailbox addresses. Is this possible with sendmail virtusertable (example: kte@nexis.be ktelocal) + alias (ktelocal: kte@nexis.be, kte@server.nexis.be) ? Or the change the dilever options in mailscanner? But what must I change i the fsl config to make it work Thanks Koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Wed Sep 7 12:25:33 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:30:42 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote on 5-9-2005 11:26: >>I've already downloaded the latest stable version, you can download it on >>http://www.waversveld.nl/downloads/MailScanner-4.45.4-1.rpm.tar.gz. It's the >>RPM-based verion for RedHat, etc. I've put it up at http://home.student.utwente.nl/p.g.m.peters/MailScanner-4.45.4-1.rpm.tar.gz (1Gbps all the way to Internet) -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Sep 7 13:12:00 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:42 2006 Subject: DNS problems for www.mailscanner.info... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 07/09/05, Peter Peters wrote: > Glenn Steen wrote on 5-9-2005 11:26: > > >>I've already downloaded the latest stable version, you can download it on > >>http://www.waversveld.nl/downloads/MailScanner-4.45.4-1.rpm.tar.gz. It's the > >>RPM-based verion for RedHat, etc. > > I've put it up at > http://home.student.utwente.nl/p.g.m.peters/MailScanner-4.45.4-1.rpm.tar.gz > > (1Gbps all the way to Internet) > > -- > Peter Peters, senior beheerder (Security) > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe > Thanks Peter, but I already got it from Joost. Also, BT seems to have gotten their act together, so ... everything is looking up again:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Sep 7 16:24:48 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner Archives Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 06/09/05, William Schwartz wrote: > I realize it's easy to do with pine, mutt, elm or any one of a million unix > apps (mutt fan myself). My dilema is that I'm providing the archives to a > client who uses windows exclusively and I need to find an easy way for them > to access the archives, both the mobx and the maildir ones. > > > Are there any windows apps that can import from a maildir type archive like > MailScanner creates? > > I'll play with using outlook Express to import eudora mailboxes and see if > that takes care of the mbox ones. > > thanks, > Bill > Yep, there isan easy way for windoze... Namely mutt, at least according to www.mutt.org (and cygwin:-) Wikipedia had these things to say: http://en.wikipedia.org/wiki/List_of_email_clients and perhaps more interresting http://en.wikipedia.org/wiki/Comparison_of_email_clients whether they actually are true or not (and whether any but mutt support both mbox and maildir), I'm not too sure ... at least Sylpheed boasts about windozwe support that just isn't there (dead link). HtH -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lbcadmin at gmail.com Wed Sep 7 17:48:13 2005 From: lbcadmin at gmail.com (Information Services) Date: Thu Jan 12 21:30:42 2006 Subject: MailScanner[22723]: ProcessClamAVOutput: unrecognised line Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] While checking my logs I noticed the following errors: MailScanner[22723]: ProcessClamAVOutput: unrecognised line "rcng/". Please contact the authors! MailScanner[22723]: ProcessClamAVOutput: unrecognised line "rcng/ogo- zidestore.sh". Please contact the authors! MailScanner[22723]: ProcessClamAVOutput: unrecognised line "rcng/ogo-xmlrpcd.sh". Please contact the authors! MailScanner[22723]: ProcessClamAVOutput: unrecognised line "rcng/ogo- nhsd.sh". Please contact the authors! MailScanner[22723]: ProcessClamAVOutput: unrecognised line "rcng/ogo-webui.sh". Please contact the authors! The information above was from 11:41am on Sept 6, 2005. Previous to this message shows ClamAV found 2 viruses at 7am of the same day. In between there were no postings for ClamAV until this above error. There have been no postings in the logs concerning ClamAV since. From what I am seeing from this, clamav has not been running since yesterday. Has anyone seen this before? I am running: CentOS 4.1 MailScanner 4.44.1-1 sendmail 8.13.4-1 clamav 0.86.2 Casey ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Thu Sep 8 02:28:02 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:30:42 2006 Subject: spam scores Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, Have been seeing a lot more spam getting through and have also recently had to start a new bayes database. Below is the scores from an obvious piece of spam. Looking at the scores assigned, I would think these should have been higher. The total score here was 4.8 and my threshold is 5 for spam and 10 for high scoring spam. Seems to me there is an issue somewhere in my setup. This is a Linus RH 9 box and a CentOS box for my secondary. My question is, (and I have looked through the archives and did not find much that helped but maybe I searched with the wrong keywords?) how can I A:) make spamassassin assign proper scores to obvious spam, B:) train the bayes database ( cannot assign users ham and spam folders .... it just would not work with my users). Any other suggestions would also be welcomed. Dave 1.00 DRUGS_ERECTILE Refers to an erectile drug 0.81 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 0.48 INFO_TLD Contains an URL in the INFO top-level domain 0.00 MANY_EXCLAMATIONS Subject has many exclamations 0.43 PLING_PLING Subject has lots of exclamation marks 1.54 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 0.54 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist Here is my setup on my main mail server: MailScanner -V This is Red Hat Linux release 9 (Shrike) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.44.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.10 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.01 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.21 URI On my secondary: MailScanner -V This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.44.6 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.07 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.30 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From josephwatson at FSE.US Thu Sep 8 05:32:53 2005 From: josephwatson at FSE.US (Joseph Watson) Date: Thu Jan 12 21:30:42 2006 Subject: Protecting Outlook Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I was doing some testing using the test emails available at http://www.gfi.com/emailsecuritytest/ It seems that the default configuration for the latest release of MailScanner v 4.45, does not pickup a few of the tests. The ones in question are Long subject attachment checking bypass test (for Outlook Express 6) Long subject attachment checking bypass test (for Outlook 2000) Attachment with no filename vulnerability test It looks to me like my version of Outlook is updated and not vulnerable to these attacks, but the emails go through MailScanner. Is there a way to configure MailScanner to pick these up?? Also on the same site they have a test for Fragmented message vulnerability test (for Outlook Express) This test sends 5 emails that are Fragmented. MailScanner picks up the last 4 of these emails as "Dangerous content" and removes the attachments. But the first message of the 5 seems to have a problem. MailScanner Does detect it as a fragmented email, but something goes wrong with the formatting and it ends up quite corrupted. The result is very weird. The warning attachment that MailScanner adds shows up in the body. The attachment has a very strange name "]5" and when opened...you end up with a file explorer opened to the directory C:\winnt\system32. I was wondering if others may be able to reproduce this, and what your thoughts may be. - Regards Joseph Watson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Thu Sep 8 08:10:09 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:30:42 2006 Subject: MCP/SPAM Actions Message-ID: > That sounds about right. Just about anything over-rides > "delete", it will only delete the message if it is sure that > is what you wanted to happen. Far better to save a few extra > messages than start deleting things when it isn't sure you meant it. > Thanks for your help Julian, that's really cleared the whole thing up for me. I appreciate your patience while I asked the same question over and over :) R ----------------------- This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.gray at DNS.CO.UK Thu Sep 8 08:13:50 2005 From: richard.gray at DNS.CO.UK (Gray, Richard) Date: Thu Jan 12 21:30:42 2006 Subject: spam scores Message-ID: > . My question is, (and I have looked > through the archives and did not find much that helped but > maybe I searched with the wrong keywords?) how can I A:) make > spamassassin assign proper scores to obvious spam, > I'd probably start with upping the scores for the RBLs WS and JP. I've found these to be very reliable, so you could probably get away with adding at least another point on to each of them. If you add this together with bayes_autolearn 1 you should be on your way to a more successful run. R ----------------------- This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses. For further information contact email-integrity@dns.co.uk ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Sep 8 09:54:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:42 2006 Subject: spam scores Message-ID: Dave I'd look at what rules you in there that might (spamassassin rules). There's a nice recommended set in the wiki (which I'm having problems connecting to right now).... Also you don't mention what version of SA. 3.0.4 is the latest stable and fixes a few problems with the URI RBLS....I'd also add a few more of these in the URI-BLACK is very good (see the wiki above). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Filchak Sent: 08 September 2005 02:28 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] spam scores Hello all, Have been seeing a lot more spam getting through and have also recently had to start a new bayes database. Below is the scores from an obvious piece of spam. Looking at the scores assigned, I would think these should have been higher. The total score here was 4.8 and my threshold is 5 for spam and 10 for high scoring spam. Seems to me there is an issue somewhere in my setup. This is a Linus RH 9 box and a CentOS box for my secondary. My question is, (and I have looked through the archives and did not find much that helped but maybe I searched with the wrong keywords?) how can I A:) make spamassassin assign proper scores to obvious spam, B:) train the bayes database ( cannot assign users ham and spam folders .... it just would not work with my users). Any other suggestions would also be welcomed. Dave 1.00 DRUGS_ERECTILE Refers to an erectile drug 0.81 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 0.48 INFO_TLD Contains an URL in the INFO top-level domain 0.00 MANY_EXCLAMATIONS Subject has many exclamations 0.43 PLING_PLING Subject has lots of exclamation marks 1.54 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 0.54 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist Here is my setup on my main mail server: MailScanner -V This is Red Hat Linux release 9 (Shrike) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.44.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.10 Digest 1.01 Digest::HMAC 2.20 Digest::MD5 2.01 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.21 URI On my secondary: MailScanner -V This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.44.6 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.07 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.30 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Sep 8 12:25:09 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:42 2006 Subject: spam scores Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 08/09/05, Martin Hepworth wrote: (snip) > There's a nice recommended set in the wiki (which I'm having problems > connecting to right now).... (snip) Had it too this morning, but it seems fine now. And it seems a *lot* faster, so perhaps it got migrated to some better HW(?) or somesuch. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 8 14:15:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:42 2006 Subject: spam scores Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: >On 08/09/05, Martin Hepworth wrote: >(snip) > > >>There's a nice recommended set in the wiki (which I'm having problems >>connecting to right now).... >> >> >(snip) >Had it too this morning, but it seems fine now. And it seems a *lot* >faster, so perhaps it got migrated to some better HW(?) or somesuch. > > We spent about $1/3m on new network kit a couple of weeks back, so it may be the last bit of tuning being done on there. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Sep 8 15:05:46 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:42 2006 Subject: False "hide real filename" issue Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are trying to send a file "SendTitaniumSe.csv" to someone, and we continue to get it bounced back (okay I do get it through, for I am root! ). But how do I stop this from triggering MailScanner's "Report: Attempt to hide real filename extension" rule? - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQyBFRRBVT8XLuTbnEQLfUACgwq5/hLN4q1h+MQYaFTb8L4oFoJsAn1kJ sAuBRP0foTcvOLdtz8qpoRcM =Y90n -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Sep 8 15:09:37 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:42 2006 Subject: False "hide real filename" issue Message-ID: Craig Shouldn't do - you sure that's the full filename?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Craig Daters Sent: 08 September 2005 15:06 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] False "hide real filename" issue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are trying to send a file "SendTitaniumSe.csv" to someone, and we continue to get it bounced back (okay I do get it through, for I am root! ). But how do I stop this from triggering MailScanner's "Report: Attempt to hide real filename extension" rule? - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQyBFRRBVT8XLuTbnEQLfUACgwq5/hLN4q1h+MQYaFTb8L4oFoJsAn1kJ sAuBRP0foTcvOLdtz8qpoRcM =Y90n -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Sep 8 15:24:59 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:42 2006 Subject: False "hide real filename" issue Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yeppers, That is the full filename. On Sep 8, 2005, at 7:09 AM, Martin Hepworth wrote: > Craig > > Shouldn't do - you sure that's the full filename?? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > Of Craig Daters > Sent: 08 September 2005 15:06 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] False "hide real filename" issue > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We are trying to send a file "SendTitaniumSe.csv" to someone, and we > continue to get it bounced back (okay I do get it through, for I am > root! ). But how do I stop this from triggering MailScanner's > "Report: Attempt to hide real filename extension" rule? > > - --- > Craig Daters (craig@westpress.com) > Systems Administrator > > West Press > 1663 West Grant Road > Tucson, Arizona 85745 > > (520) 624-4939 x208 > (520) 624-2715 fax > www.westpress.com > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.1 > > iQA/AwUBQyBFRRBVT8XLuTbnEQLfUACgwq5/hLN4q1h+MQYaFTb8L4oFoJsAn1kJ > sAuBRP0foTcvOLdtz8qpoRcM > =Y90n > -----END PGP SIGNATURE----- > > > -- > Please note: It is the policy of West Press that all e-mail > sent to and from any @westpress.com address may be recorded > and monitored. Unless it is West Press related business, > please do not send any material of a private, personal, > or confidential nature to this or any @westpress.com > e-mail address. > > This message has been scanned for UCE (spam), viruses, > and dangerous content, and is believed to be clean > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQyBJvxBVT8XLuTbnEQI8KgCdFX8RMAM6XNrYRuxsF2alBQMmBVkAoPxo 1T338kJMJ1mHeG757JM/VG80 =Pb/4 -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Sep 8 15:30:03 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:42 2006 Subject: Protecting Outlook Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joseph Watson wrote: >I was doing some testing using the test emails available at > >http://www.gfi.com/emailsecuritytest/ > >It seems that the default configuration for the latest release of >MailScanner v 4.45, does not pickup a few of the tests. The ones in >question are > >Long subject attachment checking bypass test (for Outlook Express 6) >Long subject attachment checking bypass test (for Outlook 2000) >Attachment with no filename vulnerability test > >It looks to me like my version of Outlook is updated and not vulnerable to >these attacks, but the emails go through MailScanner. Is there a way to >configure MailScanner to pick these up?? > >Also on the same site they have a test for > >Fragmented message vulnerability test (for Outlook Express) > >This test sends 5 emails that are Fragmented. MailScanner picks up the last >4 of these emails as "Dangerous content" and removes the attachments. But >the first message of the 5 seems to have a problem. MailScanner Does detect >it as a fragmented email, but something goes wrong with the formatting and >it ends up quite corrupted. The result is very weird. The warning >attachment that MailScanner adds shows up in the body. The attachment has a >very strange name "]5" and when opened...you end up with a file explorer >opened to the directory C:\winnt\system32. > >I was wondering if others may be able to reproduce this, and what your >thoughts may be. > > >- Regards > >Joseph Watson > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > This comes up every now and then. These are artificially generated tests created by a company bent on selling you their solution, even though the methods used aren't really exploitable. It's like selling you "grue repellant" by giving you a free sample and saying "See... there aren't any grues around!" in broad daylight, when everybody knows they only attack in the dark ;) Search the list for gfi or "online virus test" or similar phrases and you'll find the discussions on why you should take their warnings as suggestions and not gospel. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Sep 8 15:30:32 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:42 2006 Subject: Protecting Outlook Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joseph Watson wrote: >I was doing some testing using the test emails available at > >http://www.gfi.com/emailsecuritytest/ > >It seems that the default configuration for the latest release of >MailScanner v 4.45, does not pickup a few of the tests. The ones in >question are > >Long subject attachment checking bypass test (for Outlook Express 6) >Long subject attachment checking bypass test (for Outlook 2000) >Attachment with no filename vulnerability test > >It looks to me like my version of Outlook is updated and not vulnerable to >these attacks, but the emails go through MailScanner. Is there a way to >configure MailScanner to pick these up?? > >Also on the same site they have a test for > >Fragmented message vulnerability test (for Outlook Express) > >This test sends 5 emails that are Fragmented. MailScanner picks up the last >4 of these emails as "Dangerous content" and removes the attachments. But >the first message of the 5 seems to have a problem. MailScanner Does detect >it as a fragmented email, but something goes wrong with the formatting and >it ends up quite corrupted. The result is very weird. The warning >attachment that MailScanner adds shows up in the body. The attachment has a >very strange name "]5" and when opened...you end up with a file explorer >opened to the directory C:\winnt\system32. > >I was wondering if others may be able to reproduce this, and what your >thoughts may be. > > >- Regards > >Joseph Watson > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Oh, and by the way, you could use another e-mail client like Thunderbird to make things safer for your users. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Thu Sep 8 15:37:29 2005 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:30:42 2006 Subject: False "hide real filename" issue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig, I created a file with that same name and emailed it to myself without a problem. I'm lost as to why this file would trigger that particular rule. Perhaps the .csv extension is what is triggering it. Try to send a different .csv file through and see what it does. Search your rules files for .csv Craig Daters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yeppers, That is the full filename. > > On Sep 8, 2005, at 7:09 AM, Martin Hepworth wrote: > > >>Craig >> >>Shouldn't do - you sure that's the full filename?? >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf >>Of Craig Daters >>Sent: 08 September 2005 15:06 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: [MAILSCANNER] False "hide real filename" issue >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>We are trying to send a file "SendTitaniumSe.csv" to someone, and we >>continue to get it bounced back (okay I do get it through, for I am >>root! ). But how do I stop this from triggering MailScanner's >>"Report: Attempt to hide real filename extension" rule? >> >>- --- >>Craig Daters (craig@westpress.com) >>Systems Administrator >> >>West Press >>1663 West Grant Road >>Tucson, Arizona 85745 >> >>(520) 624-4939 x208 >>(520) 624-2715 fax >>www.westpress.com >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP 8.1 >> >>iQA/AwUBQyBFRRBVT8XLuTbnEQLfUACgwq5/hLN4q1h+MQYaFTb8L4oFoJsAn1kJ >>sAuBRP0foTcvOLdtz8qpoRcM >>=Y90n >>-----END PGP SIGNATURE----- >> >> >>-- >>Please note: It is the policy of West Press that all e-mail >>sent to and from any @westpress.com address may be recorded >>and monitored. Unless it is West Press related business, >>please do not send any material of a private, personal, >>or confidential nature to this or any @westpress.com >>e-mail address. >> >>This message has been scanned for UCE (spam), viruses, >>and dangerous content, and is believed to be clean >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > - --- > Craig Daters (craig@westpress.com) > Systems Administrator > > West Press > 1663 West Grant Road > Tucson, Arizona 85745 > > (520) 624-4939 x208 > (520) 624-2715 fax > www.westpress.com > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.1 > > iQA/AwUBQyBJvxBVT8XLuTbnEQI8KgCdFX8RMAM6XNrYRuxsF2alBQMmBVkAoPxo > 1T338kJMJ1mHeG757JM/VG80 > =Pb/4 > -----END PGP SIGNATURE----- > > > -- > Please note: It is the policy of West Press that all e-mail > sent to and from any @westpress.com address may be recorded > and monitored. Unless it is West Press related business, > please do not send any material of a private, personal, > or confidential nature to this or any @westpress.com > e-mail address. > > This message has been scanned for UCE (spam), viruses, > and dangerous content, and is believed to be clean > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Ryan Pitt IT Manager Marino Crane Service Corp. Tel. (860)347-0827 Fax. (860)347-9871 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Sep 8 15:32:17 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:42 2006 Subject: False "hide real filename" issue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Yeppers, That is the full filename. > >On Sep 8, 2005, at 7:09 AM, Martin Hepworth wrote: > > > >>Craig >> >>Shouldn't do - you sure that's the full filename?? >> >>-- >>Martin Hepworth >>Snr Systems Administrator >>Solid State Logic >>Tel: +44 (0)1865 842300 >> >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf >>Of Craig Daters >>Sent: 08 September 2005 15:06 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: [MAILSCANNER] False "hide real filename" issue >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>We are trying to send a file "SendTitaniumSe.csv" to someone, and we >>continue to get it bounced back (okay I do get it through, for I am >>root! ). But how do I stop this from triggering MailScanner's >>"Report: Attempt to hide real filename extension" rule? >> >>- --- >>Craig Daters (craig@westpress.com) >>Systems Administrator >> >>West Press >>1663 West Grant Road >>Tucson, Arizona 85745 >> >>(520) 624-4939 x208 >>(520) 624-2715 fax >>www.westpress.com >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP 8.1 >> >>iQA/AwUBQyBFRRBVT8XLuTbnEQLfUACgwq5/hLN4q1h+MQYaFTb8L4oFoJsAn1kJ >>sAuBRP0foTcvOLdtz8qpoRcM >>=Y90n >>-----END PGP SIGNATURE----- >> >> >>-- >>Please note: It is the policy of West Press that all e-mail >>sent to and from any @westpress.com address may be recorded >>and monitored. Unless it is West Press related business, >>please do not send any material of a private, personal, >>or confidential nature to this or any @westpress.com >>e-mail address. >> >>This message has been scanned for UCE (spam), viruses, >>and dangerous content, and is believed to be clean >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >>********************************************************************** >> >>This email and any files transmitted with it are confidential and >>intended solely for the use of the individual or entity to whom they >>are addressed. If you have received this email in error please notify >>the system manager. >> >>This footnote confirms that this email message has been swept >>for the presence of computer viruses and is believed to be clean. >> >>********************************************************************** >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> >- --- >Craig Daters (craig@westpress.com) >Systems Administrator > >West Press >1663 West Grant Road >Tucson, Arizona 85745 > >(520) 624-4939 x208 >(520) 624-2715 fax >www.westpress.com > >-----BEGIN PGP SIGNATURE----- >Version: PGP 8.1 > >iQA/AwUBQyBJvxBVT8XLuTbnEQI8KgCdFX8RMAM6XNrYRuxsF2alBQMmBVkAoPxo >1T338kJMJ1mHeG757JM/VG80 >=Pb/4 >-----END PGP SIGNATURE----- > > >-- >Please note: It is the policy of West Press that all e-mail >sent to and from any @westpress.com address may be recorded >and monitored. Unless it is West Press related business, >please do not send any material of a private, personal, >or confidential nature to this or any @westpress.com >e-mail address. > >This message has been scanned for UCE (spam), viruses, >and dangerous content, and is believed to be clean > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > Try renaming the file and sending it. Windows may be not showing you the whole filename in a way you can realize it's got something weird about it. You can even rename it temp.blah and then rename it back - give it a shot. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Sep 8 15:46:11 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:42 2006 Subject: False "hide real filename" issue Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You guys are all right. I created a file with the same name and sent that to myself, and it went through! I'll have to go to the users computer and look at the actual email she sent.... - --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQyBOtxBVT8XLuTbnEQIZeQCeOoYconPvQNeZht8t9C/pn53SMiMAoJXW NzzfyKkCHn+6GtTVo6Fk+F5n =90cH -----END PGP SIGNATURE----- -- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address. This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at WESTPRESS.COM Thu Sep 8 16:00:57 2005 From: craig at WESTPRESS.COM (Craig Daters) Date: Thu Jan 12 21:30:42 2006 Subject: False "hide real filename" issue Message-ID: On Sep 8, 2005, at 7:46 AM, Craig Daters wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You guys are all right. I created a file with the same name and sent that to myself, and it went through! I'll have to go to the users computer and look at the actual email she sent.... Indeed, the file name was: SendTitaniumSecondReport-20050908sabrawestpress.com, jackustax.com, laurieustax.com.csv To which, all I could say was, "wow! I have to set up a rule to let this crap through!?" --- Craig Daters (craig@westpress.com) Systems Administrator West Press 1663 West Grant Road Tucson, Arizona 85745 (520) 624-4939 x208 (520) 624-2715 fax www.westpress.com [ Part 2, Application/PGP-SIGNATURE 179bytes. ] [ Unable to print this part. ] From josephwatson at FSE.US Thu Sep 8 16:03:51 2005 From: josephwatson at FSE.US (Joseph Watson) Date: Thu Jan 12 21:30:42 2006 Subject: Protecting Outlook Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks very much. :) I figured as much..but was a little lost as to what I should search for to find out. Thanks much for the reply :) Also, I WOULD NOT USE OUTLOOK for my personal use.....but at work I do not hold the big stick. My job is to protect them :) Job security. Alex Neuman van der Hans wrote: >This comes up every now and then. These are artificially generated tests >created by a company bent on selling you their solution, even though the >methods used aren't really exploitable. It's like selling you "grue >repellant" by giving you a free sample and saying "See... there aren't >any grues around!" in broad daylight, when everybody knows they only >attack in the dark ;) > >Search the list for gfi or "online virus test" or similar phrases and >you'll find the discussions on why you should take their warnings as >suggestions and not gospel. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Thu Sep 8 16:06:33 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:42 2006 Subject: Feature request: Overloading Whitelists/Blacklists Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey, We want to use MailScanner for a lot of domains. I was checking if we could define the whitelist per domain in a seperate file. Unfortunately I do not get it working. I tried the solution you can find on the wiki about "overloading filename.rules.conf" (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading&s=overloading) but then I get an syntax error. Apparently this does not work for defining whitelists/blacklists. We want to do this so it's much easier to administrate all the settings for our users. According to the error I got, I think this is not an feature what's already in Mailscanner, what makes this email an Feature request. :) I really hope this is gonna be an feature of MailScanner. Greets, Joost Waversveld ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Sep 8 16:12:53 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:43 2006 Subject: False "hide real filename" issue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > On Sep 8, 2005, at 7:46 AM, Craig Daters wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You guys are all right. I created a file with the same name and sent > that to myself, and it went through! I'll have to go to the users > computer and look at the actual email she sent.... > > > Indeed, the file name was: > > SendTitaniumSecondReport-20050908sabrawestpress.com, jackustax.com, > laurieustax.com.csv > > To which, all I could say was, "wow! I have to set up a rule to let > this crap through!?" > Craig, Just comment out the following rule: # Deny all other double file extensions. This catches any hidden filenames. #deny \.[a-z][a-z0-9]{2,3}\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension That's what I did a long time ago because I block all executable file types (exe, pif, bat, ...). Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Sep 8 16:14:59 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:43 2006 Subject: False "hide real filename" issue Message-ID: >SendTitaniumSecondReport-20050908sabrawestpress.com, jackustax.com, laurieustax.com.csv >To which, all I could say was, "wow! I have to set up a rule to let this crap through!?" No. Instead it's time to invest in a LART! Definitely a "layer 8" issue as we say on the networking side. ...Kevin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Sep 8 16:19:31 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:43 2006 Subject: Feature request: Overloading Whitelists/Blacklists Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joost Waversveld wrote: > We want to use MailScanner for a lot of domains. I was checking if we could > define the whitelist per domain in a seperate file. Unfortunately I do not get > it working. I tried the solution you can find on the wiki about "overloading > filename.rules.conf" > (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading&s=overloading) > but then I get an syntax error. Apparently this does not work for defining > whitelists/blacklists. This is already an existing feature in CustomConfig.pm (you'll find this in /usr/lib/MailScanner/MailScanner for the RPM version), though you'll need to enable it MailScanner.conf Have a look at these in MailScanner.conf (my values) Is Definitely Not Spam = &ByDomainSpamWhitelist Is Definitely Spam = &ByDomainSpamBlacklist Definite Spam Is High Scoring = yes You can not only have domain based, but also per email-id based black / whitelists using this (simple to use) Custom Function. Also you can; not only black / whitelist domains but also "Full email ids" and "IP Addresses" > > We want to do this so it's much easier to administrate all the settings for our > users. > If you need something easier, use mailwatch 1.0.2 and the SQL based black / whitelists with a nice php based front-end. hope that helps, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Sep 8 16:35:14 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:43 2006 Subject: False "hide real filename" issue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >>SendTitaniumSecondReport-20050908sabrawestpress.com, jackustax.com, >> >> >laurieustax.com.csv > > >>To which, all I could say was, "wow! I have to set up a rule to let this >> >> >crap through!?" > >No. Instead it's time to invest in a LART! Definitely a "layer 8" issue as >we say on the networking side. > >...Kevin > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > You can just add ".csv allow" to the rules as well. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Sep 8 16:36:46 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:30:43 2006 Subject: Protecting Outlook Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joseph Watson wrote: >>Search the list for gfi or "online virus test" or similar phrases and >>you'll find the discussions on why you should take their warnings as >>suggestions and not gospel. >> >> As I said, search the list for "online virus test" or similar phrases. There's been a lot of traffic about that. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Thu Sep 8 16:37:27 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:30:43 2006 Subject: False "hide real filename" issue Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >> You guys are all right. I created a file with the same name and sent >> that to myself, and it went through! I'll have to go to the users >> computer and look at the actual email she sent.... You didn't check it yourself? Since when users know what they are doing and what they really need? ;) -- Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 17:24:14 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: spam scores Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Filchak spake the following on 9/7/2005 6:28 PM: > Hello all, > > Have been seeing a lot more spam getting through and have also recently > had to start a new bayes database. Below is the scores from an obvious > piece of spam. Looking at the scores assigned, I would think these > should have been higher. The total score here was 4.8 and my threshold > is 5 for spam and 10 for high scoring spam. Seems to me there is an > issue somewhere in my setup. This is a Linus RH 9 box and a CentOS box > for my secondary. My question is, (and I have looked through the > archives and did not find much that helped but maybe I searched with the > wrong keywords?) how can I A:) make spamassassin assign proper scores to > obvious spam, B:) train the bayes database ( cannot assign users ham and > spam folders .... it just would not work with my users). Any other > suggestions would also be welcomed. > > Dave > > 1.00 DRUGS_ERECTILE Refers to an erectile drug > 0.81 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP > addr 2) > 0.48 INFO_TLD Contains an URL in the INFO top-level domain > 0.00 MANY_EXCLAMATIONS Subject has many exclamations > 0.43 PLING_PLING Subject has lots of exclamation marks > 1.54 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > 0.54 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist > Did you get a bayes starter database from www.fsl.com? It will get you going a lot faster! I increased my scores on the URIBL hits, as they seem pretty reliable. You could also up the score on DRUGS_ERECTILE if you want. The other scores are best left alone, because some people! need! to! put! exclamation points everywhere. ;) -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 17:31:06 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: False "hide real filename" issue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters spake the following on 9/8/2005 7:46 AM: > You guys are all right. I created a file with the same name and sent > that to myself, and it went through! I'll have to go to the users > computer and look at the actual email she sent.... > That system probably has "Hide extensions for known file types" set, and the user inadvertently added another extension. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 17:34:50 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: False "hide real filename" issue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller spake the following on 9/8/2005 8:14 AM: >>SendTitaniumSecondReport-20050908sabrawestpress.com, jackustax.com, > > laurieustax.com.csv > >>To which, all I could say was, "wow! I have to set up a rule to let this > > crap through!?" > > No. Instead it's time to invest in a LART! Definitely a "layer 8" issue as > we say on the networking side. > > ...Kevin > Talking about a lart, you should see this; http://www.lart.tudelft.nl/ I wonder if they have a clue? -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 8 18:21:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:43 2006 Subject: False "hide real filename" issue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig Daters wrote: > On Sep 8, 2005, at 7:46 AM, Craig Daters wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You guys are all right. I created a file with the same name and sent > that to myself, and it went through! I'll have to go to the users > computer and look at the actual email she sent.... > > > Indeed, the file name was: > > SendTitaniumSecondReport-20050908sabrawestpress.com, jackustax.com, > laurieustax.com.csv > > To which, all I could say was, "wow! I have to set up a rule to let > this crap through!?" What had happened was you were seeing SendTitaniumSe.csv in the log. Before MailScanner logs any filename anywhere, or includes it in any report, it "sanitizes" it a bit to make it safer. One of its sanitisation steps is to strip the body of the filename down to 14 characters. Otherwise if you had a bug in your syslogd where very long log entries were not correctly handled, MailScanner would allow long filenames in email messages to be used as a means of exploiting a bug in syslogd. Not that such a bug exists in syslogd as far as I am aware, it's just an example of my paranoid programming. Which all contributes to the fact that www.secunia.com lists 0 security problems ever found in MailScanner 4. Which makes me happy :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 8 18:27:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:43 2006 Subject: Feature request: Overloading Whitelists/Blacklists Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The answer to your question is all in /usr/lib/MailScanner/MailScanner/CustomConfig.pm. There is code in there to provide per-user and per-domain white and black-lists. It's all obvious in that file, it gives you instructions on what to set in your MailScanner.conf and how to lay out the files. You can then just build the files from a database on a regular basis, and kill -HUP (or service MailScanner reload) to tell MailScanner to re-read all the files. It caches the files internally which makes it a whole lot faster! This method is heaps faster than using a large conventional ruleset. It would be really helpful if you could log what you did into the wiki so that the instructions are there for others. If you have problems setting it up, just shout for help. Joost Waversveld wrote: >Hey, > >We want to use MailScanner for a lot of domains. I was checking if we could >define the whitelist per domain in a seperate file. Unfortunately I do not get >it working. I tried the solution you can find on the wiki about "overloading >filename.rules.conf" >(http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading&s=overloading) >but then I get an syntax error. Apparently this does not work for defining >whitelists/blacklists. > >We want to do this so it's much easier to administrate all the settings for our >users. > >According to the error I got, I think this is not an feature what's already in >Mailscanner, what makes this email an Feature request. :) I really hope this is >gonna be an feature of MailScanner. > >Greets, > >Joost Waversveld > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Thu Sep 8 18:43:53 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:43 2006 Subject: Feature request: Overloading Whitelists/Blacklists Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > The answer to your question is all in > /usr/lib/MailScanner/MailScanner/CustomConfig.pm. There is code in > there to provide per-user and per-domain white and black-lists. It's > all obvious in that file, it gives you instructions on what to set in > your MailScanner.conf and how to lay out the files. > > You can then just build the files from a database on a regular basis, > and kill -HUP (or service MailScanner reload) to tell MailScanner to > re-read all the files. It caches the files internally which makes it > a whole lot faster! > > This method is heaps faster than using a large conventional ruleset. > > It would be really helpful if you could log what you did into the > wiki so that the instructions are there for others. > > If you have problems setting it up, just shout for help. Thanx for the very quick answers... I've tried it out and it's working now! It's really great! I did not know of the existence of that file... When I scrolled through it I saw more great functions. I'll update the wiki later this evening... Then I have some time... Thanx, Joost Waversveld ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From llasad1 at YAHOO.COM Thu Sep 8 18:43:15 2005 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MailScanner version 4.41.3 Fedora Core 2 spamassassin 3.0.3 I have had this problem several times in the past. Mail is being accepted by my MS server but it is not transferring email from /var/spool/mqueue.in to /var/spool/mqueue. This causes a major backup on my mail system. I have bounced the server several times and stopped and started MS but the problem still exists. Based off of past experience it will probably start working on it's own pretty soon but this has been an issue for the past 10 hours. I am forced to move the queued messages from /var/spool/mqueue.in to /var/spool/mqueue which also lets all the spam thru because the spam checks are not being done. Does anyone have any insight as to why this happens. MS is a great product but I can't keep allowing this to happen from time to time. I've got over 3000 users and it can get pretty nasty around here when this problem occurs. Thanks to anyone that may be able to provide some insight. I'm crunching time right now... so if anyone needs additional info please let me know and I will provide it. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Thu Sep 8 19:05:34 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > MailScanner version 4.41.3 > Fedora Core 2 > spamassassin 3.0.3 > > I have had this problem several times in the past. > Mail is being accepted by my MS server but it is not > transferring email from /var/spool/mqueue.in to > /var/spool/mqueue. This causes a major backup on my > mail system. I have bounced the server several times > and stopped and started MS but the problem still > exists. Based off of past experience it will probably > start working on it's own pretty soon but this has > been an issue for the past 10 hours. I am forced to > move the queued messages from /var/spool/mqueue.in to > /var/spool/mqueue which also lets all the spam thru > because the spam checks are not being done. > > Does anyone have any insight as to why this happens. > MS is a great product but I can't keep allowing this > to happen from time to time. I've got over 3000 users > and it can get pretty nasty around here when this > problem occurs. Thanks to anyone that may be able to > provide some insight. > > I'm crunching time right now... so if anyone needs > additional info please let me know and I will provide > it. > Which version of sendmail do you use?? For sendmail 8.13.x and later you need to change the Locking Type to POSIX. See the following part in MailScanner.conf: ----- # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For sendmail 8.13 onwards, you will probably need to change it to posix. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = posix ----- Good Luck, Joost Waversveld ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 18:55:11 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] lester lasad spake the following on 9/8/2005 10:43 AM: > MailScanner version 4.41.3 > Fedora Core 2 > spamassassin 3.0.3 > > I have had this problem several times in the past. > Mail is being accepted by my MS server but it is not > transferring email from /var/spool/mqueue.in to > /var/spool/mqueue. This causes a major backup on my > mail system. I have bounced the server several times > and stopped and started MS but the problem still > exists. Based off of past experience it will probably > start working on it's own pretty soon but this has > been an issue for the past 10 hours. I am forced to > move the queued messages from /var/spool/mqueue.in to > /var/spool/mqueue which also lets all the spam thru > because the spam checks are not being done. > > Does anyone have any insight as to why this happens. > MS is a great product but I can't keep allowing this > to happen from time to time. I've got over 3000 users > and it can get pretty nasty around here when this > problem occurs. Thanks to anyone that may be able to > provide some insight. > > I'm crunching time right now... so if anyone needs > additional info please let me know and I will provide > it. Which MTA? Sendmail? Postfix? Exim? ...? If you just move the oldest file in mqueue.in will it start up? Any clues in the log? -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Thu Sep 8 19:28:59 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:30:43 2006 Subject: Mailing List Request Message-ID: On Wed, Aug 31, 2005 at 11:15:40AM -0500, Clark Coffman wrote: > What I've done is setup a rule in my .procmailrc (obviously I'm using > Unix) such as: > > :0 > * ^To.*JISCMAIL.AC.UK > MailScanner > > This directs all mail from the MailScanner list into a MailScanner > folder for me. > > If you're using Unix/Linux to receive your email you might try that. a variation on the theme: :0: * ^TO_MAILSCANNER-ANNOUNCE@JISCMAIL.AC.UK$ ${DEFAULT} :0: * ^TO_MAILSCANNER@JISCMAIL.AC.UK$ mailscanner leaves announcements in your incoming Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 8 19:29:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >lester lasad spake the following on 9/8/2005 10:43 AM: > > >>MailScanner version 4.41.3 >>Fedora Core 2 >>spamassassin 3.0.3 >> >>I have had this problem several times in the past. >>Mail is being accepted by my MS server but it is not >>transferring email from /var/spool/mqueue.in to >>/var/spool/mqueue. This causes a major backup on my >>mail system. I have bounced the server several times >>and stopped and started MS but the problem still >>exists. Based off of past experience it will probably >>start working on it's own pretty soon but this has >>been an issue for the past 10 hours. I am forced to >>move the queued messages from /var/spool/mqueue.in to >>/var/spool/mqueue which also lets all the spam thru >>because the spam checks are not being done. >> >>Does anyone have any insight as to why this happens. >>MS is a great product but I can't keep allowing this >>to happen from time to time. I've got over 3000 users >>and it can get pretty nasty around here when this >>problem occurs. Thanks to anyone that may be able to >>provide some insight. >> >>I'm crunching time right now... so if anyone needs >>additional info please let me know and I will provide >>it. >> >> >Which MTA? Sendmail? Postfix? Exim? ...? >If you just move the oldest file in mqueue.in will it start up? >Any clues in the log? > > And what happens if you try running MailScanner in Debug mode? Instructions on how to do that are in the wiki at wiki.mailscanner.info. You basically stop it, set "Debug = yes" in MailScanner.conf and then run "check_MailScanner". Does it print any error messages at all? If so, what? (Don't worry about EOCD Signature errors, that's harmless rubbish from the zip extractor). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From llasad1 at YAHOO.COM Thu Sep 8 20:05:40 2005 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Scott Silva wrote: > lester lasad spake the following on 9/8/2005 10:43 > AM: > > MailScanner version 4.41.3 > > Fedora Core 2 > > spamassassin 3.0.3 > > > > I have had this problem several times in the past. > > > Mail is being accepted by my MS server but it is > not > > transferring email from /var/spool/mqueue.in to > > /var/spool/mqueue. This causes a major backup on > my > > mail system. > Which MTA? Sendmail? Postfix? Exim? ...? > If you just move the oldest file in mqueue.in will > it start up? > Any clues in the log? sendmail is my MTA, version 8.12.10 (ouch, i know needs to be upgraded). The log really isn't telling me much. some old stuff in there, spamassassin timeout every now and then but that's about it. looks OK. I moved the oldest files to mqueue but still no luck. Now I can't even move everything from mqueue.in to mqueue becuase there is too much data in mqueue.in. ______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Thu Sep 8 20:04:06 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: Hello all! It's been a long time since I've posted to the list. I hope everyone is well. I'm planning to do a complete reinstall using the latest software that make up a good MailScanner box. My Linux distro will be FC4 and my MTA will be sendmail. I'll still be using the same hardware as I am currently, but that's probably not so bad as the server load seems to be quite low in it's current form. I just hope that all the new software doesn't become too much for the machine. I'm making my own document right now (which may or may not be worth distributing once I'm finished with it) and I've got a few questions for the list. I understand that some of the following questions can only really be answered by knowing what kind of traffic I get. According to MailScanner-MRTG the Average (Count of Recipients) for Number of Messages Processed in the past year is 598 and in the past year the average number of Bytes of Mail Transferred is 8MB. Traffic has been consistantly going down over the past year. But that's not to say that the traffic 1 year ago was much higher than it is now. I don't know the specs on this computer(!) but top says I have about 255MB of RAM. So... on with the questions. 1. Is MCP worth the trouble of patching SpamAssassin (I've only briefly read over the steps that are listed in the Wiki but it seemed rather involved)? 2. Currently I use MailScanner-MRTG to get an idea of what's happening with my box. Is MailWatch a complete replacement for MSMRTG or should I install both? And what about Vispan, how does that compare? 3. With regards to performance, right now I'm not doing any AV scanning so I don't know what kind of load it will put on my box. I plan to use only ClamAV and BitDefender and MAYBE one from Symantec if they have a command line option available for Linux in their Enterprise Suite). What kind of load should I expect from these with the amount of traffic I have? 4. How about Pyzor/Razor/DCC? (I don't really know what they do yet as I've still got a lot of reading to do. :) ) Will these greatly increase the load? I think that's it for now! Thanks everyone! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From llasad1 at YAHOO.COM Thu Sep 8 20:21:36 2005 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Julian Field wrote: > Scott Silva wrote: > > >lester lasad spake the following on 9/8/2005 10:43 > AM: > > > > > >>MailScanner version 4.41.3 > >>Fedora Core 2 > >>spamassassin 3.0.3 > >> > >>I have had this problem several times in the past. > > >>Mail is being accepted by my MS server but it is > not > >>transferring email from /var/spool/mqueue.in to > >>/var/spool/mqueue. This causes a major backup on > my > >>mail system. I have bounced the server several > times > >>and stopped and started MS but the problem still > >>exists. Based off of past experience it will > probably > >>start working on it's own pretty soon but this has > >>been an issue for the past 10 hours. I am forced > to > >>move the queued messages from /var/spool/mqueue.in > to > >>/var/spool/mqueue which also lets all the spam > thru > >>because the spam checks are not being done. > >> > >>Does anyone have any insight as to why this > happens. > >>MS is a great product but I can't keep allowing > this > >>to happen from time to time. I've got over 3000 > users > >>and it can get pretty nasty around here when this > >>problem occurs. Thanks to anyone that may be able > to > >>provide some insight. > >> > >>I'm crunching time right now... so if anyone needs > >>additional info please let me know and I will > provide > >>it. > >> > >> > >Which MTA? Sendmail? Postfix? Exim? ...? > >If you just move the oldest file in mqueue.in will > it start up? > >Any clues in the log? > > > > > And what happens if you try running MailScanner in > Debug mode? > Instructions on how to do that are in the wiki at > wiki.mailscanner.info. > You basically stop it, set "Debug = yes" in > MailScanner.conf and then > run "check_MailScanner". Does it print any error > messages at all? If so, > what? (Don't worry about EOCD Signature errors, > that's harmless rubbish > from the zip extractor). I put MS in debug mode and ran check_MailScanner. This is all I received. I stopped it twice (hence the check_MailScanner listed 3 times below) and tried check_MailScanner again but it still stops at the same spot. Thanks for the help "/etc/MailScanner/MailScanner.conf" 1830L, 81899C written [root@pcalaklx01 root]# check_MailScanner Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock [root@pcalaklx01 root]# check_MailScanner Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock [root@pcalaklx01 root]# check_MailScanner Starting MailScanner... In Debugging mode, not forking... SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 20:40:54 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] lester lasad spake the following on 9/8/2005 12:05 PM: > --- Scott Silva wrote: > > >>lester lasad spake the following on 9/8/2005 10:43 >>AM: >> >>>MailScanner version 4.41.3 >>>Fedora Core 2 >>>spamassassin 3.0.3 >>> >>>I have had this problem several times in the past. >> >>>Mail is being accepted by my MS server but it is >> >>not >> >>>transferring email from /var/spool/mqueue.in to >>>/var/spool/mqueue. This causes a major backup on >> >>my >> >>>mail system. >> >>Which MTA? Sendmail? Postfix? Exim? ...? >>If you just move the oldest file in mqueue.in will >>it start up? >>Any clues in the log? > > > sendmail is my MTA, version 8.12.10 (ouch, i know > needs to be upgraded). The log really isn't telling > me much. some old stuff in there, spamassassin > timeout every now and then but that's about it. looks > OK. > > I moved the oldest files to mqueue but still no luck. > Now I can't even move everything from mqueue.in to > mqueue becuase there is too much data in mqueue.in. Kind of a stupid question, but can you trace it to an upgrade, or did it just break untouched? -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From llasad1 at YAHOO.COM Thu Sep 8 21:16:38 2005 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Scott Silva wrote: > lester lasad spake the following on 9/8/2005 12:05 > PM: > > --- Scott Silva wrote: > > > > > >>lester lasad spake the following on 9/8/2005 10:43 > >>AM: > >> > >>>MailScanner version 4.41.3 > >>>Fedora Core 2 > >>>spamassassin 3.0.3 > >>> > >>>I have had this problem several times in the > past. > >> > >>>Mail is being accepted by my MS server but it is > >> > >>not > >> > >>>transferring email from /var/spool/mqueue.in to > >>>/var/spool/mqueue. This causes a major backup on > >> > >>my > >> > >>>mail system. > >> > >>Which MTA? Sendmail? Postfix? Exim? ...? > >>If you just move the oldest file in mqueue.in will > >>it start up? > >>Any clues in the log? > > > > > > sendmail is my MTA, version 8.12.10 (ouch, i know > > needs to be upgraded). The log really isn't > telling > > me much. some old stuff in there, spamassassin > > timeout every now and then but that's about it. > looks > > OK. > > > > I moved the oldest files to mqueue but still no > luck. > > Now I can't even move everything from mqueue.in to > > mqueue becuase there is too much data in > mqueue.in. > > Kind of a stupid question, but can you trace it to > an upgrade, or did it > just break untouched? I did make one change to the MailScanner.conf. I didn't mention it earlier (but should have) because I have had the same problem in the past with making any changes at all. I changed it to allow password protected archives (for our HR department). so I changed the following from no to yes: # Should archives which contain any password-protected files be allowed? # Leaving this set to "no" is a good way of protecting against all the # protected zip files used by viruses at the moment. # This can also be the filename of a ruleset. Allow Password-Protected Archives = yes __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 21:00:58 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Some inline answers > Hello all! > > It's been a long time since I've posted to the list. I hope everyone is > well. The same to you > > I'm planning to do a complete reinstall using the latest software that > make up a good MailScanner box. My Linux distro will be FC4 and my MTA > will be sendmail. Maybe a RHEL clone like Whitebox or CentOS would be more appropriate > > I'll still be using the same hardware as I am currently, but that's > probably not so bad as the server load seems to be quite low in it's > current form. I just hope that all the new software doesn't become too > much for the machine. > > I'm making my own document right now (which may or may not be worth > distributing once I'm finished with it) and I've got a few questions for > the list. > > I understand that some of the following questions can only really be > answered by knowing what kind of traffic I get. According to > MailScanner-MRTG the Average (Count of Recipients) for Number of > Messages Processed in the past year is 598 and in the past year the > average number of Bytes of Mail Transferred is 8MB. Traffic has been > consistantly going down over the past year. But that's not to say that > the traffic 1 year ago was much higher than it is now. > > I don't know the specs on this computer(!) but top says I have about > 255MB of RAM. Might be tight on ram if you want to do spam scanning, virus scanning, etc... but it might do with a minimum of children in MailScanner. It would depend on the processor and i/o speeds. > > So... on with the questions. > > 1. Is MCP worth the trouble of patching SpamAssassin (I've only briefly > read over the steps that are listed in the Wiki but it seemed rather > involved)? You can simulate MCP with spamassassin rules. > > 2. Currently I use MailScanner-MRTG to get an idea of what's happening > with my box. Is MailWatch a complete replacement for MSMRTG or should I > install both? And what about Vispan, how does that compare? I run all of them. They have different uses and give different info. > > 3. With regards to performance, right now I'm not doing any AV scanning > so I don't know what kind of load it will put on my box. I plan to use > only ClamAV and BitDefender and MAYBE one from Symantec if they have a > command line option available for Linux in their Enterprise Suite). What > kind of load should I expect from these with the amount of traffic I > have? If you could find some memory in a donor machine or something, it might make things better. > > 4. How about Pyzor/Razor/DCC? (I don't really know what they do yet as > I've still got a lot of reading to do. :) ) Will these greatly increase > the load? They increase the load, but are worth it for the increased reliability of spam detection. On my current system, log rotation gives the biggest spike in activity. It is a dual 1Ghz pIII with 2 Gb ram. Overkill, but it serves many other purposes as well as mail. > > > I think that's it for now! > > > Thanks everyone! > Chris. > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From JBrault at SCOTFORGE.COM Thu Sep 8 21:26:21 2005 From: JBrault at SCOTFORGE.COM (Jason Brault) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: Hi MailScanner Gurus, Just wondering if anyone has been able to get McAfee’s antivirus scanner working under Fedora Core 4? I’m getting an “error while loading shared libraries: libstdc++.so.2.8: cannot open shared object file: No such file or directory.” To the best of my knowledge, that library isn’t supported under FC4. I’m using version 4.40 of the command line scanner. Has anyone else had any success? Best Regards, -Jason --------------- Jason Brault Communications Administrator - Scot Forge Company 8001 Winn Rd., Spring Grove, IL. 60081 Phone: (815) 675-4247 Fax: (815) 675-4129 Email: jbrault@scotforge.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Thu Sep 8 21:59:58 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Just wondering if anyone has been able to get McAfee's antivirus scanner > working under Fedora Core 4? Are you using the version of 4.40 that has 'p4' in the name of the archive (off of McAfee's site)? That's the one I use with success on RHEL 4AS. The other one is dependant on "old" libraries. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Thu Sep 8 22:10:39 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: Scott Silva on Thursday, September 08, 2005 1:01 PM said: >> I'm planning to do a complete reinstall using the latest software >> that make up a good MailScanner box. My Linux distro will be FC4 and >> my MTA will be sendmail. > > Maybe a RHEL clone like Whitebox or CentOS would be more appropriate I don't know enough about RHEL (and it's clones) to know why this might be a good idea. Could you tell me a little more please? > Might be tight on ram if you want to do spam scanning, virus scanning, > etc... but it might do with a minimum of children in MailScanner. > It would depend on the processor and i/o speeds. I see. MSMRTG says that the server has an average of 7% CPU Utilization (for the past year with very consistent usage throughout) and load average is only an average of 0.1 (for the year as well). Here's the output from free: total used free shared buffers cached Mem: 255384 220580 34804 0 58668 75688 -/+ buffers/cache: 86224 169160 Swap: 264560 15968 248592 Does this info help indicate at all what I might be able to handle in the future? >> 2. Currently I use MailScanner-MRTG to get an idea of what's >> happening with my box. Is MailWatch a complete replacement for >> MSMRTG or should I install both? And what about Vispan, how does >> that compare? > > I run all of them. They have different uses and give different info. Would you mind explaining a little about what those differences are? > If you could find some memory in a donor machine or something, it > might make things better. I'll see what I can do. I might have some laying around. > On my current system, log rotation gives the > biggest spike in activity. Same with me. Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Thu Sep 8 22:14:20 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I recently did the same thing, I rebuilt and re-installed both my mail hubs. I used CentOS 4.1, Sendmail, MailScanner, SpamAssassin, ClamAV, MailWatch and Milter-Greylist. You didn't say what the hardware you're using actually is, but mine is a single processor P4 Xeon running at 2.6Ghz. I had 512MB RAM, but found that to be just a bit small, so I increased it to 1GB. The load at 512MB was okay, but I noticed it was using just a little more swap space than I would like, so I upgraded the memory and now it and I are happier. This was the first time I used Milter-Greylist and I was really surprised at the results! I takes out about 85-90 percent of the Spam right there. This actually reduces the CPU load because that's all eMail that MailScanner, SpamAssassin and ClamAV don't have to spend any cycles to scan. The only problem is since Milter-Grey list is not part of MailScanner, mailwatch doesn't report the number of eMails processed by the Milter. So what it actually reports is what made it past the Milter. The Milter actually logs everything it does in the maillog, so when I get some time I will just add a filter for the maillog to pull out those numbers. Roughly I count a little over 12,100 email attempts before the Milter per day. Approximately 1100-1200 make it by the Milter into MailScanner. About 50% or about 550-600 are then caught by MailScanner and SpamAssassin (all these numbers are an average over the last week). On high scoring Spam I store it for 7 days on the mail hubs. The users use mailwatch to look at what is stored of theirs and can release any of it to themselves if the decide they want it. Overall I really like the way it works. So do the users! Dennis Chris W. Parker wrote: > Hello all! > > It's been a long time since I've posted to the list. I hope everyone is > well. > > I'm planning to do a complete reinstall using the latest software that > make up a good MailScanner box. My Linux distro will be FC4 and my MTA > will be sendmail. > > I'll still be using the same hardware as I am currently, but that's > probably not so bad as the server load seems to be quite low in it's > current form. I just hope that all the new software doesn't become too > much for the machine. > > I'm making my own document right now (which may or may not be worth > distributing once I'm finished with it) and I've got a few questions for > the list. > > I understand that some of the following questions can only really be > answered by knowing what kind of traffic I get. According to > MailScanner-MRTG the Average (Count of Recipients) for Number of > Messages Processed in the past year is 598 and in the past year the > average number of Bytes of Mail Transferred is 8MB. Traffic has been > consistantly going down over the past year. But that's not to say that > the traffic 1 year ago was much higher than it is now. > > I don't know the specs on this computer(!) but top says I have about > 255MB of RAM. > > So... on with the questions. > > 1. Is MCP worth the trouble of patching SpamAssassin (I've only briefly > read over the steps that are listed in the Wiki but it seemed rather > involved)? > > 2. Currently I use MailScanner-MRTG to get an idea of what's happening > with my box. Is MailWatch a complete replacement for MSMRTG or should I > install both? And what about Vispan, how does that compare? > > 3. With regards to performance, right now I'm not doing any AV scanning > so I don't know what kind of load it will put on my box. I plan to use > only ClamAV and BitDefender and MAYBE one from Symantec if they have a > command line option available for Linux in their Enterprise Suite). What > kind of load should I expect from these with the amount of traffic I > have? > > 4. How about Pyzor/Razor/DCC? (I don't really know what they do yet as > I've still got a lot of reading to do. :) ) Will these greatly increase > the load? > > > I think that's it for now! > > > Thanks everyone! > Chris. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 22:02:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] lester lasad spake the following on 9/8/2005 1:16 PM: > --- Scott Silva wrote: > > >>lester lasad spake the following on 9/8/2005 12:05 >>PM: >> >>>--- Scott Silva wrote: >>> >>> >>> >>>>lester lasad spake the following on 9/8/2005 10:43 >>>>AM: >>>> >>>> >>>>>MailScanner version 4.41.3 >>>>>Fedora Core 2 >>>>>spamassassin 3.0.3 >>>>> >>>>>I have had this problem several times in the >> >>past. >> >>>>>Mail is being accepted by my MS server but it is >>>> >>>>not >>>> >>>> >>>>>transferring email from /var/spool/mqueue.in to >>>>>/var/spool/mqueue. This causes a major backup on >>>> >>>>my >>>> >>>> >>>>>mail system. >>>> >>>>Which MTA? Sendmail? Postfix? Exim? ...? >>>>If you just move the oldest file in mqueue.in will >>>>it start up? >>>>Any clues in the log? >>> >>> >>>sendmail is my MTA, version 8.12.10 (ouch, i know >>>needs to be upgraded). The log really isn't >> >>telling >> >>>me much. some old stuff in there, spamassassin >>>timeout every now and then but that's about it. >> >>looks >> >>>OK. >>> >>>I moved the oldest files to mqueue but still no >> >>luck. >> >>>Now I can't even move everything from mqueue.in to >>>mqueue becuase there is too much data in >> >>mqueue.in. >> >>Kind of a stupid question, but can you trace it to >>an upgrade, or did it >>just break untouched? > > > I did make one change to the MailScanner.conf. I > didn't mention it earlier (but should have) because I > have had the same problem in the past with making any > changes at all. I changed it to allow password > protected archives (for our HR department). so I > changed the following from no to yes: > > # Should archives which contain any password-protected > files be allowed? > # Leaving this set to "no" is a good way of protecting > against all the > # protected zip files used by viruses at the moment. > # This can also be the filename of a ruleset. > Allow Password-Protected Archives = yes > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > Maybe change it back just to see. Or maybe it is stumbling in a virus scanner. Do you have any installed? and what versions. I seem to remember a bump in one a while back, but can't for the life of me remember which one. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 22:10:53 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Brault spake the following on 9/8/2005 1:26 PM: > Hi MailScanner Gurus, > > > > Just wondering if anyone has been able to get McAfee^Òs antivirus scanner > working under Fedora Core 4? I^Òm getting an ^Óerror while loading shared > libraries: libstdc++.so.2.8: cannot open shared object file: No such > file or directory.^Ô To the best of my knowledge, that library isn^Òt > supported under FC4. I^Òm using version 4.40 of the command line scanner. > > > > Has anyone else had any success? > > > Try compat-libstdc++-296-2.96-132.fc4.i386.rpm -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Thu Sep 8 22:32:44 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: Dennis Willson on Thursday, September 08, 2005 2:14 PM said: > I recently did the same thing, I rebuilt and re-installed both my > mail hubs. I used CentOS 4.1, Sendmail, MailScanner, SpamAssassin, > ClamAV, MailWatch and Milter-Greylist. Any reason you chose CentOS? > You didn't say what the > hardware you're using actually is, but mine is a single processor P4 > Xeon running at 2.6Ghz. I had 512MB RAM, but found that to be just a > bit small, so I increased it to 1GB. The load at 512MB was okay, but > I noticed it was using just a little more swap space than I would > like, so I upgraded the memory and now it and I are happier. At my current mail load I'm beginning to think I'll be okay and as for specs, I think this is really close. PIII 500MHz 256MB RAM (with a max of 384MB! haha) It's an old HP 8580C desktop PC. :) > This was the first time I used Milter-Greylist and I was really > surprised at the results! I takes out about 85-90 percent of the Spam > right there. This actually reduces the CPU load because that's all > eMail that MailScanner, SpamAssassin and ClamAV don't have to spend > any cycles to scan. I'm not aware of Milter-Greylist. I'll look into it. > On high scoring Spam I store it for 7 > days on the mail hubs. The users use mailwatch to look at what is > stored of theirs and can release any of it to themselves if the > decide they want it. MailWatch will do that? Cool. Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From JBrault at SCOTFORGE.COM Thu Sep 8 22:56:24 2005 From: JBrault at SCOTFORGE.COM (Jason Brault) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: Excellent! It works now, I had the wrong version, many thanks for your reply, and all the others!! -Jason --------------- Jason Brault Communications Administrator - Scot Forge Company 8001 Winn Rd., Spring Grove, IL. 60081 Phone: (815) 675-4247 Fax: (815) 675-4129 Email: jbrault@scotforge.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Nathan Olson Sent: Thursday, September 08, 2005 4:00 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: McAfee On Fedora Core 4 > Just wondering if anyone has been able to get McAfee's antivirus scanner > working under Fedora Core 4? Are you using the version of 4.40 that has 'p4' in the name of the archive (off of McAfee's site)? That's the one I use with success on RHEL 4AS. The other one is dependant on "old" libraries. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Thu Sep 8 22:59:16 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris W. Parker wrote: > Dennis Willson > on Thursday, September 08, 2005 2:14 PM said: > > >>I recently did the same thing, I rebuilt and re-installed both my >>mail hubs. I used CentOS 4.1, Sendmail, MailScanner, SpamAssassin, >>ClamAV, MailWatch and Milter-Greylist. > > > Any reason you chose CentOS? > It's basically RHE4. It has had more testing on it than FC4 and is therefore probably a little more stable. The CentOS group appears the keep up2date with the RHE4 updates and fixes. FC4 will probably be just fine. I believe a number of people have deployed on it. I've been using FC4 on my laptop and I haven't seen any bad or strange things happen so it's probably okay. > >>You didn't say what the >>hardware you're using actually is, but mine is a single processor P4 >>Xeon running at 2.6Ghz. I had 512MB RAM, but found that to be just a >>bit small, so I increased it to 1GB. The load at 512MB was okay, but >>I noticed it was using just a little more swap space than I would >>like, so I upgraded the memory and now it and I are happier. > > > At my current mail load I'm beginning to think I'll be okay and as for > specs, I think this is really close. > > PIII 500MHz > 256MB RAM (with a max of 384MB! haha) > > It's an old HP 8580C desktop PC. :) > That is a bit of an old machine... Just watch it for a while to be sure it's not suffering. > >>This was the first time I used Milter-Greylist and I was really >>surprised at the results! I takes out about 85-90 percent of the Spam >>right there. This actually reduces the CPU load because that's all >>eMail that MailScanner, SpamAssassin and ClamAV don't have to spend >>any cycles to scan. > > > I'm not aware of Milter-Greylist. I'll look into it. > There are several different Greytlist milters available, this one doesn't use an SQL backend, it uses memory and a dump file to maintain the Greylist information. > >>On high scoring Spam I store it for 7 >>days on the mail hubs. The users use mailwatch to look at what is >>stored of theirs and can release any of it to themselves if the >>decide they want it. > > > MailWatch will do that? Cool. > > > > Chris. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 23:17:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris W. Parker spake the following on 9/8/2005 2:10 PM: > Scott Silva > on Thursday, September 08, 2005 1:01 PM said: > > >>>I'm planning to do a complete reinstall using the latest software >>>that make up a good MailScanner box. My Linux distro will be FC4 and >>>my MTA will be sendmail. >> >>Maybe a RHEL clone like Whitebox or CentOS would be more appropriate > > > I don't know enough about RHEL (and it's clones) to know why this might > be a good idea. Could you tell me a little more please? > > >>Might be tight on ram if you want to do spam scanning, virus scanning, >>etc... but it might do with a minimum of children in MailScanner. >>It would depend on the processor and i/o speeds. > > > I see. > > MSMRTG says that the server has an average of 7% CPU Utilization (for > the past year with very consistent usage throughout) and load average is > only an average of 0.1 (for the year as well). > > Here's the output from free: > > total used free shared buffers cached > Mem: 255384 220580 34804 0 58668 75688 > -/+ buffers/cache: 86224 169160 > Swap: 264560 15968 248592 > > Does this info help indicate at all what I might be able to handle in > the future? Seems ok right now, what OS is on current system? You could try cat /proc/cpuinfo That will give you the processor details and df for storage space > > >>>2. Currently I use MailScanner-MRTG to get an idea of what's >>>happening with my box. Is MailWatch a complete replacement for >>>MSMRTG or should I install both? And what about Vispan, how does >>>that compare? >> >>I run all of them. They have different uses and give different info. > > > Would you mind explaining a little about what those differences are? MailWatch gives you fine grained access to the different aspects of managing the mail system. It lets you release or train the system on your mailbase. MRTG gives you many useful graphs of system performance and activity, and Vispan can auto blacklist systems that send you a lot of spam or viruses. IMHO they all serve a purpose. Just like buying a hammer, even though they all serve the same basic purpose (hitting things), the local home center will have many different hammers to choose from, and the right tool in the right job is a blessing, not a curse. Especially if the hammers were all free, and just took a little time to get them. > > >>If you could find some memory in a donor machine or something, it >>might make things better. > > > I'll see what I can do. I might have some laying around. Even another 128 Meg stick can make a difference. And Linux will try and use every bit of the memory, just because it is there. Processes in memory are MUCH faster than processes in swap, no matter how fast your I/O is. > > >>On my current system, log rotation gives the >>biggest spike in activity. > > > Same with me. > > > > Thanks, > Chris. > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 8 23:27:56 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dennis Willson spake the following on 9/8/2005 2:14 PM: > I recently did the same thing, I rebuilt and re-installed both my mail > hubs. I used CentOS 4.1, Sendmail, MailScanner, SpamAssassin, ClamAV, > MailWatch and Milter-Greylist. You didn't say what the hardware you're > using actually is, but mine is a single processor P4 Xeon running at > 2.6Ghz. I had 512MB RAM, but found that to be just a bit small, so I > increased it to 1GB. The load at 512MB was okay, but I noticed it was > using just a little more swap space than I would like, so I upgraded the > memory and now it and I are happier. > > This was the first time I used Milter-Greylist and I was really > surprised at the results! I takes out about 85-90 percent of the Spam > right there. This actually reduces the CPU load because that's all eMail > that MailScanner, SpamAssassin and ClamAV don't have to spend any cycles > to scan. > > The only problem is since Milter-Grey list is not part of MailScanner, > mailwatch doesn't report the number of eMails processed by the Milter. > So what it actually reports is what made it past the Milter. The Milter > actually logs everything it does in the maillog, so when I get some time > I will just add a filter for the maillog to pull out those numbers. > Roughly I count a little over 12,100 email attempts before the Milter > per day. Approximately 1100-1200 make it by the Milter into MailScanner. > About 50% or about 550-600 are then caught by MailScanner and > SpamAssassin (all these numbers are an average over the last week). On > high scoring Spam I store it for 7 days on the mail hubs. The users use > mailwatch to look at what is stored of theirs and can release any of it > to themselves if the decide they want it. > > Overall I really like the way it works. > > So do the users! > I need to get the PTB's to release some cash for new servers. Not that ours are overworked, but so I can set up and configure in my time, and migrate over when everything is perfect. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Thu Sep 8 23:48:28 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: Scott Silva on Thursday, September 08, 2005 3:17 PM said: > Seems ok right now, what OS is on current system? RH9 > You could try cat /proc/cpuinfo > That will give you the processor details > > and df for storage space Looks my other post is accurate. 500MHz with a 20GB HD. > MailWatch gives you ... [snip] > IMHO they all serve a purpose. Agreed. I'll install them all. Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From llasad1 at YAHOO.COM Fri Sep 9 00:06:22 2005 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Scott Silva wrote: > lester lasad spake the following on 9/8/2005 1:16 > PM: > > --- Scott Silva wrote: > > > > > >>lester lasad spake the following on 9/8/2005 12:05 > >>PM: > >> > >>>--- Scott Silva wrote: > >>> > >>> > >>> > >>>>lester lasad spake the following on 9/8/2005 > 10:43 > >>>>AM: > >>>> > >>>> > >>>>>MailScanner version 4.41.3 > >>>>>Fedora Core 2 > >>>>>spamassassin 3.0.3 > >>>>> > >>>>>I have had this problem several times in the > >> > >>past. > >> > >>>>>Mail is being accepted by my MS server but it > is > >>>> > >>>>not > >>>> > >>>> > >>>>>transferring email from /var/spool/mqueue.in to > >>>>>/var/spool/mqueue. This causes a major backup > on > >>>> > >>>>my > >>>> > >>>> > >>>>>mail system. > >>>> > >>>>Which MTA? Sendmail? Postfix? Exim? ...? > >>>>If you just move the oldest file in mqueue.in > will > >>>>it start up? > >>>>Any clues in the log? > >>> > >>> > >>>sendmail is my MTA, version 8.12.10 (ouch, i know > >>>needs to be upgraded). The log really isn't > >> > >>telling > >> > >>>me much. some old stuff in there, spamassassin > >>>timeout every now and then but that's about it. > >> > >>looks > >> > >>>OK. > >>> > >>>I moved the oldest files to mqueue but still no > >> > >>luck. > >> > >>>Now I can't even move everything from mqueue.in > to > >>>mqueue becuase there is too much data in > >> > >>mqueue.in. > >> > >>Kind of a stupid question, but can you trace it to > >>an upgrade, or did it > >>just break untouched? > > > > > > I did make one change to the MailScanner.conf. I > > didn't mention it earlier (but should have) > because I > > have had the same problem in the past with making > any > > changes at all. I changed it to allow password > > protected archives (for our HR department). so I > > changed the following from no to yes: > > > > # Should archives which contain any > password-protected > > files be allowed? > > # Leaving this set to "no" is a good way of > protecting > > against all the > > # protected zip files used by viruses at the > moment. > > # This can also be the filename of a ruleset. > > Allow Password-Protected Archives = yes > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > Maybe change it back just to see. > Or maybe it is stumbling in a virus scanner. > Do you have any installed? and what versions. > I seem to remember a bump in one a while back, but > can't for the life of > me remember which one. I'm using ClamAV (version 0.73) as my virus scanner. I still have it set to allow password protected zip files. As I mentioned in my first email I said it would probably start working on it's own. It is sending mail to mqueue now but it is slow. It will put about 100 or so in there route them but then I have no activity in mqueue again for at least 10 - 20 minutes (haven't timed it accurately yet but will). Thanks for any info or recommendations you can provide. ______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Sep 9 00:36:15 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:43 2006 Subject: Some questions while I plan my redeployment/reinstall Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Its been covered in here many times. The conses was always that there is no real reason to use FC4 when you have Centos available. There are some drawbacks. I mean why would you use red hats most beta products when its most stable and thoroughly tested and supported is available for free? Its your decision, but most people go for security, stability and support over cutting edge and beta when its comes to implementing a security device that will hold all of your companies mail at one time or another. Pete Chris W. Parker wrote: > Scott Silva > on Thursday, September 08, 2005 3:17 PM said: > > >>Seems ok right now, what OS is on current system? > > > RH9 > > >>You could try cat /proc/cpuinfo >>That will give you the processor details >> >>and df for storage space > > > Looks my other post is accurate. 500MHz with a 20GB HD. > > >>MailWatch gives you ... > > [snip] > >>IMHO they all serve a purpose. > > > Agreed. I'll install them all. > > > > Thanks, > Chris. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tim.sousa at gmail.com Fri Sep 9 03:00:11 2005 From: tim.sousa at gmail.com (Tim Souza) Date: Thu Jan 12 21:30:43 2006 Subject: Fraud/Phishing and SA Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all - Is it possible to use the antiphish/antifraud mechanisms as a way to bump up SA scores rather then deleting/disarming the messages? Wouldn't that make sense? Tim ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From llasad1 at YAHOO.COM Fri Sep 9 03:22:54 2005 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- lester lasad wrote: > --- Scott Silva wrote: > > > > > Maybe change it back just to see. > > Or maybe it is stumbling in a virus scanner. > > Do you have any installed? and what versions. > > I seem to remember a bump in one a while back, but > > can't for the life of > > me remember which one. > > I'm using ClamAV (version 0.73) as my virus scanner. > > I still have it set to allow password protected zip > files. As I mentioned in my first email I said it > would probably start working on it's own. It is > sending mail to mqueue now but it is slow. It will > put about 100 or so in there route them but then I > have no activity in mqueue again for at least 10 - > 20 > minutes (haven't timed it accurately yet but will). > Thanks for any info or recommendations you can > provide. I also set "Allow Password-Protected Archives = no" back to no. ______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KevinS at BMRB.CO.UK Fri Sep 9 09:43:32 2005 From: KevinS at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of lester lasad >I'm using ClamAV (version 0.73) as my virus scanner. You should upgrade that, 0.73 doesn't fully understand the current definitions files, you will be missing protection from some viruses. >I still have it set to allow password protected zip files. As I mentioned in my first >email I said it would probably start working on it's own. It is sending mail to mqueue >now but it is slow. It will put about 100 or so in there route them but then I have no >activity in mqueue again for at least 10 - 20 minutes (haven't timed it accurately yet >but will). Check for any particularly large emails in the incoming queue. I once had a problem where someone sent a 100M zip file and this caused problems (especially as my working directory was in tmpfs) In the end I had to stop MailScanner and remove the offending file. After that I put a message size limit in sendmail. ================================================================= BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Sep 9 11:41:11 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 08/09/05, Scott Silva wrote: > Jason Brault spake the following on 9/8/2005 1:26 PM: > > Hi MailScanner Gurus, > > > > > > > > Just wondering if anyone has been able to get McAfee's antivirus scanner > > working under Fedora Core 4? I'm getting an "error while loading shared > > libraries: libstdc++.so.2.8: cannot open shared object file: No such > > file or directory." To the best of my knowledge, that library isn't > > supported under FC4. I'm using version 4.40 of the command line scanner. > > > > > > > > Has anyone else had any success? > > > > > > > > Try compat-libstdc++-296-2.96-132.fc4.i386.rpm > > -- > > /-----------------------\ |~~\_____/~~\__ | > | MailScanner; The best |___________ \N1____====== )-+ > | protection on the net!| ~~~|/~~ | > \-----------------------/ () > I've just updated the wiki to make this perhaps a tad more plain. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Fri Sep 9 15:43:48 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:30:43 2006 Subject: orphaned df files in mqueue.in Message-ID: I'm consistently finding "orphaned" df* files in /var/spool/mqueue.in ie without a corresponding qf* file. Is this a bug in mailscanner (v4.42.9)? usually one or two a day, often quite large multipart messages. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (charset: ISO-8859-1 "Latin 1 (Western Europe)") ] [ (Name: "df.txt") 103 lines. ] [ Unable to print this part. ] From gmatt at NERC.AC.UK Fri Sep 9 15:47:43 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:30:43 2006 Subject: encrypted attachments Message-ID: How can I let encrypted attachments past my virus scanner? I have the following in my MailScanner.conf: Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted" and the (sanitised) log looks like: MailScanner[6507]: SophosSAVI::ERROR:: File was encrypted (530):: ./j858lSYJ015666/UbesioT.xls MailScanner[6507]: Virus Scanning: SophosSAVI found 1 infections Does the MailScanner option not work for SophosSAVI? GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Fri Sep 9 15:49:10 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] AFAIK the compat package is not required to run the 'p4' version. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Sep 9 16:16:13 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 09/09/05, Nathan Olson wrote: > AFAIK the compat package is not required to run the 'p4' version. > > Nate > Ok... Could someone more corroborate that? (Not that I don't believe you Nate, but "AFAIK" is a bit like "I *think* it is that way...":-). I already had a blurb about the two linux versions that *should* point everyone on modern distros to the p4 variant... Hmmm... Time for some creativity to strike here... Have a look now and tell me what you all think. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.l.e at IG.COM.BR Fri Sep 9 16:54:17 2005 From: a.l.e at IG.COM.BR (a.l.e@ig.com.br) Date: Thu Jan 12 21:30:43 2006 Subject: very utilization of CPU Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, Does somebody know like diminish the CPU utilization for mailsacanner? It's using very CPU and doing the messagens arrive late! Greentings, Alexander Lucard ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From JBrault at SCOTFORGE.COM Fri Sep 9 17:08:30 2005 From: JBrault at SCOTFORGE.COM (Jason Brault) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: Hi Glenn, I can give you a solid confirmation. The compat package, on Fedora Core 4 is not required to run the p4 version. It's not installed on my box, and the p4 version is running fine. --------------- Jason Brault Communications Administrator - Scot Forge Company 8001 Winn Rd., Spring Grove, IL. 60081 Phone: (815) 675-4247 Fax: (815) 675-4129 Email: jbrault@scotforge.com -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Glenn Steen Sent: Friday, September 09, 2005 10:16 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: McAfee On Fedora Core 4 On 09/09/05, Nathan Olson wrote: > AFAIK the compat package is not required to run the 'p4' version. > > Nate > Ok... Could someone more corroborate that? (Not that I don't believe you Nate, but "AFAIK" is a bit like "I *think* it is that way...":-). I already had a blurb about the two linux versions that *should* point everyone on modern distros to the p4 variant... Hmmm... Time for some creativity to strike here... Have a look now and tell me what you all think. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 9 17:37:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:43 2006 Subject: orphaned df files in mqueue.in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Usually caused by SMTP servers sending you large messages but the connection getting broken before the message was completely deliverd. But also check your "Lock Type" setting near the bottom of MailScanner.conf. The comment above the setting will help you set it correctly (if it needs setting to anything at all). Greg Matthews wrote: >I'm consistently finding "orphaned" df* files in /var/spool/mqueue.in ie >without a corresponding qf* file. Is this a bug in mailscanner >(v4.42.9)? > >usually one or two a day, often quite large multipart messages. > >GREG > > >------------------------------------------------------------------------ > >[root@myrelay mqueue.in]# ls -l >total 2449004 >-rw------- 1 root smmsp 32306 Jul 29 16:51 dfj6TFBG6r019099 >-rw------- 1 root smmsp 40650 Aug 1 04:05 dfj712Ef4Z019298 >-rw------- 1 root smmsp 16384 Aug 2 02:32 dfj721UMZ1026998 >-rw------- 1 root smmsp 1150976 Aug 2 03:10 dfj721vQwc030187 >-rw------- 1 root smmsp 9189309 Aug 2 09:45 dfj727vQhc028139 >-rw------- 1 root smmsp 51372 Aug 2 20:25 dfj72IG2ZY006502 >-rw------- 1 root smmsp 16384 Aug 4 03:00 dfj7420Bnx024774 >-rw------- 1 root smmsp 1699132 Aug 4 13:27 dfj74Bmqll022719 >-rw------- 1 root smmsp 102400 Aug 5 11:30 dfj75AQqKW016335 >-rw------- 1 root smmsp 826570 Aug 6 15:30 dfj76DYiNX018642 >-rw------- 1 root smmsp 829558 Aug 6 15:26 dfj76DYVnS018605 >-rw------- 1 root smmsp 826570 Aug 6 19:37 dfj76Ho62w019888 >-rw------- 1 root smmsp 829558 Aug 6 23:46 dfj76MG3tP016496 >-rw------- 1 root smmsp 12288 Aug 8 03:06 dfj7826ExE026775 >-rw------- 1 root smmsp 9210899 Aug 8 10:34 dfj788pdb3032306 >-rw------- 1 root smmsp 17890568 Aug 8 11:09 dfj788vSCj000917 >-rw------- 1 root smmsp 9099004 Aug 8 10:42 dfj7893CgT002315 >-rw------- 1 root smmsp 8192 Aug 10 01:57 dfj7A0txk4026482 >-rw------- 1 root smmsp 81920 Aug 11 02:33 dfj7B1VcZ9021879 >-rw------- 1 root smmsp 126976 Aug 11 03:11 dfj7B27pZa029348 >-rw------- 1 root smmsp 134 Aug 11 03:11 dfj7B2Aq1q029670 >-rw------- 1 root smmsp 3310121 Aug 11 12:01 dfj7BAAZqm005542 >-rw------- 1 root smmsp 16384 Aug 12 02:04 dfj7C13kQA011665 >-rw------- 1 root smmsp 16384 Aug 15 01:46 dfj7F0jkVW017892 >-rw------- 1 root smmsp 14652790 Aug 16 10:53 dfj7G9K5gh005561 >-rw------- 1 root smmsp 1890486 Aug 16 15:25 dfj7GDJIGH023933 >-rw------- 1 root smmsp 1059267 Aug 16 16:31 dfj7GEX7AI009945 >-rw------- 1 root smmsp 1890486 Aug 16 18:59 dfj7GH9BV8008471 >-rw------- 1 root smmsp 8192 Aug 17 16:54 dfj7HFsY4N011356 >-rw------- 1 root smmsp 20480 Aug 17 16:56 dfj7HFtcjE011618 >-rw------- 1 root smmsp 46475 Aug 20 09:00 dfj7K70T9b006599 >-rw------- 1 root smmsp 37325 Aug 21 05:24 dfj7L3p7HS031614 >-rw------- 1 root smmsp 32768 Aug 24 01:34 dfj7O0YO2W021593 >-rw------- 1 root smmsp 6054495 Aug 24 11:26 dfj7O8nhLh010013 >-rw------- 1 root smmsp 14653153 Aug 24 16:29 dfj7OEsKZp006071 >-rw------- 1 root smmsp 24576 Aug 30 01:52 dfj7U0prGS015478 >-rw------- 1 root smmsp 3378951 Aug 30 17:07 dfj7UFWKDj007283 >-rw------- 1 root smmsp 9733988 Aug 31 13:25 dfj7VBhHlT020497 >-rw------- 1 root smmsp 122758490 Sep 1 17:30 dfj81F4D8M028439 >-rw------- 1 root smmsp 122758490 Sep 1 20:17 dfj81I1TGk002002 >-rw------- 1 root smmsp 290816 Sep 2 03:14 dfj81N37hm010490 >-rw------- 1 root smmsp 122758490 Sep 2 01:54 dfj81Nc5Dx014735 >-rw------- 1 root smmsp 122758490 Sep 2 05:52 dfj823gc8F012851 >-rw------- 1 root smmsp 122758490 Sep 2 07:55 dfj825jG55029489 >-rw------- 1 root smmsp 122758490 Sep 2 09:43 dfj827Mn3f012565 >-rw------- 1 root smmsp 2707806 Sep 2 11:53 dfj82AIf6w023418 >-rw------- 1 root smmsp 122758490 Sep 2 19:21 dfj82H8GbJ003874 >-rw------- 1 root smmsp 86633 Sep 2 19:04 dfj82HUCYP009111 >-rw------- 1 root smmsp 122758490 Sep 2 20:56 dfj82IdSCI024354 >-rw------- 1 root smmsp 63442474 Sep 2 23:03 dfj82LIqW5019338 >-rw------- 1 root smmsp 63442474 Sep 3 01:16 dfj82NX28T007904 >-rw------- 1 root smmsp 56526150 Sep 3 03:58 dfj832PWa7000787 >-rw------- 1 root smmsp 56526150 Sep 3 05:34 dfj833xkHN015060 >-rw------- 1 root smmsp 56526150 Sep 3 07:01 dfj835MGTm027257 >-rw------- 1 root smmsp 56526150 Sep 3 09:01 dfj837MIgJ011550 >-rw------- 1 root smmsp 56526150 Sep 3 13:45 dfj83CCOUU018004 >-rw------- 1 root smmsp 56526150 Sep 3 15:12 dfj83DdK1j030199 >-rw------- 1 root smmsp 56526150 Sep 3 17:14 dfj83FfdVD018820 >-rw------- 1 root smmsp 56526150 Sep 3 18:42 dfj83H2fX3032442 >-rw------- 1 root smmsp 56526150 Sep 3 20:42 dfj83J2gBf018539 >-rw------- 1 root smmsp 56526150 Sep 3 23:47 dfj83MErZ8007494 >-rw------- 1 root smmsp 56526150 Sep 4 01:51 dfj840C68d022594 >-rw------- 1 root smmsp 56526150 Sep 4 03:52 dfj842Ha2F008631 >-rw------- 1 root smmsp 56526150 Sep 4 05:53 dfj844KkRk019128 >-rw------- 1 root smmsp 56526150 Sep 4 07:21 dfj845fBGT029529 >-rw------- 1 root smmsp 56526150 Sep 4 09:54 dfj848LZDh017669 >-rw------- 1 root smmsp 56526150 Sep 4 11:55 dfj84AMHqp007797 >-rw------- 1 root smmsp 56526150 Sep 4 14:28 dfj84CuEuW029175 >-rw------- 1 root smmsp 56526150 Sep 4 15:56 dfj84EO7PE008375 >-rw------- 1 root smmsp 323584 Sep 5 16:11 dfj85EOarr009634 >-rw------- 1 root smmsp 303104 Sep 5 16:04 dfj85EwaeE019225 >-rw------- 1 root smmsp 84885566 Sep 6 12:32 dfj86AuS0O004588 >-rw------- 1 root smmsp 84885566 Sep 6 13:17 dfj86Bb1jm015566 >-rw------- 1 root smmsp 1174114 Sep 6 13:01 dfj86BGXlC010277 >-rw------- 1 root smmsp 84885566 Sep 6 14:16 dfj86CMGhT027182 >-rw------- 1 root smmsp 127174 Sep 6 16:09 dfj86EaTMU030832 >-rw------- 1 root smmsp 6714817 Sep 6 18:51 dfj86Eq7ex002296 >-rw------- 1 root smmsp 45056 Sep 7 02:17 dfj871DO47009304 >-rw------- 1 root smmsp 57344 Sep 8 01:47 dfj880ctfq003218 >-rw------- 1 root smmsp 135168 Sep 8 02:14 dfj8815ieo006701 >-rw------- 1 root smmsp 81920 Sep 8 02:54 dfj881iJnJ011584 >-rw------- 1 root smmsp 8192 Sep 8 03:01 dfj881s21b012789 >-rw------- 1 root smmsp 228550 Sep 8 16:59 dfj88FPv9T016508 >-rw------- 1 root smmsp 200704 Sep 9 03:11 dfj891hsvr012198 >-rw------- 1 root smmsp 2387488 Sep 9 11:48 dfj897g2Br011000 >-rw------- 1 root smmsp 24576 Sep 9 13:57 dfj89CvWBP014678 >-rw------- 1 root smmsp 366 Sep 9 15:41 dfj89EeW3o009563 >-rw------- 1 root smmsp 1045 Sep 9 15:41 dfj89Eex4A009719 >-rw------- 1 root smmsp 59182 Sep 9 15:41 dfj89EfNPZ009850 >-rw------- 1 root smmsp 1348 Sep 9 15:41 qfj89EeW3o009563 >-rw------- 1 root smmsp 935 Sep 9 15:41 qfj89Eex4A009719 >-rw------- 1 root smmsp 1903 Sep 9 15:41 qfj89EfNPZ009850 > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 9 17:39:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:43 2006 Subject: encrypted attachments Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need to be running at least MailScanner 4.43.8 for the "Allowed Sophos Error Messages" setting to work with the "sophossavi" virus scanner. Previously it only worked with "sophos" and not "sophossavi". This is in the Change Log. Greg Matthews wrote: >How can I let encrypted attachments past my virus scanner? I have the >following in my MailScanner.conf: > >Allowed Sophos Error Messages = "corrupt", "format not supported", "File >was encrypted" > >and the (sanitised) log looks like: > >MailScanner[6507]: SophosSAVI::ERROR:: File was encrypted >(530):: ./j858lSYJ015666/UbesioT.xls >MailScanner[6507]: Virus Scanning: SophosSAVI found 1 infections > >Does the MailScanner option not work for SophosSAVI? > >GREG > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 9 17:58:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:43 2006 Subject: [Fwd: UK Linux Awards] Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone fancy nominating me and voting for me and/or MailScanner? -------- Original Message -------- Subject: UK Linux Awards Date: Fri, 9 Sep 2005 12:10:36 +0100 From: Maggie Meer Reply-To: maggie@linuxuser.co.uk To: jkf@ecs.soton.ac.uk Dear Reader As you may know every year LinuxUser and Developer Magazine organise the UK^Òs most prestigious Awards ceremony for the Linux and Open Source arena. This year, the UK Linux Awards will be held on 5^th October 2005 at the Copthorne Tara Hotel in Kensington. There are two awards categories. The first category is the Voted Awards. These are open to anyone who wishes to vote. Simply go to www.linuxawards.co.uk and click vote, then vote in each category for your chosen project, product, company or individual. The second category is the Nominated Awards which are judged by a judging panel. Nominations can also be made by anyone at www.linuxawards.co.uk (click nominate for a list of the awards). You can either nominate your own company, product or project or another company, project or product. There is no limit to how many nominations you can make, provided! you hav e given a good reason as to why the product, company or project has been nominated. Shortlists for each award will be announced around 9^th September. It is essential that you go to www.linuxawards.co.uk now to vote or nominate for the companies, products or projects you believe deserve to win. There are two tickets worth £250 up for grabs to be at the awards evening. These will be drawn from a hat once nominating and voting is finished. Winners will be notified by e-mail. Your Nominations and Votes count, don^Òt miss this opportunity to have your say. ** *You have to be in it to win it ^Ö **www.linuxawards.co.uk* * ^Ö Nominate or vote now* *Maggie Meer Publisher/Director LinuxUser and Developer Magazine HME Publishing Limited 31 Millennium House Humber Road London NW2 6DW* ** To unsubscribe, click here -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Fri Sep 9 18:40:17 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:43 2006 Subject: [Fwd: UK Linux Awards] Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Definately. MailScanner is top notch middleware. However no links on the site actually work :) Chris ________________________________ From: MailScanner mailing list on behalf of Julian Field Sent: Fri 09/09/2005 17:58 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [Fwd: UK Linux Awards] Anyone fancy nominating me and voting for me and/or MailScanner? -------- Original Message -------- Subject: UK Linux Awards Date: Fri, 9 Sep 2005 12:10:36 +0100 From: Maggie Meer Reply-To: maggie@linuxuser.co.uk To: jkf@ecs.soton.ac.uk Dear Reader As you may know every year LinuxUser and Developer Magazine organise the UK's most prestigious Awards ceremony for the Linux and Open Source arena. This year, the UK Linux Awards will be held on 5^th October 2005 at the Copthorne Tara Hotel in Kensington. There are two awards categories. The first category is the Voted Awards. These are open to anyone who wishes to vote. Simply go to www.linuxawards.co.uk and click vote, then vote in each category for your chosen project, product, company or individual. The second category is the Nominated Awards which are judged by a judging panel. Nominations can also be made by anyone at www.linuxawards.co.uk (click nominate for a list of the awards). You can either nominate your own company, product or project or another company, project or product. There is no limit to how many nominations you can make, provided! you hav e given a good reason as to why the product, company or project has been nominated. Shortlists for each award will be announced around 9^th September. It is essential that you go to www.linuxawards.co.uk now to vote or nominate for the companies, products or projects you believe deserve to win. There are two tickets worth £250 up for grabs to be at the awards evening. These will be drawn from a hat once nominating and voting is finished. Winners will be notified by e-mail. Your Nominations and Votes count, don't miss this opportunity to have your say. ** *You have to be in it to win it - **www.linuxawards.co.uk* * - Nominate or vote now* *Maggie Meer Publisher/Director LinuxUser and Developer Magazine HME Publishing Limited 31 Millennium House Humber Road London NW2 6DW* ** To unsubscribe, click here -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner is part of the Mail Filtering service from Nexent Internet. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Sep 9 19:15:21 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:43 2006 Subject: UK Linux Awards Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] there you go.. http://www.linuxawards.co.uk/component/option,com_philaform/Itemid,35/form_i d,1/ - dhawal Chris Russell writes: > Julian, > > Definately. MailScanner is top notch middleware. However no links on the site actually work :) > > Chris > > > ________________________________ > > From: MailScanner mailing list on behalf of Julian Field > Sent: Fri 09/09/2005 17:58 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [Fwd: UK Linux Awards] > > > > Anyone fancy nominating me and voting for me and/or MailScanner? > > -------- Original Message -------- > Subject: UK Linux Awards > Date: Fri, 9 Sep 2005 12:10:36 +0100 > From: Maggie Meer > Reply-To: maggie@linuxuser.co.uk > To: jkf@ecs.soton.ac.uk > > > > Dear Reader > > As you may know every year LinuxUser and Developer Magazine > organise the UK's most prestigious Awards ceremony for the > Linux and Open Source arena. This year, the UK Linux Awards > will be held on 5^th October 2005 at the Copthorne Tara Hotel in > Kensington. > > There are two awards categories. The first category is the Voted Awards. > These are open to anyone who wishes to vote. > Simply go to www.linuxawards.co.uk and > click vote, then vote in > each category for your chosen project, product, company or individual. > The second category is the Nominated Awards which are judged > by a judging panel. Nominations can also be made by anyone at > www.linuxawards.co.uk (click nominate > for a list of the awards). > You can either nominate your own company, product or project or > another company, project or product. There is no limit to how many > nominations you can make, provided! you hav e given a good reason > as to why the product, company or project has been nominated. > > Shortlists for each award will be announced around 9^th September. > It is essential that you go to www.linuxawards.co.uk > now to vote > or nominate for the companies, products or projects you believe deserve > to win. > > There are two tickets worth £250 up for grabs to be at the awards evening. > These will be drawn from a hat once nominating and voting is finished. > Winners will be notified by e-mail. > > Your Nominations and Votes count, don't miss this opportunity to have > your say. > > ** > > *You have to be in it to win it - **www.linuxawards.co.uk* > * - Nominate or vote now* > > *Maggie Meer > Publisher/Director > LinuxUser and Developer Magazine > HME Publishing Limited > 31 Millennium House > Humber Road > London NW2 6DW* > > ** > > > To unsubscribe, click here > > > > -- > Julian Field ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-user at NELAND.DK Fri Sep 9 19:09:39 2005 From: mailscanner-user at NELAND.DK (Leif Neland) Date: Thu Jan 12 21:30:43 2006 Subject: UK Linux Awards] Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Anyone fancy nominating me and voting for me and/or MailScanner? > > -------- Original Message -------- > > There are two awards categories. The first category is the Voted > Awards. These are open to anyone who wishes to vote. > Simply go to www.linuxawards.co.uk and > click vote, then vote in > each category for your chosen project, product, company or individual. > The second category is the Nominated Awards which are judged > by a judging panel. Nominations can also be made by anyone at > www.linuxawards.co.uk (click nominate > for a list of the awards). > You can either nominate your own company, product or project or > another company, project or product. There is no limit to how many > nominations you can make, provided! you hav e given a good reason > as to why the product, company or project has been nominated. > I've voted. You can nominate yourself, however: "Eligible products: All products entered must have been launched between 1st April 2004 and 30th June 2005. A significant upgrade to a product is acceptable where the upgrade was released within this period. " Does MailScanner qualify? Leif -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Sep 9 19:34:29 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:43 2006 Subject: milter-greylist on RHEL 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, After reading many testimonies about how good greylisting can be I decided to try it out on my RHEL 4 servers but I ran into this problem: libmilter is nowhere to be found... My sendmail has been compiled with MILTER: sendmail -d0.1 -bt [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I believe that it's really libmilter.a Denis Beauchemin wrote: > Hello all, > > After reading many testimonies about how good greylisting can be I > decided to try it out on my RHEL 4 servers but I ran into this problem: > libmilter is nowhere to be found... > > My sendmail has been compiled with MILTER: > sendmail -d0.1 -bt MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET > NETINET6 > > I guess I just need libmilter.so but I cannot find it... I downloaded > sendmail's SRPM and I can see a libmilter directory there but no > libmilter.so is being created when I remake the RPMs (I guess I will > have to modify some config file to get it but I don't know which one). > > Anyone can help me with this please? > > Thanks! > > Denis > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Sep 9 19:27:06 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] lester lasad spake the following on 9/8/2005 4:06 PM: > --- Scott Silva wrote: > > >>lester lasad spake the following on 9/8/2005 1:16 >>PM: >> >>>--- Scott Silva wrote: >>> >>> >>> >>>>lester lasad spake the following on 9/8/2005 12:05 >>>>PM: >>>> >>>> >>>>>--- Scott Silva wrote: >>>>> >>>>> >>>>> >>>>> >>>>>>lester lasad spake the following on 9/8/2005 >> >>10:43 >> >>>>>>AM: >>>>>> >>>>>> >>>>>> >>>>>>>MailScanner version 4.41.3 >>>>>>>Fedora Core 2 >>>>>>>spamassassin 3.0.3 >>>>>>> >>>>>>>I have had this problem several times in the >>>> >>>>past. >>>> >>>> >>>>>>>Mail is being accepted by my MS server but it >> >>is >> >>>>>>not >>>>>> >>>>>> >>>>>> >>>>>>>transferring email from /var/spool/mqueue.in to >>>>>>>/var/spool/mqueue. This causes a major backup >> >>on >> >>>>>>my >>>>>> >>>>>> >>>>>> >>>>>>>mail system. >>>>>> >>>>>>Which MTA? Sendmail? Postfix? Exim? ...? >>>>>>If you just move the oldest file in mqueue.in >> >>will >> >>>>>>it start up? >>>>>>Any clues in the log? >>>>> >>>>> >>>>>sendmail is my MTA, version 8.12.10 (ouch, i know >>>>>needs to be upgraded). The log really isn't >>>> >>>>telling >>>> >>>> >>>>>me much. some old stuff in there, spamassassin >>>>>timeout every now and then but that's about it. >>>> >>>>looks >>>> >>>> >>>>>OK. >>>>> >>>>>I moved the oldest files to mqueue but still no >>>> >>>>luck. >>>> >>>> >>>>>Now I can't even move everything from mqueue.in >> >>to >> >>>>>mqueue becuase there is too much data in >>>> >>>>mqueue.in. >>>> >>>>Kind of a stupid question, but can you trace it to >>>>an upgrade, or did it >>>>just break untouched? >>> >>> >>>I did make one change to the MailScanner.conf. I >>>didn't mention it earlier (but should have) >> >>because I >> >>>have had the same problem in the past with making >> >>any >> >>>changes at all. I changed it to allow password >>>protected archives (for our HR department). so I >>>changed the following from no to yes: >>> >>># Should archives which contain any >> >>password-protected >> >>>files be allowed? >>># Leaving this set to "no" is a good way of >> >>protecting >> >>>against all the >>># protected zip files used by viruses at the >> >>moment. >> >>># This can also be the filename of a ruleset. >>>Allow Password-Protected Archives = yes >>> >>>__________________________________________________ >>>Do You Yahoo!? >>>Tired of spam? Yahoo! Mail has the best spam >> >>protection around >> >>>http://mail.yahoo.com >>> >> >>Maybe change it back just to see. >>Or maybe it is stumbling in a virus scanner. >>Do you have any installed? and what versions. >>I seem to remember a bump in one a while back, but >>can't for the life of >>me remember which one. > > > I'm using ClamAV (version 0.73) as my virus scanner. > I still have it set to allow password protected zip > files. As I mentioned in my first email I said it > would probably start working on it's own. It is > sending mail to mqueue now but it is slow. It will > put about 100 or so in there route them but then I > have no activity in mqueue again for at least 10 - 20 > minutes (haven't timed it accurately yet but will). > Thanks for any info or recommendations you can provide. Any reason you are using such an old version? It is now at 0.86.2 -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Sep 9 19:39:39 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:43 2006 Subject: milter-greylist on RHEL 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks, I just found it in sendmail-devel. Denis Dennis Willson wrote: > I believe that it's really libmilter.a > > Denis Beauchemin wrote: > >> Hello all, >> >> After reading many testimonies about how good greylisting can be I >> decided to try it out on my RHEL 4 servers but I ran into this >> problem: libmilter is nowhere to be found... >> >> My sendmail has been compiled with MILTER: >> sendmail -d0.1 -bt > MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET >> NETINET6 >> >> I guess I just need libmilter.so but I cannot find it... I >> downloaded sendmail's SRPM and I can see a libmilter directory there >> but no libmilter.so is being created when I remake the RPMs (I guess >> I will have to modify some config file to get it but I don't know >> which one). >> >> Anyone can help me with this please? >> >> Thanks! >> >> Denis >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From ssilva at SGVWATER.COM Fri Sep 9 19:31:13 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: very utilization of CPU Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] a.l.e@ig.com.br spake the following on 9/9/2005 8:54 AM: > Hi All, > > Does somebody know like diminish the CPU utilization for > mailsacanner? It's using very CPU and doing the messagens arrive late! > > Greentings, > Alexander Lucard > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Sep 9 19:41:38 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:43 2006 Subject: [Fwd: UK Linux Awards] Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 9/9/2005 9:58 AM: > Anyone fancy nominating me and voting for me and/or MailScanner? > Done. Now if I could only get across the pond and buy you a pint! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Sep 9 20:00:56 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 09/09/05, Jason Brault wrote: > Hi Glenn, > > I can give you a solid confirmation. The compat package, on Fedora Core > 4 is not required to run the p4 version. It's not installed on my box, > and the p4 version is running fine. OK, thanks. Tell me, did you look at the wiki entry before mailing here? Could you take a look now, and tell me if it seems plain enough what version you should be using from what is there? Go look at http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:mcafee:install tia > --------------- > > Jason Brault > Communications Administrator - Scot Forge Company > 8001 Winn Rd., Spring Grove, IL. 60081 > Phone: (815) 675-4247 > Fax: (815) 675-4129 > Email: jbrault@scotforge.com > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Sep 9 20:06:29 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:43 2006 Subject: orphaned df files in mqueue.in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 09/09/05, Julian Field wrote: > Usually caused by SMTP servers sending you large messages but the > connection getting broken before the message was completely deliverd. Which in turn can be caused by some networking gear "timing out"..... usually an address translating firewall or similar. If you know you have such gear in between, make sure the defult tcp timeout is ... enough (Yes, I've been bitten by such in the past). > But also check your "Lock Type" setting near the bottom of > MailScanner.conf. The comment above the setting will help you set it > correctly (if it needs setting to anything at all). > > Greg Matthews wrote: > > >I'm consistently finding "orphaned" df* files in /var/spool/mqueue.in ie > >without a corresponding qf* file. Is this a bug in mailscanner > >(v4.42.9)? > > > >usually one or two a day, often quite large multipart messages. > > > >GREG > > (snip) > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Sep 9 20:32:42 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:43 2006 Subject: UK Linux Awards] Message-ID: On 9 Sep 2005, at 19:09, Leif Neland wrote: > I've voted. > > You can nominate yourself, however: > "Eligible products: > All products entered must have been launched between 1st April 2004 > and 30th June 2005. A significant upgrade to a product is > acceptable where the upgrade was released within this period. > " > > Does MailScanner qualify? Oops, no idea but I voted for it any way. Perhaps if enough people vote they may 'bend' their rules ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Sep 9 21:11:57 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:43 2006 Subject: UK Linux Awards] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 09/09/05, Drew Marshall wrote: > On 9 Sep 2005, at 19:09, Leif Neland wrote: > > > I've voted. > > > > You can nominate yourself, however: > > "Eligible products: > > All products entered must have been launched between 1st April 2004 > > and 30th June 2005. A significant upgrade to a product is > > acceptable where the upgrade was released within this period. > > " > > > > Does MailScanner qualify? > > Oops, no idea but I voted for it any way. Perhaps if enough people > vote they may 'bend' their rules ;-) > > Drew > More likely they'll just ignore our votes..... didn't stop me from voting though:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Sep 9 21:19:29 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:43 2006 Subject: UK Linux Awards] Message-ID: On 9 Sep 2005, at 21:11, Glenn Steen wrote: > More likely they'll just ignore our votes..... didn't stop me from > voting though:-) > They can't stop people power! Rise up all MailScanners, rise up and be counted. They *shall* hear us On the other hand, they could always make a new category, you never know... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From llasad1 at YAHOO.COM Fri Sep 9 21:22:17 2005 From: llasad1 at YAHOO.COM (lester lasad) Date: Thu Jan 12 21:30:43 2006 Subject: MailScanner not sending mail to /var/spool/mqueue RESOLVED Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] --- Scott Silva wrote: > lester lasad spake the following on 9/8/2005 4:06 > PM: > > --- Scott Silva wrote: > > > > > >>lester lasad spake the following on 9/8/2005 1:16 > >>PM: > >> > >>>--- Scott Silva wrote: > >>> > >>> > >>> > >>>>lester lasad spake the following on 9/8/2005 > 12:05 > >>>>PM: > >>>> > >>>> > >>>>>--- Scott Silva wrote: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>lester lasad spake the following on 9/8/2005 > >> > >>10:43 > >> > >>>>>>AM: > >>>>>> > >>>>>> > >>>>>> > >>>>>>>MailScanner version 4.41.3 > >>>>>>>Fedora Core 2 > >>>>>>>spamassassin 3.0.3 > >>>>>>> > >>>>>>>I have had this problem several times in the > >>>> > >>>>past. > >>>> > >>>> > >>>>>>>Mail is being accepted by my MS server but it > >> > >>is > >> > >>>>>>not > >>>>>> > >>>>>> > >>>>>> > >>>>>>>transferring email from /var/spool/mqueue.in > to > >>>>>>>/var/spool/mqueue. This causes a major > backup > >> > >>on > >> > >>>>>>my > >>>>>> > >>>>>> > >>>>>> > >>>>>>>mail system. > >>>>>> > >>>>>>Which MTA? Sendmail? Postfix? Exim? ...? > >>>>>>If you just move the oldest file in mqueue.in > >> > >>will > >> > >>>>>>it start up? > >>>>>>Any clues in the log? > >>>>> > >>>>> > >>>>>sendmail is my MTA, version 8.12.10 (ouch, i > know > >>>>>needs to be upgraded). The log really isn't > >>>> > >>>>telling > >>>> > >>>> > >>>>>me much. some old stuff in there, spamassassin > >>>>>timeout every now and then but that's about it. > > >>>> > >>>>looks > >>>> > >>>> > >>>>>OK. > >>>>> > >>>>>I moved the oldest files to mqueue but still no > >>>> > >>>>luck. > >>>> > >>>> > >>>>>Now I can't even move everything from mqueue.in > >> > >>to > >> > >>>>>mqueue becuase there is too much data in > >>>> > >>>>mqueue.in. > >>>> > >>>>Kind of a stupid question, but can you trace it > to > >>>>an upgrade, or did it > >>>>just break untouched? > >>> > >>> > >>>I did make one change to the MailScanner.conf. I > >>>didn't mention it earlier (but should have) > >> > >>because I > >> > >>>have had the same problem in the past with making > >> > >>any > >> > >>>changes at all. I changed it to allow password > >>>protected archives (for our HR department). so I > >>>changed the following from no to yes: > >>> > >>># Should archives which contain any > >> > >>password-protected > >> > >>>files be allowed? > >>># Leaving this set to "no" is a good way of > >> > >>protecting > >> > >>>against all the > >>># protected zip files used by viruses at the > >> > >>moment. > >> > >>># This can also be the filename of a ruleset. > >>>Allow Password-Protected Archives = yes > >>> > >>>__________________________________________________ > >>>Do You Yahoo!? > >>>Tired of spam? Yahoo! Mail has the best spam > >> > >>protection around > >> > >>>http://mail.yahoo.com > >>> > >> > >>Maybe change it back just to see. > >>Or maybe it is stumbling in a virus scanner. > >>Do you have any installed? and what versions. > >>I seem to remember a bump in one a while back, but > >>can't for the life of > >>me remember which one. > > > > > > I'm using ClamAV (version 0.73) as my virus > scanner. > > I still have it set to allow password protected > zip > > files. As I mentioned in my first email I said it > > would probably start working on it's own. It is > > sending mail to mqueue now but it is slow. It > will > > put about 100 or so in there route them but then I > > have no activity in mqueue again for at least 10 - > 20 > > minutes (haven't timed it accurately yet but > will). > > Thanks for any info or recommendations you can > provide. > Any reason you are using such an old version? > It is now at 0.86.2 No good reason, I need to get it updated. The problem was with DNS. I run a local caching name server but for some reason it was not using the localhost or caching DNS lookups. I receive roughly 60k messages per day so every little msec counts. I restarted the "named" service and everything seems to be working properly again. Thanks for all of the suggestions and I'm glad this turned out to be a problem other than MS. Thanks again. ______________________________________________________ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From JBrault at SCOTFORGE.COM Fri Sep 9 21:37:52 2005 From: JBrault at SCOTFORGE.COM (Jason Brault) Date: Thu Jan 12 21:30:43 2006 Subject: McAfee On Fedora Core 4 Message-ID: Glenn, Honestly, no, I didn't look at the wiki before I mailed the list (sorry for duplicating efforts previously made by you folks) so I can't compare the description you have now to what it used to be. However, its very informative now, and I think explains this quite well. If I were to find that now, during the course of research, I'd know exactly what to do. Looks great to me! Thanks, -Jason -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Glenn Steen Sent: Friday, September 09, 2005 2:01 PM To: Subject: Re: McAfee On Fedora Core 4 On 09/09/05, Jason Brault wrote: > Hi Glenn, > > I can give you a solid confirmation. The compat package, on Fedora Core > 4 is not required to run the p4 version. It's not installed on my box, > and the p4 version is running fine. OK, thanks. Tell me, did you look at the wiki entry before mailing here? Could you take a look now, and tell me if it seems plain enough what version you should be using from what is there? Go look at http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:mcafee :install tia ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevins at BMRB.CO.UK Fri Sep 9 21:49:20 2005 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:30:43 2006 Subject: [Fwd: UK Linux Awards] Message-ID: On Fri, 2005-09-09 at 11:41 -0700, Scott Silva wrote: > Julian Field spake the following on 9/9/2005 9:58 AM: > > Anyone fancy nominating me and voting for me and/or MailScanner? > > > > Done. > Now if I could only get across the pond and buy you a pint! You could always... http://www.lastorders.com/ Isn't Google great! I started off by searching for 'beer by post' but my 'e' key is giving up the ghost and I typed 'ber by post'. Google says 'Did you mean: bear by post'. No Google, I don't believe I did. /made me smile. ================================================================= BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Sep 10 18:38:18 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: [Fwd: UK Linux Awards] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Spicer wrote: >On Fri, 2005-09-09 at 11:41 -0700, Scott Silva wrote: > > >>Julian Field spake the following on 9/9/2005 9:58 AM: >> >> >>>Anyone fancy nominating me and voting for me and/or MailScanner? >>> >>> >>> >>Done. >>Now if I could only get across the pond and buy you a pint! >> >> > >You could always... >http://www.lastorders.com/ > >Isn't Google great! I started off by searching for 'beer by post' but >my 'e' key is giving up the ghost and I typed 'ber by post'. Google >says 'Did you mean: bear by post'. No Google, I don't believe I did. > >/made me smile. > > Another demonstration that the internet is complete. The other sure sign is the existence of http://www.petpreservations.com/ which is a mail-order taxidermist! What else do you need?! P.S. Prefer wine to beer :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tim.sousa at gmail.com Sun Sep 11 03:21:20 2005 From: tim.sousa at gmail.com (Tim Souza) Date: Thu Jan 12 21:30:44 2006 Subject: Scanning flo Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all - I've been playing around with MailScanner, and want to share my "whishlist". Is there any hope of these features to be implemented in a near future? * Allow controlling mail scanning flow, e.g. in what order should checks be done, such as AV, spamassassin, content checks, phishing/fraud, etc.. * Allow not to continue scan if one of the checks gets positive results, e.g. nowadays it doesn't make much sense to call SpamAssassin to scan messages that contain worms/virus. * Option to "score" malware/phishing/fraud/others using SpamAssassin instead of modifying the message body. For me, the most important one would be the first item. Mostly, I would like to (for example) inject a X-MailScanner-Malware header that would be picked up by SpamAssassin (and scored acordingly). Does any of these make sense to you? - Tim ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craigwhite at AZAPPLE.COM Sun Sep 11 05:58:18 2005 From: craigwhite at AZAPPLE.COM (Craig White) Date: Thu Jan 12 21:30:44 2006 Subject: [Fwd: UK Linux Awards] Message-ID: On Sat, 2005-09-10 at 18:38 +0100, Julian Field wrote: > Another demonstration that the internet is complete. The other sure sign > is the existence of http://www.petpreservations.com/ which is a > mail-order taxidermist! What else do you need?! ---- do it yourself brain surgery Craig ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From binaryflow at gmail.com Sun Sep 11 13:06:20 2005 From: binaryflow at gmail.com (Douglas Ward) Date: Thu Jan 12 21:30:44 2006 Subject: MailScanner stops delivering e-mail to Postfix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] After upgrading MailScanner to version 4.45.4-1 (Mandrake 2005) I have noticed that my mail gateways seem to be stopping delivery at random times. After a lot of time searching for a postfix error I am starting to think that something may be wrong with MailScanner. Symptoms: 1) Postfix accepts the message and places it in the hold queue. MailScanner scans the message but never gives it back to postfix. It remains in the hold queue forever. 2) I see e-mail in the queue that is several days old. MailScanner moved all of the e-mail from that day except for a handful of messages. 3) There are times when postfix will run with a certain number of messages in the queue. I'll check it in the morning and see 59 messages (for example). E-mail will deliver all day and that evening the same 59 messages are still in the queue. I can usually identify the problematic messages after a few days because they are much older than current e-mail. If I manually move the messages from /var/spool/postfix/hold to /var/spool/postfix/incoming they are immediately delivered. Last night around midnight I dumped 3,000 messages from Friday and Saturday just so they could be delivered. I saw a similar thread in the archives and checked to make sure our DNS lookups are working properly. Has anyone seen this before in this new version? The previous version was rock solid with no delivery problems to speak of. If I can't find an answer soon I will have to revert to the previous version. I appreciate your help! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Sun Sep 11 13:27:44 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:30:44 2006 Subject: encrypted attachments Message-ID: On Fri, 2005-09-09 at 17:39 +0100, Julian Field wrote: > You need to be running at least MailScanner 4.43.8 for the "Allowed > Sophos Error Messages" setting to work with the "sophossavi" virus > scanner. Previously it only worked with "sophos" and not "sophossavi". great thanks, > This is in the Change Log. point taken - I seem to remember hearing about it now... GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Sun Sep 11 13:36:30 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:30:44 2006 Subject: orphaned df files in mqueue.in Message-ID: On Fri, 2005-09-09 at 17:37 +0100, Julian Field wrote: > Usually caused by SMTP servers sending you large messages but the > connection getting broken before the message was completely deliverd. hmmm... as the files are already in mqueue.in, doesnt that mean that they have been fully processed by the incoming MTA? MailScanner takes them from mqueue.in, processes them and puts them in the out-going queues, this is why I suspected MS is not cleaning up properly. I'll dig a bit more in the bat book tho. > But also check your "Lock Type" setting near the bottom of > MailScanner.conf. The comment above the setting will help you set it > correctly (if it needs setting to anything at all). this is set correctly as I understand it, to posix (sendmail v8.13.1). > > Greg Matthews wrote: > > >I'm consistently finding "orphaned" df* files in /var/spool/mqueue.in ie > >without a corresponding qf* file. Is this a bug in mailscanner > >(v4.42.9)? > > > >usually one or two a day, often quite large multipart messages. > > > >GREG > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Sep 11 14:28:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: MailScanner stops delivering e-mail to Postfix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can you do an ls -l of the affected directories and files so that we can see if there is something different about them? Also, does MailScanner pick them up if you stop and restart it? Also, does MailScanner pick them up if you stop and restart just Postfix? It may be a locking problem. Can you find a message that MailScanner simply refuses to pick up whatever you do with it? If so, please can you send it to me? Douglas Ward wrote: > After upgrading MailScanner to version 4.45.4-1 (Mandrake 2005) I have > noticed that my mail gateways seem to be stopping delivery at random > times. After a lot of time searching for a postfix error I am > starting to think that something may be wrong with MailScanner. > > Symptoms: > 1) Postfix accepts the message and places it in the hold queue. > MailScanner scans the message but never gives it back to postfix. It > remains in the hold queue forever. > 2) I see e-mail in the queue that is several days old. MailScanner > moved all of the e-mail from that day except for a handful of messages. > 3) There are times when postfix will run with a certain number of > messages in the queue. I'll check it in the morning and see 59 > messages (for example). E-mail will deliver all day and that evening > the same 59 messages are still in the queue. I can usually identify > the problematic messages after a few days because they are much older > than current e-mail. > > If I manually move the messages from /var/spool/postfix/hold to > /var/spool/postfix/incoming they are immediately delivered. Last > night around midnight I dumped 3,000 messages from Friday and Saturday > just so they could be delivered. I saw a similar thread in the > archives and checked to make sure our DNS lookups are working > properly. Has anyone seen this before in this new version? The > previous version was rock solid with no delivery problems to speak > of. If I can't find an answer soon I will have to revert to the > previous version. I appreciate your help! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Sep 11 14:29:42 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: orphaned df files in mqueue.in Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Matthews wrote: >On Fri, 2005-09-09 at 17:37 +0100, Julian Field wrote: > > >>Usually caused by SMTP servers sending you large messages but the >>connection getting broken before the message was completely deliverd. >> >> > >hmmm... as the files are already in mqueue.in, doesnt that mean that >they have been fully processed by the incoming MTA? MailScanner takes >them from mqueue.in, processes them and puts them in the out-going >queues, this is why I suspected MS is not cleaning up properly. I'll dig >a bit more in the bat book tho. > > Messages are present in mqueue.in as they are read from the remote SMTP connection client. >>But also check your "Lock Type" setting near the bottom of >>MailScanner.conf. The comment above the setting will help you set it >>correctly (if it needs setting to anything at all). >> >> > >this is set correctly as I understand it, to posix (sendmail v8.13.1). > > Correct. >>Greg Matthews wrote: >> >> >> >>>I'm consistently finding "orphaned" df* files in /var/spool/mqueue.in ie >>>without a corresponding qf* file. Is this a bug in mailscanner >>>(v4.42.9)? >>> >>>usually one or two a day, often quite large multipart messages. >>> >>>GREG >>> >>> >>> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun Sep 11 20:01:58 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:44 2006 Subject: MailScanner stops delivering e-mail to Postfix Message-ID: On 11 Sep 2005, at 13:06, Douglas Ward wrote: > After upgrading MailScanner to version 4.45.4-1 (Mandrake 2005) I > have noticed that my mail gateways seem to be stopping delivery at > random times. After a lot of time searching for a postfix error I > am starting to think that something may be wrong with MailScanner. > > Symptoms: > 1) Postfix accepts the message and places it in the hold queue. > MailScanner scans the message but never gives it back to postfix. > It remains in the hold queue forever. > 2) I see e-mail in the queue that is several days old. MailScanner > moved all of the e-mail from that day except for a handful of > messages. > 3) There are times when postfix will run with a certain number of > messages in the queue. I'll check it in the morning and see 59 > messages (for example). E-mail will deliver all day and that > evening the same 59 messages are still in the queue. I can usually > identify the problematic messages after a few days because they are > much older than current e-mail. > > If I manually move the messages from /var/spool/postfix/hold to / > var/spool/postfix/incoming they are immediately delivered. Last > night around midnight I dumped 3,000 messages from Friday and > Saturday just so they could be delivered. I saw a similar thread > in the archives and checked to make sure our DNS lookups are > working properly. Has anyone seen this before in this new > version? The previous version was rock solid with no delivery > problems to speak of. If I can't find an answer soon I will have > to revert to the previous version. I appreciate your help! Any idea of the content of these messages? It's not. for instance, the TNEF converter barfing? Do you have any logs showing MailScanner actually doing anything? I feel you are right, it's unlikely to be a Postfix problem only because once mail is in the hold queue as far as Postfix is concerned, it's there forever and forgotten about. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From binaryflow at gmail.com Sun Sep 11 23:35:34 2005 From: binaryflow at gmail.com (Douglas Ward) Date: Thu Jan 12 21:30:44 2006 Subject: MailScanner stops delivering e-mail to Postfix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Restarting postfix does not resolve the problem. I was running a dual 300 mhz server with 256 mb of RAM and have now replaced it because I thought it might be part of the problem. We are now running a AMD 3000+/1gb RAM unit now. It should have plenty of horsepower to handle MailScanner. There are currently 17 messages in the queue as I write this. MailScanner is constantly scanning and rescanning these messages over and over again but they never get sent to the incoming queue. I see this happening on both the incoming and outgoing e-mail gateways. I'll e-mail the requested information to Julian directly. I'd rather not send the contents of these messages to the open list. The lock type is set to flock by default. I am running postfix which is not mentioned in the conf file. Should I switch to posix? Thanks! On 9/11/05, Drew Marshall wrote: On 11 Sep 2005, at 13:06, Douglas Ward wrote: > After upgrading MailScanner to version 4.45.4-1 (Mandrake 2005) I > have noticed that my mail gateways seem to be stopping delivery at > random times. After a lot of time searching for a postfix error I > am starting to think that something may be wrong with MailScanner. > > Symptoms: > 1) Postfix accepts the message and places it in the hold queue. > MailScanner scans the message but never gives it back to postfix. > It remains in the hold queue forever. > 2) I see e-mail in the queue that is several days old. MailScanner > moved all of the e-mail from that day except for a handful of > messages. > 3) There are times when postfix will run with a certain number of > messages in the queue. I'll check it in the morning and see 59 > messages (for example). E-mail will deliver all day and that > evening the same 59 messages are still in the queue. I can usually > identify the problematic messages after a few days because they are > much older than current e-mail. > > If I manually move the messages from /var/spool/postfix/hold to / > var/spool/postfix/incoming they are immediately delivered. Last > night around midnight I dumped 3,000 messages from Friday and > Saturday just so they could be delivered. I saw a similar thread > in the archives and checked to make sure our DNS lookups are > working properly. Has anyone seen this before in this new > version? The previous version was rock solid with no delivery > problems to speak of. If I can't find an answer soon I will have > to revert to the previous version. I appreciate your help! Any idea of the content of these messages? It's not. for instance, the TNEF converter barfing? Do you have any logs showing MailScanner actually doing anything? I feel you are right, it's unlikely to be a Postfix problem only because once mail is in the hold queue as far as Postfix is concerned, it's there forever and forgotten about. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/ ) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Sep 12 00:07:33 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:30:44 2006 Subject: MailScanner stops delivering e-mail to Postfix Message-ID: Hi! > Restarting postfix does not resolve the problem. I was running a dual 300 > mhz server with 256 mb of RAM and have now replaced it because I thought it > might be part of the problem. We are now running a AMD 3000+/1gb RAM unit > now. It should have plenty of horsepower to handle MailScanner. There are > currently 17 messages in the queue as I write this. MailScanner is > constantly scanning and rescanning these messages over and over again but > they never get sent to the incoming queue. I see this happening on both the > incoming and outgoing e-mail gateways. I'll e-mail the requested information > to Julian directly. I'd rather not send the contents of these messages to > the open list. The lock type is set to flock by default. I am running > postfix which is not mentioned in the conf file. Should I switch to posix? So run them in debug mode, most likely you see whats happening then. It seems it doesnt like some of the messages you have sitting in your incomming dir. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From deutz at rdbs.net Mon Sep 12 09:07:32 2005 From: deutz at rdbs.net (Robert Deutz) Date: Thu Jan 12 21:30:44 2006 Subject: MailScanner stops delivering e-mail to Postfix Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello! I have the same Problem on my Server. If I restart Mailscanner, the Mails are scanned and deliverd. Best Regrads, Robert -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Douglas Ward Sent: Sunday, September 11, 2005 2:06 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: MailScanner stops delivering e-mail to Postfix After upgrading MailScanner to version 4.45.4-1 (Mandrake 2005) I have noticed that my mail gateways seem to be stopping delivery at random times. After a lot of time searching for a postfix error I am starting to think that something may be wrong with MailScanner. Symptoms: 1) Postfix accepts the message and places it in the hold queue. MailScanner scans the message but never gives it back to postfix. It remains in the hold queue forever. 2) I see e-mail in the queue that is several days old. MailScanner moved all of the e-mail from that day except for a handful of messages. 3) There are times when postfix will run with a certain number of messages in the queue. I'll check it in the morning and see 59 messages (for example). E-mail will deliver all day and that evening the same 59 messages are still in the queue. I can usually identify the problematic messages after a few days because they are much older than current e-mail. If I manually move the messages from /var/spool/postfix/hold to /var/spool/postfix/incoming they are immediately delivered. Last night around midnight I dumped 3,000 messages from Friday and Saturday just so they could be delivered. I saw a similar thread in the archives and checked to make sure our DNS lookups are working properly. Has anyone seen this before in this new version? The previous version was rock solid with no delivery problems to speak of. If I can't find an answer soon I will have to revert to the previous version. I appreciate your help! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 12 12:11:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: MailScanner stops delivering e-mail to Postfix Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >> Restarting postfix does not resolve the problem. I was running a dual >> 300 >> mhz server with 256 mb of RAM and have now replaced it because I >> thought it >> might be part of the problem. We are now running a AMD 3000+/1gb RAM >> unit >> now. It should have plenty of horsepower to handle MailScanner. There >> are >> currently 17 messages in the queue as I write this. MailScanner is >> constantly scanning and rescanning these messages over and over again >> but >> they never get sent to the incoming queue. I see this happening on >> both the >> incoming and outgoing e-mail gateways. I'll e-mail the requested >> information >> to Julian directly. I'd rather not send the contents of these >> messages to >> the open list. The lock type is set to flock by default. I am running >> postfix which is not mentioned in the conf file. Should I switch to >> posix? > > > So run them in debug mode, most likely you see whats happening then. > It seems it doesnt like some of the messages you have sitting in your > incomming dir. From what I have been sent, most of this problem is caused by people running "TNEF Expander = internal", where they would be better off running the external "tnef" program supplied with MailScanner. I believe I have fixed this in the latest beta release. See the "News" section of the home page at www.mailscanner.info and there is a patch you can apply to fix this exact problem. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Mon Sep 12 15:15:47 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:44 2006 Subject: problem Message-ID: Hi, I have this problem from very days ago, in the maillog file: Sep 12 10:06:34 servidor sendmail[30891]: rejecting connections on daemon MTA: load average: 24 Sep 12 10:13:40 servidor sendmail[30891]: rejecting connections on daemon MTA: load average: 31 Sep 12 10:14:41 servidor sendmail[541]: runqueue: Aborting queue run: load average too high And the server become very very slow, and don't send any mail Can anyone help please... raul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon Sep 12 15:40:07 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:44 2006 Subject: problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: >Hi, I have this problem from very days ago, in the maillog file: > >Sep 12 10:06:34 servidor sendmail[30891]: rejecting connections on >daemon MTA: load average: 24 > >Sep 12 10:13:40 servidor sendmail[30891]: rejecting connections on >daemon MTA: load average: 31 > >Sep 12 10:14:41 servidor sendmail[541]: runqueue: Aborting queue run: >load average too high > >And the server become very very slow, and don't send any mail > >Can anyone help please... > >raul > > > Raul, Pleas don't hit reply and change the subject to something completely different. Now as to your problem, those messages just say that your server load is high enough that sendmail won't accept any new messages until the load gets back below your predefined load average. This mechanism is there to make sure your server does not get completely trashed by too many incoming mails. Now you have to try to figure out why the load average got so high. Try a top or ps. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Mon Sep 12 15:40:42 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:44 2006 Subject: problem Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, September 12, 2005 15:15, Raul Urqueta Sierra wrote: > Hi, I have this problem from very days ago, in the maillog file: > > Sep 12 10:06:34 servidor sendmail[30891]: rejecting connections on > daemon MTA: load average: 24 > > Sep 12 10:13:40 servidor sendmail[30891]: rejecting connections on > daemon MTA: load average: 31 > > Sep 12 10:14:41 servidor sendmail[541]: runqueue: Aborting queue run: > load average too high > > And the server become very very slow, and don't send any mail > > Can anyone help please... You have a high machine load and therefore have: A low powered machine simply overwhelmed A process running out of control using up the system resources What does top give you? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Mon Sep 12 16:22:39 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:44 2006 Subject: [Fwd: UK Linux Awards] Message-ID: Julian Field wrote: > > P.S. Prefer wine to beer :-) Getting way off topic here, but have you ever tried a barley wine? Best of both worlds... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rurqueta at MUNILASERENA.CL Mon Sep 12 16:44:06 2005 From: rurqueta at MUNILASERENA.CL (Raul Urqueta Sierra) Date: Thu Jan 12 21:30:44 2006 Subject: problem Message-ID: The problem is with a ZIP file in a mail, this file make the clamav enter in a loop, with the consecuencies of the server become slow I deny the file tipe "tnef" "chm" "fsg" "zip" and the problem appear to be desapeare Thanks Raul.- -----Mensaje original----- De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En nombre de Drew Marshall Enviado el: Lunes, 12 de Septiembre de 2005 10:41 Para: MAILSCANNER@JISCMAIL.AC.UK Asunto: Re: problem Importancia: Alta On Mon, September 12, 2005 15:15, Raul Urqueta Sierra wrote: > Hi, I have this problem from very days ago, in the maillog file: > > Sep 12 10:06:34 servidor sendmail[30891]: rejecting connections on > daemon MTA: load average: 24 > > Sep 12 10:13:40 servidor sendmail[30891]: rejecting connections on > daemon MTA: load average: 31 > > Sep 12 10:14:41 servidor sendmail[541]: runqueue: Aborting queue run: > load average too high > > And the server become very very slow, and don't send any mail > > Can anyone help please... You have a high machine load and therefore have: A low powered machine simply overwhelmed A process running out of control using up the system resources What does top give you? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From elliott at ZEUSLINE.COM Mon Sep 12 19:41:32 2005 From: elliott at ZEUSLINE.COM (Elliott Wood) Date: Thu Jan 12 21:30:44 2006 Subject: Phishing and BASE HREF Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I ran into a problem today with MailScanner incorrectly tagging messages sent out by our newsletter software as phishing scams. After much troubleshooting, I determined that MS will tag the following as a phishing attack: ... A Page on Our Website ... http://www.bar.com In this example, http://www.bar.com will be tagged as a phishing attack "from www.foo.com claiming to be www.bar.com". I've used BASE in this manner for years before I installed MS so I think it's widely compatible across MUAs - but maybe I'm violating some standard here. Am I incorrectly using the BASE tag, or is this a misinterpretation by MS? I'm using 4.41.3 (the current Debian stable distribution), and can provide a more exact example of this if needed. Thanks! -- Elliott Wood elliott@zeusline.com gtg674g@mail.gatech.edu ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From j.guijt at HCCNET.NL Mon Sep 12 20:47:23 2005 From: j.guijt at HCCNET.NL (Johan Guijt) Date: Thu Jan 12 21:30:44 2006 Subject: Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Last friday I did a Mailscanner update to the latest stable version (4.45.4-1 on Fedora). Since then I have problems -long ping times and timeouts on the monitor system. The server is co-located and I am usig their servermonitor system which sends me a SMS in case off problems. They use 30ms timeout - after that it sends an SMS messsage (average ping time now is 58ms) . Is it possible that Mailscanner is causing that problem? The server is working fine and I don't have troubles receiving mail. Only long ping times / checks on that port. Can I do other tests on the server to check this? WKR Johan G ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Sep 12 21:18:31 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:44 2006 Subject: Timeouts Message-ID: On 12 Sep 2005, at 20:47, Johan Guijt wrote: > Last friday I did a Mailscanner update to the latest stable version > (4.45.4-1 on Fedora). > > Since then I have problems -long ping times and timeouts on the > monitor system. > > The server is co-located and I am usig their servermonitor system > which sends me a SMS in case off problems. > They use 30ms timeout - after that it sends an SMS messsage > (average ping time now is 58ms) . > > Is it possible that Mailscanner is causing that problem? The server > is working fine and I don't have troubles receiving mail. > Only long ping times / checks on that port. No this sounds much more like a network issue. MailScanner doesn't have anything to do with the network. > > Can I do other tests on the server to check this? Check top just incase there is a memory issue causing the network interface to behave slowly, otherwise I would refer this to your co- lo host for checking. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From j.guijt at HCCNET.NL Mon Sep 12 21:33:06 2005 From: j.guijt at HCCNET.NL (Johan Guijt) Date: Thu Jan 12 21:30:44 2006 Subject: Timeouts Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Drew, Thanx for your fast reply. top says the server is almost sleeping Beneath two small reports. WKR Johan ---- top - 22:28:22 up 2 days, 6:58, 1 user, load average: 0.04, 0.01, 0.00 Tasks: 89 total, 1 running, 88 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0% us, 0.2% sy, 0.0% ni, 99.8% id, 0.0% wa, 0.0% hi, 0.0% si Mem: 1034768k total, 998052k used, 36716k free, 344964k buffers Swap: 2040244k total, 0k used, 2040244k free, 179716k cached ---- IPcheck report Sensor: SMTP, SMTP Good Requests: 605 (=100,000%) Uptime: 9h 49m Failed Requests: 0 (=0,000%) Downtime: 0h 0m Average: 120 ms Sensor: PING, PING Good Requests: 402 (=100,000%) Uptime: 6h 31m Failed Requests: 0 (=0,000%) Downtime: 0h 0m Average: 24 ms ----- Original Message ----- From: "Drew Marshall" To: Sent: Monday, September 12, 2005 10:18 PM Subject: Re: Timeouts > On 12 Sep 2005, at 20:47, Johan Guijt wrote: > >> Last friday I did a Mailscanner update to the latest stable version >> (4.45.4-1 on Fedora). >> >> Since then I have problems -long ping times and timeouts on the monitor >> system. >> >> The server is co-located and I am usig their servermonitor system which >> sends me a SMS in case off problems. >> They use 30ms timeout - after that it sends an SMS messsage (average >> ping time now is 58ms) . >> >> Is it possible that Mailscanner is causing that problem? The server is >> working fine and I don't have troubles receiving mail. >> Only long ping times / checks on that port. > > No this sounds much more like a network issue. MailScanner doesn't have > anything to do with the network. >> >> Can I do other tests on the server to check this? > > Check top just incase there is a memory issue causing the network > interface to behave slowly, otherwise I would refer this to your co- lo > host for checking. > > Drew > > -- > In line with our policy, this message has been scanned for viruses and > dangerous content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From christian.schmidt at CHEMIE.UNI-HAMBURG.DE Mon Sep 12 21:45:16 2005 From: christian.schmidt at CHEMIE.UNI-HAMBURG.DE (Christian Schmidt) Date: Thu Jan 12 21:30:44 2006 Subject: Timeouts Message-ID: Hello Johan, Johan Guijt, 12.09.2005 (d.m.y): > Last friday I did a Mailscanner update to the latest stable version > (4.45.4-1 on Fedora). > > Since then I have problems -long ping times and timeouts on the monitor > system. Well, IMO this cannot be caused by MailScanner... > The server is co-located and I am usig their servermonitor system which > sends me a SMS in case off problems. > They use 30ms timeout - after that it sends an SMS messsage (average ping > time now is 58ms) . What kind of tiemout is this? SMTP timeout? Which smtp software are you using? Do the log files reveal something of interest? What does the system load look like? > Is it possible that Mailscanner is causing that problem? I don't think so, as MailScanner doesn't do anything on the network interfaces. It just acts locally... > The server is > working fine and I don't have troubles receiving mail. > Only long ping times / checks on that port. On which port? And how do you ping a special port? Or do you mean a switch port? > Can I do other tests on the server to check this? A fiend of mine once used some perl scripts to "stress test" a freshly-installed smtp server - unfortunately I don't know if he downloaded these scripts somewhere or if they were his own creations. Maybe you can ask google for something like "mail smtp stress test"... Regards, Christian -- Was heute noch nicht richtig ist, kann morgen schon fast falsch sein. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 12 22:29:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: Phishing and BASE HREF Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just tested this example with the latest code and it works fine. Also, adding http://www.bar.com correctly gets flagged as a phishing attack. So this code appears to work fine now. I'm afraid I don't backport things, so 4.41.3 won't get updated (that's what newer versions are for :-) Elliott Wood wrote: > I ran into a problem today with MailScanner incorrectly tagging > messages sent out by our newsletter software as phishing scams. After > much troubleshooting, I determined that MS will tag the following as a > phishing attack: > > > ... > A Page on Our Website > ... > http://www.bar.com > > In this example, http://www.bar.com will be tagged as a phishing > attack "from www.foo.com claiming to be www.bar.com". I've used BASE > in this manner for years before I installed MS so I think it's widely > compatible across MUAs - but maybe I'm violating some standard here. > > Am I incorrectly using the BASE tag, or is this a misinterpretation by > MS? > > I'm using 4.41.3 (the current Debian stable distribution), and can > provide a more exact example of this if needed. > > Thanks! > -- > Elliott Wood > elliott@zeusline.com > gtg674g@mail.gatech.edu > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Sep 13 00:54:20 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:30:44 2006 Subject: Do whitelisted addresses skip all checks or just spam? Message-ID: Hello, When an address is added to MailScanner's whitelist does it skip virus/attachment/phishing/etc checks as well as spam? Or just spam? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Sep 13 01:01:09 2005 From: michele at BLACKNIGHT.IE (Michele Neylon) Date: Thu Jan 12 21:30:44 2006 Subject: Do whitelisted addresses skip all checks or just spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris W. Parker wrote: > Hello, > > When an address is added to MailScanner's whitelist does it skip > virus/attachment/phishing/etc checks as well as spam? Or just spam? > Which whitelist are you referring to? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Sep 13 01:09:12 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:44 2006 Subject: Do whitelisted addresses skip all checks or just spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris W. Parker wrote: > Hello, > > When an address is added to MailScanner's whitelist does it skip > virus/attachment/phishing/etc checks as well as spam? Or just spam? Actually, whitelisting skips nothing, even SA still gets called when a message is whitelisted in your mailscanner config. Virus/attachment checks occur as normal. I'm not sure about phishing. With regards to spam checking, no matter what SA and the RBLs say, it the message won't get a spam tag and the X-*-MailScanner-SpamCheck header will say not spam. But all the SA scan results will still be there following it. You'll see headers like this: X-*-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-0.102, required 5.0, BAYES_00 -4.90, MIME_MISSING_BOUNDARY 1.84, MISSING_MIMEOLE 1.59, NO_REAL_NAME 0.16, PRIORITY_NO_NAME 1.21) Even if the SA score is over the required, it will still say "not spam", because it is whitelisted. AFAIK, this is the only effect of the whitelisting, but I don't use the phishing detector in MS. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Sep 13 01:12:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:44 2006 Subject: Do whitelisted addresses skip all checks or just spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon wrote: > Chris W. Parker wrote: > >> Hello, >> >> When an address is added to MailScanner's whitelist does it skip >> virus/attachment/phishing/etc checks as well as spam? Or just spam? >> > > Which whitelist are you referring to? He said MailScanner's whitelist. That explicitly excludes SA's whitelist, or anything else that's not a part of MailScanner. Is there anything called a whitelist in MailScanner other than spam.whitelist.rules? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Sep 13 01:19:25 2005 From: michele at BLACKNIGHT.IE (Michele Neylon) Date: Thu Jan 12 21:30:44 2006 Subject: Do whitelisted addresses skip all checks or just spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > > Is there anything called a whitelist in MailScanner other than spam.whitelist.rules? I can't remember the actual directive, but there is a config option to skip all checks which was added recently :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Tue Sep 13 07:58:59 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Jan-Peter Koopmann) Date: Thu Jan 12 21:30:44 2006 Subject: Phishing not detected Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, I just received a phishing attempt trying to forge paypal. Strangly enough this one was not detected. The provided link was Click here to activate your account I can send you a copy of the entire mail if necessary. Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joost at WAVERSVELD.NL Tue Sep 13 08:43:29 2005 From: joost at WAVERSVELD.NL (Joost Waversveld) Date: Thu Jan 12 21:30:44 2006 Subject: Do whitelisted addresses skip all checks or just spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The option "Message Scanning" :-) Please note that if you disable this, the content checks will still be done... > Matt Kettler wrote: >> >> Is there anything called a whitelist in MailScanner other than >> spam.whitelist.rules? > > I can't remember the actual directive, but there is a config option > to skip all checks which was added recently :) > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From liste at CROYER.NET Tue Sep 13 09:46:54 2005 From: liste at CROYER.NET (Royer Christophe) Date: Thu Jan 12 21:30:44 2006 Subject: POP3 Problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi everybody So I have the following problem : One of my customer are receiving/sending about 1500-2000 emails by open day. I've installed MS/SA/clamav with a strange config as MS/clamav is global config and SA is "played" with .procmailrc For those who know that, he is using MM3 (specific shipping software) on some mailbox. On the most used mailbox (with some .forward like userA, userB, and the mailbox itself for copy) some big attachment are coming back with the pop3 download. I've tried Eudora popper server, popa3d and gnu pop3d and it still coming again and again. In fact, if I'm looking on Usermin in the mailbox, the mail is here only once. So I guess it is not a really MS problem, but may be someone should help me Many thanks for your help in advance. Regards Christophe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Sep 13 11:06:02 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:44 2006 Subject: POP3 Problem Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, September 13, 2005 09:46, Royer Christophe wrote: > Hi everybody Hi > > On the most used mailbox (with some .forward like userA, userB, and the > mailbox itself for copy) some big attachment are coming back with the > pop3 download. > Sounds like the POP download is being timed out before clearing down. I have seen this with dial up users trying to pop large messages and the POP server closing the connection before the message has completed it's download. Remember that the client instructs the POP server to delete it's content when it acknowledges safe receipt. Obviously if this doesn't happen then your nice big message will be waiting for you when you POP again. I would look at either increasing the timeout on the POP server, moving the message to a FTP server so the client can access it from there (Or indeed just deleting the message if they have it already!). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Tue Sep 13 14:14:02 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:30:44 2006 Subject: using sa-learn on spam attachements Message-ID: is it ok to use sa-learn to learn spam from mail that has been delivered as attachement? ie message arrives from mailscanner with the spam included as attachment. Can I then: sa-learn --spam -p /etc/MailScanner/spam.assassin.conf \ --dbpath /etc/MailScanner/bayes/bayes \ --mbox < spam.mbx or do I need to strip all the attachments out and feed them through seperately? I found this on the wiki: "It's OK to feed emails with Spamassassin markup into the sa-learn command -- sa-learn will ignore any standard Spamassassin headers, and if the original email has been encapsulated into an attachment it will decapsulate the email. In other words sa-learn will undo any changes which Spamassassin has done before learning the spam/ham character of the email." which sounds good but then: "If you or any upstream service has added any additional headers to the emails which may mislead Bayes, those should probably be removed before feeding the email to sa-learn. Alternatively, use the bayes_ignore_header setting in your local.cf (as detailed in the man page for Mail::SpamAssassin::Conf)." sounds bad as MS has added in headers.... do I need to feed a mail containing the report text in as ham? GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Tue Sep 13 16:26:38 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:44 2006 Subject: Sophos Message-ID: Hi, Does anyone have any recent experience of order Sophos (SAVI) direct from Sophos ? From the FAQ/Wiki its mentioned that Sophos will do a server rather than per user based license, however, I`m having great difficulty in getting this across to Sophos, who seems to be sticking to a "per-mailbox" license. Does anyone have any ideas on how best to approach them ? Thanks Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From diego.fabara at ALEGROPCS.COM Tue Sep 13 17:03:22 2005 From: diego.fabara at ALEGROPCS.COM (Diego Fabara) Date: Thu Jan 12 21:30:44 2006 Subject: McAfee with MailScanner ?? Message-ID: 1. What version of McAfee works with MailScanner ? 2. Where I can obtain this software?? 3. McAfee LinuxShield works with MaliScanner ?? ________________________________________________________________________________ INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA - ALEGRO PCS. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From j.guijt at HCCNET.NL Tue Sep 13 17:08:51 2005 From: j.guijt at HCCNET.NL (Johan Guijt) Date: Thu Jan 12 21:30:44 2006 Subject: McAfee with MailScanner ?? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] VLNX440 (Command Line Scanner (UVSCAN) Works fine and include autoupdate WKR Johan Guijt (NL) ----- Original Message ----- From: Diego Fabara To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tuesday, September 13, 2005 6:03 PM Subject: McAfee with MailScanner ?? 1. What version of McAfee works with MailScanner ? 2. Where I can obtain this software?? 3. McAfee LinuxShield works with MaliScanner ?? ________________________________________________________________________________ INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA - ALEGRO PCS. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ULYSEES.COM Tue Sep 13 17:26:14 2005 From: mailscanner at ULYSEES.COM (ulysees) Date: Thu Jan 12 21:30:44 2006 Subject: locking issue on solaris with postfix, mailscaner and archiving ? Message-ID: I've been running Mailscanner 4.42.9 on postfix on solaris now for several months and it's been performing as it should. Recently I turned on the archive function so as to keep the full body of mails (something I've done many times before with sendmail and MS on linux). The archiving option does archive so there's no problem there, however I now get duplicate copies of mails being sent and duplicate archives to go with them. It looks very close to the issue with sendmail fixed in 4.21-8 & the associated exim thread. any ideas ? log snippet below Uly Sep 13 16:29:41 mailhost <22>MailScanner[8191]: Using locktype = flock Sep 13 16:30:15 mailhost postfix/cleanup[8162]: [ID 197553 mail.info] 26F981106: hold: header Received: from client.myorg.internal (client.myorg.internal [192.168.0.10])??by mail.myorg.com (myorg Mail Server) with ESMTP id 26F981106??for ; from client.myorg.internal[192.168.0.10]; from= to= proto=ESMTP helo= Sep 13 16:30:15 mailhost postfix/cleanup[8162]: [ID 197553 mail.info] 26F981106: message-id=<20050913153015.26F981106@mail.myorg.com> Sep 13 16:30:18 mailhost <22>MailScanner[8191]: Saved archive copies of 26F981106.22592 Sep 13 16:30:18 mailhost <22>MailScanner[8174]: Saved archive copies of 26F981106.1A8AC Sep 13 16:30:18 mailhost <22>MailScanner[8178]: Saved archive copies of 26F981106.07FB1 Sep 13 16:30:19 mailhost <22>MailScanner[8166]: Saved archive copies of 26F981106.D49BE Sep 13 16:30:21 mailhost <22>MailScanner[8191]: Requeue: 26F981106.22592 to 6EA5F11E1 Sep 13 16:30:21 mailhost <22>MailScanner[8200]: Saved archive copies of 26F981106.A4B38 Sep 13 16:30:21 mailhost <22>MailScanner[8178]: Requeue: 26F981106.07FB1 to F00BD1222 Sep 13 16:30:21 mailhost <22>MailScanner[8174]: Requeue: 26F981106.1A8AC to 1C5AD11E1 Sep 13 16:30:22 mailhost <22>MailScanner[8166]: Requeue: 26F981106.D49BE to 3687D11E1 Sep 13 16:30:22 mailhost <22>MailScanner[8200]: Requeue: 26F981106.A4B38 to 3208B11E1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Tue Sep 13 17:45:53 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:44 2006 Subject: McAfee with MailScanner ?? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The wiki has the answers you seek. http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:mcafee:install Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 13 18:20:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: Phishing not detected Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes please, do send me a copy. Did it actually work? Jan-Peter Koopmann wrote: >Hi Julian, > >I just received a phishing attempt trying to forge paypal. Strangly enough this one was not detected. The provided link was > >Click here to activate your account > >I can send you a copy of the entire mail if necessary. > >Kind regards, > JP > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQycKcBH2WUcUFbZUEQLwNgCgve8gM8Fkm+c7u6/iwwyrBZjMv9oAoJBg kV58o8ToHQKJo74rjRw4GbxL =zCY+ -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 13 18:23:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: Sophos Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As far as I am aware, they only do per-mailbox licences and site licences. Chris Russell wrote: >Hi, > > Does anyone have any recent experience of order Sophos (SAVI) direct >from Sophos ? > > From the FAQ/Wiki its mentioned that Sophos will do a server rather >than per user based license, however, I`m having great difficulty in >getting this across to Sophos, who seems to be sticking to a >"per-mailbox" license. > > Does anyone have any ideas on how best to approach them ? > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQycLKhH2WUcUFbZUEQKZDQCeIkCbhVGCCecF4vMECmYAsSq55SMAoLiw deanNlBwtsB0YuYrISJXwGkB =JD+4 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 13 18:25:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: locking issue on solaris with postfix, mailscaner and archiving ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What does your "Lock Type =" line say? I would leave it blank. ulysees wrote: > I've been running Mailscanner 4.42.9 on postfix on solaris now for > several months and it's been performing as it should. > Recently I turned on the archive function so as to keep the full body > of mails (something I've done many times before with sendmail and MS > on linux). > The archiving option does archive so there's no problem there, however > I now get duplicate copies of mails being sent and duplicate archives > to go with them. > > It looks very close to the issue with sendmail fixed in 4.21-8 & the > associated exim thread. > > any ideas ? > > log snippet below > > Uly > > Sep 13 16:29:41 mailhost <22>MailScanner[8191]: Using locktype = flock > Sep 13 16:30:15 mailhost postfix/cleanup[8162]: [ID 197553 mail.info] > 26F981106: hold: header Received: from client.myorg.internal > (client.myorg.internal [192.168.0.10])??by mail.myorg.com (myorg Mail > Server) with ESMTP id 26F981106??for >; from client.myorg.internal[192.168.0.10]; > from=> to= > proto=ESMTP helo= > Sep 13 16:30:15 mailhost postfix/cleanup[8162]: [ID 197553 mail.info] > 26F981106: message-id=<20050913153015.26F981106@mail.myorg.com > > > Sep 13 16:30:18 mailhost <22>MailScanner[8191]: Saved archive copies > of 26F981106.22592 > Sep 13 16:30:18 mailhost <22>MailScanner[8174]: Saved archive copies > of 26F981106.1A8AC > Sep 13 16:30:18 mailhost <22>MailScanner[8178]: Saved archive copies > of 26F981106.07FB1 > Sep 13 16:30:19 mailhost <22>MailScanner[8166]: Saved archive copies > of 26F981106.D49BE > Sep 13 16:30:21 mailhost <22>MailScanner[8191]: Requeue: > 26F981106.22592 to 6EA5F11E1 > Sep 13 16:30:21 mailhost <22>MailScanner[8200]: Saved archive copies > of 26F981106.A4B38 > Sep 13 16:30:21 mailhost <22>MailScanner[8178]: Requeue: > 26F981106.07FB1 to F00BD1222 > Sep 13 16:30:21 mailhost <22>MailScanner[8174]: Requeue: > 26F981106.1A8AC to 1C5AD11E1 > Sep 13 16:30:22 mailhost <22>MailScanner[8166]: Requeue: > 26F981106.D49BE to 3687D11E1 > Sep 13 16:30:22 mailhost <22>MailScanner[8200]: Requeue: > 26F981106.A4B38 to 3208B11E1 > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQycLjhH2WUcUFbZUEQIxLACggn8r/ABdCFX7uFkVl0KtRNtb1WoAoJP8 mAwTPfixr7sLEuZFK41PraqZ =NLlB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Sep 13 18:44:23 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:44 2006 Subject: using sa-learn on spam attachements Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Matthews wrote: > is it ok to use sa-learn to learn spam from mail that has been delivered > as attachement? ie message arrives from mailscanner with the spam > included as attachment. Can I then: > > sa-learn --spam -p /etc/MailScanner/spam.assassin.conf \ > --dbpath /etc/MailScanner/bayes/bayes \ > --mbox < spam.mbx > > or do I need to strip all the attachments out and feed them through > seperately? You need to strip the attachments and feed those in. > > I found this on the wiki: > "It's OK to feed emails with Spamassassin markup into the sa-learn > command -- sa-learn will ignore any standard Spamassassin headers, and > if the original email has been encapsulated into an attachment it will > decapsulate the email. In other words sa-learn will undo any changes > which Spamassassin has done before learning the spam/ham character of > the email." Caveat: Decapsulation works the same as header stripping. SA will only decapsulate the mail if SA did the encapsulation. > > which sounds good but then: > "If you or any upstream service has added any additional headers to the > emails which may mislead Bayes, those should probably be removed before > feeding the email to sa-learn. Alternatively, use the > bayes_ignore_header setting in your local.cf (as detailed in the man > page for Mail::SpamAssassin::Conf)." > > sounds bad as MS has added in headers.... Not only that, but SA didn't generate the encapsulation, MailScanner did. SA can ONLY undo it's own markups and encapsulations, because SA knows it's own configuration and can recognize it's own changes as a result. SA cannot undo markups or encapsulations done by MS, or any other tool, because it doesn't know what was done. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Sep 13 19:13:37 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:30:44 2006 Subject: problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raul Urqueta Sierra wrote: > The problem is with a ZIP file in a mail, this file make the clamav > enter in a loop, with the consecuencies of the server become slow Is ClamAV up to date? > > I deny the file tipe "tnef" "chm" "fsg" "zip" and the problem appear to > be desapeare > > Thanks > > Raul.- > -----Mensaje original----- > De: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] En > nombre de Drew Marshall > Enviado el: Lunes, 12 de Septiembre de 2005 10:41 > Para: MAILSCANNER@JISCMAIL.AC.UK > Asunto: Re: problem > Importancia: Alta > > On Mon, September 12, 2005 15:15, Raul Urqueta Sierra wrote: > >>Hi, I have this problem from very days ago, in the maillog file: >> >>Sep 12 10:06:34 servidor sendmail[30891]: rejecting connections on >>daemon MTA: load average: 24 >> >>Sep 12 10:13:40 servidor sendmail[30891]: rejecting connections on >>daemon MTA: load average: 31 >> >>Sep 12 10:14:41 servidor sendmail[541]: runqueue: Aborting queue run: >>load average too high >> >>And the server become very very slow, and don't send any mail >> >>Can anyone help please... > > > You have a high machine load and therefore have: > > A low powered machine simply overwhelmed > A process running out of control using up the system resources > > What does top give you? > > Drew > > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KLekas at FOXRIVER.COM Tue Sep 13 19:27:09 2005 From: KLekas at FOXRIVER.COM (Kosta Lekas) Date: Thu Jan 12 21:30:44 2006 Subject: using sa-learn on spam attachements Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: Tuesday, September 13, 2005 12:44 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: using sa-learn on spam attachements Greg Matthews wrote: > is it ok to use sa-learn to learn spam from mail that has been delivered > as attachement? ie message arrives from mailscanner with the spam > included as attachment. Can I then: > > sa-learn --spam -p /etc/MailScanner/spam.assassin.conf \ > --dbpath /etc/MailScanner/bayes/bayes \ > --mbox < spam.mbx > > or do I need to strip all the attachments out and feed them through > seperately? You need to strip the attachments and feed those in. > > I found this on the wiki: > "It's OK to feed emails with Spamassassin markup into the sa-learn > command -- sa-learn will ignore any standard Spamassassin headers, and > if the original email has been encapsulated into an attachment it will > decapsulate the email. In other words sa-learn will undo any changes > which Spamassassin has done before learning the spam/ham character of > the email." Caveat: Decapsulation works the same as header stripping. SA will only decapsulate the mail if SA did the encapsulation. > > which sounds good but then: > "If you or any upstream service has added any additional headers to the > emails which may mislead Bayes, those should probably be removed before > feeding the email to sa-learn. Alternatively, use the > bayes_ignore_header setting in your local.cf (as detailed in the man > page for Mail::SpamAssassin::Conf)." > > sounds bad as MS has added in headers.... Not only that, but SA didn't generate the encapsulation, MailScanner did. SA can ONLY undo it's own markups and encapsulations, because SA knows it's own configuration and can recognize it's own changes as a result. SA cannot undo markups or encapsulations done by MS, or any other tool, because it doesn't know what was done. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! I would use ripmime program to remove the attachments Kosta Lekas ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Sep 13 20:08:46 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:44 2006 Subject: using sa-learn on spam attachements Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You could try using the archive option to store the mails, unprocessed, at least for a while. That way you have something to feed SA with. Greg Matthews wrote: > is it ok to use sa-learn to learn spam from mail that has been delivered > as attachement? ie message arrives from mailscanner with the spam > included as attachment. Can I then: > > sa-learn --spam -p /etc/MailScanner/spam.assassin.conf \ > --dbpath /etc/MailScanner/bayes/bayes \ > --mbox < spam.mbx > > or do I need to strip all the attachments out and feed them through > seperately? > > I found this on the wiki: > "It's OK to feed emails with Spamassassin markup into the sa-learn > command -- sa-learn will ignore any standard Spamassassin headers, and > if the original email has been encapsulated into an attachment it will > decapsulate the email. In other words sa-learn will undo any changes > which Spamassassin has done before learning the spam/ham character of > the email." > > which sounds good but then: > "If you or any upstream service has added any additional headers to the > emails which may mislead Bayes, those should probably be removed before > feeding the email to sa-learn. Alternatively, use the > bayes_ignore_header setting in your local.cf (as detailed in the man > page for Mail::SpamAssassin::Conf)." > > sounds bad as MS has added in headers.... > > do I need to feed a mail containing the report text in as ham? > > GREG > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Sep 13 20:07:22 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:44 2006 Subject: POP3 Problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You could also look into other alternatives, from the simple (using webmail) to the complicated (using rsync to mirror that user's mail folders into an eudora-compatible mbox format on the client computer). Drew Marshall wrote: > On Tue, September 13, 2005 09:46, Royer Christophe wrote: > >> Hi everybody >> > > Hi > >> On the most used mailbox (with some .forward like userA, userB, and the >> mailbox itself for copy) some big attachment are coming back with the >> pop3 download. >> >> > > Sounds like the POP download is being timed out before clearing down. I > have seen this with dial up users trying to pop large messages and the POP > server closing the connection before the message has completed it's > download. Remember that the client instructs the POP server to delete it's > content when it acknowledges safe receipt. Obviously if this doesn't > happen then your nice big message will be waiting for you when you POP > again. > > I would look at either increasing the timeout on the POP server, moving > the message to a FTP server so the client can access it from there (Or > indeed just deleting the message if they have it already!). > > Drew > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Tue Sep 13 20:06:27 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:44 2006 Subject: Clamd Message-ID: The default definition for clamav in virus.scanners.conf is clamav /opt/MailScanner/lib/clamav-wrapper /usr/local Which I assume will invoke clamscan. If I want to invoke clamd, would it be as simple as just modifying clamav-wrapper to use clamdscan? and would it be faster/better to see about using the clamavmodule instead? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 13 20:47:57 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:44 2006 Subject: Clamd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Rudd spake the following on 9/13/2005 12:06 PM: > The default definition for clamav in virus.scanners.conf is > > clamav /opt/MailScanner/lib/clamav-wrapper /usr/local > > Which I assume will invoke clamscan. If I want to invoke clamd, would > it be as simple as just modifying clamav-wrapper to use clamdscan? > > > and would it be faster/better to see about using the clamavmodule instead? > MailScanner doesn't use clamd, and I assume Julian had a good reason to do so. But clamavmodule is less processor intensive. I doubt if the change to clamd would be that easy, though. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bob.dewildt at CYSONET.COM Tue Sep 13 21:25:44 2005 From: bob.dewildt at CYSONET.COM (Bob de Wildt) Date: Thu Jan 12 21:30:44 2006 Subject: Any experiences with NOD32 Message-ID: At this moment, we are running mailscanner in combination with sophossavi and clamav. I recently got notice of the NOD32 virusscanner, which is a very light-weight scanner on M$ Windows machines. To see if the performance of out mail-gateway would improve with NOD32 I tried to use it with mailscanners latest stable release. I was wondering if any one on the mailling list has a setup running with the NOD32 wrappers and NOD 2.15.1 release. The reason I'm asking this, is that when I use the wrapper in combination with this release I do not get any output in the mail logs from NOD32. Though both sophossavi and clamav are logging. Can any one help me. Thanks, Bob de Wildt Systems Administrator Cyso Managed Hosting Baangracht 2 1811 DC Alkmaar tel: (+31) (0) 72-7513400 fax: (+31) (0) 72-7513401 e-mail: support@cysonet.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 13 21:59:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: Clamd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Rudd wrote: > The default definition for clamav in virus.scanners.conf is > > clamav /opt/MailScanner/lib/clamav-wrapper /usr/local > > Which I assume will invoke clamscan. If I want to invoke clamd, would > it be as simple as just modifying clamav-wrapper to use clamdscan? > > > and would it be faster/better to see about using the clamavmodule > instead? > Use clamavmodule. It's faster and has less overhead than any solution involving clamd. That's why I did it the way I did. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQyc9txH2WUcUFbZUEQJtzwCgnWbV55tu1KjtrlGVIvV0KnRoAN8AoNc8 Rwahg9la0xn7nZN16BAxoQ9R =sea9 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at YAHOO.COM Tue Sep 13 23:32:40 2005 From: micoots at YAHOO.COM (Michael Mansour) Date: Thu Jan 12 21:30:44 2006 Subject: Blocked filename attachments Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Currently I have my system blocking the following filetypes in the filetypes.rules.conf file: deny MPEG No MPEG movies No MPEG movies allowed deny AVI No AVI movies No AVI movies allowed I want to allow them through for a particular domain _only_, while keeping the default behaviour for every other domain, but I don't quite understand how to do this from the explanation given in the MailScanner.conf file: # Set where to find the attachment filetype ruleset. # The structure of this file is explained elsewhere, but it is used to # accept or reject file attachments based on their content as determined # by the "file" command, regardless of whether they are infected or not. # # This can also point to a ruleset, but the ruleset filename must end in # ".rules" so that MailScanner can determine if the filename given is # a ruleset or not! # # To disable this feature, set this to just "Filetype Rules =" or set # the location of the file command to a blank string. Filetype Rules = %etc-dir%/filetype.rules.conf Any help is appreciated. Thanks. Michael. Send instant messages to your online friends http://au.messenger.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From d.jones at FX.NET.NZ Tue Sep 13 23:44:04 2005 From: d.jones at FX.NET.NZ (Donovan Jones) Date: Thu Jan 12 21:30:44 2006 Subject: Blocked filename attachments Message-ID: On Wed, 2005-09-14 at 08:32 +1000, Michael Mansour wrote: > Hi, > > Currently I have my system blocking the following > filetypes in the filetypes.rules.conf file: > > deny MPEG No MPEG movies No > MPEG movies allowed > deny AVI No AVI movies No AVI > movies allowed > > I want to allow them through for a particular domain > _only_, while keeping the default behaviour for every > other domain, but I don't quite understand how to do > this from the explanation given in the > MailScanner.conf file: > > # Set where to find the attachment filetype ruleset. > # The structure of this file is explained elsewhere, > but it is used to > # accept or reject file attachments based on their > content as determined > # by the "file" command, regardless of whether they > are infected or not. > # > # This can also point to a ruleset, but the ruleset > filename must end in > # ".rules" so that MailScanner can determine if the > filename given is > # a ruleset or not! > # > # To disable this feature, set this to just "Filetype > Rules =" or set > # the location of the file command to a blank string. > Filetype Rules = %etc-dir%/filetype.rules.conf in /etc/MailScanner/MailScanner.conf you need to point to a file like this: ---cut here--- Filetype Rules = %rules-dir%/filetype.rules ---cut here--- then in this file (ie /etc/MailScanner/rules/filetype.rules) you need: ---cut here--- To: otherdomain.com %etc-dir%/otherdomain.filetype.rules.conf FromTo: default %etc-dir%/filetype.rules.conf ---cut here--- The default ruleset has the defaults the otherdomain ruleset can have whatever you want for the domain concerned you can do the same thing with filename rules. Regards Don Jones ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Sep 13 23:43:58 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:44 2006 Subject: Blocked filename attachments Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Mansour > Sent: Tuesday, September 13, 2005 6:33 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Blocked filename attachments > > Hi, > > Currently I have my system blocking the following > filetypes in the filetypes.rules.conf file: > > deny MPEG No MPEG movies No > MPEG movies allowed > deny AVI No AVI movies No AVI > movies allowed > > I want to allow them through for a particular domain > _only_, while keeping the default behaviour for every > other domain, but I don't quite understand how to do > this from the explanation given in the > MailScanner.conf file: > > # Set where to find the attachment filetype ruleset. > # The structure of this file is explained elsewhere, > but it is used to > # accept or reject file attachments based on their > content as determined > # by the "file" command, regardless of whether they > are infected or not. > # > # This can also point to a ruleset, but the ruleset > filename must end in > # ".rules" so that MailScanner can determine if the > filename given is > # a ruleset or not! > # > # To disable this feature, set this to just "Filetype > Rules =" or set > # the location of the file command to a blank string. > Filetype Rules = %etc-dir%/filetype.rules.conf > > Any help is appreciated. > > Thanks. > > Michael. > There is a well documented solution it the Wiki http://wiki.mailscanner.info/doku.php The solution: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:ruleset s:overloading&s=filename.rules Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Sep 13 23:42:14 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:44 2006 Subject: Blocked filename attachments Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Mansour wrote: > Hi, > > Currently I have my system blocking the following > filetypes in the filetypes.rules.conf file: > > deny MPEG No MPEG movies No > MPEG movies allowed > deny AVI No AVI movies No AVI > movies allowed > > I want to allow them through for a particular domain > _only_, while keeping the default behaviour for every > other domain, but I don't quite understand how to do > this from the explanation given in the > MailScanner.conf file: Try this, it's for filenames but you get the point: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Wed Sep 14 00:16:25 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:30:44 2006 Subject: Do whitelisted addresses skip all checks or just spam? Message-ID: Michele Neylon on Monday, September 12, 2005 5:19 PM said: > Matt Kettler wrote: > > I can't remember the actual directive, but there is a config option to > skip all checks which was added recently :) Ok so at this point the answer is "depends"? That is, with newer versions of MS, whitelisted emails can either bypass the checks or not? Is that what the directive you're referring to does? Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at yahoo.com Wed Sep 14 04:00:38 2005 From: micoots at yahoo.com (Michael Mansour) Date: Thu Jan 12 21:30:44 2006 Subject: Blocked filename attachments Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Many thanks to the excellent replies and references. I've implemented it and it seems to be working fine. Regards, Michael. --- Donovan Jones wrote: > On Wed, 2005-09-14 at 08:32 +1000, Michael Mansour > wrote: > > Hi, > > > > Currently I have my system blocking the following > > filetypes in the filetypes.rules.conf file: > > > > deny MPEG No MPEG movies No > > MPEG movies allowed > > deny AVI No AVI movies No > AVI > > movies allowed > > > > I want to allow them through for a particular > domain > > _only_, while keeping the default behaviour for > every > > other domain, but I don't quite understand how to > do > > this from the explanation given in the > > MailScanner.conf file: > > > > # Set where to find the attachment filetype > ruleset. > > # The structure of this file is explained > elsewhere, > > but it is used to > > # accept or reject file attachments based on their > > content as determined > > # by the "file" command, regardless of whether > they > > are infected or not. > > # > > # This can also point to a ruleset, but the > ruleset > > filename must end in > > # ".rules" so that MailScanner can determine if > the > > filename given is > > # a ruleset or not! > > # > > # To disable this feature, set this to just > "Filetype > > Rules =" or set > > # the location of the file command to a blank > string. > > Filetype Rules = %etc-dir%/filetype.rules.conf > > > in /etc/MailScanner/MailScanner.conf > > you need to point to a file like this: > > ---cut here--- > Filetype Rules = %rules-dir%/filetype.rules > ---cut here--- > > then in this file (ie > /etc/MailScanner/rules/filetype.rules) you need: > > ---cut here--- > To: otherdomain.com > %etc-dir%/otherdomain.filetype.rules.conf > FromTo: default > %etc-dir%/filetype.rules.conf > ---cut here--- > > The default ruleset has the defaults the otherdomain > ruleset can have > whatever you want for the domain concerned > > you can do the same thing with filename rules. > > Regards > Don Jones > > ------------------------ MailScanner list > ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and > the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > Send instant messages to your online friends http://au.messenger.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Sep 14 09:06:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:44 2006 Subject: Blocked filename attachments Message-ID: -----BEGIN PGP SIGNED MESSAGE----- It is also well documented in the Book. On 14 Sep 2005, at 04:00, Michael Mansour wrote: > Many thanks to the excellent replies and references. > I've implemented it and it seems to be working fine. > > Regards, > > Michael. > > --- Donovan Jones wrote: > > >> On Wed, 2005-09-14 at 08:32 +1000, Michael Mansour >> wrote: >> >>> Hi, >>> >>> Currently I have my system blocking the following >>> filetypes in the filetypes.rules.conf file: >>> >>> deny MPEG No MPEG movies No >>> MPEG movies allowed >>> deny AVI No AVI movies No >>> >> AVI >> >>> movies allowed >>> >>> I want to allow them through for a particular >>> >> domain >> >>> _only_, while keeping the default behaviour for >>> >> every >> >>> other domain, but I don't quite understand how to >>> >> do >> >>> this from the explanation given in the >>> MailScanner.conf file: >>> >>> # Set where to find the attachment filetype >>> >> ruleset. >> >>> # The structure of this file is explained >>> >> elsewhere, >> >>> but it is used to >>> # accept or reject file attachments based on their >>> content as determined >>> # by the "file" command, regardless of whether >>> >> they >> >>> are infected or not. >>> # >>> # This can also point to a ruleset, but the >>> >> ruleset >> >>> filename must end in >>> # ".rules" so that MailScanner can determine if >>> >> the >> >>> filename given is >>> # a ruleset or not! >>> # >>> # To disable this feature, set this to just >>> >> "Filetype >> >>> Rules =" or set >>> # the location of the file command to a blank >>> >> string. >> >>> Filetype Rules = %etc-dir%/filetype.rules.conf >>> >> >> >> in /etc/MailScanner/MailScanner.conf >> >> you need to point to a file like this: >> >> ---cut here--- >> Filetype Rules = %rules-dir%/filetype.rules >> ---cut here--- >> >> then in this file (ie >> /etc/MailScanner/rules/filetype.rules) you need: >> >> ---cut here--- >> To: otherdomain.com >> %etc-dir%/otherdomain.filetype.rules.conf >> FromTo: default >> %etc-dir%/filetype.rules.conf >> ---cut here--- >> >> The default ruleset has the defaults the otherdomain >> ruleset can have >> whatever you want for the domain concerned >> >> you can do the same thing with filename rules. >> >> Regards >> Don Jones >> >> ------------------------ MailScanner list >> ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with >> the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki >> (http://wiki.mailscanner.info/) and >> the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off >> the website! >> >> > > > Send instant messages to your online friends http:// > au.messenger.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyfaGvw32o+k+q+hAQEQjwgAn/8cjkJ4b4+Fm85W+/7/GXn1ZaTBgC3R +/BW6Gxka2Mv52WwAvIojzW9/XyVYUsLMcRiN85OhED25mdod6E+YLDcGJR9MA6E 57PEV5aoy8K3H071N3Z/74rQpdunDUF2MLo/Hdjn0+th+sioR8Ona1iZIsZLGkr4 734zJowosEehT1kXKqjmTCmyobGuX+qjSt0lw7k34D0e3rzgLhvAitnCJpO5mEMD P1m4hGgmE06I7riRxa5E7utFCA1kzuh1n+95ocfa3UmubTEvhxBKh+xJUYzkPLIO 0ZubF9DHe4zN2BFETV/G37zdkYRTo0kzZDMVYYen2nJ+4XN5UQqdNA== =iR4O -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ULYSEES.COM Wed Sep 14 10:08:39 2005 From: mailscanner at ULYSEES.COM (ulysees) Date: Thu Jan 12 21:30:44 2006 Subject: locking issue on solaris with postfix, mailscaner and archiving ? Message-ID: Hi Julian, I've tried 3 different locktypes with the same result. Lock Type = Lock Type = flock # Lock Type = (assuming there is a default) Each time on startup a locktype of flock is reported Uly -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 13 September 2005 18:26 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: locking issue on solaris with postfix, mailscaner and archiving ? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What does your "Lock Type =" line say? I would leave it blank. ulysees wrote: > I've been running Mailscanner 4.42.9 on postfix on solaris now for > several months and it's been performing as it should. > Recently I turned on the archive function so as to keep the full body > of mails (something I've done many times before with sendmail and MS > on linux). > The archiving option does archive so there's no problem there, however > I now get duplicate copies of mails being sent and duplicate archives > to go with them. > > It looks very close to the issue with sendmail fixed in 4.21-8 & the > associated exim thread. > > any ideas ? > > log snippet below > > Uly > > Sep 13 16:29:41 mailhost <22>MailScanner[8191]: Using locktype = flock > Sep 13 16:30:15 mailhost postfix/cleanup[8162]: [ID 197553 mail.info] > 26F981106: hold: header Received: from client.myorg.internal > (client.myorg.internal [192.168.0.10])??by mail.myorg.com (myorg Mail > Server) with ESMTP id 26F981106??for >; from client.myorg.internal[192.168.0.10]; > from=> to= > proto=ESMTP helo= Sep > 13 16:30:15 mailhost postfix/cleanup[8162]: [ID 197553 mail.info] > 26F981106: message-id=<20050913153015.26F981106@mail.myorg.com > > > Sep 13 16:30:18 mailhost <22>MailScanner[8191]: Saved archive copies > of 26F981106.22592 Sep 13 16:30:18 mailhost <22>MailScanner[8174]: > Saved archive copies of 26F981106.1A8AC Sep 13 16:30:18 mailhost > <22>MailScanner[8178]: Saved archive copies of 26F981106.07FB1 Sep 13 > 16:30:19 mailhost <22>MailScanner[8166]: Saved archive copies of > 26F981106.D49BE Sep 13 16:30:21 mailhost <22>MailScanner[8191]: > Requeue: > 26F981106.22592 to 6EA5F11E1 > Sep 13 16:30:21 mailhost <22>MailScanner[8200]: Saved archive copies > of 26F981106.A4B38 Sep 13 16:30:21 mailhost <22>MailScanner[8178]: > Requeue: > 26F981106.07FB1 to F00BD1222 > Sep 13 16:30:21 mailhost <22>MailScanner[8174]: Requeue: > 26F981106.1A8AC to 1C5AD11E1 > Sep 13 16:30:22 mailhost <22>MailScanner[8166]: Requeue: > 26F981106.D49BE to 3687D11E1 > Sep 13 16:30:22 mailhost <22>MailScanner[8200]: Requeue: > 26F981106.A4B38 to 3208B11E1 > > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQycLjhH2WUcUFbZUEQIxLACggn8r/ABdCFX7uFkVl0KtRNtb1WoAoJP8 mAwTPfixr7sLEuZFK41PraqZ =NLlB -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.bourque at MELLOUL.COM Wed Sep 14 13:06:06 2005 From: richard.bourque at MELLOUL.COM (Richard Bourque) Date: Thu Jan 12 21:30:44 2006 Subject: Any experiences with NOD32 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > At this moment, we are running mailscanner in combination with > sophossavi and clamav. > I recently got notice of the NOD32 virusscanner, which is a very > light-weight scanner on M$ Windows machines. > > To see if the performance of out mail-gateway would improve with NOD32 I > tried to use it with mailscanners latest stable release. > > I was wondering if any one on the mailling list has a setup running with > the NOD32 wrappers and NOD 2.15.1 release. > The reason I'm asking this, is that when I use the wrapper in > combination with this release I do not get any output in the mail logs > from NOD32. > Though both sophossavi and clamav are logging. > > Can any one help me. > > Thanks, > > Bob de Wildt Actually Julian borrowed my server to get NOD32 working with MailScanner when they switched NOD to version 2, and it has never had a problem since it was setup. We used to use Sophos but got frustrated with their rising prices and they kept changing the program which made it problematic with Mailscanner every now and again. I do believe that version 2.15.1 is NOD32 for Linux Mail Server and you really want to be using NOD32 for Linux File Server 2.06.1 instead because all you need is the command line scanner, not the daemon. The Eset NOD people are not knowledgeable about Linux and kept trying to make me buy the mail server version when all you need is one client of the file version. Hope that helps! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Sep 14 13:18:55 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:44 2006 Subject: New MailScanner basic Documentation available Message-ID: I'm very happy to announce that the new "MailScanner Administrators Guide, Version 1.0.5 for use with MailScanner Version 4.45.4 rpm based installations" is available from our website. Please go to: http://www.fsl.com/support.html And select "MailScanner Manual". Many thanks to our Contributors: Denis Beauchemin [denis.beauchemin@usherbrooke.ca] Ugo Bellavance, [ugob@camo-route.com] Michele Neylon, [michele@blacknightsolutions.com] Ron Pool [amp1@nysaes.cornell.edu] I will have to point out that buying the MailScanner book will save you printing out the 98 pages of manual and you get MUCH more of Julian's excellent documentation explaining how MailScanner works :) The book is available from the MailScanner site. If you feel the need to reward us for the many, many hours that have gone into creating this manual, please visit http://www.redcross.org/ and leave a dollar or two for the victims of Katrina. Enjoy, Steve Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at HBCS.ORG Wed Sep 14 14:38:42 2005 From: lists at HBCS.ORG (Dave C) Date: Thu Jan 12 21:30:44 2006 Subject: Blocked filename attachments Message-ID: On Wed, 14 Sep 2005 09:06:47 +0100, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > >It is also well documented in the Book. > > Nothing blatant about it, you deserve all the plugs you can get for such a well-done product(hoping my copy gets here tomorrow) Dave Coults NetAdmin - HBCS ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed Sep 14 15:00:11 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:44 2006 Subject: Do whitelisted addresses skip all checks or just spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris W. Parker wrote: Ok so at this point the answer is "depends"? That is, with newer versions of MS, whitelisted emails can either bypass the checks or not? Is that what the directive you're referring to does? I don't believe so. You can the whitelist rule which will cause all emails that match a whitelist pattern to be mark as not spam. You can also use a new option (seperate from the whitelist) to actually skip all checks. I use this new option to skip email received from 127.0.0.1, makes it much easier to release email from quarantine. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Sep 14 19:46:34 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:44 2006 Subject: Clamd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Rudd wrote: The default definition for clamav in virus.scanners.conf is clamav /opt/MailScanner/lib/clamav-wrapper /usr/local Which I assume will invoke clamscan. If I want to invoke clamd, would it be as simple as just modifying clamav-wrapper to use clamdscan? and would it be faster/better to see about using the clamavmodule instead? Use clamavmodule. It's faster and has less overhead than any solution involving clamd. That's why I did it the way I did. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQyc9txH2WUcUFbZUEQJtzwCgnWbV55tu1KjtrlGVIvV0KnRoAN8AoNc8 Rwahg9la0xn7nZN16BAxoQ9R =sea9 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! The only reason you'd want to be running clamd in the first place is to use it to power clamav-milter in order to prescan for viruses at the MTA level to reduce the load on MailScanner from having to scan virus-laden e-mails for spam. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Thu Sep 15 02:06:55 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:30:44 2006 Subject: Is there anyway for Outlook clients to control white/black lists? Message-ID: Damian Mendoza on Wednesday, September 14, 2005 5:09 PM said: > I developed an Outlook plug-in that works with MailScanner global > whitelists and blacklists. It communicates with a PHP server module. > > Will that work for you? Yeah that might work just fine. Where can I find more details? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From damian at WORKGROUPSOLUTIONS.COM Thu Sep 15 01:08:52 2005 From: damian at WORKGROUPSOLUTIONS.COM (Damian Mendoza) Date: Thu Jan 12 21:30:44 2006 Subject: Is there anyway for Outlook clients to control white/black lists? Message-ID: I developed an Outlook plug-in that works with MailScanner global whitelists and blacklists. It communicates with a PHP server module. Will that work for you? Regards, Damian Mendoza Workgroup Solutions http://www.spamgate.us 949 586-2200 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Chris W. Parker Sent: Wednesday, September 14, 2005 3:13 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Is there anyway for Outlook clients to control white/black lists? Hello, Is there anyway for users of Outlook to control their white/black lists? What I'd really like is a plugin that would simply allow the user to click "whitelist" or "blacklist" while an email is highlighted. Is there anything like that out there? Or something similar? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Wed Sep 14 23:24:37 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:44 2006 Subject: Clamd Message-ID: On Sep 14, 2005, at 11:46 AM, Alex Neuman wrote: > The only reason you'd want to be running clamd in the first place is > to use it to power clamav-milter in order to prescan for viruses at > the MTA level to reduce the load on MailScanner from having to scan > virus-laden e-mails for spam. > That's actually not far from the mark. Only mimedefang instead of clamav-milter. We're thinking about having off-campus IP addresses get scanned by mimedefang, and reject during SMTP if it contains a virus. Then have on-campus IP addresses still get scanned by MailScanner (there some subtle interactions that cause us to not want to do SMTP rejection for on-campus IP addresses). Mimedefang uses clamd. When I proposed the opposite question to them (using the ClamAV perl module) their claim was that they can't think of how anything could be faster than clamd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Wed Sep 14 23:13:27 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:30:44 2006 Subject: Is there anyway for Outlook clients to control white/black lists? Message-ID: Hello, Is there anyway for users of Outlook to control their white/black lists? What I'd really like is a plugin that would simply allow the user to click "whitelist" or "blacklist" while an email is highlighted. Is there anything like that out there? Or something similar? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed Sep 14 22:02:35 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:44 2006 Subject: Whitelist versus Scan Messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Playing around with various settings using MailWatch/MS whitelist and the new Scan Messages (SM) setting in MS. I had 127.0.0.1 in the whitelist but took it out after adding it to a rule file pointed to by SM. The problem I noticed is that spam notification email generated via a "Spam Actions" rule by MS is still sent thru SA and many times contains enough of the original message that it gets marked as spam thereby not getting delivered. Further with this setting email I release thru MW is marked as clean because of the SM rule set to no for 127.0.0.1. I added back a white list entry for 127.0.0.1 so spam notification emails make it to the end user. My scan.messages.rules are: From: 127.0.0.1 no FromOrTo: default yes I was expecting the above rule to negate me having to add 127.0.0.1 to the whitelist??? Hope this makes sense, end of work day and getting ready to fight the commute home. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wayne at NIGHTSOL.NET Thu Sep 15 02:23:09 2005 From: wayne at NIGHTSOL.NET (Wayne) Date: Thu Jan 12 21:30:44 2006 Subject: Is there anyway for Outlook clients to control white/black lists? Message-ID: You going to post it to the list? Rgds, W On 15/09/2005 01:08, "Damian Mendoza" wrote: > I developed an Outlook plug-in that works with MailScanner global > whitelists and blacklists. It communicates with a PHP server module. > > Will that work for you? > > > Regards, > > Damian Mendoza > Workgroup Solutions > http://www.spamgate.us > 949 586-2200 > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Chris W. Parker > Sent: Wednesday, September 14, 2005 3:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Is there anyway for Outlook clients to control white/black > lists? > > Hello, > > Is there anyway for users of Outlook to control their white/black lists? > What I'd really like is a plugin that would simply allow the user to > click "whitelist" or "blacklist" while an email is highlighted. > > Is there anything like that out there? Or something similar? > > > > Thanks, > Chris. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > ** Email Scanned by Elive's Virus Scanning Service - > http://www.elive.net ** > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Sep 15 03:14:59 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:44 2006 Subject: Clamd Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, it can be faster to have a program that's always loaded and in memory scan the incoming datastream - but it MailScanner doesn't work that way. It receives a bunch of messages before it "wakes up", looks at the queue, scans everything from within perl using the module faster than it would be to individually feed everything to clamd, and dumps whatever's left after processing in the "real" queue. At least that's what I understand. > On Sep 14, 2005, at 11:46 AM, Alex Neuman wrote: > >> The only reason you'd want to be running clamd in the first place is >> to use it to power clamav-milter in order to prescan for viruses at >> the MTA level to reduce the load on MailScanner from having to scan >> virus-laden e-mails for spam. >> > > That's actually not far from the mark. Only mimedefang instead of > clamav-milter. > > We're thinking about having off-campus IP addresses get scanned by > mimedefang, and reject during SMTP if it contains a virus. Then have > on-campus IP addresses still get scanned by MailScanner (there some > subtle interactions that cause us to not want to do SMTP rejection for > on-campus IP addresses). > > Mimedefang uses clamd. When I proposed the opposite question to them > (using the ClamAV perl module) their claim was that they can't think of > how anything could be faster than clamd. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Sep 15 09:08:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:44 2006 Subject: FW: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: Jules I presume you've tested this and MS is fine with SA 3.1.0?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: jm@jmason.org [mailto:jm@jmason.org] Sent: 15 September 2005 00:53 To: announce@SpamAssassin.apache.org Cc: users@SpamAssassin.apache.org; dev@SpamAssassin.apache.org Subject: ANNOUNCE: SpamAssassin 3.1.0 available! SpamAssassin 3.1.0 is released! SpamAssassin 3.1.0 is a major update. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). Highlights of the release ------------------------- - Apache preforking algorithm adopted; number of spamd child processes is now scaled, according to demand. This provides better VM behaviour when not under peak load. - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL storage is now recommended for Bayes, instead of DB_File. NDBM_File support has been dropped due to a major bug in that module. - detect legitimate SMTP AUTH submission, to avoid false positives on Dynablock-style rules. - new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform tests against header in internal MIME structure, ReplaceTags: plugin by Felix Bauer to support fuzzy text matching, WhiteListSubject: plugin added to support user whitelists by Subject header. - Razor: disable Razor2 support by default per our policy, since the service is not free for non-personal use. It's trivial to reenable (by editing '/etc/mail/spamassassin/v310.pre'). - DCC: disable DCC for similar reasons, due to new license terms. - Net::DNS bug: high load caused answer packets to be mixed up and delivered as answers to the wrong request, causing false positives. worked around. - DNSBL lookups and other DNS operations are now more efficient, by using a custom single-socket event-based model instead of Net::DNS. Downloading ----------- Pick it up from: http://SpamAssassin.apache.org/ Note, it may take up to two hours from now for that mirror to update. md5sum: d28bd7e83d01b234144e336bbfde0caa Mail-SpamAssassin-3.1.0.tar.bz2 f70c1fcab3d9563731bbc307eda7d69e Mail-SpamAssassin-3.1.0.tar.gz 65e9629ce255244fe3cb3d9772cdf239 Mail-SpamAssassin-3.1.0.zip sha1sum: 0185f076f619dd9e64e94b453017f9b08d4b0f04 Mail-SpamAssassin-3.1.0.tar.bz2 d887cbae5962cb03e45aaf71cd93881a27cccc99 Mail-SpamAssassin-3.1.0.tar.gz 8b9494448782f910e573377bf226a8072f24bb3f Mail-SpamAssassin-3.1.0.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B Important installation notes ---------------------------- - see the INSTALL and UPGRADE files in the distribution. Summary of major changes since 3.0.x ------------------------------------ - Apache preforking algorithm adopted; number of spamd child processes is now scaled, according to demand. This provides better VM behaviour when not under peak load. - Inclusion of sa-update script which will allow for updates of rules and scores in between code releases. - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL storage is now recommended for Bayes, instead of DB_File. NDBM_File support has been dropped due to a major bug in that module. - detect legitimate SMTP AUTH submission, to avoid false positives on Dynablock-style rules. - new Advance Fee Fraud (419 scam) rules. - removed use of the Storable module, due to several reported hangs on SMP Linux machines. - Converted several rule/engine components into Plugins such as: AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, etc. - new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform tests against header in internal MIME structure, ReplaceTags: plugin by Felix Bauer to support fuzzy text matching, WhiteListSubject: plugin added to support user whitelists by Subject header. - TextCat language guesser moved to a plugin. (This means "ok_languages" is no longer part of the core engine by default.) - Razor: disable Razor2 support by default per our policy, since the service is not free for non-personal use. It's trivial to reenable. - DCC: disable DCC for similar reasons, due to new license terms. - Net::DNS bug: high load caused answer packets to be mixed up and delivered as answers to the wrong request, causing false positives. worked around. - DNSBL lookups and other DNS operations are now more efficient, by using a custom single-socket event-based model instead of Net::DNS. - add support for accreditation services, including Habeas v2. - better URI parsing -- many evasion tricks now caught. - URIBL lookups are prioritized based on the location in the message the URI was found. - mass-check now supports reusing realtime DNSBL hit results, and sample-based Bayes autolearning emulation, to reduce complexity. - sa-learn, spamassassin and mass-check now have optional progress bars. - modify header ordering for DomainKeys compatibility, by placing markup headers at the top of the message instead at the bottom of the list. - spamd/spamc now support remote Bayes training, and reporting spam. - spamc now supports reading its flags from a configuration file using the -F switch, contributed by John Madden. - added SPF-based whitelisting. - Polish rules contributed by Radoslaw Stachowiak. - many rule changes and additions. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Thu Sep 15 09:19:52 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I haven't, no, but I believe others have and had no problems. I'll give it a go now. On 15 Sep 2005, at 09:08, Martin Hepworth wrote: > Jules > > I presume you've tested this and MS is fine with SA 3.1.0?? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > -----Original Message----- > From: jm@jmason.org [mailto:jm@jmason.org] > Sent: 15 September 2005 00:53 > To: announce@SpamAssassin.apache.org > Cc: users@SpamAssassin.apache.org; dev@SpamAssassin.apache.org > Subject: ANNOUNCE: SpamAssassin 3.1.0 available! > > SpamAssassin 3.1.0 is released! SpamAssassin 3.1.0 is a major update. > SpamAssassin is a mail filter which uses advanced statistical and > heuristic tests to identify spam (also known as unsolicited bulk > email). > > > Highlights of the release > ------------------------- > > - Apache preforking algorithm adopted; number of spamd child > processes is > now > scaled, according to demand. This provides better VM behaviour > when not > under peak load. > > - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage > modules. > SQL > storage is now recommended for Bayes, instead of DB_File. NDBM_File > support > has been dropped due to a major bug in that module. > > - detect legitimate SMTP AUTH submission, to avoid false positives on > Dynablock-style rules. > > - new plugins: DomainKeys (off by default), MIMEHeader: a new > plugin to > perform > tests against header in internal MIME structure, ReplaceTags: > plugin by > Felix > Bauer to support fuzzy text matching, WhiteListSubject: plugin > added to > support user whitelists by Subject header. > > - Razor: disable Razor2 support by default per our policy, since > the service > is > not free for non-personal use. It's trivial to reenable (by editing > '/etc/mail/spamassassin/v310.pre'). > > - DCC: disable DCC for similar reasons, due to new license terms. > > - Net::DNS bug: high load caused answer packets to be mixed up and > delivered > as > answers to the wrong request, causing false positives. worked > around. > > - DNSBL lookups and other DNS operations are now more efficient, by > using a > custom single-socket event-based model instead of Net::DNS. > > > Downloading > ----------- > > Pick it up from: > > http://SpamAssassin.apache.org/ > > Note, it may take up to two hours from now for that mirror to update. > > md5sum: > > d28bd7e83d01b234144e336bbfde0caa Mail-SpamAssassin-3.1.0.tar.bz2 > f70c1fcab3d9563731bbc307eda7d69e Mail-SpamAssassin-3.1.0.tar.gz > 65e9629ce255244fe3cb3d9772cdf239 Mail-SpamAssassin-3.1.0.zip > > sha1sum: > > 0185f076f619dd9e64e94b453017f9b08d4b0f04 Mail- > SpamAssassin-3.1.0.tar.bz2 > d887cbae5962cb03e45aaf71cd93881a27cccc99 Mail- > SpamAssassin-3.1.0.tar.gz > 8b9494448782f910e573377bf226a8072f24bb3f Mail- > SpamAssassin-3.1.0.zip > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 > 265F A05B > > > Important installation notes > ---------------------------- > > - see the INSTALL and UPGRADE files in the distribution. > > > Summary of major changes since 3.0.x > ------------------------------------ > > - Apache preforking algorithm adopted; number of spamd child > processes is > now > scaled, according to demand. This provides better VM behaviour > when not > under peak load. > > - Inclusion of sa-update script which will allow for updates of > rules and > scores in between code releases. > > - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage > modules. > SQL > storage is now recommended for Bayes, instead of DB_File. NDBM_File > support > has been dropped due to a major bug in that module. > > - detect legitimate SMTP AUTH submission, to avoid false positives on > Dynablock-style rules. > > - new Advance Fee Fraud (419 scam) rules. > > - removed use of the Storable module, due to several reported hangs > on SMP > Linux machines. > > - Converted several rule/engine components into Plugins such as: > AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, > etc. > > - new plugins: DomainKeys (off by default), MIMEHeader: a new > plugin to > perform > tests against header in internal MIME structure, ReplaceTags: > plugin by > Felix > Bauer to support fuzzy text matching, WhiteListSubject: plugin > added to > support user whitelists by Subject header. > > - TextCat language guesser moved to a plugin. (This means > "ok_languages" > is no longer part of the core engine by default.) > > - Razor: disable Razor2 support by default per our policy, since the > service is not free for non-personal use. It's trivial to reenable. > > - DCC: disable DCC for similar reasons, due to new license terms. > > - Net::DNS bug: high load caused answer packets to be mixed up and > delivered > as > answers to the wrong request, causing false positives. worked > around. > > - DNSBL lookups and other DNS operations are now more efficient, by > using a > custom single-socket event-based model instead of Net::DNS. > > - add support for accreditation services, including Habeas v2. > > - better URI parsing -- many evasion tricks now caught. > > - URIBL lookups are prioritized based on the location in the message > the URI was found. > > - mass-check now supports reusing realtime DNSBL hit results, and > sample-based > Bayes autolearning emulation, to reduce complexity. > > - sa-learn, spamassassin and mass-check now have optional progress > bars. > > - modify header ordering for DomainKeys compatibility, by placing > markup > headers at the top of the message instead at the bottom of the list. > > - spamd/spamc now support remote Bayes training, and reporting spam. > > - spamc now supports reading its flags from a configuration file > using the > -F > switch, contributed by John Madden. > > - added SPF-based whitelisting. > > - Polish rules contributed by Radoslaw Stachowiak. > > - many rule changes and additions. > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQykuqvw32o+k+q+hAQHwMAgAu2bwLdTvjRibAz6jVw1mlBja03m1Ezkz Ufps5gLNBC/S9wnAPCBJCE5u9mnd+0J9y7nnuaWwo+oXauNj+mtssC83uFdvTOAD kiRoEk9JQFhst0skmKaYVRWOoBdiZL9LXYGwA0/e5muex1L+CgKDlnjM5soSccsu 94ST2bO45urh/8F8HotBaT+0ITj4FO+yD0EX4n7/Ur1qtZNZLtj8uSzbSsYStuLX Dk+G30027nm4XyH3aCqfkstGTf54z9ClQ54/XLBDRsfJJtAcPvU1tVdL4kn3hIEs t1+zvl5UzBCXISxJiXjuUfxMnNoE4OZUouYcXHEqMDoSYpI8JrjnZQ== =Xegn -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Sep 15 09:17:35 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:45 2006 Subject: Clamd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 15/09/05, Alex Neuman wrote: > Well, it can be faster to have a program that's always loaded and in > memory scan the incoming datastream - but it MailScanner doesn't work that > way. It receives a bunch of messages before it "wakes up", looks at the > queue, scans everything from within perl using the module faster than it > would be to individually feed everything to clamd, and dumps whatever's > left after processing in the "real" queue. At least that's what I > understand. > All the real difference is in the fork/exec of clamdscan (which you cannot avoid in the clamd solution) ... Not much perhaps, but it'll always give the edge to the perl module. And forking clamscan or clamdscan for a batch.... doesn't really matter, since if you need speed, the module is there to use. So Julian definitely got this right, for MS. If MimeDefang could benefit from the module to, I couldn't really say:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Thu Sep 15 09:42:28 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:30:45 2006 Subject: FW: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: Hello all... Ooo, DomainKeys support, just as I was considering looking at adding DK to my MTA. > martinh@SOLID-STATE-LOGIC.COM 15/09/05 09:08:38 >>> >- Razor: disable Razor2 support by default per our policy, since the service >is not free for non-personal use. It's trivial to reenable (by editing > '/etc/mail/spamassassin/v310.pre'). >- DCC: disable DCC for similar reasons, due to new license terms. Anyone know much about the last two comments? I must have missed these announcements/changes in licensing. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 15 09:59:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 15 Sep 2005, at 09:42, Peter Bates wrote: > Hello all... > > Ooo, DomainKeys support, just as I was considering > looking at adding DK to my MTA. > > >> martinh@SOLID-STATE-LOGIC.COM 15/09/05 09:08:38 >>> >> - Razor: disable Razor2 support by default per our policy, since the >> > service > >> is not free for non-personal use. It's trivial to reenable (by >> > editing > >> '/etc/mail/spamassassin/v310.pre'). >> > > >> - DCC: disable DCC for similar reasons, due to new license terms. >> > > Anyone know much about the last two comments? > I must have missed these announcements/changes in licensing. I believe they are basically free for personal use, but that's about it. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyk3/fw32o+k+q+hAQFTyAgAhX+UiSRbxaoHuCFEDIBoPHz2zXR8Zq4l cs2y2XrNeUJSTOoWWXt+/Hng9ItW0fJ4XNMmsqa9mUnLsPAhA4PNhQbVLDhjiqm3 /JKD3Dkjk3VEo8im51iE2mbJvS0Jo37LQdvviQvHXl/pB08oEUU1IeP0Pqc1Z0mM e2J43IJ4ZdnnnMVV/qHX851wPU0Up2ueO5EeG5Ts3f/cYdPaZuoyuMp5hsL5Lazl AqbihvyEKJApPW1pkyM9zcn4IQAZwbGT/BiRSi/TcHU0/PkcFT2zqfLuVSQoWaYP NaMQEDD+v8ynxokPf6wMivS6sqo1PJoR8siL0zipYCCH6EwGMCEYkw== =CFPC -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Thu Sep 15 09:58:59 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:30:45 2006 Subject: using sa-learn on spam attachements Message-ID: On Tue, 2005-09-13 at 14:08 -0500, Alex Neuman wrote: > You could try using the archive option to store the mails, unprocessed, > at least for a while. That way you have something to feed SA with. except the most important reason for training the bayes database is for cases where MS/SA have got it wrong. I'm still trying to find a good solution to this problem - aside from employing someone full time to go through all false positives/negatives, strip them down and feed them through! GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Sep 15 09:58:03 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:45 2006 Subject: FW: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 15/09/05, Peter Bates wrote: (snip) > > martinh@SOLID-STATE-LOGIC.COM 15/09/05 09:08:38 >>> > >- Razor: disable Razor2 support by default per our policy, since the > service > >is not free for non-personal use. It's trivial to reenable (by > editing > > '/etc/mail/spamassassin/v310.pre'). > > >- DCC: disable DCC for similar reasons, due to new license terms. > > Anyone know much about the last two comments? > I must have missed these announcements/changes in licensing. > Razor2 isn't really new... look at http://razor.sourceforge.net/docs/doc.php?type=text&name=SERVICE_POLICY For DCC it's free unless you sell anti-spam/anti-virus services, just as it says in the description at http://www.rhyolite.com/anti-spam/dcc/dcc-tree/dcc.html (which means I can use it... Lucky me:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 15 10:02:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have just published an updated tarball installation set for SpamAssassin 3.1.0 including the new modules it needs. Download as usual from http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- SA.tar.gz Just unpack it and run the ./install.sh script. This will install the modules that SpamAssassin requires, along with ClamAV, all automatically for you, to save you hunting for modules it requires. On 15 Sep 2005, at 09:08, Martin Hepworth wrote: > Jules > > I presume you've tested this and MS is fine with SA 3.1.0?? > > -----Original Message----- > From: jm@jmason.org [mailto:jm@jmason.org] > Sent: 15 September 2005 00:53 > To: announce@SpamAssassin.apache.org > Cc: users@SpamAssassin.apache.org; dev@SpamAssassin.apache.org > Subject: ANNOUNCE: SpamAssassin 3.1.0 available! > > SpamAssassin 3.1.0 is released! SpamAssassin 3.1.0 is a major update. > SpamAssassin is a mail filter which uses advanced statistical and > heuristic tests to identify spam (also known as unsolicited bulk > email). > > > Highlights of the release > ------------------------- > > - Apache preforking algorithm adopted; number of spamd child > processes is > now > scaled, according to demand. This provides better VM behaviour > when not > under peak load. > > - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage > modules. > SQL > storage is now recommended for Bayes, instead of DB_File. NDBM_File > support > has been dropped due to a major bug in that module. > > - detect legitimate SMTP AUTH submission, to avoid false positives on > Dynablock-style rules. > > - new plugins: DomainKeys (off by default), MIMEHeader: a new > plugin to > perform > tests against header in internal MIME structure, ReplaceTags: > plugin by > Felix > Bauer to support fuzzy text matching, WhiteListSubject: plugin > added to > support user whitelists by Subject header. > > - Razor: disable Razor2 support by default per our policy, since > the service > is > not free for non-personal use. It's trivial to reenable (by editing > '/etc/mail/spamassassin/v310.pre'). > > - DCC: disable DCC for similar reasons, due to new license terms. > > - Net::DNS bug: high load caused answer packets to be mixed up and > delivered > as > answers to the wrong request, causing false positives. worked > around. > > - DNSBL lookups and other DNS operations are now more efficient, by > using a > custom single-socket event-based model instead of Net::DNS. > > > Downloading > ----------- > > Pick it up from: > > http://SpamAssassin.apache.org/ > > Note, it may take up to two hours from now for that mirror to update. > > md5sum: > > d28bd7e83d01b234144e336bbfde0caa Mail-SpamAssassin-3.1.0.tar.bz2 > f70c1fcab3d9563731bbc307eda7d69e Mail-SpamAssassin-3.1.0.tar.gz > 65e9629ce255244fe3cb3d9772cdf239 Mail-SpamAssassin-3.1.0.zip > > sha1sum: > > 0185f076f619dd9e64e94b453017f9b08d4b0f04 Mail- > SpamAssassin-3.1.0.tar.bz2 > d887cbae5962cb03e45aaf71cd93881a27cccc99 Mail- > SpamAssassin-3.1.0.tar.gz > 8b9494448782f910e573377bf226a8072f24bb3f Mail- > SpamAssassin-3.1.0.zip > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 > 265F A05B > > > Important installation notes > ---------------------------- > > - see the INSTALL and UPGRADE files in the distribution. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyk4rvw32o+k+q+hAQEGZwgAsjcx0Qvaqf/4YX0BaY6VCqaBMm11/hk2 bV68cdInHien3xSHiauxHA1jFxOen8yVM1vbVBJJzpOEpDbEStFsWqh4sSDPsJEi WoX+Us7gcUawaiGN6V3pAJDVs79E5z9VTGbkOTJhRotXyB2l2zKKz7Rdi8tkeJGO UA7vlO25h8yuQj5MgpCsWWozC6Ul0mB8I6lvFLFW9+KySPwl5q5ZdzqRINAYmbY8 4MzC39CPGFbO2ce6b//crmgrsu3FXJZKgPfKzWH2ebGZkgvGl6vBg5zmpRTQWdwS OSqFP+pW/G27zSe3aEMdvV2z45Djm8y1q89/2U3enXHNOqZqWjAVQA== =+VTg -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Sep 15 10:11:55 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: Hi! RC2 did run just fine , for weeks. In 3.1 there were no more changes so i guess its safe to switch. > I haven't, no, but I believe others have and had no problems. > I'll give it a go now. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Thu Sep 15 10:09:56 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: MailScanner mailing list wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I have just published an updated tarball installation set for > SpamAssassin 3.1.0 including the new modules it needs. Funny enough I was just installing it on one of my new machines. CPAN install, Net::Ident isn't happy. Linux, RHEL4-U1-i386 on Dell 2850. Anyone else seen this? thanks, Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Sep 15 10:21:06 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pentland G. wrote: > > Funny enough I was just installing it on one of my new machines. > > CPAN install, Net::Ident isn't happy. > > Linux, RHEL4-U1-i386 on Dell 2850. > > Anyone else seen this? > This has been discussed before on the sa-users list.. the solution is to ignore it since it's an optional module.. Anyways here's my report in 3.1 as related to MailScanner. Comment out the following in spam.assassin.prefs.conf RCVD_IN_RSL [no more used in 20_dnsbl_tests.cf] use_auto_whitelist [replaced with loadplugin Mail::SpamAssassin::Plugin::AWL in v310.pre] - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Sep 15 10:23:44 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:45 2006 Subject: Clamd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > On 15/09/05, Alex Neuman wrote: > >>Well, it can be faster to have a program that's always loaded and in >>memory scan the incoming datastream - but it MailScanner doesn't work that >>way. It receives a bunch of messages before it "wakes up", looks at the >>queue, scans everything from within perl using the module faster than it >>would be to individually feed everything to clamd, and dumps whatever's >>left after processing in the "real" queue. At least that's what I >>understand. >> > > All the real difference is in the fork/exec of clamdscan (which you > cannot avoid in the clamd solution) ... Not much perhaps, but it'll > always give the edge to the perl module. And forking clamscan or > clamdscan for a batch.... doesn't really matter, since if you need > speed, the module is there to use. > So Julian definitely got this right, for MS. If MimeDefang could > benefit from the module to, I couldn't really say:-). > I run clamd (with qmail-scanner) on quite a few servers, clamscan (with MailScanner) on another few and clamav-module (again with MailScanner) on my critical servers, for sure clamav-module is the least resource consuming and fastest. No stats to prove so though. Also one more reason for not running clamd (iirc) is the daemon dependency, if clamd dies there is no way MailScanner will find out. Is there any daemon the MailScanner depends on?? apart from itself, the MTA and in a way DCC, i don't recollect any. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Sep 15 10:32:12 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:45 2006 Subject: Clamd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 15/09/05, Dhawal Doshy wrote: > Glenn Steen wrote: > > On 15/09/05, Alex Neuman wrote: > > > >>Well, it can be faster to have a program that's always loaded and in > >>memory scan the incoming datastream - but it MailScanner doesn't work that > >>way. It receives a bunch of messages before it "wakes up", looks at the > >>queue, scans everything from within perl using the module faster than it > >>would be to individually feed everything to clamd, and dumps whatever's > >>left after processing in the "real" queue. At least that's what I > >>understand. > >> > > > > All the real difference is in the fork/exec of clamdscan (which you > > cannot avoid in the clamd solution) ... Not much perhaps, but it'll > > always give the edge to the perl module. And forking clamscan or > > clamdscan for a batch.... doesn't really matter, since if you need > > speed, the module is there to use. > > So Julian definitely got this right, for MS. If MimeDefang could > > benefit from the module to, I couldn't really say:-). > > > > I run clamd (with qmail-scanner) on quite a few servers, clamscan (with > MailScanner) on another few and clamav-module (again with MailScanner) > on my critical servers, for sure clamav-module is the least resource > consuming and fastest. No stats to prove so though. No real need for stats, one can reason it through pretty easily:-). > Also one more reason for not running clamd (iirc) is the daemon > dependency, if clamd dies there is no way MailScanner will find out. Is > there any daemon the MailScanner depends on?? apart from itself, the MTA > and in a way DCC, i don't recollect any. DNS for one, at least somewhere:-)... And if you have a local caching only... > - dhawal > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From venkatesh_s at FASTMAIL.FM Thu Sep 15 11:50:47 2005 From: venkatesh_s at FASTMAIL.FM (Venkatesh.S) Date: Thu Jan 12 21:30:45 2006 Subject: forwarding of mails to common email id Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hello all, i have configured mailscanner to send a copy of all the mail incoming and outgoing to a common email address, i want to know whether we can even get mails from the fields Cc and also Bcc coming to the common email address, is there anyother rule set for this or can we interegrate it into the same ruleset. plz advice on this regards venkatesh -- Venkatesh.S venkatesh_s@fastmail.fm -- http://www.fastmail.fm - Access all of your messages and folders wherever you are ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 15 13:25:48 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:45 2006 Subject: using sa-learn on spam attachements Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Matthews wrote: On Tue, 2005-09-13 at 14:08 -0500, Alex Neuman wrote: You could try using the archive option to store the mails, unprocessed, at least for a while. That way you have something to feed SA with. except the most important reason for training the bayes database is for cases where MS/SA have got it wrong. I'm still trying to find a good solution to this problem - aside from employing someone full time to go through all false positives/negatives, strip them down and feed them through! I use MailWatch.This has a nice web based interface to submit email to the SA-learn function. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Thu Sep 15 14:18:58 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:30:45 2006 Subject: using sa-learn on spam attachements Message-ID: On Thu, 2005-09-15 at 08:25 -0400, Ed Bruce wrote: > I use MailWatch.This has a nice web based interface to submit email to > the SA-learn function. I use mailwatch too but I dont have the time or resources to spend on checking spam/notspam accuracy and feeding the inaccuracies back to the bayes... I can ask my users to "forward as attachment" the mails that get marked wrong but even if I could trust them to do this right I'd still have to process the mails before "learning" from them. (admittedly, if I could guarantee that every user followed the instructions correctly, some of the work could be automated, but...) The only learning material that I can trust 100% is my own FPs and FNs but then I have to strip out the attachments on the FPs and strip out the MS headers from the FNs before I can use them (as I understand it). GREG > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 15 14:23:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 15 Sep 2005, at 10:21, Dhawal Doshy wrote: > Pentland G. wrote: > >> Funny enough I was just installing it on one of my new machines. >> CPAN install, Net::Ident isn't happy. >> Linux, RHEL4-U1-i386 on Dell 2850. >> Anyone else seen this? >> > > This has been discussed before on the sa-users list.. the solution > is to ignore it since it's an optional module.. > > Anyways here's my report in 3.1 as related to MailScanner. Comment > out the following in spam.assassin.prefs.conf > > RCVD_IN_RSL [no more used in 20_dnsbl_tests.cf] > use_auto_whitelist [replaced with loadplugin > Mail::SpamAssassin::Plugin::AWL in v310.pre] Yes, that is no longer needed/wanted. Does anyone know why init.pre does not include these lines: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL Without them, these features aren't enabled at all, which will badly hit your spam success rate (particularly URIDNSBL). And I've checked nothing else does them by default. Unless you add these lines, the module s' code isn't loaded, the last-access datestamp on the files isn't touched. So nothing is reading them without this addition. Can someone add this to the wiki please? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyl1xfw32o+k+q+hAQGnkQf8CD/1OVoz32aeCGkhb2/OxODKcJlB6P1E AeQdrmZRfsCda9VnUwkVqrxbkpqAxaDvEkdPDIHhpzNxZWIsKD5yw4/ZlBKo8qHV 2k+gbMBNb9eyMHiGvHIlq0QsOExL/M7wmJM/8fxjWfBzwcl9lGryV71XiizJdO8O hqxaUsUh2bg9D0e81ZqHcD362IY1aJOADs6KLUUhDZnOi5Lc0cMyL8zlwtdcmwZB FzEbNqIYqAKMh3zy6k2JEg0BQOz3OO8GqF6ymVyhl6JxXiFdoDZw9/HI4PNr3qPi 3FoH+OfROoIGocCH3qubXldlh/roiJEjimGLDfP2N4pPqUzi9soIBw== =S6gD -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Sep 15 14:46:33 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: Jules Is a distribution specific install you've played with or the tar.gz? I have seen the init.pre being empty on the RPM's and other Linux dist specific ports. (I usually use the CPAN installer, but not having the time to spend installing 3.1.0 I've not looked at it yet). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 15 September 2005 14:23 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] ANNOUNCE: SpamAssassin 3.1.0 available! -----BEGIN PGP SIGNED MESSAGE----- On 15 Sep 2005, at 10:21, Dhawal Doshy wrote: > Pentland G. wrote: > >> Funny enough I was just installing it on one of my new machines. >> CPAN install, Net::Ident isn't happy. >> Linux, RHEL4-U1-i386 on Dell 2850. >> Anyone else seen this? >> > > This has been discussed before on the sa-users list.. the solution > is to ignore it since it's an optional module.. > > Anyways here's my report in 3.1 as related to MailScanner. Comment > out the following in spam.assassin.prefs.conf > > RCVD_IN_RSL [no more used in 20_dnsbl_tests.cf] > use_auto_whitelist [replaced with loadplugin > Mail::SpamAssassin::Plugin::AWL in v310.pre] Yes, that is no longer needed/wanted. Does anyone know why init.pre does not include these lines: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL Without them, these features aren't enabled at all, which will badly hit your spam success rate (particularly URIDNSBL). And I've checked nothing else does them by default. Unless you add these lines, the module s' code isn't loaded, the last-access datestamp on the files isn't touched. So nothing is reading them without this addition. Can someone add this to the wiki please? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyl1xfw32o+k+q+hAQGnkQf8CD/1OVoz32aeCGkhb2/OxODKcJlB6P1E AeQdrmZRfsCda9VnUwkVqrxbkpqAxaDvEkdPDIHhpzNxZWIsKD5yw4/ZlBKo8qHV 2k+gbMBNb9eyMHiGvHIlq0QsOExL/M7wmJM/8fxjWfBzwcl9lGryV71XiizJdO8O hqxaUsUh2bg9D0e81ZqHcD362IY1aJOADs6KLUUhDZnOi5Lc0cMyL8zlwtdcmwZB FzEbNqIYqAKMh3zy6k2JEg0BQOz3OO8GqF6ymVyhl6JxXiFdoDZw9/HI4PNr3qPi 3FoH+OfROoIGocCH3qubXldlh/roiJEjimGLDfP2N4pPqUzi9soIBw== =S6gD -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 15 14:48:10 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:45 2006 Subject: using sa-learn on spam attachements Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Matthews wrote: On Thu, 2005-09-15 at 08:25 -0400, Ed Bruce wrote: I use MailWatch.This has a nice web based interface to submit email to the SA-learn function. I use mailwatch too but I dont have the time or resources to spend on checking spam/notspam accuracy and feeding the inaccuracies back to the bayes... I can ask my users to "forward as attachment" the mails that get marked wrong but even if I could trust them to do this right I'd still have to process the mails before "learning" from them. (admittedly, if I could guarantee that every user followed the instructions correctly, some of the work could be automated, but...) The only learning material that I can trust 100% is my own FPs and FNs but then I have to strip out the attachments on the FPs and strip out the MS headers from the FNs before I can use them (as I understand it). GREG This is what I currently do, I have users send email to one of two special mail drops (one for spam and the other for ham) and I also do what someone else suggested I get an archive copy for 7 days. I then use the forwarded email with the Reports web page in MW to find the email and feed it to SA-learn. This way I don't have to strip off the headers. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 15 14:54:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: forwarding of mails to common email id Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 15 Sep 2005, at 11:50, Venkatesh.S wrote: > hello all, > i have configured mailscanner to send a copy of all the mail > incoming and outgoing to a common email address, > > i want to know whether we can even get mails from the fields Cc and > also Bcc coming to the common email address, is there anyother rule > set for this or can we interegrate it into the same ruleset. MailScanner doesn't use the addresses in the headers, it uses the "true" recipient addresses in the envelope. So it won't make any difference whether they are To:, Cc: or Bcc:, it will catch all of them. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyl9Fvw32o+k+q+hAQHTOAf9H4SRjzE6bCvB/aUjoAvrZi02LFfi2dPz fYIwj8X4giaph3wK3DHB6clgdHHY/MpA59joOfyc5q2i3UMb/CYi4V8nqcAx6LZ2 U+IRHy/Cru3nZR/TOHFo6tby4DiF9fvQILu0hea0+2+DroZmux+zDNpgD2M+PXpk EonUhrAyLPREr7PgSK5LtbM6vUoXR0c5kTWrx+y9MpHqHO77IfU3DPVNtS27CeXT lfZE1Oh1+ZwMJ5T37FhdtTTb4WEFxdlQU8jrvZ1ZeBIZ5rTKlPoAgH6UpVDQpXbj jl6tEphMQhPGOC4MYhdllCnEDX9E59YhNHyEqy1hz85kZWTVXDEOIQ== =duaA -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 15 14:52:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I now have 4 production servers running SA 3.1.0 with no problems at all. Just remember to add loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL at the end of the init.pre file, or else you miss out on some very useful features. Remove the line in your spam.assassin.prefs.conf that mentions RSL as that is no longer wanted. Other than that, I would just recommend you use my install-Clam- SA.tar.gz availabe from http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- SA.tar.gz as it includes all the required Perl modules for you, and installs everything in the right order. It will install ClamAV as well, which you don't have to use if you don't want to. Editing the install.sh script to remove the ClamAV installation is pretty easy, you'll see it in there. Just search for "Clam" and you'll find it all. All working fine! On 15 Sep 2005, at 09:19, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I haven't, no, but I believe others have and had no problems. > I'll give it a go now. > > On 15 Sep 2005, at 09:08, Martin Hepworth wrote: > > >> Jules >> >> I presume you've tested this and MS is fine with SA 3.1.0?? > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyl8mfw32o+k+q+hAQEjQwgAtsfCh46cG5it2sCr1OYS9rGANVdsC23i Mb9qaMMmtXckUXCBEYdvu3K3wJplMSqO1064MxxhWdENyWMLXu2nMXcKn6LQ/Oc0 +LokTb7eJYgCTgjpX4VWldGFkx+Fa9eP8l0Rthvo9WmXM6ZsZp2UnDWX2zoHQLmF d0g1Vud3tvlCFDP+6WrG0GnV2N/F69Gzyo7zMvzta0gFvw21v+LGG6QJ8oCR+Pf0 IbnRDYAUVY5qilgCqCZ/ic8sraRA82W72NKCCpNT3Zygs3ZIwuep+r38ztFWCB9q gm3UOyVCaBi+2UUN1NdWrUWLxu9XxtjCf/Umy1elBkZANvv7rgOgVg== =OuPq -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 15 14:57:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I just use the tar.gz, it's the only one I trust. By definition their RPM's won't work on all systems without being rebuilt from SRPM. It needs to know the perl installation directories which it can only learn at build-time, not at install-time. On 15 Sep 2005, at 14:46, Martin Hepworth wrote: > Jules > > Is a distribution specific install you've played with or the > tar.gz? I have > seen the init.pre being empty on the RPM's and other Linux dist > specific > ports. > > (I usually use the CPAN installer, but not having the time to spend > installing 3.1.0 I've not looked at it yet). > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On Behalf > Of Julian Field > Sent: 15 September 2005 14:23 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] ANNOUNCE: SpamAssassin 3.1.0 available! > > -----BEGIN PGP SIGNED MESSAGE----- > > On 15 Sep 2005, at 10:21, Dhawal Doshy wrote: > > >> Pentland G. wrote: >> >> >>> Funny enough I was just installing it on one of my new machines. >>> CPAN install, Net::Ident isn't happy. >>> Linux, RHEL4-U1-i386 on Dell 2850. >>> Anyone else seen this? >>> >>> >> >> This has been discussed before on the sa-users list.. the solution >> is to ignore it since it's an optional module.. >> >> Anyways here's my report in 3.1 as related to MailScanner. Comment >> out the following in spam.assassin.prefs.conf >> >> RCVD_IN_RSL [no more used in 20_dnsbl_tests.cf] >> use_auto_whitelist [replaced with loadplugin >> Mail::SpamAssassin::Plugin::AWL in v310.pre] >> > > Yes, that is no longer needed/wanted. > > Does anyone know why init.pre does not include these lines: > > loadplugin Mail::SpamAssassin::Plugin::RelayCountry > loadplugin Mail::SpamAssassin::Plugin::SPF > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > Without them, these features aren't enabled at all, which will badly > hit your spam success rate (particularly URIDNSBL). > > And I've checked nothing else does them by default. Unless you add > these lines, the module s' code isn't loaded, the last-access > datestamp on the files isn't touched. So nothing is reading them > without this addition. > > Can someone add this to the wiki please? > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQyl1xfw32o+k+q+hAQGnkQf8CD/1OVoz32aeCGkhb2/OxODKcJlB6P1E > AeQdrmZRfsCda9VnUwkVqrxbkpqAxaDvEkdPDIHhpzNxZWIsKD5yw4/ZlBKo8qHV > 2k+gbMBNb9eyMHiGvHIlq0QsOExL/M7wmJM/8fxjWfBzwcl9lGryV71XiizJdO8O > hqxaUsUh2bg9D0e81ZqHcD362IY1aJOADs6KLUUhDZnOi5Lc0cMyL8zlwtdcmwZB > FzEbNqIYqAKMh3zy6k2JEg0BQOz3OO8GqF6ymVyhl6JxXiFdoDZw9/HI4PNr3qPi > 3FoH+OfROoIGocCH3qubXldlh/roiJEjimGLDfP2N4pPqUzi9soIBw== > =S6gD > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyl9yfw32o+k+q+hAQGBYwgAk7YNSJSwG4WT7AV2KQjWeFSOtoDETsnK aOnFBrhd7m3y9tSWrmza/Ft2j25UnGjAgc27ECnMrCf9YLE2FOYTJWqTpY++gB09 dI4spBGl8hLxCFR/oTlR59e5q1mrBryWYqvmgbqyoSPx1hcwPfeZPQ95d/OTZ+i3 rNL1SipuBKAtlDH9jLKebGiyn9SLHtgiTPCJfM7aOMev8SrhkL89ZlrCnEi7N0QG y0I0gbAa0ThsFNL3QRifyslqvR6i7EK8a5slY2mp7EBRJRoNY4tGuPm2WtfSrWCH 1aikgcIotb/cbZRsQoS4jy5/pmMOHq0Bq2RsWBaOWr1CoTdz+rJf/w== =G8Gi -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rpoe at PLATTESHERIFF.ORG Thu Sep 15 14:55:30 2005 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: I put the export LANG=en_US into the bashrc on most of my servers. FWIW.. >>> ebruce@HPMICH.COM 9/15/2005 8:20:05 am >>> Seems there is a problem with the perl installation in Redhat. I needed to do this: export LANG=en_US perl -MCPAN -e shell install Mail::SpamAssassin This worked, so I modified the install.sh to have the export LANG=en_US and re-ran just to be sure and it worked. Running now and watching to see what happens... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Sep 15 14:59:53 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:45 2006 Subject: Quick report on SpamAssassin 3.1.0 available! Message-ID: I just installed SpamAassassin 3.1 on a CentOS system 4.1 system. I'd expect similar experiences on a Red Hat 4.x system. Before installing from the tarball, there were additional Perl modules needed: optional module missing: Mail::SPF::Query optional module missing: IP::Country optional module missing: Net::Ident (won't build on 4.x) optional module missing: IO::Socket::INET6 (won't build on 4.x) Install Net::SSLeay first then install optional module missing: IO::Socket::SSL optional module missing: Archive::Tar optional module missing: IO::Zlib Added to the /etc/mail/spamassassin/init.pre: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::URIDNSBL And if you meet the license requirements for Razor and DCC Add: loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Razor2 All now seems to work OK with our standard spam.assassin.prefs.conf file. Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 15 13:59:25 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I have just published an updated tarball installation set for > SpamAssassin 3.1.0 including the new modules it needs. > > Download as usual from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- > SA.tar.gz > > Just unpack it and run the ./install.sh script. I'm having a problem with this script. Not sure what the problem is I only see two errors. One is can locate pod2man program, make sure it is in your path, but it is in my path. The other is: Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.03 Removing tests for spamc/d as MailScanner does not use them Makefile:95: *** missing separator. Stop. This error occurs just before the last directions telling me to mod the init.pre file. When I run MailScanner -v, I get these results: > Running on > Linux mail1.hpmich.com 2.4.21-27.0.4.ELsmp #1 SMP Sat Apr 16 18:43:06 > EDT 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux ES > release 3 (Taroon Update 5) This is Perl version 5.008000 (5.8.0) > > This is MailScanner version 4.45.4 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.01 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.04 Fcntl > 2.71 File::Basename > 2.05 File::Copy > 2.01 FileHandle > 1.05 File::Path > 0.13 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.20 IO > 1.09 IO::File > 1.122 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.05 POSIX > 1.75 Socket > 0.03 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.810 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.20 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.000002 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.89 Text::Balanced > 1.35 URI > Interestingly I tried to use CPAN and got the same Makefile:95 *** missing separator. Stop. error... I'll keep looking but if anybody has any ideas I would appreciate it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 15 14:20:05 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Seems there is a problem with the perl installation in Redhat. I needed to do this: export LANG=en_US perl -MCPAN -e shell install Mail::SpamAssassin This worked, so I modified the install.sh to have the export LANG=en_US and re-ran just to be sure and it worked. Running now and watching to see what happens... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 15 15:02:27 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:45 2006 Subject: using sa-learn on spam attachements Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kosta Lekas wrote: >SA cannot undo markups or encapsulations done by MS, or any other tool, >because >it doesn't know what was done. > > Is this really true, I noticed an option in spam.assassin.prefs.conf called: bayes_ignore_header. It would be tedious to find all headers you need to strip, but I interpret this to mean that SA-learn should ignore those headers??? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Thu Sep 15 15:25:27 2005 From: rpoe at plattesheriff.org (Rob Poe) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: On the Razor2 / DCC stuff, was that enabled by default in the past or was it manually enabled? From rpoe at PLATTESHERIFF.ORG Thu Sep 15 15:25:27 2005 From: rpoe at PLATTESHERIFF.ORG (Rob Poe) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: On the Razor2 / DCC stuff, was that enabled by default in the past or was it manually enabled? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 15 16:31:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 15 Sep 2005, at 13:59, Ed Bruce wrote: > Julian Field wrote: > > >> I have just published an updated tarball installation set for >> SpamAssassin 3.1.0 including the new modules it needs. >> >> Download as usual from >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- >> SA.tar.gz >> >> Just unpack it and run the ./install.sh script. >> > > I'm having a problem with this script. Not sure what the problem is > I only see two errors. One is can locate pod2man program, make sure > it is in your path, but it is in my path. > > The other is: > > Writing Makefile for Mail::SpamAssassin > Makefile written by ExtUtils::MakeMaker 6.03 Removing tests for > spamc/d as MailScanner does not use them > Makefile:95: *** missing separator. Stop. Both of them have the same cause: /etc/sysconfig/i18n. You need to remove all mention of utf8 from that file, log out, then log back in again. Then you should have more luck. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQymT4vw32o+k+q+hAQFhGwf/fcD3s59001fTPZgpwFKlhmoN+o3+yHZR j+oiJfGGmUHkkGm9dwYwEp9kuEEUwtxEg9BsQySNprIkRTJdu+JVGRhPA3fxP+lB VhDwblXMiH0c2ymkK5KD081dTELDnT+h38fv7r/wsHOQ1Zl+CxBQRuu+o4ZHx8rR px9lbAI8M/eNJbOFaMgJ63cdOuhJa+r8/E1cB6qXgA984rTbs5Y8BOD2sLEhmOqh 1+nyTqym1dQZW57p/bwUJIo31iLIKaoecyH8LK5ywuKG4fG/H0NLQHMBJoTGfUx6 +CQu8o6qfO6HqEoIVYERlHRjXZ03rbJzW0c3vGZOoysPL+9uaSp6Ig== =Yy+L -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 15 16:33:05 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:45 2006 Subject: using sa-learn on spam attachements Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 15 Sep 2005, at 15:02, Ed Bruce wrote: > Kosta Lekas wrote: > > >> SA cannot undo markups or encapsulations done by MS, or any other >> tool, >> because >> it doesn't know what was done. >> >> > Is this really true, I noticed an option in > spam.assassin.prefs.conf called: bayes_ignore_header. It would be > tedious to find all headers you need to strip, but I interpret this > to mean that SA-learn should ignore those headers??? You just need bayes_ignore_header X-YOURDOMAIN-COM-MailScanner bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information where you should replace YOURDOMAIN-COM with whatever you have set % org-name% to in MailScanner.conf. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQymUM/w32o+k+q+hAQFcxggApt/FXlGmVXrG27Gvb0ZI/iqGs4VnXSca +/QALN+T8R5kiuYQqB1lX/dLC2JHntTjVMb1nhWmxxkm8jsbTH81lITnrur1diEh kZmhxcb6sk7EGd9Bg1rQDCDpoLGcMuITFOS3GAaEeEjYhj8dFx6p78cXT6aVINZ8 zvCt+plilIsTsmgaSNqdBwSpSFDppakoHV0Byojli2IR3VORFIQgOVz3fUOv7XPM x/Fx+OawaPBFENYARkAd/wfwZu7wLVal9t4WHej4Cx8VC4QTn+M3AQGlNtZcpMRW JVvB37pdMycO+b+i3u0BSE1elKU7o02Osz2MzCS7nXHQTRM+jJxM9w== =MLQv -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Sep 15 16:35:24 2005 From: alex at NKPANAMA.COM (Alex Neuman) Date: Thu Jan 12 21:30:45 2006 Subject: Clamd Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That's why it's good that MailScanner doesn't really depend on anything being "loaded". I simply use clamav-milter when possible to ease the load on MailScanner. If it gets past clamav-milter then MailScanner+clamavmodule+bitdefender+somethingelse will probably catch it anyway. > Glenn Steen wrote: >> On 15/09/05, Alex Neuman wrote: >> >>>Well, it can be faster to have a program that's always loaded and in >>>memory scan the incoming datastream - but it MailScanner doesn't work >>> that >>>way. It receives a bunch of messages before it "wakes up", looks at the >>>queue, scans everything from within perl using the module faster than it >>>would be to individually feed everything to clamd, and dumps whatever's >>>left after processing in the "real" queue. At least that's what I >>>understand. >>> >> >> All the real difference is in the fork/exec of clamdscan (which you >> cannot avoid in the clamd solution) ... Not much perhaps, but it'll >> always give the edge to the perl module. And forking clamscan or >> clamdscan for a batch.... doesn't really matter, since if you need >> speed, the module is there to use. >> So Julian definitely got this right, for MS. If MimeDefang could >> benefit from the module to, I couldn't really say:-). >> > > I run clamd (with qmail-scanner) on quite a few servers, clamscan (with > MailScanner) on another few and clamav-module (again with MailScanner) > on my critical servers, for sure clamav-module is the least resource > consuming and fastest. No stats to prove so though. > > Also one more reason for not running clamd (iirc) is the daemon > dependency, if clamd dies there is no way MailScanner will find out. Is > there any daemon the MailScanner depends on?? apart from itself, the MTA > and in a way DCC, i don't recollect any. > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 15 16:36:58 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > > Both of them have the same cause: /etc/sysconfig/i18n. You need to > remove all mention of utf8 from that file, log out, then log back in > again. Then you should have more luck. > > Ah, thats why that fix didn't work, I failed to log out and back in. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Lance at THEHAVERKAMPS.NET Thu Sep 15 16:44:03 2005 From: Lance at THEHAVERKAMPS.NET (Lance W. Haverkamp) Date: Thu Jan 12 21:30:45 2006 Subject: pgp yahoogroups Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greetings, Greetings, Does anyone know why mailscanner is marking some pgp encrypted mailing list messages (yahoogroups) as spam? -- Thanks! Lance W. Haverkamp Lance@TheHaverkamps.net Contact & encryption info: http://thehaverkamps.net/?Lance:Contact_Me ><> ><> ><> ><> ><> ><> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Sep 15 17:03:37 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: pgp yahoogroups Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance W. Haverkamp wrote: > Greetings, > > Greetings, Does anyone know why mailscanner is marking some pgp > encrypted mailing list messages (yahoogroups) as spam? No, but you could check the X-*-MailScanner-SpamCheck header for some ideas. If you can't make sense of it, post that header's content up in a reply to the list. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Thu Sep 15 17:31:19 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:45 2006 Subject: Kaspersky 5.5 Message-ID: Hi Julian, When using MailScanner with Kaspersky 5.5, Virus Scanner = kaspersky-4.5 will not work with Kaspersky 5.5 To resolve this, a change is required in the kaspersky-wrapper. Under the section: # For KAV 4.5.0 Change: ${PackageDir}/$Scanner $ScanOptions -o$Report -j3 -q "$@" To ${PackageDir}/$Scanner $ScanOptions -o$Report -j5 -q "$@" Without this, Kaspersky will only print a summary line ie: "Clean 0 Archive 2 Infected 2" (which isn't flagged as we look for INFECTED), using -j5 adds the standard file - INFECTED - virus line to the report. Another thing is the full path is displayed on the notification, ie: Report: Kaspersky: /var/spool/MailScanner/incoming/23579/1EFwUx-00068Y-EC/eicar.com INFECTED EICAR-Test-File I`ll look into that tomorrow, but methinks we need a new flag for v5.5 :) Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Thu Sep 15 18:20:45 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:45 2006 Subject: Kaspersky 5.5 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Also for anyone else installing: The wrapper script is currently the same for Kaspersky and Kaspersky-4.5, so make sure you set the correct path into /usr/lib/MailScanner/kaspersky-autoupdate. Cheers, Chris ________________________________ From: MailScanner mailing list on behalf of Chris Russell Sent: Thu 15/09/2005 17:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Kaspersky 5.5 Hi Julian, When using MailScanner with Kaspersky 5.5, Virus Scanner = kaspersky-4.5 will not work with Kaspersky 5.5 To resolve this, a change is required in the kaspersky-wrapper. Under the section: # For KAV 4.5.0 Change: ${PackageDir}/$Scanner $ScanOptions -o$Report -j3 -q "$@" To ${PackageDir}/$Scanner $ScanOptions -o$Report -j5 -q "$@" Without this, Kaspersky will only print a summary line ie: "Clean 0 Archive 2 Infected 2" (which isn't flagged as we look for INFECTED), using -j5 adds the standard file - INFECTED - virus line to the report. Another thing is the full path is displayed on the notification, ie: Report: Kaspersky: /var/spool/MailScanner/incoming/23579/1EFwUx-00068Y-EC/eicar.com INFECTED EICAR-Test-File I`ll look into that tomorrow, but methinks we need a new flag for v5.5 :) Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner is part of the Mail Filtering service from Nexent Internet. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Sep 15 19:15:01 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: Julian, I had the following in my init.pre for SA 3.0.4: # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash I added it to my 3.1 init.pre. Woner how come it didn't get into the default 3.1 init.pre file? Jeff Earickson Colby College On Thu, 15 Sep 2005, Julian Field wrote: > Date: Thu, 15 Sep 2005 14:52:23 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ANNOUNCE: SpamAssassin 3.1.0 available! > > -----BEGIN PGP SIGNED MESSAGE----- > > I now have 4 production servers running SA 3.1.0 with no problems at > all. Just remember to add > > loadplugin Mail::SpamAssassin::Plugin::RelayCountry > loadplugin Mail::SpamAssassin::Plugin::SPF > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > at the end of the init.pre file, or else you miss out on some very > useful features. > Remove the line in your spam.assassin.prefs.conf that mentions RSL as > that is no longer wanted. > > Other than that, I would just recommend you use my install-Clam- > SA.tar.gz availabe from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- > SA.tar.gz > as it includes all the required Perl modules for you, and installs > everything in the right order. > > It will install ClamAV as well, which you don't have to use if you > don't want to. Editing the install.sh script to remove the ClamAV > installation is pretty easy, you'll see it in there. Just search for > "Clam" and you'll find it all. > > All working fine! > > On 15 Sep 2005, at 09:19, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I haven't, no, but I believe others have and had no problems. >> I'll give it a go now. >> >> On 15 Sep 2005, at 09:08, Martin Hepworth wrote: >> >> >>> Jules >>> >>> I presume you've tested this and MS is fine with SA 3.1.0?? >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQyl8mfw32o+k+q+hAQEjQwgAtsfCh46cG5it2sCr1OYS9rGANVdsC23i > Mb9qaMMmtXckUXCBEYdvu3K3wJplMSqO1064MxxhWdENyWMLXu2nMXcKn6LQ/Oc0 > +LokTb7eJYgCTgjpX4VWldGFkx+Fa9eP8l0Rthvo9WmXM6ZsZp2UnDWX2zoHQLmF > d0g1Vud3tvlCFDP+6WrG0GnV2N/F69Gzyo7zMvzta0gFvw21v+LGG6QJ8oCR+Pf0 > IbnRDYAUVY5qilgCqCZ/ic8sraRA82W72NKCCpNT3Zygs3ZIwuep+r38ztFWCB9q > gm3UOyVCaBi+2UUN1NdWrUWLxu9XxtjCf/Umy1elBkZANvv7rgOgVg== > =OuPq > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Sep 15 19:38:40 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:45 2006 Subject: Kaspersky 5.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 15/09/05, Chris Russell wrote: > Also for anyone else installing: > > The wrapper script is currently the same for Kaspersky and Kaspersky-4.5, so make sure you set the correct path into /usr/lib/MailScanner/kaspersky-autoupdate. > > Cheers, > > Chris > > > > > ________________________________ > > From: MailScanner mailing list on behalf of Chris Russell > Sent: Thu 15/09/2005 17:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Kaspersky 5.5 > > > > Hi Julian, > > When using MailScanner with Kaspersky 5.5, Virus Scanner = > kaspersky-4.5 will not work with Kaspersky 5.5 > > To resolve this, a change is required in the kaspersky-wrapper. Under > the section: > > # For KAV 4.5.0 > > Change: > > ${PackageDir}/$Scanner $ScanOptions -o$Report -j3 -q "$@" > > To > > ${PackageDir}/$Scanner $ScanOptions -o$Report -j5 -q "$@" > > > Without this, Kaspersky will only print a summary line ie: "Clean 0 > Archive 2 Infected 2" (which isn't flagged as we look for INFECTED), > using -j5 adds the standard file - INFECTED - virus line to the report. > > Another thing is the full path is displayed on the notification, ie: > > Report: Kaspersky: > /var/spool/MailScanner/incoming/23579/1EFwUx-00068Y-EC/eicar.com > INFECTED EICAR-Test-File > > I`ll look into that tomorrow, but methinks we need a new flag for v5.5 > :) > > Cheers, > > Chris Wouldn't it be wonderful if you put at least some of this in the wiki? Go have a look at how we've documented mcafee, bitdefender, f-prot, panda, clamav ....so far... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Thu Sep 15 20:54:08 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:45 2006 Subject: Kaspersky 5.5 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Wouldn't it be wonderful if you put at least some of this in the wiki? Good point, well made. MailScanner Config page done, will do installation of Kaspersky when I do the real installation this weekend :) (Its on a trial license at the mo!). Task list updated. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Sep 15 23:20:43 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Summary: Very strange problem where SA command line correctly uses all my rules, but SA under MailScanner only reads SOME of the .cf files from the site rules directory. reloading MailScanner does not fix the problem, and spamassassin --lint is happy. Setup: MailScanner 4.42.9 Perl 5.8.0 SpamAssassin 2.64 Redhat 9 based Linux box with custom kernel. Problem: I make use of extensive custom rules including antidrug.cf, as well as several private rulesets. There are 35 .cf files in /etc/mail/spamassassin. SpamAssassin --lint runs clean. When I do testing on the command line, with spamassassin -t [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Matt, In MailScanner.conf, what is "SpamAssassin Local Rules Dir" set to. From your email, it should be /etc/mail/spamassassin, if not, set it and see how you get on. Cheers, Chris ________________________________ From: MailScanner mailing list on behalf of Matt Kettler Sent: Thu 15/09/2005 23:20 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Some .cf files not being used by SpamAssassin under MailScanner? Summary: Very strange problem where SA command line correctly uses all my rules, but SA under MailScanner only reads SOME of the .cf files from the site rules directory. reloading MailScanner does not fix the problem, and spamassassin --lint is happy. Setup: MailScanner 4.42.9 Perl 5.8.0 SpamAssassin 2.64 Redhat 9 based Linux box with custom kernel. Problem: I make use of extensive custom rules including antidrug.cf, as well as several private rulesets. There are 35 .cf files in /etc/mail/spamassassin. SpamAssassin --lint runs clean. When I do testing on the command line, with spamassassin -t [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Russell wrote: > Hi Matt, > > In MailScanner.conf, what is "SpamAssassin Local Rules Dir" set to. > > From your email, it should be /etc/mail/spamassassin, if not, set it and see how you get on. Well it's set to an empty string in my config: SpamAssassin Local Rules Dir = I'll try setting it, however I don't think this could possibly be the issue. After all, I can conclusively prove it's parsing some of the rule files in /etc/mail/spamassassin/, as it uses /etc/mail/spamassassin/antidrug.cf. I'm running SA 2.64, so the drugs rules are not a part of the default set, yet they do fire off for MailScanner. It's ignoring only *some* of my rules.. which is what makes this really strange. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 16 01:42:26 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Chris Russell wrote: > >>Hi Matt, >> >> In MailScanner.conf, what is "SpamAssassin Local Rules Dir" set to. >> >> From your email, it should be /etc/mail/spamassassin, if not, set it and see how you get on. > > > Well it's set to an empty string in my config: > SpamAssassin Local Rules Dir = > > I'll try setting it, however I don't think this could possibly be the issue. > Assumption Verified. Setting this does not fix the problem. Upon reading the docs in the MailScanner.conf file, it's redundant to set this. It was worth a shot. The only reason one should ever need to use this option would be to force MS's copy of SA to use a *different* directory than the command line uses. I want my mailscanner to behave more like the spamassassin command-line, not less like it. So, Julian, or anyone else "deep in the know", does MS invoke SA's config parser in some strange way that might limit the number of rules or number of files it can parse? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Sep 16 09:37:11 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: [snip] > > Assumption Verified. Setting this does not fix the problem. > > Upon reading the docs in the MailScanner.conf file, it's redundant to set this. > It was worth a shot. > > The only reason one should ever need to use this option would be to force MS's > copy of SA to use a *different* directory than the command line uses. > > I want my mailscanner to behave more like the spamassassin command-line, not > less like it. > > So, Julian, or anyone else "deep in the know", does MS invoke SA's config parser > in some strange way that might limit the number of rules or number of files it > can parse? Just a small suggestion, what if you "cat lotto.cf >> local.cf (or spam.assassin.prefs.conf)" and test out mailscanner.. won't help you to really solve the problem but will at the least identify if the '.cf' file is not being read at all OR mailscanner can't read the lotto rules. Also check some basic things like ownership / permissions on lotto.cf (already sure you've done that) assuming you are running --lint (or -D) as root and mailscanner as your mta id / group. Hope that helps, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 16 10:56:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:45 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: Jules OK done the upgrade and whilst fiddling with the rules etc I note the following from the UPGRADE docs.. - A significant amount of core functionality has been moved into plugins. These include, AWL (auto-whitelist), DCC, Pyzor, Razor2, SpamCop reporting and TextCat. For information on configuring these plugins please refer to their individual documentation: perldoc Mail::SpamAssassin::Plugin::* (ie AWL, DCC, etc) - There are now multiple files read to enable plugins in the /etc/mail/spamassassin directory; previously only one, "init.pre" was read. Now both "init.pre", "v310.pre", and any other files ending in ".pre" will be read. As future releases are made, new plugins will be added to new files named according to the release they're added in. so check the v310.pre as well as init.pre for the plugins.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 15 September 2005 14:23 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] ANNOUNCE: SpamAssassin 3.1.0 available! -----BEGIN PGP SIGNED MESSAGE----- On 15 Sep 2005, at 10:21, Dhawal Doshy wrote: > Pentland G. wrote: > >> Funny enough I was just installing it on one of my new machines. >> CPAN install, Net::Ident isn't happy. >> Linux, RHEL4-U1-i386 on Dell 2850. >> Anyone else seen this? >> > > This has been discussed before on the sa-users list.. the solution > is to ignore it since it's an optional module.. > > Anyways here's my report in 3.1 as related to MailScanner. Comment > out the following in spam.assassin.prefs.conf > > RCVD_IN_RSL [no more used in 20_dnsbl_tests.cf] > use_auto_whitelist [replaced with loadplugin > Mail::SpamAssassin::Plugin::AWL in v310.pre] Yes, that is no longer needed/wanted. Does anyone know why init.pre does not include these lines: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL Without them, these features aren't enabled at all, which will badly hit your spam success rate (particularly URIDNSBL). And I've checked nothing else does them by default. Unless you add these lines, the module s' code isn't loaded, the last-access datestamp on the files isn't touched. So nothing is reading them without this addition. Can someone add this to the wiki please? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQyl1xfw32o+k+q+hAQGnkQf8CD/1OVoz32aeCGkhb2/OxODKcJlB6P1E AeQdrmZRfsCda9VnUwkVqrxbkpqAxaDvEkdPDIHhpzNxZWIsKD5yw4/ZlBKo8qHV 2k+gbMBNb9eyMHiGvHIlq0QsOExL/M7wmJM/8fxjWfBzwcl9lGryV71XiizJdO8O hqxaUsUh2bg9D0e81ZqHcD362IY1aJOADs6KLUUhDZnOi5Lc0cMyL8zlwtdcmwZB FzEbNqIYqAKMh3zy6k2JEg0BQOz3OO8GqF6ymVyhl6JxXiFdoDZw9/HI4PNr3qPi 3FoH+OfROoIGocCH3qubXldlh/roiJEjimGLDfP2N4pPqUzi9soIBw== =S6gD -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From djart at LINUX.GR Fri Sep 16 12:34:42 2005 From: djart at LINUX.GR (Thanos Kyritsis) Date: Thu Jan 12 21:30:45 2006 Subject: Possible content in the MailScanner headers (help from developers probably needed) Message-ID: [ The following text is in the "iso-8859-7" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I would like, if possible, to point me to a detailed description of the possbile content in the MailScanner headers. I'll explain why. Recently Kmail added an extra fancy header that displays a nice little bar showing the spamassassin score found in the headers of e-mails. It goes from left to right / green - yellow - red, depending on SA score :) I filled in a wish feature report in the Kmail bugzilla asking from kmail developers to also "grep" for SA-through-Mailscanner score headers and display that information on the fancy bar. You can find it here: http://bugs.kde.org/show_bug.cgi?id=102856 I got a respond saying that the kmail developer would like to see detailed description of the possible mailscanner headers before he can proceed to provide a serious implementation. Thanks in advance for any help. -- Kyritsis Athanasios - What's your ONE purpose in life ? - To explode, of course! ;-) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Sep 16 14:08:32 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:45 2006 Subject: MS 4.45.4, SA 3.1, uninitialized variables Message-ID: Julian, After having upgraded to SpamAssassin 3.1 and tweaked my init.pre files per your install.sh script and list advice from yesterday, I ran MailScanner in debug mode this morning. Yipes!! Complaints about "Use of uninitialized value" from various MailScanner files! Methinks, not good. Attached are my debug output and the output of "MailScanner -v". Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (charset: ISO-8859-1 "Latin 1 (Western ] [ Europe)") (Name: "ms.debug") 8,149 lines. ] [ Unable to print this part. ] [ Part 3, "" Text/PLAIN (Name: "MailScanner.version") 25 lines. ] [ Unable to print this part. ] From stef at L5NET.NET Fri Sep 16 15:00:57 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:45 2006 Subject: MS 4.45.4, SA 3.1, uninitialized variables Message-ID: MailScanner mailing list wrote: > Yipes!! Complaints about "Use of uninitialized value" from various > MailScanner files! Methinks, not good. Attached are my debug output Much the same here. Linux/x86 rather than SunOS/Sparc. I've had to roll back to SA 3.0.4, which runs fine. Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Sep 16 15:07:01 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:45 2006 Subject: Possible content in the MailScanner headers (help from developers probably needed) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 16/09/05, Thanos Kyritsis wrote: > Hello, > > I would like, if possible, to point me to a detailed description of the > possbile content in the MailScanner headers. > > I'll explain why. Recently Kmail added an extra fancy header that > displays a nice little bar showing the spamassassin score found in the > headers of e-mails. It goes from left to right / green - yellow - red, > depending on SA score :) > > I filled in a wish feature report in the Kmail bugzilla asking from > kmail developers to also "grep" for SA-through-Mailscanner score > headers and display that information on the fancy bar. > > You can find it here: http://bugs.kde.org/show_bug.cgi?id=102856 > > I got a respond saying that the kmail developer would like to see > detailed description of the possible mailscanner headers before he can > proceed to provide a serious implementation. > > Thanks in advance for any help. > -- > Kyritsis Athanasios > > - What's your ONE purpose in life ? > - To explode, of course! ;-) > Stupid questions: What exactly is he looking at for SA headers? The score? What would he be looking at in MS headers? Let alone that some stings are configurable, but think the fun of choosing which stats to display for a message that has passed through a couple of MS gateways... One bar/organization?:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 16 16:03:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:45 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.87 Message-ID: More update fun for people... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli Sent: 16 September 2005 15:47 To: ClamAV Announce Subject: [Clamav-announce] announcing ClamAV 0.87 Dear ClamAV users, ClamAV 0.87 is available for download. This version fixes vulnerabilities in handling of UPX and FSG compressed executables. Support for PE files, Zip and Cabinet archives has been improved and other small bugfixes have been made. The new option "--on-outdated-execute" allows freshclam to run a command when system reports a new engine version. -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Sep 16 16:05:44 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:30:45 2006 Subject: [Clamav-announce] announcing ClamAV 0.87 Message-ID: Installed, running, no problems so far. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: 16 September 2005 16:03 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: FW: [Clamav-announce] announcing ClamAV 0.87 > > More update fun for people... > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf > Of Luca Gibelli > Sent: 16 September 2005 15:47 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.87 > > > Dear ClamAV users, > > ClamAV 0.87 is available for download. > This version fixes vulnerabilities in handling of UPX and FSG > compressed executables. Support for PE files, Zip and Cabinet > archives has been improved and other small bugfixes have been > made. The new option "--on-outdated-execute" > allows freshclam to run a command when system reports a new > engine version. > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus > scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 > 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || > http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From krystalx at gmail.com Fri Sep 16 16:14:02 2005 From: krystalx at gmail.com (Shaun McGuane) Date: Thu Jan 12 21:30:45 2006 Subject: Problems with notifications - can anyone help? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Heya Guys, Was wondering if someone can help me. I dont know if this will work or not but have had a go at it. I setup my own html notifications and put them under a subdirectory under the reports directory. One of the example reports was error-filename-notification.html I then went into mailscanner config and redirected the error.filename.notification.txt to the html file. However i am not receiving the notifications even though i have gone through the configuration file twice and still beleive all the notifications i need are turned on. Any help would be appreciated. Thanks Shaun McGuane MailShield http://www.mailshield.com.au ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 16 16:32:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:45 2006 Subject: Problems with notifications - can anyone help? Message-ID: Shaun Ok, pop up the appropriate bits of the MailScanner.conf you've modified can you -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Shaun McGuane Sent: 16 September 2005 16:14 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Problems with notifications - can anyone help? Heya Guys, Was wondering if someone can help me. I dont know if this will work or not but have had a go at it. I setup my own html notifications and put them under a subdirectory under the reports directory. One of the example reports was error-filename-notification.html I then went into mailscanner config and redirected the error.filename.notification.txt to the html file. However i am not receiving the notifications even though i have gone through the configuration file twice and still beleive all the notifications i need are turned on. Any help would be appreciated. Thanks Shaun McGuane MailShield http://www.mailshield.com.au ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 16 16:45:11 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > > Just a small suggestion, what if you "cat lotto.cf >> local.cf (or > spam.assassin.prefs.conf)" and test out mailscanner.. won't help you to > really solve the problem but will at the least identify if the '.cf' > file is not being read at all OR mailscanner can't read the lotto rules. I tried making ALL my rules into one file. I moved all my .cf files out and did: cat * >> /etc/mail/spamassassin/monolithic.cf and then reloaded mailscanner. Still the problem persists. SA honors the lotto rules, mailscanner does not > > Also check some basic things like ownership / permissions on lotto.cf > (already sure you've done that) I checked all that, everything is world readable. Currently: # ls -l /etc/mail/spamassassin/ total 352 -rw-r--r-- 1 root root 353254 Sep 16 11:31 monolithic.cf # > assuming you are running --lint (or -D) >> as root and mailscanner as your mta id / group. Actually, I'm running both as root, which is typical in a sendmail environment. # ps xu |grep MailScanner root 9890 0.0 3.3 22180 17420 ? S 11:29 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 16 16:58:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: Matt In MailScanner.conf check SpamAssassin Site Rules Dir is set properly.. SpamAssassin Site Rules Dir = /etc/mail/spamassassin -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: 16 September 2005 16:45 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Some .cf files not being used by SpamAssassin under MailScanner? Dhawal Doshy wrote: > > Just a small suggestion, what if you "cat lotto.cf >> local.cf (or > spam.assassin.prefs.conf)" and test out mailscanner.. won't help you to > really solve the problem but will at the least identify if the '.cf' > file is not being read at all OR mailscanner can't read the lotto rules. I tried making ALL my rules into one file. I moved all my .cf files out and did: cat * >> /etc/mail/spamassassin/monolithic.cf and then reloaded mailscanner. Still the problem persists. SA honors the lotto rules, mailscanner does not > > Also check some basic things like ownership / permissions on lotto.cf > (already sure you've done that) I checked all that, everything is world readable. Currently: # ls -l /etc/mail/spamassassin/ total 352 -rw-r--r-- 1 root root 353254 Sep 16 11:31 monolithic.cf # > assuming you are running --lint (or -D) >> as root and mailscanner as your mta id / group. Actually, I'm running both as root, which is typical in a sendmail environment. # ps xu |grep MailScanner root 9890 0.0 3.3 22180 17420 ? S 11:29 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Sep 16 16:45:41 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler spake the following on 9/15/2005 5:28 PM: > Chris Russell wrote: > >>Hi Matt, >> >> In MailScanner.conf, what is "SpamAssassin Local Rules Dir" set to. >> >> From your email, it should be /etc/mail/spamassassin, if not, set it and see how you get on. > > > Well it's set to an empty string in my config: > SpamAssassin Local Rules Dir = > > I'll try setting it, however I don't think this could possibly be the issue. > > After all, I can conclusively prove it's parsing some of the rule files in > /etc/mail/spamassassin/, as it uses /etc/mail/spamassassin/antidrug.cf. I'm > running SA 2.64, so the drugs rules are not a part of the default set, yet they > do fire off for MailScanner. > > It's ignoring only *some* of my rules.. which is what makes this really strange. > I do believe some of the rules in antidrug are integrated into spamassassin as of 3.0.0, so that might be adding to the confusion. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 16 17:09:22 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Dhawal Doshy wrote: > >>Just a small suggestion, what if you "cat lotto.cf >> local.cf (or >>spam.assassin.prefs.conf)" and test out mailscanner.. won't help you to >>really solve the problem but will at the least identify if the '.cf' >>file is not being read at all OR mailscanner can't read the lotto rules. > > > I tried making ALL my rules into one file. I moved all my .cf files out and did: > > cat * >> /etc/mail/spamassassin/monolithic.cf > > and then reloaded mailscanner. > > Still the problem persists. SA honors the lotto rules, mailscanner does not Some more follow-up on this. I can verify MS is parsing monolithic.cf, and I can verify it's not aborting somewhere in the file prior to hitting my lotto rules. I found two rules that are working: EVI_OPAL and BLACK_URI_RBL. L_LUCKYDAY is not working. EVI_OPAL works, declared on line 5015 L_LUCKYDAY ignored, declared on line 6066 BLACK_URI_RBL works, declared line 6225 However, I did another test... I can now verify that all the plain body rules in monolithic.cf seem to be ignored, but all the header rules are running. The drugs rules run as well, but they are meta tests.. But spamassassin commandline runs them all just fine. SA: X-Spam-Status: Yes, hits=6.2 required=5.0 tests=BAYES_44, INFO_GREYLIST_NOTDELAYED,LOCAL_EBAY_ACCOUNT,LOCAL_FPGA,LOCAL_ROLAX, L_LUCKYDAY,NO_REAL_NAME,ROLEX_BODY,ROLEX_OBFU,SARE_ENLRGYOUR autolearn=no version=2.64 MS: X-EVI-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.158, required 5, BAYES_40 -0.00, INFO_GREYLIST_NOTDELAYED -0.00, NO_REAL_NAME 0.16) SARE_ENLRGYOUR is one of the earliest body rules, declared on line 113. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 16 17:10:00 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Matt > > In MailScanner.conf check SpamAssassin Site Rules Dir is set properly.. > > SpamAssassin Site Rules Dir = /etc/mail/spamassassin Already suggested, already tried, and it would be reudndant to do that anyway. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 16 17:13:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > I do believe some of the rules in antidrug are integrated into > spamassassin as of 3.0.0, so that might be adding to the confusion. Yes, I know.. I'm the *author* of antidrug. :) I'm running SA 2.64, which doesn't include those rules. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 16 17:14:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: Sorry - joined halfway down the thread.. And spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf -D --lint gives not clues? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: 16 September 2005 17:10 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Some .cf files not being used by SpamAssassin under MailScanner? Martin Hepworth wrote: > Matt > > In MailScanner.conf check SpamAssassin Site Rules Dir is set properly.. > > SpamAssassin Site Rules Dir = /etc/mail/spamassassin Already suggested, already tried, and it would be reudndant to do that anyway. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Sep 16 16:49:00 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler spake the following on 9/15/2005 5:42 PM: > Matt Kettler wrote: > >>Chris Russell wrote: >> >> >>>Hi Matt, >>> >>>In MailScanner.conf, what is "SpamAssassin Local Rules Dir" set to. >>> >>>From your email, it should be /etc/mail/spamassassin, if not, set it and see how you get on. >> >> >>Well it's set to an empty string in my config: >>SpamAssassin Local Rules Dir = >> >>I'll try setting it, however I don't think this could possibly be the issue. >> > > > Assumption Verified. Setting this does not fix the problem. > > Upon reading the docs in the MailScanner.conf file, it's redundant to set this. > It was worth a shot. > > The only reason one should ever need to use this option would be to force MS's > copy of SA to use a *different* directory than the command line uses. > > I want my mailscanner to behave more like the spamassassin command-line, not > less like it. I don't think this is possible, but you can get the command line to perform like MailScanner by using; spamassassin -D --lint -p /path/to/spam.assassin.prefs.conf so both load using the same configuration. > > So, Julian, or anyone else "deep in the know", does MS invoke SA's config parser > in some strange way that might limit the number of rules or number of files it > can parse? > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 16 19:39:43 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > Sorry - joined halfway down the thread.. > > And > > spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf -D --lint > > gives not clues? That does give some hints.. apparently I have a config bug that was covered up by root's user_prefs. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 16 19:47:55 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Martin Hepworth wrote: > >>Sorry - joined halfway down the thread.. >> >>And >> >>spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf -D --lint >> >>gives not clues? > > > That does give some hints.. apparently I have a config bug that was covered up > by root's user_prefs. > Martin, thanks a ton.. Thanks to you I found the problem and have fixed it. Usually I keep root's user_prefs and spam.assassin.prefs.conf in-sync, so they have the same content. I do this all the time, EXCEPT when I'm testing rules.. then I add them to root's user_prefs, then later add them to a .cf file in /etc/mail/spamassassin. In this case, one of my 419 scam rules got corrupted by my copy-paste. However, I left the correct copy in root's user_prefs. Running spamassassin --lint as root caused user_prefs to over-write the corrupted rule, and no problem was visible. However, adding -p made the problem obvious, as spam.assassin.prefs.conf didn't have the "fix" in it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From binaryflow at gmail.com Fri Sep 16 20:28:59 2005 From: binaryflow at gmail.com (Douglas Ward) Date: Thu Jan 12 21:30:45 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] After building a new MailScanner gateway I have run into the following problems: 1) All traffic across the gateway gets tagged with a BitDefender.txt attachment that reads as follows: -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/ 2) Legitimate e-mail is at times having the tag [spam] added to the beginning of the subject line. Has anyone seen this before? This didn't show up on the MailScanner archives or in a google search. Our second gateway doesn't do this so it must be something I did differently when I set it up. I'm stumped and would appreciate any help you could offer. Thanks! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevins at BMRB.CO.UK Fri Sep 16 21:35:36 2005 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:30:45 2006 Subject: BitDefender.txt and [spam] tag Message-ID: My guess is that you are using BitDefender's mail scanning product by mistake rather than the command line file scanner. Thats not a message applied by MailScanner. On Fri, 2005-09-16 at 15:28 -0400, Douglas Ward wrote: > After building a new MailScanner gateway I have run into the following > problems: > > 1) All traffic across the gateway gets tagged with a BitDefender.txt > attachment that reads as follows: > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://linux.bitdefender.com/ > > 2) Legitimate e-mail is at times having the tag [spam] added to the > beginning of the subject line. > > Has anyone seen this before? This didn't show up on the MailScanner > archives or in a google search. Our second gateway doesn't do this so > it must be something I did differently when I set it up. I'm stumped > and would appreciate any help you could offer. Thanks! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ================================================================= BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Sep 16 22:52:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler spake the following on 9/16/2005 8:45 AM: > Dhawal Doshy wrote: > >>Just a small suggestion, what if you "cat lotto.cf >> local.cf (or >>spam.assassin.prefs.conf)" and test out mailscanner.. won't help you to >>really solve the problem but will at the least identify if the '.cf' >>file is not being read at all OR mailscanner can't read the lotto rules. > > > I tried making ALL my rules into one file. I moved all my .cf files out and did: > > cat * >> /etc/mail/spamassassin/monolithic.cf > > and then reloaded mailscanner. > > Still the problem persists. SA honors the lotto rules, mailscanner does not > > >>Also check some basic things like ownership / permissions on lotto.cf >>(already sure you've done that) > > > I checked all that, everything is world readable. > > Currently: > # ls -l /etc/mail/spamassassin/ > total 352 > -rw-r--r-- 1 root root 353254 Sep 16 11:31 monolithic.cf > # > > > >>assuming you are running --lint (or -D) >> >>>as root and mailscanner as your mta id / group. > > > Actually, I'm running both as root, which is typical in a sendmail environment. > > > # ps xu |grep MailScanner > root 9890 0.0 3.3 22180 17420 ? S 11:29 0:00 /usr/bin/perl > -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf > > > Do you have any rule names over I believe 22 or 26 characters? That seems to be a limit I ran into a while back. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From binaryflow at gmail.com Sat Sep 17 04:09:13 2005 From: binaryflow at gmail.com (Douglas Ward) Date: Thu Jan 12 21:30:45 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You are probably right. The command line scanner never worked so BitDefender's Technical Support suggested that I download this software to use with MailScanner. With that in mind, does anyone know how to disable this setting? Thanks! On 9/16/05, Kevin Spicer wrote: My guess is that you are using BitDefender's mail scanning product by mistake rather than the command line file scanner. Thats not a message applied by MailScanner. On Fri, 2005-09-16 at 15:28 -0400, Douglas Ward wrote: > After building a new MailScanner gateway I have run into the following > problems: > > 1) All traffic across the gateway gets tagged with a BitDefender.txt > attachment that reads as follows: > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://linux.bitdefender.com/ > > 2) Legitimate e-mail is at times having the tag [spam] added to the > beginning of the subject line. > > Has anyone seen this before? This didn't show up on the MailScanner > archives or in a google search. Our second gateway doesn't do this so > it must be something I did differently when I set it up. I'm stumped > and would appreciate any help you could offer. Thanks! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). > > Support MailScanner development - buy the book off the website! ================================================================= BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Sat Sep 17 04:20:45 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:45 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why the command line never worked? Mailscanner uses the bdc (bitdefender console) for scanning. I'm using it on FreeBSD 5.4 too. Does it return error on the lib? At least, on FreeBSD 5.4, bdc needs libm.so.2. I need to install compat4x to bypass the error. May be it's the same error to you. Post out the error so that other people can help you. When you run Mailscanner, no need to have scanner for mail server. Cheers Raylund Douglas Ward wrote: > You are probably right. The command line scanner never worked so > BitDefender's Technical Support suggested that I download this > software to use with MailScanner. With that in mind, does anyone know > how to disable this setting? Thanks! > > On 9/16/05, *Kevin Spicer* > wrote: > > My guess is that you are using BitDefender's mail scanning product by > mistake rather than the command line file scanner. Thats not a > message > applied by MailScanner. > > > On Fri, 2005-09-16 at 15:28 -0400, Douglas Ward wrote: > > After building a new MailScanner gateway I have run into the > following > > problems: > > > > 1) All traffic across the gateway gets tagged with a BitDefender.txt > > attachment that reads as follows: > > > > -- > > This message was scanned for spam and viruses by BitDefender. > > For more information please visit http://linux.bitdefender.com/ > > > > 2) Legitimate e-mail is at times having the tag [spam] added to the > > beginning of the subject line. > > > > Has anyone seen this before? This didn't show up on the > MailScanner > > archives or in a google search. Our second gateway doesn't do > this so > > it must be something I did differently when I set it up. I'm > stumped > > and would appreciate any help you could offer. Thanks! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html > ). > > > > Support MailScanner development - buy the book off the website! > > ================================================================= > > BMRB > http://www.bmrb.co.uk > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB Limited accepts no liability > in relation to any personal emails, or content of any email which > does not directly relate to our business. > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Sat Sep 17 01:09:18 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:30:45 2006 Subject: "not a defined route"? Message-ID: Hi What does this line mean? Sep 17 01:55:31 scanner2 milter-ahead[2405]: 03842 j8GNtGCf021585: rcpt_host='mail.agermose.dk' is not a defined route, skipping Mvh Jan ________________________________________________________________________________ [logo_conviator.gif] Jan Agermose CEO Conviator Tel. +45 35 266 460 Bliv SPAMfri.nu ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "logo_conviator.gif" Image/GIF 732bytes. ] [ Unable to print this part. ] From michael at NOMENNESCIO.NET Sat Sep 17 08:12:13 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:30:45 2006 Subject: "not a defined route"? Message-ID: It means that there is not a route in /etc/mail/mailertable, since it probably is not a domain for which you handle e-mail. Since it’s an unknown route, no call-ahead (milter-ahead) is performed. It’s a harmless logging of milter-ahead. It has nothing to do with MailScanner. Regards, Mike. ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan Agermose Sent: zaterdag 17 september 2005 02:09 To: MAILSCANNER@JISCMAIL.AC.UK Subject: "not a defined route"? Hi What does this line mean? Sep 17 01:55:31 scanner2 milter-ahead[2405]: 03842 j8GNtGCf021585: rcpt_host='mail.agermose.dk' is not a defined route, skipping Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Bliv SPAMfri.nu ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "image001.gif" Image/GIF 732bytes. ] [ Unable to print this part. ] From dhawal at NETMAGICSOLUTIONS.COM Sat Sep 17 09:44:04 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:45 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >>> >>>spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf -D --lint >>> >> >>That does give some hints.. apparently I have a config bug that was covered up >>by root's user_prefs. > > Martin, thanks a ton.. Thanks to you I found the problem and have fixed it. > > Usually I keep root's user_prefs and spam.assassin.prefs.conf in-sync, so they > have the same content. To avoid such situations in future, recommended (or debatable) method is softlinking your spam.assassin.prefs.conf to /etc/mail/spamassassin/local.cf (or wherever your local.cf exists) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Sat Sep 17 13:04:36 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:45 2006 Subject: "not a defined route"? Message-ID: Jan, It simply means that milter-ahead is not used on that domain, Best regards, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jan Agermose Sent: Friday, September 16, 2005 8:09 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: "not a defined route"? Hi What does this line mean? Sep 17 01:55:31 scanner2 milter-ahead[2405]: 03842 j8GNtGCf021585: rcpt_host='mail.agermose.dk' is not a defined route, skipping Mvh Jan ________________________________________________________________________________ [IMAGE] Jan Agermose CEO Conviator Tel. +45 35 266 460 Bliv SPAMfri.nu ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/GIF 732bytes. ] [ Unable to print this part. ] From binaryflow at gmail.com Sat Sep 17 21:30:10 2005 From: binaryflow at gmail.com (Douglas Ward) Date: Thu Jan 12 21:30:46 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It was an error in some dll file every time you tried to update BitDefender. I posted the question to this list back then and eventually worked with BitDefender's technical support for a resolution. I've sent them another e-mail about this and am waiting for the answer. I was hoping that someone on the list would have run into it before though. Thanks! On 9/16/05, Raylund Lai wrote: Why the command line never worked? Mailscanner uses the bdc (bitdefender console) for scanning. I'm using it on FreeBSD 5.4 too. Does it return error on the lib? At least, on FreeBSD 5.4, bdc needs libm.so.2. I need to install compat4x to bypass the error. May be it's the same error to you. Post out the error so that other people can help you. When you run Mailscanner, no need to have scanner for mail server. Cheers Raylund Douglas Ward wrote: > You are probably right. The command line scanner never worked so > BitDefender's Technical Support suggested that I download this > software to use with MailScanner. With that in mind, does anyone know > how to disable this setting? Thanks! > > On 9/16/05, *Kevin Spicer* > wrote: > > My guess is that you are using BitDefender's mail scanning product by > mistake rather than the command line file scanner. Thats not a > message > applied by MailScanner. > > > On Fri, 2005-09-16 at 15:28 -0400, Douglas Ward wrote: > > After building a new MailScanner gateway I have run into the > following > > problems: > > > > 1) All traffic across the gateway gets tagged with a BitDefender.txt > > attachment that reads as follows: > > > > -- > > This message was scanned for spam and viruses by BitDefender. > > For more information please visit http://linux.bitdefender.com/ > > > > 2) Legitimate e-mail is at times having the tag [spam] added to the > > beginning of the subject line. > > > > Has anyone seen this before? This didn't show up on the > MailScanner > > archives or in a google search. Our second gateway doesn't do > this so > > it must be something I did differently when I set it up. I'm > stumped > > and would appreciate any help you could offer. Thanks! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html > ). > > > > Support MailScanner development - buy the book off the website! > > ================================================================= > > BMRB > http://www.bmrb.co.uk > _________________________________________________________________ > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance on it is prohibited. BMRB Limited accepts no liability > in relation to any personal emails, or content of any email which > does not directly relate to our business. > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/ ) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Sat Sep 17 22:25:25 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:46 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You mean BitDefender on a "Windows" mail server? Douglas Ward wrote: > It was an error in some dll file every time you tried to update > BitDefender. I posted the question to this list back then and > eventually worked with BitDefender's technical support for a > resolution. I've sent them another e-mail about this and am waiting > for the answer. I was hoping that someone on the list would have run > into it before though. Thanks! > > On 9/16/05, *Raylund Lai* > wrote: > > Why the command line never worked? Mailscanner uses the bdc > (bitdefender console) for scanning. I'm using it on FreeBSD 5.4 too. > > Does it return error on the lib? At least, on FreeBSD 5.4, bdc needs > libm.so.2. I need to install compat4x to bypass the error. May > be it's > the same error to you. > > Post out the error so that other people can help you. When you run > Mailscanner, no need to have scanner for mail server. > > Cheers > Raylund > > Douglas Ward wrote: > > You are probably right. The command line scanner never worked so > > BitDefender's Technical Support suggested that I download this > > software to use with MailScanner. With that in mind, does > anyone know > > how to disable this setting? Thanks! > > > > On 9/16/05, *Kevin Spicer* > > >> wrote: > > > > My guess is that you are using BitDefender's mail scanning > product by > > mistake rather than the command line file scanner. Thats not a > > message > > applied by MailScanner. > > > > > > On Fri, 2005-09-16 at 15:28 -0400, Douglas Ward wrote: > > > After building a new MailScanner gateway I have run into the > > following > > > problems: > > > > > > 1) All traffic across the gateway gets tagged with a > BitDefender.txt > > > attachment that reads as follows: > > > > > > -- > > > This message was scanned for spam and viruses by BitDefender. > > > For more information please visit > http://linux.bitdefender.com/ > > > > > > 2) Legitimate e-mail is at times having the tag [spam] > added to the > > > beginning of the subject line. > > > > > > Has anyone seen this before? This didn't show up on the > > MailScanner > > > archives or in a google search. Our second gateway doesn't do > > this so > > > it must be something I did differently when I set it up. I'm > > stumped > > > and would appreciate any help you could offer. Thanks! > > > > > > ------------------------ MailScanner list > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > > > and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html > > > ). > > > > > > Support MailScanner development - buy the book off the > website! > > > > > ================================================================= > > > > BMRB > > http://www.bmrb.co.uk > > > > _________________________________________________________________ > > This message (and any attachment) is intended only for the > > recipient and may contain confidential and/or privileged > > material. If you have received this in error, please > contact the > > sender and delete this message immediately. Disclosure, copying > > or other action taken in respect of this email or in > > reliance on it is prohibited. BMRB Limited accepts no liability > > in relation to any personal emails, or content of any email > which > > does not directly relate to our business. > > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > ------------------------ MailScanner list > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/ > ) and > > the archives ( > http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html > ). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From binaryflow at gmail.com Sat Sep 17 22:28:48 2005 From: binaryflow at gmail.com (Douglas Ward) Date: Thu Jan 12 21:30:46 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, it us BitDefender on a Mandrake LE 2005 server. I couldn't get past the Error in update dll message when I tried to update BitDefender. On 9/17/05, Raylund Lai wrote: You mean BitDefender on a "Windows" mail server? Douglas Ward wrote: > It was an error in some dll file every time you tried to update > BitDefender. I posted the question to this list back then and > eventually worked with BitDefender's technical support for a > resolution. I've sent them another e-mail about this and am waiting > for the answer. I was hoping that someone on the list would have run > into it before though. Thanks! > > On 9/16/05, *Raylund Lai* > wrote: > > Why the command line never worked? Mailscanner uses the bdc > (bitdefender console) for scanning. I'm using it on FreeBSD 5.4 too. > > Does it return error on the lib? At least, on FreeBSD 5.4, bdc needs > libm.so.2. I need to install compat4x to bypass the error. May > be it's > the same error to you. > > Post out the error so that other people can help you. When you run > Mailscanner, no need to have scanner for mail server. > > Cheers > Raylund > > Douglas Ward wrote: > > You are probably right. The command line scanner never worked so > > BitDefender's Technical Support suggested that I download this > > software to use with MailScanner. With that in mind, does > anyone know > > how to disable this setting? Thanks! > > > > On 9/16/05, *Kevin Spicer* > > >> wrote: > > > > My guess is that you are using BitDefender's mail scanning > product by > > mistake rather than the command line file scanner. Thats not a > > message > > applied by MailScanner. > > > > > > On Fri, 2005-09-16 at 15:28 -0400, Douglas Ward wrote: > > > After building a new MailScanner gateway I have run into the > > following > > > problems: > > > > > > 1) All traffic across the gateway gets tagged with a > BitDefender.txt > > > attachment that reads as follows: > > > > > > -- > > > This message was scanned for spam and viruses by BitDefender. > > > For more information please visit > http://linux.bitdefender.com/ > > > > > > 2) Legitimate e-mail is at times having the tag [spam] > added to the > > > beginning of the subject line. > > > > > > Has anyone seen this before? This didn't show up on the > > MailScanner > > > archives or in a google search. Our second gateway doesn't do > > this so > > > it must be something I did differently when I set it up. I'm > > stumped > > > and would appreciate any help you could offer. Thanks! > > > > > > ------------------------ MailScanner list > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > > > and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html > > > < http://www.jiscmail.ac.uk/lists/mailscanner.html>). > > > > > > Support MailScanner development - buy the book off the > website! > > > > > ================================================================= > > > > BMRB > > http://www.bmrb.co.uk < http://www.bmrb.co.uk > > > > > _________________________________________________________________ > > This message (and any attachment) is intended only for the > > recipient and may contain confidential and/or privileged > > material. If you have received this in error, please > contact the > > sender and delete this message immediately. Disclosure, copying > > or other action taken in respect of this email or in > > reliance on it is prohibited. BMRB Limited accepts no liability > > in relation to any personal emails, or content of any email > which > > does not directly relate to our business. > > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > ------------------------ MailScanner list > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/ > ) and > > the archives ( > http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html > ). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/ ) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Sat Sep 17 22:40:41 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:30:46 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are you using BitDefender-Console-Antivirus-7.0.1-3.linux, aren't you? Mailscanner will autoupdate all found virus scanners with its update_virus_scanners cron job. And the error should be returned in mail log. You don't need to run anything for the update from BitDefender. Please check all your installation and read Mailscanner's Wiki http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install Cheers Raylund Douglas Ward wrote: > No, it us BitDefender on a Mandrake LE 2005 server. I couldn't get > past the Error in update dll message when I tried to update BitDefender. > > On 9/17/05, *Raylund Lai* > wrote: > > You mean BitDefender on a "Windows" mail server? > > Douglas Ward wrote: > > It was an error in some dll file every time you tried to update > > BitDefender. I posted the question to this list back then and > > eventually worked with BitDefender's technical support for a > > resolution. I've sent them another e-mail about this and am waiting > > for the answer. I was hoping that someone on the list would > have run > > into it before though. Thanks! > > > > On 9/16/05, *Raylund Lai* > > >> wrote: > > > > Why the command line never worked? Mailscanner uses the bdc > > (bitdefender console) for scanning. I'm using it on FreeBSD > 5.4 too. > > > > Does it return error on the lib? At least, on FreeBSD 5.4, > bdc needs > > libm.so.2. I need to install compat4x to bypass the error. May > > be it's > > the same error to you. > > > > Post out the error so that other people can help you. When > you run > > Mailscanner, no need to have scanner for mail server. > > > > Cheers > > Raylund > > > > Douglas Ward wrote: > > > You are probably right. The command line scanner never > worked so > > > BitDefender's Technical Support suggested that I download this > > > software to use with MailScanner. With that in mind, does > > anyone know > > > how to disable this setting? Thanks! > > > > > > On 9/16/05, *Kevin Spicer* > > > > > > > >>> wrote: > > > > > > My guess is that you are using BitDefender's mail scanning > > product by > > > mistake rather than the command line file > scanner. Thats not a > > > message > > > applied by MailScanner. > > > > > > > > > On Fri, 2005-09-16 at 15:28 -0400, Douglas Ward wrote: > > > > After building a new MailScanner gateway I have run > into the > > > following > > > > problems: > > > > > > > > 1) All traffic across the gateway gets tagged with a > > BitDefender.txt > > > > attachment that reads as follows: > > > > > > > > -- > > > > This message was scanned for spam and viruses by > BitDefender. > > > > For more information please visit > > http://linux.bitdefender.com/ > > > > > > > > 2) Legitimate e-mail is at times having the tag [spam] > > added to the > > > > beginning of the subject line. > > > > > > > > Has anyone seen this before? This didn't show up on the > > > MailScanner > > > > archives or in a google search. Our second gateway > doesn't do > > > this so > > > > it must be something I did differently when I set it > up. I'm > > > stumped > > > > and would appreciate any help you could offer. Thanks! > > > > > > > > ------------------------ MailScanner list > > ------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > > > > > > >> with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki ( > http://wiki.mailscanner.info/) > > > > and the archives > > > (http://www.jiscmail.ac.uk/lists/mailscanner.html > > > > > > < http://www.jiscmail.ac.uk/lists/mailscanner.html>). > > > > > > > > Support MailScanner development - buy the book off the > > website! > > > > > > > > > ================================================================= > > > > > > BMRB > > > http://www.bmrb.co.uk < http://www.bmrb.co.uk > > > > > > > > > _________________________________________________________________ > > > This message (and any attachment) is intended only for > the > > > recipient and may contain confidential and/or privileged > > > material. If you have received this in error, please > > contact the > > > sender and delete this message > immediately. Disclosure, copying > > > or other action taken in respect of this email or in > > > reliance on it is prohibited. BMRB Limited accepts no > liability > > > in relation to any personal emails, or content of any > email > > which > > > does not directly relate to our business. > > > > > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > > > ------------------------ MailScanner list > > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > > > > > > >> with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki > (http://wiki.mailscanner.info/ > > ) and > > > the archives ( > > http://www.jiscmail.ac.uk/lists/mailscanner.html) > . > > > > > > Support MailScanner development - buy the book off the > website! > > > > > > > > > > > > ------------------------ MailScanner list > ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > > > and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html > > > ). > > > > > > *Support MailScanner development - buy the book off the > website!* > > > > ------------------------ MailScanner list > ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > > > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/ > ) and > > the archives ( > http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html > ). > > > > *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun Sep 18 00:45:29 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:46 2006 Subject: Pyzor errors Message-ID: Hi all Just installed SA 3.1.0 and it's all running nicely. As Razor and DCC are licensed and not used by default I thought I would give Pyzor a go. It's all installed nicely but it just won't run. Pyzor discover works fine but if i run it from either SA or command line I get: Traceback (most recent call last): File "/usr/local/bin/pyzor", line 4, in ? pyzor.client.run() File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", line 934, in run ExecCall().run() File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", line 188, in run if not apply(dispatch, (self, args)): File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", line 284, in report self.client.report): File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", line 299, in send_digest runner.run(server, (digest, spec, server)) File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", line 725, in run response = apply(self.routine, varargs, kwargs) File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", line 48, in report self.send(msg, address) File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", line 77, in send self.socket.sendto(mac_msg_str, 0, address) socket.error: (13, 'Permission denied') Now clearly the last line is significant. I have run this as root so it's not (Or shouldn't be) a permissions problem with files or directories and as root I shouldn't have issues with binding to low numbered ports, which was one suggestion from Google. Any ideas any one? For the record: FreeBSD 5.4 with python 2.4 and the latest pyzor installed from ports. TIA Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Sun Sep 18 04:16:14 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:30:46 2006 Subject: Scanning Order Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, This is more than likely a question for Julian but I`ll throw it open. Is there a specific reason MailScanner does MCP/Spam checks before AV ? Ok, Reasoning: I was looking into our systems this evening, and from our stats, Pretty much 100% of our virus infected email is simply deleted. For the most part theres very little reason to actually look at these messages as they are often the result of mass-mailing virus's etc. With this in mind, would it be more efficient to virus scan the email first ? This would cut out spam/mcp scanning for infected messages (dependant on the action), and cut down on the number of messages required to be spam/MCP scanned, which seems to take the longest time/ add the most significant load to the process. I've looked into /usr/sbin/MailScanner and thanks to Julian's coding, it doesn't look too difficult to change (** highly preliminary findings here!), so does anyone have any thoughts on whether AV->MCP/SPAM may be a better approach to take ? Cheers, Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Sep 19 02:27:24 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:46 2006 Subject: Scanning Order Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I do not know the answer, but i do know its has been covered heaps and heaps of times. You may find your answer in the list archives? Good luck. Pete Chris Russell wrote: > Hi All, > > This is more than likely a question for Julian but I`ll throw it open. > > Is there a specific reason MailScanner does MCP/Spam checks before AV ? > > Ok, Reasoning: > > I was looking into our systems this evening, and from our stats, Pretty much 100% of our virus infected email is simply deleted. For the most part theres very little reason to actually look at these messages as they are often the result of mass-mailing virus's etc. > > With this in mind, would it be more efficient to virus scan the email first ? This would cut out spam/mcp scanning for infected messages (dependant on the action), and cut down on the number of messages required to be spam/MCP scanned, which seems to take the longest time/ add the most significant load to the process. > > I've looked into /usr/sbin/MailScanner and thanks to Julian's coding, it doesn't look too difficult to change (** highly preliminary findings here!), so does anyone have any thoughts on whether AV->MCP/SPAM may be a better approach to take ? > > Cheers, > > Chris > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Sep 19 09:22:19 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:46 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 17/09/05, Raylund Lai wrote: > Are you using BitDefender-Console-Antivirus-7.0.1-3.linux, aren't you? > Mailscanner will autoupdate all found virus scanners with its > update_virus_scanners cron job. And the error should be returned in > mail log. You don't need to run anything for the update from BitDefender. Well, update_virus_scanners will definitely run bdc --update, so if that borks out, so will the MS update script. ISTR the error to actually mention some dll(!) problem or other, which is rather insane on a linux box:-)... But as said, the very few times I've had this, removing bdc completely and reisntalling/reupdating... I do run bdc on a Mandrake system, although I've let that one stay at 10.1... Hang on I'll try it on a LE05 ... Hmmmm, this doesn't work. If you try for example bdc --info you get a carp about libfn, right? And if you do bdc --update it'll just clain a problem with "finding update dll" (yuk)... This is probably due to some lib being to new or other. Hmmm. I'll have to mull this a bit. > Please check all your installation and read Mailscanner's Wiki > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install Thanks for the plug:). Not much use (yet) for this case, but thanks anyway. > Cheers > Raylund (snipetty-snip) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Sep 19 09:36:15 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:46 2006 Subject: BitDefender.txt and [spam] tag Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 19/09/05, Glenn Steen wrote: > On 17/09/05, Raylund Lai wrote: > > Are you using BitDefender-Console-Antivirus-7.0.1-3.linux, aren't you? > > Mailscanner will autoupdate all found virus scanners with its > > update_virus_scanners cron job. And the error should be returned in > > mail log. You don't need to run anything for the update from BitDefender. > > Well, update_virus_scanners will definitely run bdc --update, so if > that borks out, so will the MS update script. > > ISTR the error to actually mention some dll(!) problem or other, which > is rather insane on a linux box:-)... But as said, the very few times > I've had this, removing bdc completely and reisntalling/reupdating... > I do run bdc on a Mandrake system, although I've let that one stay at > 10.1... Hang on I'll try it on a LE05 ... Hmmmm, this doesn't work. > If you try for example > bdc --info > you get a carp about libfn, right? And if you do > bdc --update > it'll just clain a problem with "finding update dll" (yuk)... This is > probably due to some lib being to new or other. > Hmmm. I'll have to mull this a bit. I just confirmed that this is the exact same problem as the well-known fedora/RHEL4 one, namely that you need install a working libstdc++5 (in parallell with the version 6 one). Simple fix is to urpmi libstdc++5 ... and you are done;-). I'll update the wiki so this is more clear. It's like this for 10.1 too, but I'd just forgotten I'd installed it. Sigh. RALM type of memory there (==Really Agedecrepit Lossy Memory:). > > Please check all your installation and read Mailscanner's Wiki > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install > > Thanks for the plug:). Not much use (yet) for this case, but thanks anyway. > > > Cheers > > Raylund > (snipetty-snip) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Sep 19 10:04:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:46 2006 Subject: ClamAV and SA tarball... Message-ID: Jules Any chance you could update the tarball for ClamAV and SA to include clamav 0.87 rather than 0.86.2 ?? TIA -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at ROGERS.COM Mon Sep 19 12:21:54 2005 From: gdoris at ROGERS.COM (Gerry Doris) Date: Thu Jan 12 21:30:46 2006 Subject: Small Permission Problem Message-ID: Over the weekend I upgraded SpamAssassin and MailWatch. Everything seems to be working properly except for my old permission problem. The permissions on the Bayes files are all root.apache except for bayes_journal. This file is root.root. When I attempt to use MailWatch to make changes to an email I end up with an error message that it was unable to read bayes_journal. I've tried manually changing the permissions back to root.apache but that only solves the problem temporary. It's soon set back to root.root. How can I fix this permanently??? Gerry ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Sep 19 14:00:09 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:46 2006 Subject: Small Permission Problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Gerry Doris wrote: >Over the weekend I upgraded SpamAssassin and MailWatch. Everything >seems to be working properly except for my old permission problem. > >The permissions on the Bayes files are all root.apache except for >bayes_journal. This file is root.root. When I attempt to use MailWatch >to make changes to an email I end up with an error message that it was >unable to read bayes_journal. > >I've tried manually changing the permissions back to root.apache but >that only solves the problem temporary. It's soon set back to >root.root. > >How can I fix this permanently??? > > > I'm trying to remember what I did. I believe all I did was change spam.assassin.prefs.conf to: bayes_path /etc/MailScanner/bayes/bayes bayes_file_mode 0660 I then manually set bayes_journal to 660 and postfix.apache, all the other files in that directory are root.apache. I don't remember doing anything else??? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Sep 19 14:47:31 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:30:46 2006 Subject: Small Permission Problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 19/09/05, Ed Bruce wrote: (snip) > bayes_file_mode 0660 (snip) ISTR Matt Kettler noting that this should really be 0770, not 0660, because it might at some time create a directory... and that would get wrong with that "mask"... Look in the archives if you need better details than my fuzzy memory:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john.clancy at businessworld.ie Mon Sep 19 14:06:59 2005 From: john.clancy at businessworld.ie (John Clancy) Date: Thu Jan 12 21:30:46 2006 Subject: Small Permission Problem Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Gerry Doris wrote: > >> Over the weekend I upgraded SpamAssassin and MailWatch. Everything >> seems to be working properly except for my old permission problem. >> >> The permissions on the Bayes files are all root.apache except for >> bayes_journal. This file is root.root. When I attempt to use >> MailWatch to make changes to an email I end up with an error message >> that it was unable to read bayes_journal. >> >> I've tried manually changing the permissions back to root.apache but >> that only solves the problem temporary. It's soon set back to >> root.root. >> >> How can I fix this permanently??? >> >> >> > I'm trying to remember what I did. I believe all I did was change > spam.assassin.prefs.conf to: > > bayes_path /etc/MailScanner/bayes/bayes > bayes_file_mode 0660 > > I then manually set bayes_journal to 660 and postfix.apache, all the > other files in that directory are root.apache. I don't remember doing > anything else??? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Hi Gerry, I think you need to set the group sticky bit on /etc/MailScanner/bayes after making it owned by root.apache (its been a good while since I did it myself and I *THINK* its something like "chown root:apache /etc/MailScanner/bayes" followed by "chmod g+s /etc/MailScanner/bayes". Also do the bayes_path & bayes_file_mode in spam.assassin.prefs.conf as mentioned by Ed. JC ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Sep 19 16:10:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:46 2006 Subject: Beta 4.46.1 .. Message-ID: All Is it just me or has Jules put up a new beta and not told the list about it...just wondering if I'm loosing messages for some reason?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Mon Sep 19 16:41:27 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:46 2006 Subject: MS 4.45.4, SA 3.1, uninitialized variables - SOLVED Message-ID: MailScanner mailing list wrote: > MailScanner mailing list wrote: >> Yipes!! Complaints about "Use of uninitialized value" from various >> MailScanner files! Methinks, not good. Attached are my debug output > > Much the same here. Linux/x86 rather than SunOS/Sparc. I've > had to roll back to SA 3.0.4, which runs fine. > In my case this turns out to be caused from adding loadplugin Mail::SpamAssassin::Plugin::RelayCountry into init.pre With this plugin loaded, I'm not seeing nice "SpamAssassin returned 0" messages in my log files (debug mode) so I'm (inexpertly and randomly) guessing the uninitialised variable is the SA return code. Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Sep 19 16:44:37 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:46 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > > To avoid such situations in future, recommended (or debatable) method is > softlinking your spam.assassin.prefs.conf to > /etc/mail/spamassassin/local.cf (or wherever your local.cf exists) ABSOLUTELY NOT! 1) If you link it to local.cf it will be parsed twice when mailscanner runs. If that's what you want to do, you'd be better off moving spam.assasin.prefs.conf to local.cf and not having spam.assassin.prefs.conf at all. Softlink your spam.assassin.prefs.conf to a user_prefs file, not a local.cf. 2) in my case, if I'd softlinked it to local.cf, the problem still would have been undetected. The problem was "fixed" by the content of root's user_prefs file. It was not a problem in spam.assassin.prefs.conf itself, but the lack of reading root's user_prefs that made the problem visible. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Sep 19 16:57:52 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:46 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Dhawal Doshy wrote: > > >>To avoid such situations in future, recommended (or debatable) method is >>softlinking your spam.assassin.prefs.conf to >>/etc/mail/spamassassin/local.cf (or wherever your local.cf exists) > > ABSOLUTELY NOT! > > 1) If you link it to local.cf it will be parsed twice when mailscanner runs. > If that's what you want to do, you'd be better off moving > spam.assasin.prefs.conf to local.cf and not having spam.assassin.prefs.conf at > all. Softlink your spam.assassin.prefs.conf to a user_prefs file, not a local.cf. > > 2) in my case, if I'd softlinked it to local.cf, the problem still would have > been undetected. The problem was "fixed" by the content of root's user_prefs > file. It was not a problem in spam.assassin.prefs.conf itself, but the lack of > reading root's user_prefs that made the problem visible. Indeed, that's why i mentioned 'debatable'. Thanks for the clarification. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Sep 19 17:04:12 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:46 2006 Subject: Some .cf files not being used by SpamAssassin under MailScanner? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Matt Kettler wrote: > >> Dhawal Doshy wrote: >> >> >>> To avoid such situations in future, recommended (or debatable) method is >>> softlinking your spam.assassin.prefs.conf to >>> /etc/mail/spamassassin/local.cf (or wherever your local.cf exists) >> >> >> ABSOLUTELY NOT! > > Indeed, that's why i mentioned 'debatable'. Thanks for the clarification. > I would say it's not even debatable, it's downright wrong, although it has good intentions. That said, linking your spam.assassin.prefs.conf to root's user_prefs, or something of the sort, can prevent this problem, and doesn't cause double-parsing. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 19 11:14:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: MS 4.45.4, SA 3.1, uninitialized variables Message-ID: On 16 Sep 2005, at 15:00, Stef Morrell wrote: > MailScanner mailing list wrote: > >> Yipes!! Complaints about "Use of uninitialized value" from various >> MailScanner files! Methinks, not good. Attached are my debug output >> > > Much the same here. Linux/x86 rather than SunOS/Sparc. I've had to > roll > back to SA 3.0.4, which runs fine. I will put out a beta in a few minutes that fixed this. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 19 11:34:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: Release beta 4.46.1 Message-ID: I have just released 4.46.1. This is primarily to give you nice silent operation with SpamAssassin 3.1. The install-Clam-SA.tar.gz has also been rebuilt to provide the latest versions of ClamAV and SpamAssassin. This is the easiest way to install SpamAssassin. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 19 11:21:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: ClamAV and SA tarball... Message-ID: Done. On 19 Sep 2005, at 10:04, Martin Hepworth wrote: > Jules > > Any chance you could update the tarball for ClamAV and SA to > include clamav > 0.87 rather than 0.86.2 ?? > > TIA > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 19 19:36:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: Beta 4.46.1 .. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wonder what happened to that mail? I hope this one has more success, or else I've got trouble with my SMTP server (am testing a new one at the moment). I did post that I had released it. It's mostly to quieten MailScanner when run in Debug mode with SpamAssassin 3.1.0. Martin Hepworth wrote: >All >Is it just me or has Jules put up a new beta and not told the list about >it...just wondering if I'm loosing messages for some reason?? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 19 19:38:56 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: MS 4.45.4, SA 3.1, uninitialized variables - SOLVED Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stef Morrell wrote: >MailScanner mailing list wrote: > > >>MailScanner mailing list wrote: >> >> >>> Yipes!! Complaints about "Use of uninitialized value" from various >>>MailScanner files! Methinks, not good. Attached are my debug output >>> >>> >>Much the same here. Linux/x86 rather than SunOS/Sparc. I've >>had to roll back to SA 3.0.4, which runs fine. >> >> >> > >In my case this turns out to be caused from adding > >loadplugin Mail::SpamAssassin::Plugin::RelayCountry > >into init.pre > >With this plugin loaded, I'm not seeing nice "SpamAssassin returned 0" >messages in my log files (debug mode) so I'm (inexpertly and randomly) >guessing the uninitialised variable is the SA return code. > This is fixed in the new beta I released this morning. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 19 20:08:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: Beta 4.46.1 .. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My list postings appear to be getting lost. I released 4.46.1 this morning to alleviate problems with SpamAssassin 3.1.0 so everything is quiet again now. Download from www.mailscanner.info as usual. Martin Hepworth wrote: >All >Is it just me or has Jules put up a new beta and not told the list about >it...just wondering if I'm loosing messages for some reason?? > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQy8MrBH2WUcUFbZUEQKfUQCfX6Oyc9RvPYBVgf1TqmB/8+1tRIQAn2wD QX9ZoqvlJAq+Cr/f2MF+zOwK =CHlF -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 19 11:41:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: Scanning Order Message-ID: Most of your mail (say 75%) is spam. Relatively, very little of it (say 5%) is a virus. So if you do spam checks first, then delete all the spam, you don't need to do anything further with 75% of your incoming mail. So the overhead of all further processing of 75% of your mail never happens. That includes all the expensive checks like the phishing net, as well as the straight virus scanning. On 18 Sep 2005, at 04:16, Chris Russell wrote: > Hi All, > > This is more than likely a question for Julian but I`ll throw it > open. > > Is there a specific reason MailScanner does MCP/Spam checks > before AV ? > > Ok, Reasoning: > > I was looking into our systems this evening, and from our > stats, Pretty much 100% of our virus infected email is simply > deleted. For the most part theres very little reason to actually > look at these messages as they are often the result of mass-mailing > virus's etc. > > With this in mind, would it be more efficient to virus scan the > email first ? This would cut out spam/mcp scanning for infected > messages (dependant on the action), and cut down on the number of > messages required to be spam/MCP scanned, which seems to take the > longest time/ add the most significant load to the process. > > I've looked into /usr/sbin/MailScanner and thanks to Julian's > coding, it doesn't look too difficult to change (** highly > preliminary findings here!), so does anyone have any thoughts on > whether AV->MCP/SPAM may be a better approach to take ? > > Cheers, > > Chris > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 16 09:49:24 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: I can't remember what hashcash did, so I didn't switch it on :-) What does it do? On 15 Sep 2005, at 19:15, Jeff A. Earickson wrote: > Julian, > > I had the following in my init.pre for SA 3.0.4: > > # Hashcash - perform hashcash verification. > # > loadplugin Mail::SpamAssassin::Plugin::Hashcash > > I added it to my 3.1 init.pre. Woner how come it didn't get into > the default 3.1 init.pre file? > > Jeff Earickson > Colby College > > On Thu, 15 Sep 2005, Julian Field wrote: > > >> Date: Thu, 15 Sep 2005 14:52:23 +0100 >> From: Julian Field >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: ANNOUNCE: SpamAssassin 3.1.0 available! >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I now have 4 production servers running SA 3.1.0 with no problems at >> all. Just remember to add >> >> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >> loadplugin Mail::SpamAssassin::Plugin::SPF >> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >> >> at the end of the init.pre file, or else you miss out on some very >> useful features. >> Remove the line in your spam.assassin.prefs.conf that mentions RSL as >> that is no longer wanted. >> >> Other than that, I would just recommend you use my install-Clam- >> SA.tar.gz availabe from >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- >> SA.tar.gz >> as it includes all the required Perl modules for you, and installs >> everything in the right order. >> >> It will install ClamAV as well, which you don't have to use if you >> don't want to. Editing the install.sh script to remove the ClamAV >> installation is pretty easy, you'll see it in there. Just search for >> "Clam" and you'll find it all. >> >> All working fine! >> >> On 15 Sep 2005, at 09:19, Julian Field wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> I haven't, no, but I believe others have and had no problems. >>> I'll give it a go now. >>> >>> On 15 Sep 2005, at 09:08, Martin Hepworth wrote: >>> >>> >>> >>>> Jules >>>> >>>> I presume you've tested this and MS is fine with SA 3.1.0?? >>>> >>> >>> >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.2 (Build 2425) >> >> iQEVAwUBQyl8mfw32o+k+q+hAQEjQwgAtsfCh46cG5it2sCr1OYS9rGANVdsC23i >> Mb9qaMMmtXckUXCBEYdvu3K3wJplMSqO1064MxxhWdENyWMLXu2nMXcKn6LQ/Oc0 >> +LokTb7eJYgCTgjpX4VWldGFkx+Fa9eP8l0Rthvo9WmXM6ZsZp2UnDWX2zoHQLmF >> d0g1Vud3tvlCFDP+6WrG0GnV2N/F69Gzyo7zMvzta0gFvw21v+LGG6QJ8oCR+Pf0 >> IbnRDYAUVY5qilgCqCZ/ic8sraRA82W72NKCCpNT3Zygs3ZIwuep+r38ztFWCB9q >> gm3UOyVCaBi+2UUN1NdWrUWLxu9XxtjCf/Umy1elBkZANvv7rgOgVg== >> =OuPq >> -----END PGP SIGNATURE----- >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 16 12:09:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: I didn't know that v310.pre would be read, so my install script moves your old init.pre out of the way and renames v310.pre to init.pre. So it will still work fine. Thanks for the info. On 16 Sep 2005, at 10:56, Martin Hepworth wrote: > Jules > > OK done the upgrade and whilst fiddling with the rules etc I note the > following from the UPGRADE docs.. > > - A significant amount of core functionality has been moved into > plugins. These include, AWL (auto-whitelist), DCC, Pyzor, Razor2, > SpamCop reporting and TextCat. For information on configuring these > plugins please refer to their individual documentation: > perldoc Mail::SpamAssassin::Plugin::* (ie AWL, DCC, etc) > > - There are now multiple files read to enable plugins in the > /etc/mail/spamassassin directory; previously only one, "init.pre" > was > read. Now both "init.pre", "v310.pre", and any other files ending > in ".pre" will be read. As future releases are made, new plugins > will be added to new files named according to the release they're > added in. > > so check the v310.pre as well as init.pre for the plugins.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On Behalf > Of Julian Field > Sent: 15 September 2005 14:23 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] ANNOUNCE: SpamAssassin 3.1.0 available! > > -----BEGIN PGP SIGNED MESSAGE----- > > On 15 Sep 2005, at 10:21, Dhawal Doshy wrote: > > >> Pentland G. wrote: >> >> >>> Funny enough I was just installing it on one of my new machines. >>> CPAN install, Net::Ident isn't happy. >>> Linux, RHEL4-U1-i386 on Dell 2850. >>> Anyone else seen this? >>> >>> >> >> This has been discussed before on the sa-users list.. the solution >> is to ignore it since it's an optional module.. >> >> Anyways here's my report in 3.1 as related to MailScanner. Comment >> out the following in spam.assassin.prefs.conf >> >> RCVD_IN_RSL [no more used in 20_dnsbl_tests.cf] >> use_auto_whitelist [replaced with loadplugin >> Mail::SpamAssassin::Plugin::AWL in v310.pre] >> > > Yes, that is no longer needed/wanted. > > Does anyone know why init.pre does not include these lines: > > loadplugin Mail::SpamAssassin::Plugin::RelayCountry > loadplugin Mail::SpamAssassin::Plugin::SPF > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > Without them, these features aren't enabled at all, which will badly > hit your spam success rate (particularly URIDNSBL). > > And I've checked nothing else does them by default. Unless you add > these lines, the module s' code isn't loaded, the last-access > datestamp on the files isn't touched. So nothing is reading them > without this addition. > > Can someone add this to the wiki please? > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQyl1xfw32o+k+q+hAQGnkQf8CD/1OVoz32aeCGkhb2/OxODKcJlB6P1E > AeQdrmZRfsCda9VnUwkVqrxbkpqAxaDvEkdPDIHhpzNxZWIsKD5yw4/ZlBKo8qHV > 2k+gbMBNb9eyMHiGvHIlq0QsOExL/M7wmJM/8fxjWfBzwcl9lGryV71XiizJdO8O > hqxaUsUh2bg9D0e81ZqHcD362IY1aJOADs6KLUUhDZnOi5Lc0cMyL8zlwtdcmwZB > FzEbNqIYqAKMh3zy6k2JEg0BQOz3OO8GqF6ymVyhl6JxXiFdoDZw9/HI4PNr3qPi > 3FoH+OfROoIGocCH3qubXldlh/roiJEjimGLDfP2N4pPqUzi9soIBw== > =S6gD > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Mon Sep 19 21:36:13 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:30:46 2006 Subject: Scanning Order Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, this is very true, at least 75% of incoming eMail is Spam. So reducing the amount of scanning reduces the overall CPU load on the server. I use greylisting and that removes about 90% of the Spam before it even enters the system. This actually removes a lot of the system load as 90% of the Spam is not scanned at all. I use Milter-Greylist and I'm very happy with it. If you have multiple MX hosts it will even coordinate the greylist data so if retries occur on one of your backup MX hosts it has the correct information to let it through or not and if one MX host has already determined to auto-white list, they all know. I highly recommend greylisting. Since implementing it my MX hosts are very happy and I have not heard anything but compliments from any of my users, not a single complaint! I think this is extremely complimentary with MailScanner. Dennis Julian Field wrote: > Most of your mail (say 75%) is spam. Relatively, very little of it (say > 5%) is a virus. > So if you do spam checks first, then delete all the spam, you don't > need to do anything further with 75% of your incoming mail. So the > overhead of all further processing of 75% of your mail never happens. > That includes all the expensive checks like the phishing net, as well > as the straight virus scanning. > > On 18 Sep 2005, at 04:16, Chris Russell wrote: > >> Hi All, >> >> This is more than likely a question for Julian but I`ll throw it open. >> >> Is there a specific reason MailScanner does MCP/Spam checks before >> AV ? >> >> Ok, Reasoning: >> >> I was looking into our systems this evening, and from our stats, >> Pretty much 100% of our virus infected email is simply deleted. For >> the most part theres very little reason to actually look at these >> messages as they are often the result of mass-mailing virus's etc. >> >> With this in mind, would it be more efficient to virus scan the >> email first ? This would cut out spam/mcp scanning for infected >> messages (dependant on the action), and cut down on the number of >> messages required to be spam/MCP scanned, which seems to take the >> longest time/ add the most significant load to the process. >> >> I've looked into /usr/sbin/MailScanner and thanks to Julian's >> coding, it doesn't look too difficult to change (** highly >> preliminary findings here!), so does anyone have any thoughts on >> whether AV->MCP/SPAM may be a better approach to take ? >> >> Cheers, >> >> Chris >> >> >> >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Mon Sep 19 21:45:17 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:30:46 2006 Subject: Release beta 4.46.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I have just released 4.46.1. This is primarily to give you nice > silent operation with SpamAssassin 3.1. > > The install-Clam-SA.tar.gz has also been rebuilt to provide the > latest versions of ClamAV and SpamAssassin. This is the easiest way > to install SpamAssassin. Do you recommend installing SA this way for a machine that has a pre-installed SA. Eg Redhat EL, Centos ? In other words, should I de-install the rpm version and install your tarball ? Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Mon Sep 19 21:57:27 2005 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:30:46 2006 Subject: Scanning Order Message-ID: Well, in my setup, scanning for viruses first would probably be beneficial sometimes. I drop the virus infected emails immediately, while for spam, I actually just score them, since we have a opt-in system, and I use generated procmail rules to deal with the mail based on the score. If it was checking viruses first, I would save the overhead of spamassassin for some messages, which I would discard as viruses immediately. It's not a big deal, I'm sure I could move virus scanning to a milter or something, but would lose the MailScanner batching, and having viruses and spam handled through the same config. Regards Michael Baird > Most of your mail (say 75%) is spam. Relatively, very little of it > (say 5%) is a virus. > So if you do spam checks first, then delete all the spam, you don't > need to do anything further with 75% of your incoming mail. So the > overhead of all further processing of 75% of your mail never happens. > That includes all the expensive checks like the phishing net, as well > as the straight virus scanning. > > On 18 Sep 2005, at 04:16, Chris Russell wrote: > > > Hi All, > > > > This is more than likely a question for Julian but I`ll throw it > > open. > > > > Is there a specific reason MailScanner does MCP/Spam checks > > before AV ? > > > > Ok, Reasoning: > > > > I was looking into our systems this evening, and from our > > stats, Pretty much 100% of our virus infected email is simply > > deleted. For the most part theres very little reason to actually > > look at these messages as they are often the result of mass-mailing > > virus's etc. > > > > With this in mind, would it be more efficient to virus scan the > > email first ? This would cut out spam/mcp scanning for infected > > messages (dependant on the action), and cut down on the number of > > messages required to be spam/MCP scanned, which seems to take the > > longest time/ add the most significant load to the process. > > > > I've looked into /usr/sbin/MailScanner and thanks to Julian's > > coding, it doesn't look too difficult to change (** highly > > preliminary findings here!), so does anyone have any thoughts on > > whether AV->MCP/SPAM may be a better approach to take ? > > > > Cheers, > > > > Chris > > > > > > > > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From xplora at MEDIADESIGN.SCHOOL.NZ Mon Sep 19 23:13:06 2005 From: xplora at MEDIADESIGN.SCHOOL.NZ (Richard Smith) Date: Thu Jan 12 21:30:46 2006 Subject: Scanning Order Message-ID: While I agree with spam checking first over virus checking for the same reasons given, It would be nice to have a feature in MailScanner to assign priorities to various parts. i.e. RBL checks, then spamassassin, then MCP, then virus checker 1, then virus checker 2, or virus checker 2, then spamassassin, then RBL checks, then virus checker 1, then MCP... with the default setup being the status quo. I for 1 would like to have the RBL checks done last (I use milter- greylist as well). Regards, Richard Smith Technician, Media Design School email: richard@mediadesign.school.nz Phone: +64-9-303 0402 Ext: 711 DDI: +64-9-303 5594 or Cell: +64-21-114 3547 On 20/09/2005, at 8:57 AM, Michael Baird wrote: > Well, in my setup, scanning for viruses first would probably be > beneficial sometimes. I drop the virus infected emails immediately, > while for spam, I actually just score them, since we have a opt-in > system, and I use generated procmail rules to deal with the mail based > on the score. If it was checking viruses first, I would save the > overhead of spamassassin for some messages, which I would discard as > viruses immediately. It's not a big deal, I'm sure I could move virus > scanning to a milter or something, but would lose the MailScanner > batching, and having viruses and spam handled through the same config. > > Regards > Michael Baird > > >> Most of your mail (say 75%) is spam. Relatively, very little of it >> (say 5%) is a virus. >> So if you do spam checks first, then delete all the spam, you don't >> need to do anything further with 75% of your incoming mail. So the >> overhead of all further processing of 75% of your mail never happens. >> That includes all the expensive checks like the phishing net, as well >> as the straight virus scanning. >> >> On 18 Sep 2005, at 04:16, Chris Russell wrote: >> >> >>> Hi All, >>> >>> This is more than likely a question for Julian but I`ll throw it >>> open. >>> >>> Is there a specific reason MailScanner does MCP/Spam checks >>> before AV ? >>> >>> Ok, Reasoning: >>> >>> I was looking into our systems this evening, and from our >>> stats, Pretty much 100% of our virus infected email is simply >>> deleted. For the most part theres very little reason to actually >>> look at these messages as they are often the result of mass-mailing >>> virus's etc. >>> >>> With this in mind, would it be more efficient to virus scan the >>> email first ? This would cut out spam/mcp scanning for infected >>> messages (dependant on the action), and cut down on the number of >>> messages required to be spam/MCP scanned, which seems to take the >>> longest time/ add the most significant load to the process. >>> >>> I've looked into /usr/sbin/MailScanner and thanks to Julian's >>> coding, it doesn't look too difficult to change (** highly >>> preliminary findings here!), so does anyone have any thoughts on >>> whether AV->MCP/SPAM may be a better approach to take ? >>> >>> Cheers, >>> >>> Chris >>> >>> >>> >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- http://www.mediadesign.school.nz/ CAUTION: This communication is confidential and may be legally privileged. If you have received it in error you must not use, disclose, copy or retain it. Please immediately notify us by return email and then delete the email. This message has been scanned for viruses and dangerous content by MailScanner with McAfee UVScan, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Sep 19 23:17:39 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:46 2006 Subject: ANNOUNCE: SpamAssassin 3.1.0 available! Message-ID: Julian, See www.hashcash.org. This appears to be a Useless Feature (tm) of SpamAssassin, since these SA rules got used zero times in the last two weeks on my busy mail server. I don't think this ever caught on with the Big ISPs. New mail server, hunh? We thought you had been kidnapped by Russian mob spammers. We were all getting ready to ransom you with our PayPal accounts, to get you back. Jeff Earickson Colby College On Fri, 16 Sep 2005, Julian Field wrote: > Date: Fri, 16 Sep 2005 09:49:24 +0100 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ANNOUNCE: SpamAssassin 3.1.0 available! > > I can't remember what hashcash did, so I didn't switch it on :-) > What does it do? > > On 15 Sep 2005, at 19:15, Jeff A. Earickson wrote: > >> Julian, >> >> I had the following in my init.pre for SA 3.0.4: >> >> # Hashcash - perform hashcash verification. >> # >> loadplugin Mail::SpamAssassin::Plugin::Hashcash >> >> I added it to my 3.1 init.pre. Woner how come it didn't get into >> the default 3.1 init.pre file? >> >> Jeff Earickson >> Colby College >> >> On Thu, 15 Sep 2005, Julian Field wrote: >> >> >>> Date: Thu, 15 Sep 2005 14:52:23 +0100 >>> From: Julian Field >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: ANNOUNCE: SpamAssassin 3.1.0 available! >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> I now have 4 production servers running SA 3.1.0 with no problems at >>> all. Just remember to add >>> >>> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >>> loadplugin Mail::SpamAssassin::Plugin::SPF >>> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >>> >>> at the end of the init.pre file, or else you miss out on some very >>> useful features. >>> Remove the line in your spam.assassin.prefs.conf that mentions RSL as >>> that is no longer wanted. >>> >>> Other than that, I would just recommend you use my install-Clam- >>> SA.tar.gz availabe from >>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- >>> SA.tar.gz >>> as it includes all the required Perl modules for you, and installs >>> everything in the right order. >>> >>> It will install ClamAV as well, which you don't have to use if you >>> don't want to. Editing the install.sh script to remove the ClamAV >>> installation is pretty easy, you'll see it in there. Just search for >>> "Clam" and you'll find it all. >>> >>> All working fine! >>> >>> On 15 Sep 2005, at 09:19, Julian Field wrote: >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> I haven't, no, but I believe others have and had no problems. >>>> I'll give it a go now. >>>> >>>> On 15 Sep 2005, at 09:08, Martin Hepworth wrote: >>>> >>>> >>>> >>>>> Jules >>>>> >>>>> I presume you've tested this and MS is fine with SA 3.1.0?? >>>>> >>>> >>>> >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.2 (Build 2425) >>> >>> iQEVAwUBQyl8mfw32o+k+q+hAQEjQwgAtsfCh46cG5it2sCr1OYS9rGANVdsC23i >>> Mb9qaMMmtXckUXCBEYdvu3K3wJplMSqO1064MxxhWdENyWMLXu2nMXcKn6LQ/Oc0 >>> +LokTb7eJYgCTgjpX4VWldGFkx+Fa9eP8l0Rthvo9WmXM6ZsZp2UnDWX2zoHQLmF >>> d0g1Vud3tvlCFDP+6WrG0GnV2N/F69Gzyo7zMvzta0gFvw21v+LGG6QJ8oCR+Pf0 >>> IbnRDYAUVY5qilgCqCZ/ic8sraRA82W72NKCCpNT3Zygs3ZIwuep+r38ztFWCB9q >>> gm3UOyVCaBi+2UUN1NdWrUWLxu9XxtjCf/Umy1elBkZANvv7rgOgVg== >>> =OuPq >>> -----END PGP SIGNATURE----- >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Mon Sep 19 23:51:04 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:46 2006 Subject: increase score Message-ID: Trying to find which file has the score of 1.0 for Drugs_Erectile so I can change it to a higer score. I've done a grep on this but could not find the file. Does anyone have any insight as to where this may be? or Do I have to change something else? Thanks Spam Report: ScoreMatching RuleDescription 0.00BAYES_50Bayesian spam probability is 40 to 60% 2.29BIZ_TLDContains an URL in the BIZ top-level domain 1.00DRUGS_ERECTILERefers to an erectile drug 0.09HTML_50_60Message is 50% to 60% HTML 0.00HTML_MESSAGEHTML included in message 1.23MISSING_SUBJECTMissing Subject: header 0.30SARE_WEOFFEROffers Something Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/PLAIN 69 lines. ] [ Unable to print this part. ] From peter at UCGBOOK.COM Tue Sep 20 00:01:39 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:46 2006 Subject: increase score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > Trying to find which file has the score of 1.0 for Drugs_Erectile so I can change it to a higer score. I've done a grep on this but could not find the file. Does anyone have any insight as to where this may be? or Do I have to change something else? All scores are in a file named something like 50_scores.cf but you shouldn't change it there since it will be overwritten the next time you upgrade SA. Add a line in spam.assassin.prefs.conf instead, example: score RULE_NAME 5 Then reload MS and it will override the default score. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brad at BECKENHAUER.COM Tue Sep 20 00:07:53 2005 From: brad at BECKENHAUER.COM (Brad Beckenhauer) Date: Thu Jan 12 21:30:46 2006 Subject: increase score Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If your running RulesDuJour, then look in antidrug.cf. One possible location is /etc/mail/spamassassin Brad >>> Jon Miller 9/19/2005 5:51:04 PM >>> Trying to find which file has the score of 1.0 for Drugs_Erectile so I can change it to a higer score. I've done a grep on this but could not find the file. Does anyone have any insight as to where this may be? or Do I have to change something else? Thanks Spam Report: ScoreMatching RuleDescription 0.00BAYES_50Bayesian spam probability is 40 to 60% 2.29BIZ_TLDContains an URL in the BIZ top-level domain 1.00DRUGS_ERECTILERefers to an erectile drug 0.09HTML_50_60Message is 50% to 60% HTML 0.00HTML_MESSAGEHTML included in message 1.23MISSING_SUBJECTMissing Subject: header 0.30SARE_WEOFFEROffers Something Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Sep 19 23:56:47 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:46 2006 Subject: Scanning Order Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dennis Willson spake the following on 9/19/2005 1:36 PM: > Yes, this is very true, at least 75% of incoming eMail is Spam. So > reducing the amount of scanning reduces the overall CPU load on the > server. I use greylisting and that removes about 90% of the Spam before > it even enters the system. This actually removes a lot of the system > load as 90% of the Spam is not scanned at all. I use Milter-Greylist and > I'm very happy with it. If you have multiple MX hosts it will even > coordinate the greylist data so if retries occur on one of your backup > MX hosts it has the correct information to let it through or not and if > one MX host has already determined to auto-white list, they all know. > > I highly recommend greylisting. Since implementing it my MX hosts are > very happy and I have not heard anything but compliments from any of my > users, not a single complaint! I think this is extremely complimentary > with MailScanner. > > Dennis > > Julian Field wrote: > >> Most of your mail (say 75%) is spam. Relatively, very little of it >> (say 5%) is a virus. >> So if you do spam checks first, then delete all the spam, you don't >> need to do anything further with 75% of your incoming mail. So the >> overhead of all further processing of 75% of your mail never happens. >> That includes all the expensive checks like the phishing net, as well >> as the straight virus scanning. >> Since you are already using a milter, maybe you could use clamav-milter to pre-scan your mail. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Sep 20 00:13:27 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:46 2006 Subject: increase score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > Trying to find which file has the score of 1.0 for Drugs_Erectile so I can change it to a higer score. I've done a grep on this but could not find the file. Does anyone have any insight as to where this may be? or Do I have to change something else? > > Thanks > > Spam Report: > ScoreMatching RuleDescription > 0.00BAYES_50Bayesian spam probability is 40 to 60% > 2.29BIZ_TLDContains an URL in the BIZ top-level domain > 1.00DRUGS_ERECTILERefers to an erectile drug > 0.09HTML_50_60Message is 50% to 60% HTML > 0.00HTML_MESSAGEHTML included in message > 1.23MISSING_SUBJECTMissing Subject: header > 0.30SARE_WEOFFEROffers Something > Assuming you have SA 3.x, the default score will be in /usr/share/spamassassin/50_scores.cf. HOWEVER, do NOT edit any files in /usr/share/spamassassin. If you want to change the score, add a new score statement to your local.cf score DRUGS_ERECTILE 0.1 Otherwise if you're in SA 2.x, the score should be in /etc/mail/spamassassin/antidrug.cf and you can edit it yourself. Note: if you're running SA 3.x, you should not have a /etc/mail/spamassassin/antidrug.cf. If you do, delete it right away. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Tue Sep 20 00:51:14 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:46 2006 Subject: increase score Message-ID: Yes, there was an antidrug.cf in /etc/mail/spamassassin. Why must this be deleted? curious. Is there a format that the local.cf file must follow? as I have several rules that needs to be added there. Thanks >>> mkettler@EVI-INC.COM 7:13:27 am 20/09/2005 >>> Jon Miller wrote: > Trying to find which file has the score of 1.0 for Drugs_Erectile so I can change it to a higer score. I've done a grep on this but could not find the file. Does anyone have any insight as to where this may be? or Do I have to change something else? > > Thanks > > Spam Report: > ScoreMatching RuleDescription > 0.00BAYES_50Bayesian spam probability is 40 to 60% > 2.29BIZ_TLDContains an URL in the BIZ top-level domain > 1.00DRUGS_ERECTILERefers to an erectile drug > 0.09HTML_50_60Message is 50% to 60% HTML > 0.00HTML_MESSAGEHTML included in message > 1.23MISSING_SUBJECTMissing Subject: header > 0.30SARE_WEOFFEROffers Something > Assuming you have SA 3.x, the default score will be in /usr/share/spamassassin/50_scores.cf. HOWEVER, do NOT edit any files in /usr/share/spamassassin. If you want to change the score, add a new score statement to your local.cf score DRUGS_ERECTILE 0.1 Otherwise if you're in SA 2.x, the score should be in /etc/mail/spamassassin/antidrug.cf and you can edit it yourself. Note: if you're running SA 3.x, you should not have a /etc/mail/spamassassin/antidrug.cf. If you do, delete it right away. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/HTML 46 lines. ] [ Unable to print this part. ] From jrudd at UCSC.EDU Tue Sep 20 00:36:42 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:46 2006 Subject: Scanning Order Message-ID: On Sep 19, 2005, at 15:56, Scott Silva wrote: > > Since you are already using a milter, maybe you could use clamav-milter > to pre-scan your mail. > At that point, you might as well just use mimedefang. 1 milter, multiple uses (milter-ahead type recipient verification, if you want; sender verification, anti-virus, greylisting, etc.). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Sep 20 06:29:43 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:30:46 2006 Subject: bayes and languages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, A couple of issues I am hoping someone can help with and I am still learning here so bear with me please: First, I am running 4.46.1 and have just upgraded. However, in doing this, it reminded me of something I have been meaning to ask for a while now. Searched the archives a bit but found nothing. The upgrade process clearly indicates that one has to run upgrade_languages_conf. I have a languages.conf file but whenever I upgrade, a languages.conf.rpmnew is not created. Is that because nothing new has been added to the languages.conf file or is something amiss? Secondly, I have always found bayes a bit of a mystery but I am trying to learn more about it. However, I have run into an issue: I run MailWatch and as of yesterday, under Tools/Links, I was showing a growing bayes DB. I just updated to the aforementioned 4.46.1 and MailWatch no longer shows any bayes DB. When I look under spam.assassin.prefs, the path to bayes is correct at /etc/MailScanner/bayes/bayes and the permissions are set to 660. However, I am logging in as a user other than root and the bayes files are owned by root:root. I wonder if that is an issue? Does MailWatch and SpamAssassin use whatever path to bayes that is in spam.assassin.prefs regardless of what user logs into MailWatch? I do not see any errors in the maillog or messages so I am not sure what gives. I have been fighting an issue with more and more spam getting through so I am anxious to get this right. I am sorry if this seems a bit off topic for this list but it all seems good before I upgraded so I am not sure if it was something in the upgrade of MailScanner. As well, I am not getting any real response from the MailWatch forum and as I said, some of my clients have been getting more and more spam slipping through that I think should have been caught. Sorry for this long winded message ... I've got to learn to keep it brief ;-( Thanks for any insight and help. Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Tue Sep 20 07:05:56 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:46 2006 Subject: increase score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > Yes, there was an antidrug.cf in /etc/mail/spamassassin. Why must this be deleted? curious. The antidrug ruleset is included in SA3. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 20 09:05:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:46 2006 Subject: Release beta 4.46.1 Message-ID: On 19 Sep 2005, at 21:45, Mailscanner wrote: > Julian Field wrote: > > >> I have just released 4.46.1. This is primarily to give you nice >> silent operation with SpamAssassin 3.1. >> >> The install-Clam-SA.tar.gz has also been rebuilt to provide the >> latest versions of ClamAV and SpamAssassin. This is the easiest >> way to install SpamAssassin. >> > > Do you recommend installing SA this way for a machine that has a > pre-installed SA. Eg Redhat EL, Centos ? > > In other words, should I de-install the rpm version and install > your tarball ? Yes. Remember to rpm -e the rpm version, or you wind up in a real mess (I did it myself the other week, and it was quite painful :-( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Sep 20 13:49:11 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:46 2006 Subject: [MAILSCANNER] FW: [milters] Re: Greylist/cache in SQL for milter-sender? Message-ID: Given the spate of postings concerning the use of milters recently, I thought this information from Anthony Howe concerning sharing milter information between gateways would be of interest to others on the list. I will second the posts that have praised the effectiveness of milters as a method of cutting off spam before it adds load to your gateways. If you're looking to learn more about some of the different milters available drop by www.snertsoft.com. An article which gives an interesting overview of milters can be found at http://techrepublic.com.com/5100-1035_11-5596074.html?part=rss&tag=feed&subj =tr# Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -----Original Message----- From: milters-bounce@milter.info [mailto:milters-bounce@milter.info] On Behalf Of Anthony Howe Sent: Tuesday, September 20, 2005 7:48 AM To: milters@milter.info Subject: [milters] Re: Greylist/cache in SQL for milter-sender? Removal...........: milters-request@milter.info?subject=remove More information..: http://www.milter.info/#Support -------------------------------------------------------- Jeff Powell wrote: > Here's an item for the wishlist-- the ability to store the greylist data > and the cache in a MySQL database. My company is thinking about using > milter-sender but they have one problem with it. We have two incoming > mail servers with equal MX records, i.e., incoming mail can come to > either of the two servers. This is both for failover and for load > sharing. Both are running SpamAssassin, using Bayesian filtering with a > MySQL database on a third server. > It would be really nice to have milter-sender also store its data on > that third server in a real database. That would prevent milter-sender > having to to a callback on one server when it has already just rejected > it on the other server. Install milter-sender on the 3rd server using an Internet host:port specifier instead of the unix domain socket specifier, then specify in the Sendmail config for the two MXes that they should consult milter-sender via an Internet socket to the 3rd machine. In this way you can centralise the cache used by milter-sender. NOTE that a copy of the access.db should be found on the 3rd server or accessible by NFS for B/W list support. ANY milter (not just Snert milters) can be centralised in this manner, since its a base functionality of libmilter and Sendmail. See the milter-sender documentation and sendmail libmilter documentation about this. -- Anthony C Howe +33 6 11 89 73 78 http://www.snert.com/ ICQ: 7116561 AIM: Sir Wumpus Sendmail Anti-Spam Solutions http://www.snertsoft.com/ We Serve Your Server ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Tue Sep 20 14:10:23 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] install.sh - TRIVIAL ;) Message-ID: Really no biggy, but has anyone else noticed how when using install.sh to set up MailScanner the following output: Installing tnef decoder Oh good, I have found the tnef program is in /usr/local/bin. Now to install MailScanner itself. Installing MailScanner into /opt. If you do not want it there, just move it to where you want it and then edit MailScanner.conf and check_mailscanner to set the correct locations. Have just installed version 4.46.1 into /opt/MailScanner-4.46.1. You will need to update the symlink /opt/MailScanner to point to the new version before starting it. For some reason the tnef decoder did not compile properly. As an alternative, in MailScanner.conf set TNEF Expander = internal Yes, because you didn't try to compile it, cos you already found it... ;) Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Tue Sep 20 15:47:11 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Clamd Message-ID: On Sep 13, 2005, at 1:59 PM, Julian Field wrote: > John Rudd wrote: > >> The default definition for clamav in virus.scanners.conf is >> >> clamav /opt/MailScanner/lib/clamav-wrapper /usr/local >> >> Which I assume will invoke clamscan. If I want to invoke clamd, would >> it be as simple as just modifying clamav-wrapper to use clamdscan? >> >> >> and would it be faster/better to see about using the clamavmodule >> instead? >> > Use clamavmodule. It's faster and has less overhead than any solution > involving clamd. That's why I did it the way I did. > I did some testing (in mimedefang, which accesses clamd directly*, not via clamdscan, so it is not dealing with the fork and exec overhead), and it was 10 times faster than using Mail::ClamAV (which I had to write mimedefang support for myself). (* I'm not sure if it does it via library calls, or via the clamd unix-socket, but I suspect the latter, because mimedefang does keep track of the clamd unix-socket) What I did is submit 1 ham message, 1 spam message, and 1 eicar test signature virus message, each 333 times. I then looked at how long it took to run the loop. I ran it twice using clamd, and twice using Mail::ClamAV. clamd: 65 seconds and 70 seconds Mail::ClamAV: 667 seconds and 629 seconds Of course, I don't know if you can invoke clamd on a large archive in one swoop, the way mailscanner does with Mail::ClamAV. It may turn out to be just that mimedefang doesn't get the economy of scale from Mail::ClamAV that mailscanner does (because, as a milter, it MUST do one message at a time) and that mailscanner can't get clamd, except via clamdscan, to do the kind of bulk scans that Mail::ClamAV can. I was just getting very different recommendations from each project (and was hoping to use 1 method for both implementations), and had to do some experimenting. Though, I think, for my mailscanner installation, the real question is: is clam(d)scan faster/slower than sophos sweep, and which is faster between clamscan and clamdscan. I'll have to work up something around that, as well. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nilesh.shastrakar at gmail.com Tue Sep 20 16:24:15 2005 From: nilesh.shastrakar at gmail.com (Nilesh Shastrakar) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Quarantine folder Empty Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Volume: 26,000 message/day Average Load: Around 1-2 Hardware: 1 x P4-2.0Ghz, 512 RAM, 80G IDE Software: Fedora Core 4, Sendmail 8.13.4, SA, Clamav RBLs: MTA = sbl-xbl.spamhaus Virus Scanners: ClamAVmodule I have Installed MailScanner on my test server with Clamav and Spamassassin. it working fine but I am having some problems , I have tried to send mail with Eicar.com attchment the mail has been marked as Virus e-mail but cant save removed message/attachement in quaratine folder The report says Warning: This message has had one omore attachments removed Warning: (eicar.com, eicar_com.zip) Warning: Please read the :Test-Attachment-Warning.txt" for more inforamtion The original e-mail attachment eicar_com.zip belived to be infected by a virus and has been replaced by this warning message /Var/Spoo/MailScanner/quaratine/20050919 (message j8xxxxxxxx) But checking folder was empty it is not saved. How can I solve this problem Regards Nilesh. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Sep 20 16:58:44 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] increase score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > Yes, there was an antidrug.cf in /etc/mail/spamassassin. Why must this be deleted? curious. Because antidrug was written as an add-on ruleset for users of SA 2.x. During the development of SA 3.0, I contributed these rules to the Spamassassin project directly. Thus, if you're using a version of SA newer than 3.0, you already have these rules in your default set and antidrug.cf is redundant. FWIW, I'm the author of antidrug.cf, so I can speak authoritatively about it. > Is there a format that the local.cf file must follow? There is no "general format" for local.cf, but each item in it must be a valid option from man Mail::SpamAssassin::Conf. Be sure to run spamassassin --lint when you're done, as this will check your files for errors. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 20 17:24:32 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Quarantine folder Empty Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nilesh Shastrakar spake the following on 9/20/2005 8:24 AM: > > Volume: 26,000 message/day > > *Average Load*: Around 1-2 > > *Hardware: 1 x P4-2.0Ghz, 512 RAM, 80G IDE* > > *Software*: Fedora Core 4, Sendmail 8.13.4, SA, Clamav > > *RBLs*: MTA = sbl-xbl.spamhaus > > *Virus Scanners*: ClamAVmodule > > > > I have Installed MailScanner on my test server with Clamav and Spamassassin. > it working fine but I am having some problems , I have tried to send > mail with Eicar.com attchment > the mail has been marked as Virus e-mail but cant save removed > message/attachement in quaratine folder > The report says > > Warning: This message has had one omore attachments removed > Warning: (eicar.com , eicar_com.zip) > Warning: Please read the :Test-Attachment-Warning.txt" for more inforamtion > The original e-mail attachment eicar_com.zip belived to be infected by a > virus and > has been replaced by this warning message > > /Var/Spoo/MailScanner/quaratine/20050919 (message j8xxxxxxxx) > > But checking folder was empty it is not saved. > > How can I solve this problem > > Regards > Nilesh. If you copied the error message exactly, my guess is that there is no such directory as /Var/Spoo. Check your MailScanner.conf file and verify that each directory in there actually exists, and is accessible by the MailScanner user ( and is spelled correctly, case and all). -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Tue Sep 20 17:46:38 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] ANNOUNCE: SpamAssassin 3.1.0 available! --- upgrading from 3.0 Message-ID: If I installed SA 3.0 from tar, is it safe/possible to now downloads 3.1, and create an rpm with rpmbuild -tb Mail-SpamAssassin-3.1.0.tar.gz and install/upgrade this way? I previously installed by RPM, then read somewhere that SA should be installed from source/tar rather than RPM. But now when I run RedHat update (RHEL4) it fails to install/upgrade evolution since it claims that spamassassin is not found and is needed as a dependency? Basically I want to upgrade to the latest SA and to use the rpm install so that upgrades are simpler and found by RH updates. Thanks to anyone that can help -----Original Message----- From: Martin Hepworth [mailto:martinh@SOLID-STATE-LOGIC.COM] Sent: September 15, 2005 1:09 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: FW: ANNOUNCE: SpamAssassin 3.1.0 available! Jules I presume you've tested this and MS is fine with SA 3.1.0?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: jm@jmason.org [mailto:jm@jmason.org] Sent: 15 September 2005 00:53 To: announce@SpamAssassin.apache.org Cc: users@SpamAssassin.apache.org; dev@SpamAssassin.apache.org Subject: ANNOUNCE: SpamAssassin 3.1.0 available! SpamAssassin 3.1.0 is released! SpamAssassin 3.1.0 is a major update. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). Highlights of the release ------------------------- - Apache preforking algorithm adopted; number of spamd child processes is now scaled, according to demand. This provides better VM behaviour when not under peak load. - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL storage is now recommended for Bayes, instead of DB_File. NDBM_File support has been dropped due to a major bug in that module. - detect legitimate SMTP AUTH submission, to avoid false positives on Dynablock-style rules. - new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform tests against header in internal MIME structure, ReplaceTags: plugin by Felix Bauer to support fuzzy text matching, WhiteListSubject: plugin added to support user whitelists by Subject header. - Razor: disable Razor2 support by default per our policy, since the service is not free for non-personal use. It's trivial to reenable (by editing '/etc/mail/spamassassin/v310.pre'). - DCC: disable DCC for similar reasons, due to new license terms. - Net::DNS bug: high load caused answer packets to be mixed up and delivered as answers to the wrong request, causing false positives. worked around. - DNSBL lookups and other DNS operations are now more efficient, by using a custom single-socket event-based model instead of Net::DNS. Downloading ----------- Pick it up from: http://SpamAssassin.apache.org/ Note, it may take up to two hours from now for that mirror to update. md5sum: d28bd7e83d01b234144e336bbfde0caa Mail-SpamAssassin-3.1.0.tar.bz2 f70c1fcab3d9563731bbc307eda7d69e Mail-SpamAssassin-3.1.0.tar.gz 65e9629ce255244fe3cb3d9772cdf239 Mail-SpamAssassin-3.1.0.zip sha1sum: 0185f076f619dd9e64e94b453017f9b08d4b0f04 Mail-SpamAssassin-3.1.0.tar.bz2 d887cbae5962cb03e45aaf71cd93881a27cccc99 Mail-SpamAssassin-3.1.0.tar.gz 8b9494448782f910e573377bf226a8072f24bb3f Mail-SpamAssassin-3.1.0.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B Important installation notes ---------------------------- - see the INSTALL and UPGRADE files in the distribution. Summary of major changes since 3.0.x ------------------------------------ - Apache preforking algorithm adopted; number of spamd child processes is now scaled, according to demand. This provides better VM behaviour when not under peak load. - Inclusion of sa-update script which will allow for updates of rules and scores in between code releases. - added PostgreSQL, MySQL 4.1+, and local SDBM file Bayes storage modules. SQL storage is now recommended for Bayes, instead of DB_File. NDBM_File support has been dropped due to a major bug in that module. - detect legitimate SMTP AUTH submission, to avoid false positives on Dynablock-style rules. - new Advance Fee Fraud (419 scam) rules. - removed use of the Storable module, due to several reported hangs on SMP Linux machines. - Converted several rule/engine components into Plugins such as: AccessDB, AWL, Pyzor, Razor2, DCC, Bayes AutoLearn Determination, etc. - new plugins: DomainKeys (off by default), MIMEHeader: a new plugin to perform tests against header in internal MIME structure, ReplaceTags: plugin by Felix Bauer to support fuzzy text matching, WhiteListSubject: plugin added to support user whitelists by Subject header. - TextCat language guesser moved to a plugin. (This means "ok_languages" is no longer part of the core engine by default.) - Razor: disable Razor2 support by default per our policy, since the service is not free for non-personal use. It's trivial to reenable. - DCC: disable DCC for similar reasons, due to new license terms. - Net::DNS bug: high load caused answer packets to be mixed up and delivered as answers to the wrong request, causing false positives. worked around. - DNSBL lookups and other DNS operations are now more efficient, by using a custom single-socket event-based model instead of Net::DNS. - add support for accreditation services, including Habeas v2. - better URI parsing -- many evasion tricks now caught. - URIBL lookups are prioritized based on the location in the message the URI was found. - mass-check now supports reusing realtime DNSBL hit results, and sample-based Bayes autolearning emulation, to reduce complexity. - sa-learn, spamassassin and mass-check now have optional progress bars. - modify header ordering for DomainKeys compatibility, by placing markup headers at the top of the message instead at the bottom of the list. - spamd/spamc now support remote Bayes training, and reporting spam. - spamc now supports reading its flags from a configuration file using the -F switch, contributed by John Madden. - added SPF-based whitelisting. - Polish rules contributed by Radoslaw Stachowiak. - many rule changes and additions. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Tue Sep 20 18:27:14 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Problem with new MCP rules? Message-ID: After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? Thanks # Rules for PBCO Message Content Protection # header PASSWORD-SUBJECT-RULE Subject =~ /password/i describe PASSWORD-SUBJECT-RULE Banned Subject score PASSWORD-SUBJECT-RULE 5 body PASSWORD-BODY-RULE /password/i describe PASSWORD-BODY-RULE Banned body text score PASSWORD-BODY-RULE 5 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 20 20:02:06 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Johnny Stork spake the following on 9/20/2005 10:27 AM: > After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? > > Thanks > > > > # Rules for PBCO Message Content Protection > # > > header PASSWORD-SUBJECT-RULE Subject =~ /password/i > describe PASSWORD-SUBJECT-RULE Banned Subject > score PASSWORD-SUBJECT-RULE 5 > > body PASSWORD-BODY-RULE /password/i > describe PASSWORD-BODY-RULE Banned body text > score PASSWORD-BODY-RULE 5 > I don't see any rules with "-" dashes, they all have '_' underscores. Maybe this isn't an allowed character in a rule name. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 20 20:27:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Johnny Stork spake the following on 9/20/2005 10:27 AM: > > >>After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? >> >>Thanks >> >> >> >># Rules for PBCO Message Content Protection >># >> >>header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>describe PASSWORD-SUBJECT-RULE Banned Subject >>score PASSWORD-SUBJECT-RULE 5 >> >>body PASSWORD-BODY-RULE /password/i >>describe PASSWORD-BODY-RULE Banned body text >>score PASSWORD-BODY-RULE 5 >> >> >> >I don't see any rules with "-" dashes, they all have '_' underscores. >Maybe this isn't an allowed character in a rule name. > > SpamAssassin generates a Perl function for each rule, so only the characters allowed in Perl function names are allowed in SpamAssassin rule names. So "-" is certainly not allowed, as it is the arithmetic "minus" operator. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 20 20:19:34 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Johnny Stork spake the following on 9/20/2005 10:27 AM: > After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? > > Thanks > > > > # Rules for PBCO Message Content Protection > # > > header PASSWORD-SUBJECT-RULE Subject =~ /password/i > describe PASSWORD-SUBJECT-RULE Banned Subject > score PASSWORD-SUBJECT-RULE 5 > > body PASSWORD-BODY-RULE /password/i > describe PASSWORD-BODY-RULE Banned body text > score PASSWORD-BODY-RULE 5 > Also, the above is vague on the file name. Did you actually name it *cf or something like pbco_mcp.cf -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Tue Sep 20 20:52:13 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: Thanks Julian and Scott, that fixed it. Was the name of the rule, just changed to underscores. And yes Scott, the name of the rules file was not *.cf, it is pbco_passwords.cf. Just tested it out, way too cool and even inside Word docs...excellent!! -----Original Message----- From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] Sent: September 20, 2005 12:28 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Problem with new MCP rules? Scott Silva wrote: >Johnny Stork spake the following on 9/20/2005 10:27 AM: > > >>After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? >> >>Thanks >> >> >> >># Rules for PBCO Message Content Protection >># >> >>header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>describe PASSWORD-SUBJECT-RULE Banned Subject >>score PASSWORD-SUBJECT-RULE 5 >> >>body PASSWORD-BODY-RULE /password/i >>describe PASSWORD-BODY-RULE Banned body text >>score PASSWORD-BODY-RULE 5 >> >> >> >I don't see any rules with "-" dashes, they all have '_' underscores. >Maybe this isn't an allowed character in a rule name. > > SpamAssassin generates a Perl function for each rule, so only the characters allowed in Perl function names are allowed in SpamAssassin rule names. So "-" is certainly not allowed, as it is the arithmetic "minus" operator. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 20 20:44:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 9/20/2005 12:27 PM: > Scott Silva wrote: > >> Johnny Stork spake the following on 9/20/2005 10:27 AM: >> >> >>> After going through the instructions for coniguring MCP, I had no >>> problem getting MailScanner to identify subject or body text >>> contained in the default example rule file 10_example.cf. So I >>> created a new file with the extension *cf, with the contents below, >>> and resstared MailScanner. Going to the MailWatch interface, Tools, >>> and "Update MCP Rules Descriptions" and it correctly showed the new >>> rules listed below, But sending an email with only the word >>> "password" in the subject line got through just fine? What am I missing? >>> >>> Thanks >>> >>> >>> >>> # Rules for PBCO Message Content Protection >>> # >>> >>> header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>> describe PASSWORD-SUBJECT-RULE Banned Subject >>> score PASSWORD-SUBJECT-RULE 5 >>> >>> body PASSWORD-BODY-RULE /password/i >>> describe PASSWORD-BODY-RULE Banned body text >>> score PASSWORD-BODY-RULE 5 >>> >>> >> >> I don't see any rules with "-" dashes, they all have '_' underscores. >> Maybe this isn't an allowed character in a rule name. >> >> > SpamAssassin generates a Perl function for each rule, so only the > characters allowed in Perl function names are allowed in SpamAssassin > rule names. So "-" is certainly not allowed, as it is the arithmetic > "minus" operator. > I just have to sit down and try learning perl! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 20 21:01:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you tried my SpamAssassin 3.0.4 patches on SpamAssassin 3.1.0 yet? I would be very interested to hear if they apply okay. Johnny Stork wrote: >Thanks Julian and Scott, that fixed it. Was the name of the rule, just changed to underscores. And yes Scott, the name of the rules file was not *.cf, it is pbco_passwords.cf. > >Just tested it out, way too cool and even inside Word docs...excellent!! > >-----Original Message----- >From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >Sent: September 20, 2005 12:28 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: [MAILSCANNER] Problem with new MCP rules? > > >Scott Silva wrote: > > > >>Johnny Stork spake the following on 9/20/2005 10:27 AM: >> >> >> >> >>>After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? >>> >>>Thanks >>> >>> >>> >>># Rules for PBCO Message Content Protection >>># >>> >>>header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>>describe PASSWORD-SUBJECT-RULE Banned Subject >>>score PASSWORD-SUBJECT-RULE 5 >>> >>>body PASSWORD-BODY-RULE /password/i >>>describe PASSWORD-BODY-RULE Banned body text >>>score PASSWORD-BODY-RULE 5 >>> >>> >>> >>> >>> >>I don't see any rules with "-" dashes, they all have '_' underscores. >>Maybe this isn't an allowed character in a rule name. >> >> >> >> >SpamAssassin generates a Perl function for each rule, so only the >characters allowed in Perl function names are allowed in SpamAssassin >rule names. So "-" is certainly not allowed, as it is the arithmetic >"minus" operator. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Tue Sep 20 21:32:23 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: I was wondering about that cause earlier today I misstakenly applied the 3.0.0 patches when in fact I was running 3.0.4. And when I said in my last post that it scanned insided Word, I was again mistaken cause I had a bunch of test emails in the que and didnt realize that the one with the word attachement had not gone through yet. When it did it did not get scanned. I also just upgraded MS t0 4.45.4 so do you think I can still apply the 3.0.4 patches? I think they are already in 4.45.4 arent they? I just did another test and it scanned and found a text file with banned content, but not the word doc. Also, below are some messages that show in the maillog? After upgrading to MS 4.45.4, I followed the instructions for upgrading mailscanner.conf and languages.conf? Looks like I missed something ? Sep 20 13:27:34 pbco-server3 MailScanner[22619]: New Batch: Scanning 1 messages, 4358 bytes Sep 20 13:27:34 pbco-server3 MailScanner[22619]: Looked up unknown string mcp in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string score in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string required in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string mcpspamassassin in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:27:44 pbco-server3 MailScanner[22619]: MCP Checks: Found 1 MCP messages Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string spam in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string notspam in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string score in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string required in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string spamassassin in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string unreadablearchive in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Virus and Content Scanning: Starting Sep 20 13:28:13 pbco-server3 MailScanner[22619]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf -----Original Message----- From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] Sent: September 20, 2005 1:02 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Have you tried my SpamAssassin 3.0.4 patches on SpamAssassin 3.1.0 yet? I would be very interested to hear if they apply okay. Johnny Stork wrote: >Thanks Julian and Scott, that fixed it. Was the name of the rule, just changed to underscores. And yes Scott, the name of the rules file was not *.cf, it is pbco_passwords.cf. > >Just tested it out, way too cool and even inside Word docs...excellent!! > >-----Original Message----- >From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >Sent: September 20, 2005 12:28 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: [MAILSCANNER] Problem with new MCP rules? > > >Scott Silva wrote: > > > >>Johnny Stork spake the following on 9/20/2005 10:27 AM: >> >> >> >> >>>After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? >>> >>>Thanks >>> >>> >>> >>># Rules for PBCO Message Content Protection >>># >>> >>>header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>>describe PASSWORD-SUBJECT-RULE Banned Subject >>>score PASSWORD-SUBJECT-RULE 5 >>> >>>body PASSWORD-BODY-RULE /password/i >>>describe PASSWORD-BODY-RULE Banned body text >>>score PASSWORD-BODY-RULE 5 >>> >>> >>> >>> >>> >>I don't see any rules with "-" dashes, they all have '_' underscores. >>Maybe this isn't an allowed character in a rule name. >> >> >> >> >SpamAssassin generates a Perl function for each rule, so only the >characters allowed in Perl function names are allowed in SpamAssassin >rule names. So "-" is certainly not allowed, as it is the arithmetic >"minus" operator. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 20 21:41:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Johnny Stork wrote: >I was wondering about that cause earlier today I misstakenly applied the 3.0.0 patches when in fact I was running 3.0.4. And when I said in my last post that it scanned insided Word, I was again mistaken cause I had a bunch of test emails in the que and didnt realize that the one with the word attachement had not gone through yet. When it did it did not get scanned. I also just upgraded MS t0 4.45.4 so do you think I can still apply the 3.0.4 patches? I think they are already in 4.45.4 arent they? > > The MCP patches are for applying to SpamAssassin, not MailScanner. >I just did another test and it scanned and found a text file with banned content, but not the word doc. Also, below are some messages that show in the maillog? After upgrading to MS 4.45.4, I followed the instructions for upgrading mailscanner.conf and languages.conf? > >Looks like I missed something ? > > You are missing stuff from your languages.conf file, so I suspect you didn't upgrade_languages_conf properly. Make sure you renamed your languages.new file over the top of languages.conf. > > > > >Sep 20 13:27:34 pbco-server3 MailScanner[22619]: New Batch: Scanning 1 messages, 4358 bytes >Sep 20 13:27:34 pbco-server3 MailScanner[22619]: Looked up unknown string mcp in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string score in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string required in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string mcpspamassassin in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: MCP Checks: Found 1 MCP messages >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string spam in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string notspam in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string score in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string required in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string spamassassin in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string unreadablearchive in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Virus and Content Scanning: Starting >Sep 20 13:28:13 pbco-server3 MailScanner[22619]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf > >-----Original Message----- >From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >Sent: September 20, 2005 1:02 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP >rules? > > >Have you tried my SpamAssassin 3.0.4 patches on SpamAssassin 3.1.0 yet? >I would be very interested to hear if they apply okay. > >Johnny Stork wrote: > > > >>Thanks Julian and Scott, that fixed it. Was the name of the rule, just changed to underscores. And yes Scott, the name of the rules file was not *.cf, it is pbco_passwords.cf. >> >>Just tested it out, way too cool and even inside Word docs...excellent!! >> >>-----Original Message----- >>From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >>Sent: September 20, 2005 12:28 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: [MAILSCANNER] Problem with new MCP rules? >> >> >>Scott Silva wrote: >> >> >> >> >> >>>Johnny Stork spake the following on 9/20/2005 10:27 AM: >>> >>> >>> >>> >>> >>> >>>>After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? >>>> >>>>Thanks >>>> >>>> >>>> >>>># Rules for PBCO Message Content Protection >>>># >>>> >>>>header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>>>describe PASSWORD-SUBJECT-RULE Banned Subject >>>>score PASSWORD-SUBJECT-RULE 5 >>>> >>>>body PASSWORD-BODY-RULE /password/i >>>>describe PASSWORD-BODY-RULE Banned body text >>>>score PASSWORD-BODY-RULE 5 >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>I don't see any rules with "-" dashes, they all have '_' underscores. >>>Maybe this isn't an allowed character in a rule name. >>> >>> >>> >>> >>> >>> >>SpamAssassin generates a Perl function for each rule, so only the >>characters allowed in Perl function names are allowed in SpamAssassin >>rule names. So "-" is certainly not allowed, as it is the arithmetic >>"minus" operator. >> >> >> >> >> > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 20 21:31:02 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 9/20/2005 1:01 PM: > Have you tried my SpamAssassin 3.0.4 patches on SpamAssassin 3.1.0 yet? > I would be very interested to hear if they apply okay. > > Johnny Stork wrote: > >> Thanks Julian and Scott, that fixed it. Was the name of the rule, just >> changed to underscores. And yes Scott, the name of the rules file was >> not *.cf, it is pbco_passwords.cf. >> >> Just tested it out, way too cool and even inside Word docs...excellent!! >> >> -----Original Message----- >> From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >> Sent: September 20, 2005 12:28 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] Problem with new MCP rules? >> >> >> Scott Silva wrote: >> >> >> >>> Johnny Stork spake the following on 9/20/2005 10:27 AM: >>> >>> >>> >>> >>>> After going through the instructions for coniguring MCP, I had no >>>> problem getting MailScanner to identify subject or body text >>>> contained in the default example rule file 10_example.cf. So I >>>> created a new file with the extension *cf, with the contents below, >>>> and resstared MailScanner. Going to the MailWatch interface, Tools, >>>> and "Update MCP Rules Descriptions" and it correctly showed the new >>>> rules listed below, But sending an email with only the word >>>> "password" in the subject line got through just fine? What am I >>>> missing? >>>> >>>> Thanks >>>> >>>> >>>> >>>> # Rules for PBCO Message Content Protection >>>> # >>>> >>>> header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>>> describe PASSWORD-SUBJECT-RULE Banned Subject >>>> score PASSWORD-SUBJECT-RULE 5 >>>> >>>> body PASSWORD-BODY-RULE /password/i >>>> describe PASSWORD-BODY-RULE Banned body text >>>> score PASSWORD-BODY-RULE 5 >>>> >>>> >>>> >>> >>> I don't see any rules with "-" dashes, they all have '_' underscores. >>> Maybe this isn't an allowed character in a rule name. >>> >>> >>> >> >> SpamAssassin generates a Perl function for each rule, so only the >> characters allowed in Perl function names are allowed in SpamAssassin >> rule names. So "-" is certainly not allowed, as it is the arithmetic >> "minus" operator. >> >> >> > PerMsgStatus patch fails but the others apply clean. I don't run MCP, but had some free time to at least try the patches. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Sep 20 21:45:42 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Didn't know if I should start a new thread, but I'm having a difficult time following this discussion with the subject line growing so fast. Has some option been changed on the mail list??? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 20 21:53:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just updated the patches so that there is now a set for SpamAssassin 3.1.0. Without all 3 patches applied, MCP won't be able to see inside binary attachments (such as Word docs). Scott Silva wrote: >Julian Field spake the following on 9/20/2005 1:01 PM: > > >>Have you tried my SpamAssassin 3.0.4 patches on SpamAssassin 3.1.0 yet? >>I would be very interested to hear if they apply okay. >> >>Johnny Stork wrote: >> >> >> >>>Thanks Julian and Scott, that fixed it. Was the name of the rule, just >>>changed to underscores. And yes Scott, the name of the rules file was >>>not *.cf, it is pbco_passwords.cf. >>> >>>Just tested it out, way too cool and even inside Word docs...excellent!! >>> >>>-----Original Message----- >>>From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >>>Sent: September 20, 2005 12:28 PM >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: [MAILSCANNER] Problem with new MCP rules? >>> >>> >>>Scott Silva wrote: >>> >>> >>> >>> >>> >>>>Johnny Stork spake the following on 9/20/2005 10:27 AM: >>>> >>>> >>>> >>>> >>>> >>>> >>>>>After going through the instructions for coniguring MCP, I had no >>>>>problem getting MailScanner to identify subject or body text >>>>>contained in the default example rule file 10_example.cf. So I >>>>>created a new file with the extension *cf, with the contents below, >>>>>and resstared MailScanner. Going to the MailWatch interface, Tools, >>>>>and "Update MCP Rules Descriptions" and it correctly showed the new >>>>>rules listed below, But sending an email with only the word >>>>>"password" in the subject line got through just fine? What am I >>>>>missing? >>>>> >>>>>Thanks >>>>> >>>>> >>>>> >>>>># Rules for PBCO Message Content Protection >>>>># >>>>> >>>>>header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>>>>describe PASSWORD-SUBJECT-RULE Banned Subject >>>>>score PASSWORD-SUBJECT-RULE 5 >>>>> >>>>>body PASSWORD-BODY-RULE /password/i >>>>>describe PASSWORD-BODY-RULE Banned body text >>>>>score PASSWORD-BODY-RULE 5 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>I don't see any rules with "-" dashes, they all have '_' underscores. >>>>Maybe this isn't an allowed character in a rule name. >>>> >>>> >>>> >>>> >>>> >>>SpamAssassin generates a Perl function for each rule, so only the >>>characters allowed in Perl function names are allowed in SpamAssassin >>>rule names. So "-" is certainly not allowed, as it is the arithmetic >>>"minus" operator. >>> >>> >>> >>> >>> >PerMsgStatus patch fails but the others apply clean. >I don't run MCP, but had some free time to at least try the patches. > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 20 21:55:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Didn't know if I should start a new thread, but I'm having a difficult > time following this discussion with the subject line growing so fast. > Has some option been changed on the mail list??? I haven't changed any default values, but it seems a bunch of people have started using the subject line tagging (which I dislike as much as the rest of you :-) There are now patches for SpamAssassin 3.1.0 on www.mailscanner.info. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Tue Sep 20 21:53:24 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: Ahh of course, got them mixed up. So is it safe to apply the 3.0.4 patches? Also, I noticed my languages.conf was empty so I must have done something wrong with the upgrade and just used the old one and it got rid of those messages. Just tried to apply the 3.0.4 patches and output is below [root@pbco-server3 SpamAssassin]# patch < Conf.pm.patch.3.0.4 patching file Conf.pm Hunk #1 succeeded at 1088 (offset -319 lines). [root@pbco-server3 SpamAssassin]# patch < Message.pm.patch.3.0.4 patching file Message.pm Hunk #1 succeeded at 994 (offset 221 lines). [root@pbco-server3 SpamAssassin]# patch < PerMsgStatus.pm.patch.3.0.4 patching file PerMsgStatus.pm Hunk #1 FAILED at 157. 1 out of 1 hunk FAILED -- saving rejects to file PerMsgStatus.pm.rej [root@pbco-server3 SpamAssassin]# -----Original Message----- From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] Sent: September 20, 2005 1:41 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Johnny Stork wrote: >I was wondering about that cause earlier today I misstakenly applied the 3.0.0 patches when in fact I was running 3.0.4. And when I said in my last post that it scanned insided Word, I was again mistaken cause I had a bunch of test emails in the que and didnt realize that the one with the word attachement had not gone through yet. When it did it did not get scanned. I also just upgraded MS t0 4.45.4 so do you think I can still apply the 3.0.4 patches? I think they are already in 4.45.4 arent they? > > The MCP patches are for applying to SpamAssassin, not MailScanner. >I just did another test and it scanned and found a text file with banned content, but not the word doc. Also, below are some messages that show in the maillog? After upgrading to MS 4.45.4, I followed the instructions for upgrading mailscanner.conf and languages.conf? > >Looks like I missed something ? > > You are missing stuff from your languages.conf file, so I suspect you didn't upgrade_languages_conf properly. Make sure you renamed your languages.new file over the top of languages.conf. > > > > >Sep 20 13:27:34 pbco-server3 MailScanner[22619]: New Batch: Scanning 1 messages, 4358 bytes >Sep 20 13:27:34 pbco-server3 MailScanner[22619]: Looked up unknown string mcp in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string score in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string required in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string mcpspamassassin in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: MCP Checks: Found 1 MCP messages >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string spam in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:27:44 pbco-server3 MailScanner[22619]: Looked up unknown string notspam in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string score in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string required in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string spamassassin in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string unreadablearchive in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf >Sep 20 13:28:12 pbco-server3 MailScanner[22619]: Virus and Content Scanning: Starting >Sep 20 13:28:13 pbco-server3 MailScanner[22619]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf > >-----Original Message----- >From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >Sent: September 20, 2005 1:02 PM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP >rules? > > >Have you tried my SpamAssassin 3.0.4 patches on SpamAssassin 3.1.0 yet? >I would be very interested to hear if they apply okay. > >Johnny Stork wrote: > > > >>Thanks Julian and Scott, that fixed it. Was the name of the rule, just changed to underscores. And yes Scott, the name of the rules file was not *.cf, it is pbco_passwords.cf. >> >>Just tested it out, way too cool and even inside Word docs...excellent!! >> >>-----Original Message----- >>From: Julian Field [mailto:MailScanner@ECS.SOTON.AC.UK] >>Sent: September 20, 2005 12:28 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: [MAILSCANNER] Problem with new MCP rules? >> >> >>Scott Silva wrote: >> >> >> >> >> >>>Johnny Stork spake the following on 9/20/2005 10:27 AM: >>> >>> >>> >>> >>> >>> >>>>After going through the instructions for coniguring MCP, I had no problem getting MailScanner to identify subject or body text contained in the default example rule file 10_example.cf. So I created a new file with the extension *cf, with the contents below, and resstared MailScanner. Going to the MailWatch interface, Tools, and "Update MCP Rules Descriptions" and it correctly showed the new rules listed below, But sending an email with only the word "password" in the subject line got through just fine? What am I missing? >>>> >>>>Thanks >>>> >>>> >>>> >>>># Rules for PBCO Message Content Protection >>>># >>>> >>>>header PASSWORD-SUBJECT-RULE Subject =~ /password/i >>>>describe PASSWORD-SUBJECT-RULE Banned Subject >>>>score PASSWORD-SUBJECT-RULE 5 >>>> >>>>body PASSWORD-BODY-RULE /password/i >>>>describe PASSWORD-BODY-RULE Banned body text >>>>score PASSWORD-BODY-RULE 5 >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>I don't see any rules with "-" dashes, they all have '_' underscores. >>>Maybe this isn't an allowed character in a rule name. >>> >>> >>> >>> >>> >>> >>SpamAssassin generates a Perl function for each rule, so only the >>characters allowed in Perl function names are allowed in SpamAssassin >>rule names. So "-" is certainly not allowed, as it is the arithmetic >>"minus" operator. >> >> >> >> >> > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Tue Sep 20 22:05:04 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Subject Line ---My Fault---Sorry Message-ID: I just noticed all the appends...sorry, my mistake -----Original Message----- From: Ed Bruce [mailto:ebruce@HPMICH.COM] Sent: September 20, 2005 1:46 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Didn't know if I should start a new thread, but I'm having a difficult time following this discussion with the subject line growing so fast. Has some option been changed on the mail list??? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Tue Sep 20 22:21:20 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] spamassassin 3.1.0 patches Message-ID: I just applied the three new patches for SA 3.1.0, with MailScanner 4.45.4 but still could not trap a word doc with banned text. I never had this working previously so maybe I am missing something else? ----------------------------------------------------------- Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office #301 - 1190 Hornby St. Vancouver, BC (V6Z-2K5) 604-806-8840 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 20 23:15:33 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 9/20/2005 1:53 PM: > I have just updated the patches so that there is now a set for > SpamAssassin 3.1.0. Without all 3 patches applied, MCP won't be able to > see inside binary attachments (such as Word docs). > Talk about fast turnaround time! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 20 23:20:40 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] {MCP?} RE: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Johnny Stork spake the following on 9/20/2005 1:53 PM: > Ahh of course, got them mixed up. So is it safe to apply the 3.0.4 patches? Also, I noticed my languages.conf was empty so I must have done something wrong with the upgrade and just used the old one and it got rid of those messages. > > Just tried to apply the 3.0.4 patches and output is below > > [root@pbco-server3 SpamAssassin]# patch < Conf.pm.patch.3.0.4 > patching file Conf.pm > Hunk #1 succeeded at 1088 (offset -319 lines). > [root@pbco-server3 SpamAssassin]# patch < Message.pm.patch.3.0.4 > patching file Message.pm > Hunk #1 succeeded at 994 (offset 221 lines). > [root@pbco-server3 SpamAssassin]# patch < PerMsgStatus.pm.patch.3.0.4 > patching file PerMsgStatus.pm > Hunk #1 FAILED at 157. > 1 out of 1 hunk FAILED -- saving rejects to file PerMsgStatus.pm.rej > [root@pbco-server3 SpamAssassin]# > Are you sure you have spamassassin 3.04? That last patch failed at the same place that it fails with 3.10. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 20 23:18:29 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Problem with new MCP rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field spake the following on 9/20/2005 1:55 PM: > Ed Bruce wrote: > >> Didn't know if I should start a new thread, but I'm having a difficult >> time following this discussion with the subject line growing so fast. >> Has some option been changed on the mail list??? > > > I haven't changed any default values, but it seems a bunch of people > have started using the subject line tagging (which I dislike as much as > the rest of you :-) > > There are now patches for SpamAssassin 3.1.0 on www.mailscanner.info. > I killed subject line tagging to the list ages ago! Viva la ruleset! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Wed Sep 21 00:07:44 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: Hello List, http://computer-vet.com/weblog/2004/06/11/reverse_ndr.html My setup MS e-mail gatway relaying for exchange 2000.Upgrading to Xchange 2000 is in the works still as we have 1000's of users. My outbound Q on the mailscanner box is 6k with tonnes of NDRs,delaying legitimate e-mail. This started a week ago MS doing its job perfectly but still .....there should be a way to stop this attack. Accepting e-mail only for legit exchange users on the mailscanner gateway is also not helpful for this kind of attack. Running Sendmail and MS on Linux Any tips n tricks are appreciated. Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Sep 21 00:18:35 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Venkata Achanta wrote: > Hello List, > > http://computer-vet.com/weblog/2004/06/11/reverse_ndr.html > > My setup MS e-mail gatway relaying for exchange 2000.Upgrading to Xchange > 2000 is in the works still as we have 1000's of users. My outbound Q on the > mailscanner box is 6k with tonnes of NDRs,delaying legitimate e-mail. This > started a week ago MS doing its job perfectly but still .....there should > be a way to stop this attack. > > Accepting e-mail only for legit exchange users on the mailscanner gateway > is also not helpful for this kind of attack. Yes it is a way of preventing the attack, or at least it's a way of preventing you from being used as a "relay". In order for a reverse NDR attack to work you MUST first accept the message, then later generate a bounce DSN. Set up your mailscanner box to only accept valid users and your problem will evaporate. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Wed Sep 21 00:52:51 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: I use a tool called qtool.pl which scans the mail queue for any "User unknown" every hour and then deletes the mail from the queue. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: Tuesday, September 20, 2005 4:19 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Venkata Achanta wrote: > Hello List, > > http://computer-vet.com/weblog/2004/06/11/reverse_ndr.html > > My setup MS e-mail gatway relaying for exchange 2000.Upgrading to > Xchange 2000 is in the works still as we have 1000's of users. My > outbound Q on the mailscanner box is 6k with tonnes of NDRs,delaying > legitimate e-mail. This started a week ago MS doing its job perfectly > but still .....there should be a way to stop this attack. > > Accepting e-mail only for legit exchange users on the mailscanner > gateway is also not helpful for this kind of attack. Yes it is a way of preventing the attack, or at least it's a way of preventing you from being used as a "relay". In order for a reverse NDR attack to work you MUST first accept the message, then later generate a bounce DSN. Set up your mailscanner box to only accept valid users and your problem will evaporate. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Sep 21 01:11:11 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Philip Parsons wrote: > I use a tool called qtool.pl which scans the mail queue for any "User > unknown" every hour and then deletes the mail from the queue. > Hmmm, given the reality of Reverse NDR's, I'd not suggest using this script as any form of long-term solution. This approach only deals with the backloged queue problem that results from a spammer abusing you. It still leaves you vulnerable to being abused by spammers. All the successful reverse NDRs will have been spammed out by your server before the qtool.pl removes them. Fix it right, don't queue mail sent to your domain unless the recipient is valid. Period. Given the reality of the reverse NDR style of spamming it won't be long before blind-queue servers are generally regarded in the same light as open relays and smurf amplifiers. Do yourself a favor and start fixing the problem now before popular consensus agrees that this is a bad thing and blacklists are set up for "open NDR relays" which include your server. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Wed Sep 21 02:00:08 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: >Given the reality of the reverse NDR style of spamming it won't be long before >blind-queue servers are generally regarded in the same light as open relays and >smurf amplifiers. Do yourself a favor and start fixing the problem now before >popular consensus agrees that this is a bad thing and blacklists are set up for >"open NDR relays" which include your server. Thanks Matt.didnt make sense until it became a reality on my mail servers this week. I agree with you 100%. Now if i go the route of accepting e-mail for only valid users, how do i mitigate the risk of Directory Harvest attack on a setup like mine ?can you throw some light on it as well ? Thanks again. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Sep 21 02:37:14 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] increase score Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well i have been running both on 2 servers since 3x was released, until today. Didnt seem to be a big issue? I have rulesdujour doing the following, should i remove or add anything? TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS SARE_BAYES_POISON_NXM SARE_CODING SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB SARE_URI" Matt Kettler wrote: > Jon Miller wrote: > >>Yes, there was an antidrug.cf in /etc/mail/spamassassin. Why must this be deleted? curious. > > > Because antidrug was written as an add-on ruleset for users of SA 2.x. > > During the development of SA 3.0, I contributed these rules to the Spamassassin > project directly. Thus, if you're using a version of SA newer than 3.0, you > already have these rules in your default set and antidrug.cf is redundant. > > > FWIW, I'm the author of antidrug.cf, so I can speak authoritatively about it. > > > >>Is there a format that the local.cf file must follow? > > > There is no "general format" for local.cf, but each item in it must be a valid > option from man Mail::SpamAssassin::Conf. > > Be sure to run spamassassin --lint when you're done, as this will check your > files for errors. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at SMITS.CO.UK Wed Sep 21 10:39:22 2005 From: mailscanner at SMITS.CO.UK (Bart Smit) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Convert HTML To Text rule doesn't work as expected Message-ID: I am having problems with stripping HTML from inbound messages. One of our customers wants all HTML stripped but recently they have requested that messages from a trusted sending domain need to arrive with HTML intact. These are my relevant configuration details (names and IP's changed to protect the innocent). I have this line in MailScanner.conf: Convert HTML To Text = %rules-dir%/strip.html.rules The original rule worked very well; only the single recipient domain had their messages stripped. /etc/MailScanner/rules/strip.html.rules contained: To: *@recipient.domain yes FromOrTo: default no To test with a single recipient, I changed this to: To: recipient@recipient.domain no To: *@recipient.domain yes FromOrTo: default no and reloaded the service. This had no effect, so I added: From: 10.10.10.10 no To: recipient@recipient.domain no To: *@recipient.domain yes FromOrTo: default no But still the messages are being stripped as shown from this maillog snippet: Sep 20 02:55:49 mailscanner sendmail[21571]: j8K6tnVS021571: from=, size=103382, class=0, nrcpts=1, msgid=<00e201c5bdb0$533f7a90$4301a8c0@sender.domain>, proto=ESMTP, daemon=MTA, relay=relay.senderdomain.com [10.10.10.10] Sep 20 02:55:49 mailscanner sendmail[21571]: j8K6tnVS021571: to=, delay=00:00:00, mailer=esmtp, pri=133382, stat=queued Sep 20 02:55:58 mailscanner MailScanner[10446]: Content Checks: Detected and will convert HTML message to plain text in j8K6tnVS021571 Sep 20 02:56:00 mailscanner sendmail[21648]: j8K6tnVS021571: to=, delay=00:00:11, xdelay=00:00:02, mailer=esmtp, pri=223382, relay=[217.13.144.114] [217.13.144.114], dsn=2.0.0, stat=Sent ( <00e201c5bdb0$533f7a90$4301a8c0@sender.domain> Queued mail for delivery) The server has been rebooted for another reason but this has had no effect on this problem. I'm running version 4.40.11 and I cannot see any relevant fixes in the change log of later versions. Bart... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Janssen at RZ.UNI-FRANKFURT.DE Wed Sep 21 10:40:41 2005 From: Janssen at RZ.UNI-FRANKFURT.DE (Michael Janssen) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] directory attac - was: Reverse NDR attack... Message-ID: On Wed, 21 Sep 2005, Venkata Achanta wrote: > Now if i go the route of accepting e-mail for only valid users, how do i > mitigate the risk of Directory Harvest attack on a setup like mine ?can you > throw some light on it as well ? you can try to recognize the attacing hosts in the logs (a high percentage of unknown-user request against very low existing recipients) and block those hosts for a while. This means to have a cronjob-script which searches your maillogs for such hosts, a kind of database (flat file?) and means of blocking the hosts (at firewall level or mta level) and releasing the hosts from the block afterwards. I'm not certain if directory attacs are worth the effort (from my expirience the dictionary attacers gets 100% user-unknown, allmost-anytime) but having usable (usable by automated scripts searching the logs for bad behaving hosts) ways to block hosts is allways a good idea. For sendmail http://www.milter.info was often suggested on this list, by I don't know sendmail. regards Michael ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Wed Sep 21 11:41:25 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] /var/spool/mqueue* messages Message-ID: Somethimes there are some df en qf messages that don't get send from these folders. How does that come? Thanks koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Sep 21 12:31:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] /var/spool/mqueue* messages Message-ID: Koen What version of MS and is there anything in the maillog about these messages? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Koen Teugels Sent: 21 September 2005 11:41 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] /var/spool/mqueue* messages Somethimes there are some df en qf messages that don't get send from these folders. How does that come? Thanks koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Wed Sep 21 12:50:22 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Spamassassin broken Message-ID: Hello to all. I've been using MailScanner in our shop for about a year now, and it's worked just great. But, now I have a problem of my own making, and I need your help to fix it. First, some info: mailscanner-4.45.4-1 sendmail-8.12.11-4.RHEL3.1 spamassassin-2.55-3.4 clamav-0.86.2-1.1 mailwatch-0.5.1 All of the above except mailwatch are rpm installs on a CentOS 3 (RHEL AS 3) box. Last week, I thought I'd upgrade spamassassin to 3.0.1. This turned out to "break" DCC, razor, and RBL check. Linting spamassassin showed that the directives regarding DCC, razor, and RBL weren't being parsed. So, I decided to simply go back to my previous installation of spamassassin. Now, lint reports the following: Failed to parse line in SpamAssassin configuration, skipping: envelope_sender_header X-MailScanner-From Failed to parse line in SpamAssassin configuration, skipping: dcc_home /etc/dcc Failed to parse line in SpamAssassin configuration, skipping: lock_method flock Ugh. How did I manage to screw this up? More importantly, how can I fix it? I had this whole system running the balls before. Your help would be greatly appreciated. Dimitri ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From binaryflow at gmail.com Wed Sep 21 13:20:32 2005 From: binaryflow at gmail.com (Douglas Ward) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am using a postfix/MailScanner combination on our e-mail gateways. We use the relay_domain and relay_recipient options to only allow mail through if it is first a valid domain and second if it is a valid recipient on the domain. It is a bit of manual work to keep the recipient list up to date but they tell me pretty quickly if I forget! :) With this setup postfix automatically rejects the message. I don't see many NDR's in the queue waiting to be processed. I figure its either that I haven't been dictionary attacked yet or postfix is doing a good job! On 9/20/05, Venkata Achanta wrote: >Given the reality of the reverse NDR style of spamming it won't be long before >blind-queue servers are generally regarded in the same light as open relays and >smurf amplifiers. Do yourself a favor and start fixing the problem now before >popular consensus agrees that this is a bad thing and blacklists are set up for >"open NDR relays" which include your server. Thanks Matt.didnt make sense until it became a reality on my mail servers this week. I agree with you 100%. Now if i go the route of accepting e-mail for only valid users, how do i mitigate the risk of Directory Harvest attack on a setup like mine ?can you throw some light on it as well ? Thanks again. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Sep 21 14:07:12 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Latest Bagel varients Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I noticed this morning that the latest couple bagel varients are not being caught by bit defender and f-prot (clam gets them as of early this morning). bdc will catch them if the --nohed (unknown virus detection) switch is used but that switch is not in the default CommonOptions setting of SweepViruses.pm. Should it be, or does someone know of a reason it isn't at this time? Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Wed Sep 21 14:26:43 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I am using a postfix/MailScanner combination on our e-mail gateways. We use > the relay_domain and relay_recipient options to only allow mail through if it is first a valid domain and second if it is a valid recipient on the domain. It is a bit of manual work to keep the recipient list up to date but > they tell me pretty quickly if I forget! :) With this setup postfix automatically rejects the message. I don't see many NDR's in the queue waiting to be processed. I figure its either that I haven't been dictionary > attacked yet or postfix is doing a good job! In sendmail the virtusertable can be your friend. And you may want to include nobodyreturn in your confPRIVACY_FLAGS: PrivacyOptions=nobodyreturn instructs sendmail not to include the body of the original message on delivery status notifications. ... An example-line for your mc: define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,nobodyreturn,restrictqrun')dnl -- Lars > > On 9/20/05, Venkata Achanta wrote: >> >> >Given the reality of the reverse NDR style of spamming it won't be long >> before >> >blind-queue servers are generally regarded in the same light as open >> relays and >> >smurf amplifiers. Do yourself a favor and start fixing the problem now >> before >> >popular consensus agrees that this is a bad thing and blacklists are >> set >> up for >> >"open NDR relays" which include your server. >> >> Thanks Matt.didnt make sense until it became a reality on my mail servers >> this week. I agree with you 100%. >> >> Now if i go the route of accepting e-mail for only valid users, how do i mitigate the risk of Directory Harvest attack on a setup like mine ?can you >> throw some light on it as well ? >> >> Thanks again. >> >> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Wed Sep 21 15:22:02 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] MS 4.44.6 + Postfix mail queue problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, We have a problem with MS 4.44.6 and Postfix on FreeBSD 5.4. Postfix accepts the mail and it's waiting for MS in the hold queue. So far so good. However MS intially scans the queue, but after about 30 min, the queue fills up and MailScanner stops scanning (0,0 cpu usage). When MailScanner is restarted everything works fine for about 30 mins. Any ideas what might be wrong? --- Running on FreeBSD home.kub.grip.nl 5.4-RELEASE-p4 FreeBSD 5.4-RELEASE-p4 #6: Mon Jul 11 13:23:43 CEST 2005 root@home.kub.grip.nl:/usr/obj/usr/src/sys/HOME i386 This is Perl version 5.008007 (5.8.7) This is MailScanner version 4.44.6 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.07 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.11 IO::File 1.123 IO::Pipe 1.67 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.06 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.811 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.12 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.53 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.48 Test::Harness 0.54 Test::Simple 1.95 Text::Balanced 1.35 URI Regards, Remy. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Sep 21 15:31:20 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] MS 4.44.6 + Postfix mail queue problems? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, September 21, 2005 15:22, Remy de Ruysscher wrote: > Hi, > > We have a problem with MS 4.44.6 and Postfix on FreeBSD 5.4. Postfix > accepts the mail and it's waiting for MS in > the hold queue. So far so good. However MS intially scans the queue, but > after about 30 min, the queue fills up > and MailScanner stops scanning (0,0 cpu usage). When MailScanner is > restarted everything works fine for > about 30 mins. > > Any ideas what might be wrong? I would suggest this is caused by a message with a TNEF attachment. Change your MailScanner.conf from using the internal decoder to the external one and restart MailScanner. It's been covered before so you might want to check the list archives for more detail (And I *think* Julian has fixed this in the latest Beta (Which may not be in the ports tree yet)). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Sep 21 15:31:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] MS 4.44.6 + Postfix mail queue problems? Message-ID: Remy Any indications in the maillog that the emails themselves contain winmail.dat items? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Remy de Ruysscher Sent: 21 September 2005 15:22 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] MS 4.44.6 + Postfix mail queue problems? Hi, We have a problem with MS 4.44.6 and Postfix on FreeBSD 5.4. Postfix accepts the mail and it's waiting for MS in the hold queue. So far so good. However MS intially scans the queue, but after about 30 min, the queue fills up and MailScanner stops scanning (0,0 cpu usage). When MailScanner is restarted everything works fine for about 30 mins. Any ideas what might be wrong? --- ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From remy at UNIX-ASP.COM Wed Sep 21 15:35:40 2005 From: remy at UNIX-ASP.COM (Remy de Ruysscher) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] MS 4.44.6 + Postfix mail queue problems? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Drew, I have a few TNEF attachments, but I had already changed the TNEF decoder to external since sept. 1st. Had no problems until yesterday evening. Sep 21 14:05:08 home MailScanner[22364]: Expanding TNEF archive at /var/spool/MailScanner/incoming/22364/AACBE39BFE.5C375/winmail.dat Sep 21 15:23:50 home MailScanner[15998]: Expanding TNEF archive at /var/spool/MailScanner/incoming/15998/CB9BC39BFC.C7AB7/winmail.dat Martin Hepworth wrote: >Remy > >Any indications in the maillog that the emails themselves contain >winmail.dat items? > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Remy de Ruysscher >Sent: 21 September 2005 15:22 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: [MAILSCANNER] MS 4.44.6 + Postfix mail queue problems? > >Hi, > >We have a problem with MS 4.44.6 and Postfix on FreeBSD 5.4. Postfix >accepts the mail and it's waiting for MS in >the hold queue. So far so good. However MS intially scans the queue, but >after about 30 min, the queue fills up >and MailScanner stops scanning (0,0 cpu usage). When MailScanner is >restarted everything works fine for >about 30 mins. > >Any ideas what might be wrong? > >--- > > > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 3.9KB. ] [ Unable to print this part. ] From nilesh.shastrakar at gmail.com Wed Sep 21 15:44:33 2005 From: nilesh.shastrakar at gmail.com (Nilesh Shastrakar) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Mails are not saving in quaratine folder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello All, Mailscanner is working fine on my system except with this bug. I have tried to send mail with Eicar.com attachment, received the email has been marked as Virus e-mail but couldnot saved message/attachement in quaratine folder Details of Hardware , configuration and Report Message Hardware : P4 2.0 Ghx 512MB RAM 80 GB IDE OS : Fedora Core 4 MTA : Sendmail 8.13.4-2 Virus Scanner: Clamav Spam Scanner : Spamassassin MailScanner.conf settings # User to run as Run As User = # Group to run as Run As Group = MTA = sendmail Incoming Work Dir Settings Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine and Archive Settings Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Permissions of Folder /Var/Spool/MailScanner/Quaratine File Owner:root File group:root Permission:700 This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "eicar_com.zip" was believed to be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Wed Sep 21 19:41:05 2005 the virus scanner said: ClamAV: eicar_com.zip contains Eicar-Test-Signature Note to Help Desk: Look on the MailScanner () MailScanner in /var/spool/MailScanner/quarantine/20050921 (message j8LEAumZ003380). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Sep 21 16:19:57 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] MS 4.44.6 + Postfix mail queue problems? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, September 21, 2005 15:35, Remy de Ruysscher wrote: > Martin, Drew, > > I have a few TNEF attachments, but I had already changed the TNEF > decoder to external since sept. 1st. > Had no problems until yesterday evening. > > Sep 21 14:05:08 home MailScanner[22364]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/22364/AACBE39BFE.5C375/winmail.dat > Sep 21 15:23:50 home MailScanner[15998]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/15998/CB9BC39BFC.C7AB7/winmail.dat What happens it you set debug to yes in MailScanner.conf then restart MailScanner (/usr/local/etc/rc.d/mailscanner.sh restart assuming you installed from ports)? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Sep 21 16:59:47 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Venkata Achanta wrote: > Thanks Matt.didnt make sense until it became a reality on my mail servers > this week. I agree with you 100%. > > Now if i go the route of accepting e-mail for only valid users, how do i > mitigate the risk of Directory Harvest attack on a setup like mine ?can you > throw some light on it as well ? What's your outside MTA? Sendmail? Try this sendmail.mc config option to deal with dictionary attacks: #after 10 invalid recipients, start slowing them down with #1 second sleeps, makes dictionary attacks very slow define(`confBAD_RCPT_THROTTLE',10) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Wed Sep 21 17:07:11 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Convert HTML To Text rule doesn't work as expected Message-ID: Bart Smit wrote: > I am having problems with stripping HTML from inbound > messages. One of our customers wants all HTML stripped but > recently they have requested that messages from a trusted > sending domain need to arrive with HTML intact. > So... if I have this correct. Do not strip html Unless to recipient.domain except if from sender.domain. So surely the rules need to be... From: sender@sender.domain no To: *@recipient.domain yes FromOrTo: default no Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Wed Sep 21 17:09:20 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does this work in any version of Sendmail? Get Firefox! Matt Kettler wrote: Venkata Achanta wrote: Thanks Matt.didnt make sense until it became a reality on my mail servers this week. I agree with you 100%. Now if i go the route of accepting e-mail for only valid users, how do i mitigate the risk of Directory Harvest attack on a setup like mine ?can you throw some light on it as well ? What's your outside MTA? Sendmail? Try this sendmail.mc config option to deal with dictionary attacks: #after 10 invalid recipients, start slowing them down with #1 second sleeps, makes dictionary attacks very slow define(`confBAD_RCPT_THROTTLE',10) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Sep 21 17:21:47 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Wiki - broken link Message-ID: I just noticed that in the Wiki Section: MS Active Directory and Lotus Notes Thanks to Pete Russell for this section. (Latest info and scripts always available at http://www.eatathome.com.au/maps) The link to http://www.eatathome.com.au/maps is broken. Does anyone know where the scripts now reside? Thanks, Steve Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Sep 21 17:24:34 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Sweeney wrote: > Does this work in any version of Sendmail? AFAIK BAD_RCPT_THROTTLE requires 8.12.0 or higher. So if you're running an old sendmail it won't work, but anything vaguely recent should be fine. (I believe 8.12.0 was released in 2001, so most boxes should have it) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Sep 21 18:14:30 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Spamassassin broken Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If you install SpamAssassin from my install-Clam-SA.tar.gz tarball (which you can get from the bottom of the downloads page on www.mailscanner.info) then it will tell you what you need to add to your init.pre file to re-enable Razor2 and DCC. That may help you get started. Dimitri Yioulos wrote: >Hello to all. > >I've been using MailScanner in our shop for about a year now, and it's worked >just great. But, now I have a problem of my own making, and I need your help >to fix it. > >First, some info: > >mailscanner-4.45.4-1 >sendmail-8.12.11-4.RHEL3.1 >spamassassin-2.55-3.4 >clamav-0.86.2-1.1 >mailwatch-0.5.1 > >All of the above except mailwatch are rpm installs on a CentOS 3 (RHEL AS 3) >box. > >Last week, I thought I'd upgrade spamassassin to 3.0.1. This turned out to >"break" DCC, razor, and RBL check. Linting spamassassin showed that the >directives regarding DCC, razor, and RBL weren't being parsed. So, I decided >to simply go back to my previous installation of spamassassin. Now, lint >reports the following: > >Failed to parse line in SpamAssassin configuration, skipping: >envelope_sender_header X-MailScanner-From >Failed to parse line in SpamAssassin configuration, skipping: >dcc_home /etc/dcc >Failed to parse line in SpamAssassin configuration, skipping: lock_method >flock > >Ugh. How did I manage to screw this up? More importantly, how can I fix it? >I had this whole system running the balls before. Your help would be greatly >appreciated. > >Dimitri > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Sep 21 18:33:58 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] 4.46.1, uninitialized variables, OK Message-ID: Julian, I just installed 4.46.1, ran it in debug mode, and it didn't whine about uninitialized variables. My setup: Solaris 9, SA 3.1. Thanks! Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Wed Sep 21 18:56:17 2005 From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: At 11:59 AM 9/21/2005, you wrote: >Venkata Achanta wrote: > > Thanks Matt.didnt make sense until it became a reality on my mail servers > > this week. I agree with you 100%. > > > > Now if i go the route of accepting e-mail for only valid users, how do i > > mitigate the risk of Directory Harvest attack on a setup like mine ?can > you > > throw some light on it as well ? > >What's your outside MTA? Sendmail? > >Try this sendmail.mc config option to deal with dictionary attacks: > >#after 10 invalid recipients, start slowing them down with >#1 second sleeps, makes dictionary attacks very slow > >define(`confBAD_RCPT_THROTTLE',10) Does this work for the distributed attacks I'm seeing? I've been set at define(`confBAD_RCPT_THROTTLE',2). It appears that zombied PCs are being used by the attacker to smack my server with all kinds of attempts to deliver. They'll come from IPs from all over the globe including some predominant US ISPs. Any other suggestions? Thanks, Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Sep 21 19:24:51 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:47 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: I block the heavy-hitter spam zombies at the firewall if need be. In my case, this is with an ipfilter rule (I use Solaris). For modern sendmail, also look at the following for you .mc file: FEATURE(`greet_pause', `8000')dnl 8 seconds FEATURE(`conncontrol',`nodelay',`terminate')dnl FEATURE(`ratecontrol',`nodelay',`terminate')dnl define(`confCONNECTION_RATE_THROTTLE',4)dnl define(`confCONNECTION_RATE_WINDOW_SIZE',60s)dnl Jeff Earickson Colby College On Wed, 21 Sep 2005, dnsadmin 1bigthink.com wrote: > Date: Wed, 21 Sep 2005 13:56:17 -0400 > From: dnsadmin 1bigthink.com > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? > > At 11:59 AM 9/21/2005, you wrote: > >> Venkata Achanta wrote: >> > Thanks Matt.didnt make sense until it became a reality on my mail servers >> > this week. I agree with you 100%. >> > >> > Now if i go the route of accepting e-mail for only valid users, how do i >> > mitigate the risk of Directory Harvest attack on a setup like mine ?can >> you >> > throw some light on it as well ? >> >> What's your outside MTA? Sendmail? >> >> Try this sendmail.mc config option to deal with dictionary attacks: >> >> #after 10 invalid recipients, start slowing them down with >> #1 second sleeps, makes dictionary attacks very slow >> >> define(`confBAD_RCPT_THROTTLE',10) > > Does this work for the distributed attacks I'm seeing? I've been set at > define(`confBAD_RCPT_THROTTLE',2). > > It appears that zombied PCs are being used by the attacker to smack my server > with all kinds of attempts to deliver. They'll come from IPs from all over > the globe including some predominant US ISPs. > > Any other suggestions? > > Thanks, > Glenn > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dnsadmin at 1BIGTHINK.COM Wed Sep 21 21:35:54 2005 From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: At 02:24 PM 9/21/2005, you wrote: >I block the heavy-hitter spam zombies at the firewall if need be. >In my case, this is with an ipfilter rule (I use Solaris). For modern >sendmail, also look at the following for you .mc file: > >FEATURE(`greet_pause', `8000')dnl 8 seconds >FEATURE(`conncontrol',`nodelay',`terminate')dnl >FEATURE(`ratecontrol',`nodelay',`terminate')dnl >define(`confCONNECTION_RATE_THROTTLE',4)dnl >define(`confCONNECTION_RATE_WINDOW_SIZE',60s)dnl > >Jeff Earickson >Colby College > >>>Venkata Achanta wrote: >>> > Thanks Matt.didnt make sense until it became a reality on my mail servers >>> > this week. I agree with you 100%. >>> > >>> > Now if i go the route of accepting e-mail for only valid users, how do i >>> > mitigate the risk of Directory Harvest attack on a setup like mine >>> ?can you >>> > throw some light on it as well ? >>>What's your outside MTA? Sendmail? >>>Try this sendmail.mc config option to deal with dictionary attacks: >>>#after 10 invalid recipients, start slowing them down with >>>#1 second sleeps, makes dictionary attacks very slow >>>define(`confBAD_RCPT_THROTTLE',10) >> >>Does this work for the distributed attacks I'm seeing? I've been set at >>define(`confBAD_RCPT_THROTTLE',2). >> >>It appears that zombied PCs are being used by the attacker to smack my >>server with all kinds of attempts to deliver. They'll come from IPs from >>all over the globe including some predominant US ISPs. >> >>Any other suggestions? >> >>Thanks, >>Glenn I've only had one or two culprits hit me so hard that they earned a permanent place on my iptables ruleset. I took the time to Google all the settings you recommended and implemented them all. I was surprised to find that I had not originally implemented the GreetPause feature, but had not seen, prior to my Google research, that you can and should at least except your localhost in the access database. Thanks for your help! It'll be interesting to see the difference in my logs tomorrow! Thanks! Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Sep 21 21:55:20 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Mails are not saving in quaratine folder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Check the letter case of the directory entries, as Var is not the same as var and Spool is not the same as spool in any form or variation of unix/linux. I would suspect the case variations and the missing directory definitions should be fixed. See below > > Incoming Work Dir Settings > > Incoming Work User = > > Incoming Work Group = > > Incoming Work Permissions = 0600 > > Quarantine and Archive Settings > > Quarantine User = > > Quarantine Group = > > Quarantine Permissions = 0600 > > > > Permissions of Folder > > /Var/Spool/MailScanner/Quaratine should probably be /var/spool/MailScanner/quarantine note the letter case- - - But check your filesystem to make sure, because I really doubt that var is initial caps. > > File Owner:root > > File group:root > > Permission:700 > > This is a message from the MailScanner E-Mail Virus Protection Service > > ---------------------------------------------------------------------- > > The original e-mail attachment "eicar_com.zip" > > was believed to be infected by a virus and has been replaced by this warning > > message. > > If you wish to receive a copy of the *infected* attachment, please > > e-mail helpdesk and include the whole of this message > > in your request. Alternatively, you can call them, with > > the contents of this message to hand when you call. > > At Wed Sep 21 19:41:05 2005 the virus scanner said: > > ClamAV: eicar_com.zip contains Eicar-Test-Signature > > Note to Help Desk: Look on the MailScanner () MailScanner in > > /var/spool/MailScanner/quarantine/20050921 (message j8LEAumZ003380). > > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at ROGERS.COM Wed Sep 21 22:19:16 2005 From: gdoris at ROGERS.COM (Gerry Doris) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Black List Question Message-ID: I've been bothered by a series of spam emails from Korea. These are showing up as info@some_random_domain. SpamAssassin is whacking them really hard and they are all being dropped as high scoring spam. However, I was playing with rules and decided to see what would happen if I blacked listed these messages. I was surprised to see that they were indeed blacklisted but it looks like they bypassed all the spam scoring. They were marked as spam and passed through to my holding account (I use this to confirm any marginal spam before deleting). This wasn't the behaviour I expected. When I white list a domain the message still undergoes spam scoring but isn't modified or deleted (obviously!). I expected black listed messages to treated similarly ie. marked as spam no matter the score but still scored. I would end up seeing the spam marked message in my holding account (not deleted as high scoring spam) with the usual high score. Am I missing something or is this how it's supposed to work? BTW, I ended up just adding the entry to sendmail's access database to discard these messages to avoid getting into my system at all. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Wed Sep 21 22:29:33 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: Thanks for the suggestions everyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alden at ENGINENO9INC.COM Wed Sep 21 22:52:53 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: I just tried to update MS to the latest stable version on FC2 and there were no installation errors. However, when I tried to restart MailScanner, I get: service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: head: /var/run/sendmail.in.pid: No such file or directory [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Compress::Zlib object version 1.39 does not match bootstrap parameter 1.33 at /usr/lib/perl5/5.8.1/i386-linux-thread-multi/DynaLoader.pm line 249. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 47. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 47. Compilation failed in require at /usr/sbin/MailScanner line 75. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 75. [ OK ] Can anyone help me, please? Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Wed Sep 21 23:17:00 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] OT: Sendmail retries - bounce handling Message-ID: hello List, I am wondering what other people are doing in regards to Sendmail retries regarding the bounce messages. I think the standard practice (just a guesstimate, i havent referred to RFCs yet) is to retry every hour for 5 days. what is the ideal sendmail configuration to handle the bulk of outbound e- mail to valid email addresses quickly with least preference to retries ? i google around and found various option like having multiple queues and moving the bounce messages to other queues and forcing retries at other intervals. but i would like to see what other people on this list are doing ? Right now in my current configuration the "hard-to-reach" email addresses are creating a bottleneck for outbound email. i know i can avoid some of these completely by going the "accepting e-mail for the valid users" route. But there will always be DSNs from my internal users sending out bulk e- mails to non-existant users when they send out news letters or mass communication e-mails.(no flames please! i dont work for a spamming company but every org sends out some of these every now and then like monthly e- statments or something like that) Any pointers to ensure fast and efficient outbound email flow. Thanks much, Venkata Achanta ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Wed Sep 21 23:23:06 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Convert HTML To Text rule doesn't work as expected Message-ID: > So surely the rules need to be... > > From: sender@sender.domain no Correction... From: *@sender.domain no ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alden at ENGINENO9INC.COM Wed Sep 21 22:12:09 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: I just tried to update MS to the latest stable version on FC2 and there were no installation errors. However, when I tried to restart MailScanner, I get: service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: head: /var/run/sendmail.in.pid: No such file or directory [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Compress::Zlib object version 1.39 does not match bootstrap parameter 1.33 at /usr/lib/perl5/5.8.1/i386-linux-thread-multi/DynaLoader.pm line 249. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 47. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 47. Compilation failed in require at /usr/sbin/MailScanner line 75. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 75. [ OK ] Can anyone help me, please? Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alden at ENGINENO9INC.COM Wed Sep 21 22:56:18 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just tried to update MS to the latest stable version on FC2 and there were no installation errors. However, when I tried to restart MailScanner, I get: service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: head: /var/run/sendmail.in.pid: No such file or directory [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Compress::Zlib object version 1.39 does not match bootstrap parameter 1.33 at /usr/lib/perl5/5.8.1/i386-linux-thread-multi/DynaLoader.pm line 249. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 47. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 47. Compilation failed in require at /usr/sbin/MailScanner line 75. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 75. [ OK ] Can anyone help me, please? Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alden at ENGINENO9INC.COM Wed Sep 21 23:55:46 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: Uh...Never mind. I found Compress:Zlib v1.33 and got it working. Odd, though, that this happened. It's amazing what one can accomplish after a few deep breaths. --Alden On Wed, 21 Sep 2005 22:52:53 +0100, Alden Levy wrote: >I just tried to update MS to the latest stable version on FC2 and there were >no installation errors. However, when I tried to restart MailScanner, I >get: service MailScanner restart Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: head: /var/run/sendmail.in.pid: No such file or >directory > [ OK ] > outgoing sendmail: [ OK ] >Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Compress::Zlib object version 1.39 does not >match bootstrap parameter 1.33 at >/usr/lib/perl5/5.8.1/i386-linux-thread-multi/DynaLoader.pm line 249. >Compilation failed in require at >/usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. BEGIN >failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm >line 24. Compilation failed in require at >/usr/lib/MailScanner/MailScanner/Message.pm line 47. BEGIN >failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm >line 47. Compilation failed in require at /usr/sbin/MailScanner line 75. >BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 75. > [ OK ] > >Can anyone help me, please? > >Thanks, >Alden > >Alden Levy >Engine No. 9, Inc. >130 W. 57th Street, Suite 2F >New York, NY 10019 >(212) 981-1122 >(212) 504-9598 fax > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! >========================================================================= ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Thu Sep 22 00:30:47 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] queried reports not showing up Message-ID: Whenever I try to retrieve a report I always get " no rows retrieve" as the outcome. If I do a search on a particular heading that was sent through I can never find it. Is this because all mail that went through (marked clean) is not in the listing? I'd like to find out why certain spam is getting through. All I can see is in the headers it may have a score of "s". Also where are the reports kept and can they be searched outside of the mailscanner report feature. Appreciate the much needed help. Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/PLAIN 35 lines. ] [ Unable to print this part. ] From alden at ENGINENO9INC.COM Thu Sep 22 00:26:51 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: Sorry for the duplicate messages. I realized that I had written the messages first from my mail program, then from the web interface, and--after realizing that noone would get these messages--from the jiscmail interface. In any event, I still have one problem, but it still looks like it's working, namely: incoming sendmail: head: /var/run/sendmail.in.pid: No such file or directory There was no file named sendmail.in.pid, so I copied sendmail.pid over. While the system works, when I check the status of MailScanner, I get: Checking MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [FAILED] outgoing sendmail: [ OK ] However, I seem to have the same services running as I had this morning. I am able to send emails to accounts on this box from outside accounts, as well as send emails from accounts on this box to accounts outside this box (and, of course, emails between accounts on this box). Suggestions? Thanks, Alden On Wed, 21 Sep 2005 23:55:46 +0100, Alden Levy wrote: >Uh...Never mind. I found Compress:Zlib v1.33 and got it working. Odd, >though, that this happened. > >It's amazing what one can accomplish after a few deep breaths. > >--Alden > >On Wed, 21 Sep 2005 22:52:53 +0100, Alden Levy wrote: > >>I just tried to update MS to the latest stable version on FC2 and there were >>no installation errors. However, when I tried to restart MailScanner, I >>get: service MailScanner restart Shutting down MailScanner daemons: >> MailScanner: [FAILED] >> incoming sendmail: head: /var/run/sendmail.in.pid: No such file or >>directory >> [ OK ] >> outgoing sendmail: [ OK ] >>Starting MailScanner daemons: >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> MailScanner: Compress::Zlib object version 1.39 does not >>match bootstrap parameter 1.33 at >>/usr/lib/perl5/5.8.1/i386-linux-thread-multi/DynaLoader.pm line 249. >>Compilation failed in require at >>/usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm line 24. BEGIN >>failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.1/Archive/Zip.pm >>line 24. Compilation failed in require at >>/usr/lib/MailScanner/MailScanner/Message.pm line 47. BEGIN >>failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm >>line 47. Compilation failed in require at /usr/sbin/MailScanner line 75. >>BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 75. >> [ OK ] >> >>Can anyone help me, please? >> >>Thanks, >>Alden >> >>Alden Levy >>Engine No. 9, Inc. >>130 W. 57th Street, Suite 2F >>New York, NY 10019 >>(212) 981-1122 >>(212) 504-9598 fax >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >>========================================================================= > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! >========================================================================= ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Thu Sep 22 02:34:00 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've seen that before, While I'm not absolutely sure what it was, as I remember it was that there was a previous copy of sendmail running that was not started by MailScanner and MailScanner wouldn't stop it. So I did a "chkconfig sendmail off" and "service stop sendmail" to stop the previous sendmail and then started MailScanner normally and it worked. This was on RedHat Linux. That seems to me what I did that fixed it. Dennis Alden Levy wrote: > On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva wrote: > > >>Alden Levy spake the following on 9/21/2005 4:26 PM: >> >>>Sorry for the duplicate messages. I realized that I had written the >>>messages first from my mail program, then from the web interface, and--after >>>realizing that noone would get these messages--from the jiscmail interface. >>> >>>In any event, I still have one problem, but it still looks like it's >>>working, namely: >>> incoming sendmail: head: /var/run/sendmail.in.pid: No such file or >>>directory >>> >>>There was no file named sendmail.in.pid, so I copied sendmail.pid over. >>>While the system works, when I check the status of MailScanner, I get: >>>Checking MailScanner daemons: >>> MailScanner: [ OK ] >>> incoming sendmail: [FAILED] >>> outgoing sendmail: [ OK ] >>> >>>However, I seem to have the same services running as I had this morning. I >>>am able to send emails to accounts on this box from outside accounts, as >>>well as send emails from accounts on this box to accounts outside this box >>>(and, of course, emails between accounts on this box). >>> >>>Suggestions? >>> >>>Thanks, >>>Alden >> >>Delete the copied pid, then stop MailScanner and run >>touch /var/run/sendmail.in.pid >>then restart MailScanner and see if that helps. >> >> > > > I tried that. When I check service MailScanner status, I get: > Checking MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [FAILED] > outgoing sendmail: [ OK ] > > And in my mail logs, I get: > Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): > opendaemonsocket: daemon MTA: cannot bind: Address already in use > Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating SMTP socket > Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): > opendaemonsocket: daemon MTA: cannot bind: Address already in use > Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating SMTP socket > > Any other suggestions? > > Thanks, again, > Alden > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevinold at gmail.com Thu Sep 22 02:27:27 2005 From: kevinold at gmail.com (Kevin Old) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Block outgoing mail with rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello everyone, I have a need to block a user from sending to a few email addresses. I've looked at the examples under the rules directory, but can't figure out how to have a message archived instead of being delivered if going TO a certain email address. I think my rule should be like this: To email.addy@idontwantsentto not sure what to put here Also, to complicate things, I only want messages TO that address to not be delivered if and only if the From address is bad.user@mydomain. I've read the docs and still can't seem to figure it out.... Any help is appreciated, Kevin -- Kevin Old kevinold@gmail.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alden at ENGINENO9INC.COM Thu Sep 22 01:33:13 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva wrote: >Alden Levy spake the following on 9/21/2005 4:26 PM: >> Sorry for the duplicate messages. I realized that I had written the >> messages first from my mail program, then from the web interface, and--after >> realizing that noone would get these messages--from the jiscmail interface. >> >> In any event, I still have one problem, but it still looks like it's >> working, namely: >> incoming sendmail: head: /var/run/sendmail.in.pid: No such file or >> directory >> >> There was no file named sendmail.in.pid, so I copied sendmail.pid over. >> While the system works, when I check the status of MailScanner, I get: >> Checking MailScanner daemons: >> MailScanner: [ OK ] >> incoming sendmail: [FAILED] >> outgoing sendmail: [ OK ] >> >> However, I seem to have the same services running as I had this morning. I >> am able to send emails to accounts on this box from outside accounts, as >> well as send emails from accounts on this box to accounts outside this box >> (and, of course, emails between accounts on this box). >> >> Suggestions? >> >> Thanks, >> Alden > >Delete the copied pid, then stop MailScanner and run >touch /var/run/sendmail.in.pid >then restart MailScanner and see if that helps. > > I tried that. When I check service MailScanner status, I get: Checking MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [FAILED] outgoing sendmail: [ OK ] And in my mail logs, I get: Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating SMTP socket Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating SMTP socket Any other suggestions? Thanks, again, Alden ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 22 00:57:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alden Levy spake the following on 9/21/2005 4:26 PM: > Sorry for the duplicate messages. I realized that I had written the > messages first from my mail program, then from the web interface, and--after > realizing that noone would get these messages--from the jiscmail interface. > > In any event, I still have one problem, but it still looks like it's > working, namely: > incoming sendmail: head: /var/run/sendmail.in.pid: No such file or > directory > > There was no file named sendmail.in.pid, so I copied sendmail.pid over. > While the system works, when I check the status of MailScanner, I get: > Checking MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [FAILED] > outgoing sendmail: [ OK ] > > However, I seem to have the same services running as I had this morning. I > am able to send emails to accounts on this box from outside accounts, as > well as send emails from accounts on this box to accounts outside this box > (and, of course, emails between accounts on this box). > > Suggestions? > > Thanks, > Alden Delete the copied pid, then stop MailScanner and run touch /var/run/sendmail.in.pid then restart MailScanner and see if that helps. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alden at ENGINENO9INC.COM Thu Sep 22 02:44:17 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: On Wed, 21 Sep 2005 18:34:00 -0700, Dennis Willson wrote: >I've seen that before, While I'm not absolutely sure what it was, as I remember it was that there was a previous copy of sendmail >running that was not started by MailScanner and MailScanner wouldn't stop it. So I did a "chkconfig sendmail off" and "service stop >sendmail" to stop the previous sendmail and then started MailScanner normally and it worked. > >This was on RedHat Linux. That seems to me what I did that fixed it. > >Dennis > >Alden Levy wrote: >> On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva wrote: >> >> >>>Alden Levy spake the following on 9/21/2005 4:26 PM: >>> >>>>Sorry for the duplicate messages. I realized that I had written the >>>>messages first from my mail program, then from the web interface, and--after >>>>realizing that noone would get these messages--from the jiscmail interface. >>>> >>>>In any event, I still have one problem, but it still looks like it's >>>>working, namely: >>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such file or >>>>directory >>>> >>>>There was no file named sendmail.in.pid, so I copied sendmail.pid over. >>>>While the system works, when I check the status of MailScanner, I get: >>>>Checking MailScanner daemons: >>>> MailScanner: [ OK ] >>>> incoming sendmail: [FAILED] >>>> outgoing sendmail: [ OK ] >>>> >>>>However, I seem to have the same services running as I had this morning. I >>>>am able to send emails to accounts on this box from outside accounts, as >>>>well as send emails from accounts on this box to accounts outside this box >>>>(and, of course, emails between accounts on this box). >>>> >>>>Suggestions? >>>> >>>>Thanks, >>>>Alden >>> >>>Delete the copied pid, then stop MailScanner and run >>>touch /var/run/sendmail.in.pid >>>then restart MailScanner and see if that helps. >>> >>> >> >> >> I tried that. When I check service MailScanner status, I get: >> Checking MailScanner daemons: >> MailScanner: [ OK ] >> incoming sendmail: [FAILED] >> outgoing sendmail: [ OK ] >> >> And in my mail logs, I get: >> Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): >> opendaemonsocket: daemon MTA: cannot bind: Address already in use >> Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating SMTP socket >> Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): >> opendaemonsocket: daemon MTA: cannot bind: Address already in use >> Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating SMTP socket >> >> Any other suggestions? >> >> Thanks, again, >> Alden >> No luck on the chkconfig sendmail off idea, either. However, it DID manage to delete(?) my sendmail.in.pid. Thanks, Alden ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From admin at thenamegame.com Thu Sep 22 02:46:49 2005 From: admin at thenamegame.com (Michael Freeman) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] http://www.mailscanner.info/ is down! Message-ID: What’s up with the http://www.mailscanner.info/ site? Its seems to be down and has been like this for hours ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nilesh.shastrakar at gmail.com Thu Sep 22 07:08:48 2005 From: nilesh.shastrakar at gmail.com (Nilesh Shastrakar) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Mails are not saving in quaratine folder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have checked letter cases it is /var/spool/MailScanner/quarantine it was my writing mistake sorry. but my installation is default installation I have not changed anything except oraganizational names settings are default in Mailscanner.conf which changes are required to work ? Regards Nilesh. On 9/22/05, Scott Silva wrote: Check the letter case of the directory entries, as Var is not the same as var and Spool is not the same as spool in any form or variation of unix/linux. I would suspect the case variations and the missing directory definitions should be fixed. See below > > Incoming Work Dir Settings > > Incoming Work User = > > Incoming Work Group = > > Incoming Work Permissions = 0600 > > Quarantine and Archive Settings > > Quarantine User = > > Quarantine Group = > > Quarantine Permissions = 0600 > > > > Permissions of Folder > > /Var/Spool/MailScanner/Quaratine should probably be /var/spool/MailScanner/quarantine note the letter case- - - But check your filesystem to make sure, because I really doubt that var is initial caps. > > File Owner:root > > File group:root > > Permission:700 > > This is a message from the MailScanner E-Mail Virus Protection Service > > ---------------------------------------------------------------------- > > The original e-mail attachment "eicar_com.zip" > > was believed to be infected by a virus and has been replaced by this warning > > message. > > If you wish to receive a copy of the *infected* attachment, please > > e-mail helpdesk and include the whole of this message > > in your request. Alternatively, you can call them, with > > the contents of this message to hand when you call. > > At Wed Sep 21 19:41:05 2005 the virus scanner said: > > ClamAV: eicar_com.zip contains Eicar-Test-Signature > > Note to Help Desk: Look on the MailScanner () MailScanner in > > /var/spool/MailScanner/quarantine/20050921 (message j8LEAumZ003380). > > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at SMITS.CO.UK Thu Sep 22 10:05:28 2005 From: mailscanner at SMITS.CO.UK (Bart Smit) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Convert HTML To Text rule doesn't work as expected Message-ID: > Bart Smit wrote: > > I am having problems with stripping HTML from inbound > > messages. One of our customers wants all HTML stripped but > > recently they have requested that messages from a trusted > > sending domain need to arrive with HTML intact. > > > > So... if I have this correct. > > Do not strip html > Unless to recipient.domain except if from sender.domain. > > So surely the rules need to be... > > From: sender@sender.domain no > To: *@recipient.domain yes > FromOrTo: default no > > Stef Hi Stef, I prefer to exclude senders by IP address, since this is harder to spoof. Even if the rule didn't allow selection by IP, then the To: recipient@recipient.domain no line should ensure that the recipient gets all emails with HTML included. This is the first thing I tried. I get the feeling that the selection by recipient domain rule takes precedence over all other rules. Bart... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Sep 22 12:15:35 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] OT: Sendmail retries - bounce handling Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, September 21, 2005 23:17, Venkata Achanta wrote: > hello List, > Hi > I am wondering what other people are doing in regards to Sendmail retries > regarding the bounce messages. I don't use Sendmail but Postfix does act fairly logically in these situations. > > I think the standard practice (just a guesstimate, i havent referred to > RFCs yet) is to retry every hour for 5 days. Postfix uses a delay back off where if a message is undeliverable it is moved from the active queue for a period of time. This period of time is variable and is calculated using the length of time the message has been delayed, i.e. the older the message, the longer the retry period. > > what is the ideal sendmail configuration to handle the bulk of outbound e- > mail to valid email addresses quickly with least preference to retries ? Have to let someone else have a go at this ;- ) > > i google around and found various option like having multiple queues and > moving the bounce messages to other queues and forcing retries at other > intervals. but i would like to see what other people on this list are > doing ? I have Postfix delete none delivered Mailer-Daemon messages after only a couple of days, where as ordinary messages will be queued for the full 5 days. As Postfix automatically looks after it's queue there is no delay to new messages joining the queue. > > Right now in my current configuration the "hard-to-reach" email addresses > are creating a bottleneck for outbound email. > > i know i can avoid some of these completely by going the "accepting e-mail > for the valid users" route. I would definitely do this, se the wiki for some good information regarding this. > > But there will always be DSNs from my internal users sending out bulk e- > mails to non-existant users when they send out news letters or mass > communication e-mails.(no flames please! i dont work for a spamming > company > but every org sends out some of these every now and then like monthly e- > statments or something like that) > > Any pointers to ensure fast and efficient outbound email flow. Personally, I would move my out going MTA to something else as IMHO Sendmail does not handle mass mailings as well as other MTAs (Exim & Postfix stand out to my mind) because it's single queue structure can cause bottle necks. Not much help I know but a different perspective none the less! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Sep 22 13:11:10 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Black List Question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Gerry Doris wrote: > > > >This wasn't the behaviour I expected. When I white list a domain the >message still undergoes spam scoring but isn't modified or deleted >(obviously!). I expected black listed messages to treated similarly ie. >marked as spam no matter the score but still scored. I would end up >seeing the spam marked message in my holding account (not deleted as >high scoring spam) with the usual high score. > >Am I missing something or is this how it's supposed to work? > > > Interesting I just double check and email that is blacklisted in my system is deleted like high scoring spam. Now I'm using the MailWatch blacklist PHP code, I don't know if that makes a difference? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Sep 22 13:36:41 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS' use of /tmp Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, I had a problem yesterday with one server that filled /tmp. Results: Cannot parse /var/spool/MailScanner/incoming/2402/j8LA2MqH030524.header and , MIME::Parser: can't flush: No space left on device at /usr/lib/perl5/site_perl/5.8.5/MIME/Parser.pm line 789, line 30. : 1 Time(s) Reading through Mime::Parser's man page I found: ### Tell it where to put things: $parser->output_under("/tmp"); Could MS provide us with a config parameter (maybe Temporary Disk Space) that we could point somewhere else (such as /var/tmp)? I know you would have to hunt down every use of temp files in MS, but this could really help us out. Thanks again! Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From rcooper at DWFORD.COM Thu Sep 22 15:01:13 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Ignore test message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I haven't seen a message since early yesterday. Is the list down? Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 22 15:21:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Ignore test message Message-ID: No, it's up, but it has suddenly started tagging all the subject lines. And this appears to be a per-user setting. And I don't believe everyone suddenly switched it on at the same time. I have logged a fault about it, and am waiting for them to get back to me. On 22 Sep 2005, at 15:01, Rick Cooper wrote: > I haven't seen a message since early yesterday. Is the list down? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Thu Sep 22 15:23:05 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] (Offtopic) Sorry just had to ask other mail admins Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is anyone else getting slammed from this virus machine? For over the last month, I have been getting hit over 600 times a day with virus infected emails from h-66-134-23-12.sfldmidn.covad.net [66.134.23.12] I have emailed covad until I'm blue in the face and they have yet to do anything. I have ended up blocking it at the firewall but I would like to know if anyone else is seeing activity from this address. Now I have also been getting emails from the same source being relayed through megamailservers.com . I have also contacted them with little success either. Thanks and back to normal MailScanner Help :) Chris -- Get Firefox! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 6.6KB. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Thu Sep 22 15:37:19 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Ignore test message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Not convinced. I only received your reply Julian, not Rick's original :-( Drew On Thu, September 22, 2005 15:21, Julian Field wrote: > No, it's up, but it has suddenly started tagging all the subject > lines. And this appears to be a per-user setting. And I don't believe > everyone suddenly switched it on at the same time. > I have logged a fault about it, and am waiting for them to get back > to me. > > On 22 Sep 2005, at 15:01, Rick Cooper wrote: > >> I haven't seen a message since early yesterday. Is the list down? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Thu Sep 22 15:40:00 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Ignore test message Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For the record I got both emails. Get Firefox! Drew Marshall wrote: Not convinced. I only received your reply Julian, not Rick's original :-( Drew On Thu, September 22, 2005 15:21, Julian Field wrote: No, it's up, but it has suddenly started tagging all the subject lines. And this appears to be a per-user setting. And I don't believe everyone suddenly switched it on at the same time. I have logged a fault about it, and am waiting for them to get back to me. On 22 Sep 2005, at 15:01, Rick Cooper wrote: I haven't seen a message since early yesterday. Is the list down? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Sep 22 16:17:37 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] (Offtopic) Sorry just had to ask other mail admins Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Sweeney wrote: > Is anyone else getting slammed from this virus machine? > For over the last month, I have been getting hit over 600 times a day > with virus infected emails from > > h-66-134-23-12.sfldmidn.covad.net [66.134.23.12] > > I have emailed covad until I'm blue in the face and they have yet to do anything. I have ended up blocking it at the firewall but I would like to know if anyone else is seeing activity from this address. Now I have also been getting emails from the same source being relayed through megamailservers.com . I have also contacted them with little success either. > > Thanks and back to normal MailScanner Help :) > > Chris Not here at least.. also this IP is listed in CBL and hence sbl-xbl, see http://cbl.abuseat.org/lookup.cgi?ip=66.134.23.12 AFAIK virus origins unlike spam differ for most mailservers, anyways i suggest you use virbl.bit.nl at the MTA (if you are convinced) or at the SA level. OR Try running your own RBL for virus hits as per this: http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:rbls:all:your_own Also if you can, pester the author "Joris Trooster" to add a feature for listing the IP only after 'x' number of hits in 'y' seconds. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevinold at gmail.com Thu Sep 22 17:02:02 2005 From: kevinold at gmail.com (Kevin Old) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Block outgoing mail with rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 9/22/05, Julian Field wrote: > On 22 Sep 2005, at 02:27, Kevin Old wrote: [snip] > > To: email.addy@idontwantsetto and From: bad.user@mydomain blahblahblah > > Instead of blahblahblah you should put whatever would have been the > correct result for that configuration option if you hadn't used a > ruleset at all. For example, if this is going on the "Archive Mail" > option, then the correct blahblahblah would be a directory or file name. Ok, according to EXAMPLES in /etc/MailScanner/rules , I've done this: I put this into /etc/MailScanner/MailScanner.conf: Block Outgoing To = /etc/MailScanner/rules/block.outgoing.rules And here's my /etc/MailScanner/rules/block.outgoing.rules To: kevinold@gmail.com and From: kevin.old@uavco.com /tmp/kdo.txt Here's the error I get from MailScanner: Sep 22 11:41:30 uavco MailScanner[13358]: Syntax error(s) in configuration file: Sep 22 11:41:30 uavco MailScanner[13358]: Unrecognised keyword "blockoutgoingto" at line 1911 Sep 22 11:41:30 uavco MailScanner[13358]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. How do I define a new keyword for a new rules file? Should I put this in another rules file? Any help is appreciated, -- Kevin Old kevinold@gmail.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 22 17:05:22 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Mails are not saving in quaratine folder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Nilesh Shastrakar spake the following on 9/21/2005 11:08 PM: > I have checked letter cases it is > /var/spool/MailScanner/quarantine > it was my writing mistake sorry. > but my installation is default installation > I have not changed anything except oraganizational names > settings are default in Mailscanner.conf > which changes are required to work ? > > Regards > Nilesh. Check for these settings; Quarantine Infections = Quarantine Silent Viruses = And change them to yes as per your requirements. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 22 17:07:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alden Levy spake the following on 9/21/2005 5:33 PM: > On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva wrote: > > >>Alden Levy spake the following on 9/21/2005 4:26 PM: >> >>>Sorry for the duplicate messages. I realized that I had written the >>>messages first from my mail program, then from the web interface, and--after >>>realizing that noone would get these messages--from the jiscmail interface. >>> >>>In any event, I still have one problem, but it still looks like it's >>>working, namely: >>> incoming sendmail: head: /var/run/sendmail.in.pid: No such file or >>>directory >>> >>>There was no file named sendmail.in.pid, so I copied sendmail.pid over. >>>While the system works, when I check the status of MailScanner, I get: >>>Checking MailScanner daemons: >>> MailScanner: [ OK ] >>> incoming sendmail: [FAILED] >>> outgoing sendmail: [ OK ] >>> >>>However, I seem to have the same services running as I had this morning. I >>>am able to send emails to accounts on this box from outside accounts, as >>>well as send emails from accounts on this box to accounts outside this box >>>(and, of course, emails between accounts on this box). >>> >>>Suggestions? >>> >>>Thanks, >>>Alden >> >>Delete the copied pid, then stop MailScanner and run >>touch /var/run/sendmail.in.pid >>then restart MailScanner and see if that helps. >> >> > > > I tried that. When I check service MailScanner status, I get: > Checking MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [FAILED] > outgoing sendmail: [ OK ] > > And in my mail logs, I get: > Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): > opendaemonsocket: daemon MTA: cannot bind: Address already in use > Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating SMTP socket > Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): > opendaemonsocket: daemon MTA: cannot bind: Address already in use > Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating SMTP socket > > Any other suggestions? > > Thanks, again, > Alden > Did you stop sendmail and run chkconfig sendmail off as per the install docs? -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 22 17:40:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Alden Levy spake the following on 9/21/2005 5:33 PM: > > >>On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva wrote: >> >> >> >> >>>Alden Levy spake the following on 9/21/2005 4:26 PM: >>> >>> >>> >>>>Sorry for the duplicate messages. I realized that I had written the >>>>messages first from my mail program, then from the web interface, and--after >>>>realizing that noone would get these messages--from the jiscmail interface. >>>> >>>>In any event, I still have one problem, but it still looks like it's >>>>working, namely: >>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such file or >>>>directory >>>> >>>>There was no file named sendmail.in.pid, so I copied sendmail.pid over. >>>>While the system works, when I check the status of MailScanner, I get: >>>>Checking MailScanner daemons: >>>> MailScanner: [ OK ] >>>> incoming sendmail: [FAILED] >>>> outgoing sendmail: [ OK ] >>>> >>>>However, I seem to have the same services running as I had this morning. I >>>>am able to send emails to accounts on this box from outside accounts, as >>>>well as send emails from accounts on this box to accounts outside this box >>>>(and, of course, emails between accounts on this box). >>>> >>>>Suggestions? >>>> >>>>Thanks, >>>>Alden >>>> >>>> >>>Delete the copied pid, then stop MailScanner and run >>>touch /var/run/sendmail.in.pid >>>then restart MailScanner and see if that helps. >>> >>> >>> >>> >>I tried that. When I check service MailScanner status, I get: >>Checking MailScanner daemons: >> MailScanner: [ OK ] >> incoming sendmail: [FAILED] >> outgoing sendmail: [ OK ] >> >>And in my mail logs, I get: >>Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): >>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating SMTP socket >>Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): >>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating SMTP socket >> >>Any other suggestions? >> >>Thanks, again, >>Alden >> >> >> >Did you stop sendmail and run chkconfig sendmail off as per the install >docs? > Can you check if you have any postfix processes running? Many RedHat systems ship using Postfix by default instead of sendmail. There is a tool somewhere to switch which MTA you are using on your RedHat setup. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 22 17:45:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Scott Silva wrote: > >> Alden Levy spake the following on 9/21/2005 5:33 PM: >> >> >>> On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva >>> wrote: >>> >>> >>> >>> >>>> Alden Levy spake the following on 9/21/2005 4:26 PM: >>>> >>>> >>>> >>>>> Sorry for the duplicate messages. I realized that I had written the >>>>> messages first from my mail program, then from the web interface, >>>>> and--after >>>>> realizing that noone would get these messages--from the jiscmail >>>>> interface. >>>>> >>>>> In any event, I still have one problem, but it still looks like it's >>>>> working, namely: >>>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such >>>>> file or >>>>> directory >>>>> >>>>> There was no file named sendmail.in.pid, so I copied sendmail.pid >>>>> over. >>>>> While the system works, when I check the status of MailScanner, I >>>>> get: >>>>> Checking MailScanner daemons: >>>>> MailScanner: [ OK ] >>>>> incoming sendmail: [FAILED] >>>>> outgoing sendmail: [ OK ] >>>>> >>>>> However, I seem to have the same services running as I had this >>>>> morning. I >>>>> am able to send emails to accounts on this box from outside >>>>> accounts, as >>>>> well as send emails from accounts on this box to accounts outside >>>>> this box >>>>> (and, of course, emails between accounts on this box). >>>>> >>>>> Suggestions? >>>>> >>>>> Thanks, >>>>> Alden >>>>> >>>> >>>> Delete the copied pid, then stop MailScanner and run >>>> touch /var/run/sendmail.in.pid >>>> then restart MailScanner and see if that helps. >>>> >>>> >>>> >>> >>> I tried that. When I check service MailScanner status, I get: >>> Checking MailScanner daemons: >>> MailScanner: [ OK ] >>> incoming sendmail: [FAILED] >>> outgoing sendmail: [ OK ] >>> >>> And in my mail logs, I get: >>> Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): >>> opendaemonsocket: daemon MTA: cannot bind: Address already in use >>> Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating >>> SMTP socket >>> Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): >>> opendaemonsocket: daemon MTA: cannot bind: Address already in use >>> Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating >>> SMTP socket >>> >>> Any other suggestions? >>> >>> Thanks, again, >>> Alden >>> >>> >> >> Did you stop sendmail and run chkconfig sendmail off as per the install >> docs? >> > Can you check if you have any postfix processes running? Many RedHat > systems ship using Postfix by default instead of sendmail. There is a > tool somewhere to switch which MTA you are using on your RedHat setup. > The tool is called system-switch-mail-nox, it's in /usr/bin so will be on your $PATH already. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Thu Sep 22 18:05:23 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 22 September 2005 12:45 pm, Julian Field wrote: > Julian Field wrote: > > Scott Silva wrote: > >> Alden Levy spake the following on 9/21/2005 5:33 PM: > >>> On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva > >>> > >>> wrote: > >>>> Alden Levy spake the following on 9/21/2005 4:26 PM: > >>>>> Sorry for the duplicate messages. I realized that I had written the > >>>>> messages first from my mail program, then from the web interface, > >>>>> and--after > >>>>> realizing that noone would get these messages--from the jiscmail > >>>>> interface. > >>>>> > >>>>> In any event, I still have one problem, but it still looks like it's > >>>>> working, namely: > >>>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such > >>>>> file or > >>>>> directory > >>>>> > >>>>> There was no file named sendmail.in.pid, so I copied sendmail.pid > >>>>> over. > >>>>> While the system works, when I check the status of MailScanner, I > >>>>> get: > >>>>> Checking MailScanner daemons: > >>>>> MailScanner: [ OK ] > >>>>> incoming sendmail: [FAILED] > >>>>> outgoing sendmail: [ OK ] > >>>>> > >>>>> However, I seem to have the same services running as I had this > >>>>> morning. I > >>>>> am able to send emails to accounts on this box from outside > >>>>> accounts, as > >>>>> well as send emails from accounts on this box to accounts outside > >>>>> this box > >>>>> (and, of course, emails between accounts on this box). > >>>>> > >>>>> Suggestions? > >>>>> > >>>>> Thanks, > >>>>> Alden > >>>> > >>>> Delete the copied pid, then stop MailScanner and run > >>>> touch /var/run/sendmail.in.pid > >>>> then restart MailScanner and see if that helps. > >>> > >>> I tried that. When I check service MailScanner status, I get: > >>> Checking MailScanner daemons: > >>> MailScanner: [ OK ] > >>> incoming sendmail: [FAILED] > >>> outgoing sendmail: [ OK ] > >>> > >>> And in my mail logs, I get: > >>> Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): > >>> opendaemonsocket: daemon MTA: cannot bind: Address already in use > >>> Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating > >>> SMTP socket > >>> Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): > >>> opendaemonsocket: daemon MTA: cannot bind: Address already in use > >>> Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating > >>> SMTP socket > >>> > >>> Any other suggestions? > >>> > >>> Thanks, again, > >>> Alden > >> > >> Did you stop sendmail and run chkconfig sendmail off as per the install > >> docs? > > > > Can you check if you have any postfix processes running? Many RedHat > > systems ship using Postfix by default instead of sendmail. There is a > > tool somewhere to switch which MTA you are using on your RedHat setup. > > The tool is called system-switch-mail-nox, it's in /usr/bin so will be > on your $PATH already. Hi, Julian. No postfix processes running. Our MTA is sendmail. Dimitri ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Sep 22 18:24:51 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dimitri Yioulos wrote: >On Thursday 22 September 2005 12:45 pm, Julian Field wrote: > > >>Julian Field wrote: >> >> >>>Scott Silva wrote: >>> >>> >>>>Alden Levy spake the following on 9/21/2005 5:33 PM: >>>> >>>> >>>>>On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva >>>>> >>>>> wrote: >>>>> >>>>> >>>>>>Alden Levy spake the following on 9/21/2005 4:26 PM: >>>>>> >>>>>> >>>>>>>Sorry for the duplicate messages. I realized that I had written the >>>>>>>messages first from my mail program, then from the web interface, >>>>>>>and--after >>>>>>>realizing that noone would get these messages--from the jiscmail >>>>>>>interface. >>>>>>> >>>>>>>In any event, I still have one problem, but it still looks like it's >>>>>>>working, namely: >>>>>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such >>>>>>>file or >>>>>>>directory >>>>>>> >>>>>>>There was no file named sendmail.in.pid, so I copied sendmail.pid >>>>>>>over. >>>>>>>While the system works, when I check the status of MailScanner, I >>>>>>>get: >>>>>>>Checking MailScanner daemons: >>>>>>> MailScanner: [ OK ] >>>>>>> incoming sendmail: [FAILED] >>>>>>> outgoing sendmail: [ OK ] >>>>>>> >>>>>>>However, I seem to have the same services running as I had this >>>>>>>morning. I >>>>>>>am able to send emails to accounts on this box from outside >>>>>>>accounts, as >>>>>>>well as send emails from accounts on this box to accounts outside >>>>>>>this box >>>>>>>(and, of course, emails between accounts on this box). >>>>>>> >>>>>>>Suggestions? >>>>>>> >>>>>>>Thanks, >>>>>>>Alden >>>>>>> >>>>>>> >>>>>>Delete the copied pid, then stop MailScanner and run >>>>>>touch /var/run/sendmail.in.pid >>>>>>then restart MailScanner and see if that helps. >>>>>> >>>>>> >>>>>I tried that. When I check service MailScanner status, I get: >>>>>Checking MailScanner daemons: >>>>> MailScanner: [ OK ] >>>>> incoming sendmail: [FAILED] >>>>> outgoing sendmail: [ OK ] >>>>> >>>>>And in my mail logs, I get: >>>>>Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): >>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>>>>Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating >>>>>SMTP socket >>>>>Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): >>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>>>>Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating >>>>>SMTP socket >>>>> >>>>>Any other suggestions? >>>>> >>>>>Thanks, again, >>>>>Alden >>>>> >>>>> >>>>Did you stop sendmail and run chkconfig sendmail off as per the install >>>>docs? >>>> >>>> >>>Can you check if you have any postfix processes running? Many RedHat >>>systems ship using Postfix by default instead of sendmail. There is a >>>tool somewhere to switch which MTA you are using on your RedHat setup. >>> >>> >>The tool is called system-switch-mail-nox, it's in /usr/bin so will be >>on your $PATH already. >> >> > >Hi, Julian. > >No postfix processes running. Our MTA is sendmail. > >Dimitri > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > Dimitri, What's the output from: netstat -tpa|grep :smtp Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Thu Sep 22 18:44:19 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: > Dimitri Yioulos wrote: > >On Thursday 22 September 2005 12:45 pm, Julian Field wrote: > >>Julian Field wrote: > >>>Scott Silva wrote: > >>>>Alden Levy spake the following on 9/21/2005 5:33 PM: > >>>>>On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva > >>>>> > >>>>> wrote: > >>>>>>Alden Levy spake the following on 9/21/2005 4:26 PM: > >>>>>>>Sorry for the duplicate messages. I realized that I had written the > >>>>>>>messages first from my mail program, then from the web interface, > >>>>>>>and--after > >>>>>>>realizing that noone would get these messages--from the jiscmail > >>>>>>>interface. > >>>>>>> > >>>>>>>In any event, I still have one problem, but it still looks like it's > >>>>>>>working, namely: > >>>>>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such > >>>>>>>file or > >>>>>>>directory > >>>>>>> > >>>>>>>There was no file named sendmail.in.pid, so I copied sendmail.pid > >>>>>>>over. > >>>>>>>While the system works, when I check the status of MailScanner, I > >>>>>>>get: > >>>>>>>Checking MailScanner daemons: > >>>>>>> MailScanner: [ OK ] > >>>>>>> incoming sendmail: [FAILED] > >>>>>>> outgoing sendmail: [ OK ] > >>>>>>> > >>>>>>>However, I seem to have the same services running as I had this > >>>>>>>morning. I > >>>>>>>am able to send emails to accounts on this box from outside > >>>>>>>accounts, as > >>>>>>>well as send emails from accounts on this box to accounts outside > >>>>>>>this box > >>>>>>>(and, of course, emails between accounts on this box). > >>>>>>> > >>>>>>>Suggestions? > >>>>>>> > >>>>>>>Thanks, > >>>>>>>Alden > >>>>>> > >>>>>>Delete the copied pid, then stop MailScanner and run > >>>>>>touch /var/run/sendmail.in.pid > >>>>>>then restart MailScanner and see if that helps. > >>>>> > >>>>>I tried that. When I check service MailScanner status, I get: > >>>>>Checking MailScanner daemons: > >>>>> MailScanner: [ OK ] > >>>>> incoming sendmail: [FAILED] > >>>>> outgoing sendmail: [ OK ] > >>>>> > >>>>>And in my mail logs, I get: > >>>>>Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): > >>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use > >>>>>Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating > >>>>>SMTP socket > >>>>>Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): > >>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use > >>>>>Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating > >>>>>SMTP socket > >>>>> > >>>>>Any other suggestions? > >>>>> > >>>>>Thanks, again, > >>>>>Alden > >>>> > >>>>Did you stop sendmail and run chkconfig sendmail off as per the install > >>>>docs? > >>> > >>>Can you check if you have any postfix processes running? Many RedHat > >>>systems ship using Postfix by default instead of sendmail. There is a > >>>tool somewhere to switch which MTA you are using on your RedHat setup. > >> > >>The tool is called system-switch-mail-nox, it's in /usr/bin so will be > >>on your $PATH already. > > > >Hi, Julian. > > > >No postfix processes running. Our MTA is sendmail. > > > >Dimitri > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > Dimitri, > > What's the output from: netstat -tpa|grep :smtp > > Denis Hi, Denis. I worked with a guy from Sherbrooke once. Nice person (all Canadians are, in my estimation). Sorry for the aside, all. Here's the output of : tcp 0 0 *:smtps *:* LISTEN 1753/stunnel tcp 0 0 *:smtp *:* LISTEN 17087/sendmail: acc Looks like the last line was concatenated, but still gives the general picture. Dimitri ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Thu Sep 22 18:50:01 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Also, apologies to the OP for taking this off-topic. Hope this stuff helps you anyway. Dimitri ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Sep 22 19:00:12 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dimitri Yioulos wrote: >On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: > > >>Dimitri, >> >>What's the output from: netstat -tpa|grep :smtp >> >>Denis >> >> > >Hi, Denis. > >I worked with a guy from Sherbrooke once. Nice person (all Canadians are, in >my estimation). Sorry for the aside, all. > >Here's the output of : > >tcp 0 0 *:smtps *:* >LISTEN 1753/stunnel >tcp 0 0 *:smtp *:* >LISTEN 17087/sendmail: acc > >Looks like the last line was concatenated, but still gives the general >picture. > > > Dimitri, This indicates that you have only one process (pid=17087) that has port 25 (smtp) open. This is good. Now, stop MailScanner and redo the netstat command to make sure there is no sendmail running anymore. If there is a process open on port 25, kill it and then restart MS. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Thu Sep 22 19:07:03 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 22 September 2005 2:00 pm, Denis Beauchemin wrote: > Dimitri Yioulos wrote: > >On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: > >>Dimitri, > >> > >>What's the output from: netstat -tpa|grep :smtp > >> > >>Denis > > > >Hi, Denis. > > > >I worked with a guy from Sherbrooke once. Nice person (all Canadians are, > > in my estimation). Sorry for the aside, all. > > > >Here's the output of : > > > >tcp 0 0 *:smtps *:* > >LISTEN 1753/stunnel > >tcp 0 0 *:smtp *:* > >LISTEN 17087/sendmail: acc > > > >Looks like the last line was concatenated, but still gives the general > >picture. > > Dimitri, > > This indicates that you have only one process (pid=17087) that has port > 25 (smtp) open. This is good. > > Now, stop MailScanner and redo the netstat command to make sure there is > no sendmail running anymore. If there is a process open on port 25, > kill it and then restart MS. > > Denis Denis, Just for my own edification (I like that word), what will this accomplish? Dimitri ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevinold at gmail.com Thu Sep 22 19:22:20 2005 From: kevinold at gmail.com (Kevin Old) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Block outgoing mail with rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 9/22/05, Denis Beauchemin wrote: > Kevin Old wrote: [snip] > >How do I define a new keyword for a new rules file? > > > > > Kevin, > > You can't define any new keyword in MS. You have to make do with the > existing ones. You probably want to modify: > Non Spam Actions = deliver > to use your ruleset. But remember that the last keyword on every line > in your ruleset must be one of the following (I guess you'll want to use > delete): > # deliver - deliver the message as normal > # delete - delete the message > # store - store the message in the quarantine > # forward user@domain.com - forward a copy of the message to > user@domain.com > # striphtml - convert all in-line HTML content to plain > text > # header "name: value" - Add the header > # name: value > # to the message. name must not contain any > spaces. > Thanks Denis. This is exactly what I needed to do. I'm including it here for the archives. Kevin -- Kevin Old kevinold@gmail.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Thu Sep 22 19:33:59 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dimitri Yioulos wrote: >On Thursday 22 September 2005 2:00 pm, Denis Beauchemin wrote: > > >>Dimitri Yioulos wrote: >> >> >>>On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: >>> >>> >>>>Dimitri, >>>> >>>>What's the output from: netstat -tpa|grep :smtp >>>> >>>>Denis >>>> >>>> >>>Hi, Denis. >>> >>>I worked with a guy from Sherbrooke once. Nice person (all Canadians are, >>>in my estimation). Sorry for the aside, all. >>> >>>Here's the output of : >>> >>>tcp 0 0 *:smtps *:* >>>LISTEN 1753/stunnel >>>tcp 0 0 *:smtp *:* >>>LISTEN 17087/sendmail: acc >>> >>>Looks like the last line was concatenated, but still gives the general >>>picture. >>> >>> >>Dimitri, >> >>This indicates that you have only one process (pid=17087) that has port >>25 (smtp) open. This is good. >> >>Now, stop MailScanner and redo the netstat command to make sure there is >>no sendmail running anymore. If there is a process open on port 25, >>kill it and then restart MS. >> >>Denis >> >> > >Denis, > >Just for my own edification (I like that word), what will this accomplish? > > > Dimitri, Don't you have a problem with MS starting sendmail giving you an error message? If not, I apologize for wasting your time... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alden at ENGINENO9INC.COM Thu Sep 22 19:44:09 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: On Thu, 22 Sep 2005 13:44:19 -0400, Dimitri Yioulos wrote: >On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: >> Dimitri Yioulos wrote: >> >On Thursday 22 September 2005 12:45 pm, Julian Field wrote: >> >>Julian Field wrote: >> >>>Scott Silva wrote: >> >>>>Alden Levy spake the following on 9/21/2005 5:33 PM: >> >>>>>On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva >> >>>>> >> >>>>> wrote: >> >>>>>>Alden Levy spake the following on 9/21/2005 4:26 PM: >> >>>>>>>Sorry for the duplicate messages. I realized that I had written the >> >>>>>>>messages first from my mail program, then from the web interface, >> >>>>>>>and--after >> >>>>>>>realizing that noone would get these messages--from the jiscmail >> >>>>>>>interface. >> >>>>>>> >> >>>>>>>In any event, I still have one problem, but it still looks like it's >> >>>>>>>working, namely: >> >>>>>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such >> >>>>>>>file or >> >>>>>>>directory >> >>>>>>> >> >>>>>>>There was no file named sendmail.in.pid, so I copied sendmail.pid >> >>>>>>>over. >> >>>>>>>While the system works, when I check the status of MailScanner, I >> >>>>>>>get: >> >>>>>>>Checking MailScanner daemons: >> >>>>>>> MailScanner: [ OK ] >> >>>>>>> incoming sendmail: [FAILED] >> >>>>>>> outgoing sendmail: [ OK ] >> >>>>>>> >> >>>>>>>However, I seem to have the same services running as I had this >> >>>>>>>morning. I >> >>>>>>>am able to send emails to accounts on this box from outside >> >>>>>>>accounts, as >> >>>>>>>well as send emails from accounts on this box to accounts outside >> >>>>>>>this box >> >>>>>>>(and, of course, emails between accounts on this box). >> >>>>>>> >> >>>>>>>Suggestions? >> >>>>>>> >> >>>>>>>Thanks, >> >>>>>>>Alden >> >>>>>> >> >>>>>>Delete the copied pid, then stop MailScanner and run >> >>>>>>touch /var/run/sendmail.in.pid >> >>>>>>then restart MailScanner and see if that helps. >> >>>>> >> >>>>>I tried that. When I check service MailScanner status, I get: >> >>>>>Checking MailScanner daemons: >> >>>>> MailScanner: [ OK ] >> >>>>> incoming sendmail: [FAILED] >> >>>>> outgoing sendmail: [ OK ] >> >>>>> >> >>>>>And in my mail logs, I get: >> >>>>>Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): >> >>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >> >>>>>Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating >> >>>>>SMTP socket >> >>>>>Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): >> >>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >> >>>>>Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating >> >>>>>SMTP socket >> >>>>> >> >>>>>Any other suggestions? >> >>>>> >> >>>>>Thanks, again, >> >>>>>Alden >> >>>> >> >>>>Did you stop sendmail and run chkconfig sendmail off as per the install >> >>>>docs? >> >>> >> >>>Can you check if you have any postfix processes running? Many RedHat >> >>>systems ship using Postfix by default instead of sendmail. There is a >> >>>tool somewhere to switch which MTA you are using on your RedHat setup. >> >> >> >>The tool is called system-switch-mail-nox, it's in /usr/bin so will be >> >>on your $PATH already. >> > >> >Hi, Julian. >> > >> >No postfix processes running. Our MTA is sendmail. >> > >> >Dimitri >> > >> >------------------------ MailScanner list ------------------------ >> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> >'leave mailscanner' in the body of the email. >> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> >Support MailScanner development - buy the book off the website! >> >> Dimitri, >> >> What's the output from: netstat -tpa|grep :smtp >> >> Denis > >Hi, Denis. > >I worked with a guy from Sherbrooke once. Nice person (all Canadians are, in >my estimation). Sorry for the aside, all. > >Here's the output of : > >tcp 0 0 *:smtps *:* >LISTEN 1753/stunnel >tcp 0 0 *:smtp *:* >LISTEN 17087/sendmail: acc > >Looks like the last line was concatenated, but still gives the general >picture. > >Dimitri There are no postfix processes running on my system. I DID have this running properly in an earlier version, but I'll keep checking to make sure my host didn't "fix" anything when they were actually fixing another problem. The output is: # netstat -tpa|grep :smtp tcp 0 0 *:smtp *:* LISTEN 25916/sendmail: acc I also had the following the first time I ran it tcp 0 0 engine.engineno9i:37521 mailwash26.pair.co:smtp TIME_WAIT but that's gone now. I'm still scratching my head, because it SEEMS to be working (none of my clients are complaining). Oddly, service MailScanner status returned: Checking MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [FAILED] before I restarted. Now it's back to: Checking MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [FAILED] outgoing sendmail: [ OK ] Stranger and stranger.... --Alden ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Thu Sep 22 19:47:29 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Koopmann, Jan-Peter) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] TNEF Patch problems on FreeBSD Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Monday, September 05, 2005 2:45 PM Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > No thanks, I have found the problem (bug in Convert::TNEF). Just encountered this one too. How did you fix it? A patch to Convert::TNEF? Is it released to the developer yet? I would like to change the Convert::TNEF port of FreeBSD as well. Moreover: I do not think the TNEF code changed on that particular box for ages. But this started all of the sudden with 4.44. Did you change anything in that version? Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Thu Sep 22 19:49:47 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 22 September 2005 2:33 pm, Denis Beauchemin wrote: > Dimitri Yioulos wrote: > >On Thursday 22 September 2005 2:00 pm, Denis Beauchemin wrote: > >>Dimitri Yioulos wrote: > >>>On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: > >>>>Dimitri, > >>>> > >>>>What's the output from: netstat -tpa|grep :smtp > >>>> > >>>>Denis > >>> > >>>Hi, Denis. > >>> > >>>I worked with a guy from Sherbrooke once. Nice person (all Canadians > >>> are, in my estimation). Sorry for the aside, all. > >>> > >>>Here's the output of : > >>> > >>>tcp 0 0 *:smtps *:* > >>>LISTEN 1753/stunnel > >>>tcp 0 0 *:smtp *:* > >>>LISTEN 17087/sendmail: acc > >>> > >>>Looks like the last line was concatenated, but still gives the general > >>>picture. > >> > >>Dimitri, > >> > >>This indicates that you have only one process (pid=17087) that has port > >>25 (smtp) open. This is good. > >> > >>Now, stop MailScanner and redo the netstat command to make sure there is > >>no sendmail running anymore. If there is a process open on port 25, > >>kill it and then restart MS. > >> > >>Denis > > > >Denis, > > > >Just for my own edification (I like that word), what will this accomplish? > > Dimitri, > > Don't you have a problem with MS starting sendmail giving you an error > message? If not, I apologize for wasting your time... > > Denis Denis, No waste of time at all. The OP and I both had spamassassin --lint spitting out errors after we upgraded to spamassassin 3.1.0. It killed DCC, razor, and bayes on my system. Sendmail started fine. Dimitri ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Thu Sep 22 20:03:56 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I take that back. The OP is having trouble starting sendmail w/ MailScanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kte at NEXIS.BE Thu Sep 22 20:02:34 2005 From: kte at NEXIS.BE (Koen Teugels) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] /var/spool/mqueue* messages Message-ID: Mailscanner version 4.36.4 maillog : mqueue.in 1 file dfj8KFAQdB000811 /var/log/maillog:Sep 20 17:57:56 mail sendmail[811]: j8KFAQdB000811: from=, size=315934, class=0, nrcpts=1, msgid=<433023E5.1000300@ubizen.com>, proto=SMTP, daemon=MTA, relay=batty.be.ubizen.com [212.113.70.10] /var/log/maillog:Sep 20 17:57:56 mail sendmail[811]: j8KFAQdB000811: Milter (milter-ahead): write(D) returned -1, expected 45: Broken pipe /var/log/maillog:Sep 20 17:57:56 mail sendmail[811]: j8KFAQdB000811: Milter (milter-ahead): to error state mqueue 4 files -rw------- 1 root root 791 Sep 19 20:16 dfj8JIGF2X001620 -rw------- 1 root root 791 Sep 19 20:27 dfj8JIRBeF005307 -rw------- 1 root root 1241 Sep 22 21:00 qfj8JIGF2X001620 -rw------- 1 root root 1241 Sep 22 21:00 qfj8JIRBeF005307 /var/log/maillog:Sep 22 20:45:21 mail sendmail[18443]: j8JIGF2X001620: to=, delay=3+00:29:05, xdelay=00:00:00, mailer=esmtp, pri=26221213, relay=outmx026.isp.belgacom.be. [195.238.2.91], dsn=4.0.0, stat=Deferred: Connection refused by outmx026.isp.belgacom.be. /var/log/maillog:Sep 22 21:00:21 mail sendmail[18639]: j8JIGF2X001620: to=, delay=3+00:44:05, xdelay=00:00:00, mailer=esmtp, pri=26311213, relay=outmx026.isp.belgacom.be. [195.238.2.91], dsn=4.0.0, stat=Deferred: Connection refused by outmx026.isp.belgacom.be. /var/log/maillog:Sep 22 20:45:21 mail sendmail[18443]: j8JIRBeF005307: to=, delay=3+00:18:10, xdelay=00:00:00, mailer=esmtp, pri=26221213, relay=outmx024.isp.belgacom.be. [195.238.2.128], dsn=4.0.0, stat=Deferred: Connection refused by outmx024.isp.belgacom.be. /var/log/maillog:Sep 22 21:00:21 mail sendmail[18639]: j8JIRBeF005307: to=, delay=3+00:33:10, xdelay=00:00:00, mailer=esmtp, pri=26311213, relay=outmx024.isp.belgacom.be. [195.238.2.128], dsn=4.0.0, stat=Deferred: Connection refused by outmx024.isp.belgacom.be. These files are error files bad content reply messages. Thanks Koen Martin Hepworth Sent by: MailScanner mailing list 21/09/2005 13:31 Please respond to MailScanner mailing list To MAILSCANNER@JISCMAIL.AC.UK cc Subject Re: [MAILSCANNER] /var/spool/mqueue* messages Koen What version of MS and is there anything in the maillog about these messages? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Koen Teugels Sent: 21 September 2005 11:41 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] /var/spool/mqueue* messages Somethimes there are some df en qf messages that don't get send from these folders. How does that come? Thanks koen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Thu Sep 22 20:20:14 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My sincere apologies to all. I subscribe to several MLs. I just realized that I got confused and posted my question to the wrong thread/wrong list. I'm very sorry. Dimitri ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 22 20:08:56 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alden Levy spake the following on 9/22/2005 11:44 AM: > On Thu, 22 Sep 2005 13:44:19 -0400, Dimitri Yioulos > wrote: > > >>On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: >> >>>Dimitri Yioulos wrote: >>> >>>>On Thursday 22 September 2005 12:45 pm, Julian Field wrote: >>>> >>>>>Julian Field wrote: >>>>> >>>>>>Scott Silva wrote: >>>>>> >>>>>>>Alden Levy spake the following on 9/21/2005 5:33 PM: >>>>>>> >>>>>>>>On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva >>>>>>>> >>>>>>>> wrote: >>>>>>>> >>>>>>>>>Alden Levy spake the following on 9/21/2005 4:26 PM: >>>>>>>>> >>>>>>>>>>Sorry for the duplicate messages. I realized that I had written the >>>>>>>>>>messages first from my mail program, then from the web interface, >>>>>>>>>>and--after >>>>>>>>>>realizing that noone would get these messages--from the jiscmail >>>>>>>>>>interface. >>>>>>>>>> >>>>>>>>>>In any event, I still have one problem, but it still looks like it's >>>>>>>>>>working, namely: >>>>>>>>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such >>>>>>>>>>file or >>>>>>>>>>directory >>>>>>>>>> >>>>>>>>>>There was no file named sendmail.in.pid, so I copied sendmail.pid >>>>>>>>>>over. >>>>>>>>>>While the system works, when I check the status of MailScanner, I >>>>>>>>>>get: >>>>>>>>>>Checking MailScanner daemons: >>>>>>>>>> MailScanner: [ OK ] > > >>>>>>>>>> incoming sendmail: [FAILED] >>>>>>>>>> outgoing sendmail: [ OK ] >>>>>>>>>> >>>>>>>>>>However, I seem to have the same services running as I had this >>>>>>>>>>morning. I >>>>>>>>>>am able to send emails to accounts on this box from outside >>>>>>>>>>accounts, as >>>>>>>>>>well as send emails from accounts on this box to accounts outside >>>>>>>>>>this box >>>>>>>>>>(and, of course, emails between accounts on this box). >>>>>>>>>> >>>>>>>>>>Suggestions? >>>>>>>>>> >>>>>>>>>>Thanks, >>>>>>>>>>Alden >>>>>>>>> >>>>>>>>>Delete the copied pid, then stop MailScanner and run >>>>>>>>>touch /var/run/sendmail.in.pid >>>>>>>>>then restart MailScanner and see if that helps. >>>>>>>> >>>>>>>>I tried that. When I check service MailScanner status, I get: >>>>>>>>Checking MailScanner daemons: >>>>>>>> MailScanner: [ OK ] >>>>>>>> incoming sendmail: [FAILED] >>>>>>>> outgoing sendmail: [ OK ] >>>>>>>> >>>>>>>>And in my mail logs, I get: >>>>>>>>Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): >>>>>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>>>>>>>Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating >>>>>>>>SMTP socket >>>>>>>>Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): >>>>>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>>>>>>>Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating >>>>>>>>SMTP socket >>>>>>>> >>>>>>>>Any other suggestions? >>>>>>>> >>>>>>>>Thanks, again, >>>>>>>>Alden >>>>>>> >>>>>>>Did you stop sendmail and run chkconfig sendmail off as per the install >>>>>>>docs? >>>>>> >>>>>>Can you check if you have any postfix processes running? Many RedHat >>>>>>systems ship using Postfix by default instead of sendmail. There is a >>>>>>tool somewhere to switch which MTA you are using on your RedHat setup. >>>>> >>>>>The tool is called system-switch-mail-nox, it's in /usr/bin so will be >>>>>on your $PATH already. >>>> >>>>Hi, Julian. >>>> >>>>No postfix processes running. Our MTA is sendmail. >>>> >>>>Dimitri >>>> >>>>------------------------ MailScanner list ------------------------ >>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>'leave mailscanner' in the body of the email. >>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>>Support MailScanner development - buy the book off the website! >>> >>>Dimitri, >>> >>>What's the output from: netstat -tpa|grep :smtp >>> >>>Denis >> >>Hi, Denis. >> >>I worked with a guy from Sherbrooke once. Nice person (all Canadians are, in >>my estimation). Sorry for the aside, all. >> >>Here's the output of : >> >>tcp 0 0 *:smtps *:* >>LISTEN 1753/stunnel >>tcp 0 0 *:smtp *:* >>LISTEN 17087/sendmail: acc >> >>Looks like the last line was concatenated, but still gives the general >>picture. >> >>Dimitri > > > > There are no postfix processes running on my system. I DID have this > running properly in an earlier version, but I'll keep checking to make sure > my host didn't "fix" anything when they were actually fixing another problem. > > The output is: > # netstat -tpa|grep :smtp > tcp 0 0 *:smtp *:* LISTEN > 25916/sendmail: acc > > I also had the following the first time I ran it > tcp 0 0 engine.engineno9i:37521 mailwash26.pair.co:smtp TIME_WAIT > > but that's gone now. > > I'm still scratching my head, because it SEEMS to be working (none of my > clients are complaining). > > Oddly, service MailScanner status returned: > Checking MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [FAILED] > > before I restarted. Now it's back to: > Checking MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [FAILED] > outgoing sendmail: [ OK ] > > Stranger and stranger.... > > --Alden > Does the sendmail section of /etc/sysconfig/MailScanner look ok? Especially the inpid and outpid declarations. Also check /etc/rc.d/init.d/MailScanner for the same thing. Somewhere, the init scripts have a problem. Also look for MailScanner.rpmnew. Maybe an old init script is lurking and the .rpmnew just needs to be renamed. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 22 20:25:12 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dimitri Yioulos spake the following on 9/22/2005 11:49 AM: > On Thursday 22 September 2005 2:33 pm, Denis Beauchemin wrote: > >>Dimitri Yioulos wrote: >> >>>On Thursday 22 September 2005 2:00 pm, Denis Beauchemin wrote: >>> >>>>Dimitri Yioulos wrote: >>>> >>>>>On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: >>>>> >>>>>>Dimitri, >>>>>> >>>>>>What's the output from: netstat -tpa|grep :smtp >>>>>> >>>>>>Denis >>>>> >>>>>Hi, Denis. >>>>> >>>>>I worked with a guy from Sherbrooke once. Nice person (all Canadians >>>>>are, in my estimation). Sorry for the aside, all. >>>>> >>>>>Here's the output of : >>>>> >>>>>tcp 0 0 *:smtps *:* >>>>>LISTEN 1753/stunnel >>>>>tcp 0 0 *:smtp *:* >>>>>LISTEN 17087/sendmail: acc >>>>> >>>>>Looks like the last line was concatenated, but still gives the general >>>>>picture. >>>> >>>>Dimitri, >>>> >>>>This indicates that you have only one process (pid=17087) that has port >>>>25 (smtp) open. This is good. >>>> >>>>Now, stop MailScanner and redo the netstat command to make sure there is >>>>no sendmail running anymore. If there is a process open on port 25, >>>>kill it and then restart MS. >>>> >>>>Denis >>> >>>Denis, >>> >>>Just for my own edification (I like that word), what will this accomplish? >> >>Dimitri, >> >>Don't you have a problem with MS starting sendmail giving you an error >>message? If not, I apologize for wasting your time... >> >>Denis > > > Denis, > > No waste of time at all. The OP and I both had spamassassin --lint spitting > out errors after we upgraded to spamassassin 3.1.0. It killed DCC, razor, > and bayes on my system. Sendmail started fine. > > Dimitri > Did you correct the other errors after the upgrade? Spamassassin 3.1.0 has new config options for DCC and razor, but it should only have bayes issues if upgrading from Spamassassin 2.64 or lower. Any errors showing up in the maillog? Try service MailScanner restart & tail -f /var/log/maillog Watch for a few minutes to look for errors, and CTRL-C to stop the tail process. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Thu Sep 22 20:46:58 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thursday 22 September 2005 3:25 pm, Scott Silva wrote: > Dimitri Yioulos spake the following on 9/22/2005 11:49 AM: > > On Thursday 22 September 2005 2:33 pm, Denis Beauchemin wrote: > >>Dimitri Yioulos wrote: > >>>On Thursday 22 September 2005 2:00 pm, Denis Beauchemin wrote: > >>>>Dimitri Yioulos wrote: > >>>>>On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: > >>>>>>Dimitri, > >>>>>> > >>>>>>What's the output from: netstat -tpa|grep :smtp > >>>>>> > >>>>>>Denis > >>>>> > >>>>>Hi, Denis. > >>>>> > >>>>>I worked with a guy from Sherbrooke once. Nice person (all Canadians > >>>>>are, in my estimation). Sorry for the aside, all. > >>>>> > >>>>>Here's the output of : > >>>>> > >>>>>tcp 0 0 *:smtps *:* > >>>>>LISTEN 1753/stunnel > >>>>>tcp 0 0 *:smtp *:* > >>>>>LISTEN 17087/sendmail: acc > >>>>> > >>>>>Looks like the last line was concatenated, but still gives the general > >>>>>picture. > >>>> > >>>>Dimitri, > >>>> > >>>>This indicates that you have only one process (pid=17087) that has port > >>>>25 (smtp) open. This is good. > >>>> > >>>>Now, stop MailScanner and redo the netstat command to make sure there > >>>> is no sendmail running anymore. If there is a process open on port > >>>> 25, kill it and then restart MS. > >>>> > >>>>Denis > >>> > >>>Denis, > >>> > >>>Just for my own edification (I like that word), what will this > >>> accomplish? > >> > >>Dimitri, > >> > >>Don't you have a problem with MS starting sendmail giving you an error > >>message? If not, I apologize for wasting your time... > >> > >>Denis > > > > Denis, > > > > No waste of time at all. The OP and I both had spamassassin --lint > > spitting out errors after we upgraded to spamassassin 3.1.0. It killed > > DCC, razor, and bayes on my system. Sendmail started fine. > > > > Dimitri > > Did you correct the other errors after the upgrade? > Spamassassin 3.1.0 has new config options for DCC and razor, but it > should only have bayes issues if upgrading from Spamassassin 2.64 or lower. > Any errors showing up in the maillog? > Try service MailScanner restart & tail -f /var/log/maillog > Watch for a few minutes to look for errors, and CTRL-C to stop the tail > process. Thanks. I haven't reupgraded to 3.1.0 yet (rolled back to 3.0.4), but I'll try your suggestions when I do. Dimitri ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 22 20:29:10 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] /var/spool/mqueue* messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Koen Teugels spake the following on 9/21/2005 3:41 AM: > > Somethimes there are some df en qf messages that don't get send from > these folders. How does that come? > > Thanks koen If any mail is undeliverable, sendmail will leave it in the queue to try again later. The default is something like every 15 minutes for 5 days. They should go away after that time. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alden at ENGINENO9INC.COM Thu Sep 22 21:18:33 2005 From: alden at ENGINENO9INC.COM (Alden Levy) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: On Thu, 22 Sep 2005 12:08:56 -0700, Scott Silva wrote: >Alden Levy spake the following on 9/22/2005 11:44 AM: >> On Thu, 22 Sep 2005 13:44:19 -0400, Dimitri Yioulos >> wrote: >> >> >>>On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: >>> >>>>Dimitri Yioulos wrote: >>>> >>>>>On Thursday 22 September 2005 12:45 pm, Julian Field wrote: >>>>> >>>>>>Julian Field wrote: >>>>>> >>>>>>>Scott Silva wrote: >>>>>>> >>>>>>>>Alden Levy spake the following on 9/21/2005 5:33 PM: >>>>>>>> >>>>>>>>>On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva >>>>>>>>> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>>Alden Levy spake the following on 9/21/2005 4:26 PM: >>>>>>>>>> >>>>>>>>>>>Sorry for the duplicate messages. I realized that I had written the >>>>>>>>>>>messages first from my mail program, then from the web interface, >>>>>>>>>>>and--after >>>>>>>>>>>realizing that noone would get these messages--from the jiscmail >>>>>>>>>>>interface. >>>>>>>>>>> >>>>>>>>>>>In any event, I still have one problem, but it still looks like it's >>>>>>>>>>>working, namely: >>>>>>>>>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such >>>>>>>>>>>file or >>>>>>>>>>>directory >>>>>>>>>>> >>>>>>>>>>>There was no file named sendmail.in.pid, so I copied sendmail.pid >>>>>>>>>>>over. >>>>>>>>>>>While the system works, when I check the status of MailScanner, I >>>>>>>>>>>get: >>>>>>>>>>>Checking MailScanner daemons: >>>>>>>>>>> MailScanner: [ OK ] >> >> >>>>>>>>>>> incoming sendmail: [FAILED] >>>>>>>>>>> outgoing sendmail: [ OK ] >>>>>>>>>>> >>>>>>>>>>>However, I seem to have the same services running as I had this >>>>>>>>>>>morning. I >>>>>>>>>>>am able to send emails to accounts on this box from outside >>>>>>>>>>>accounts, as >>>>>>>>>>>well as send emails from accounts on this box to accounts outside >>>>>>>>>>>this box >>>>>>>>>>>(and, of course, emails between accounts on this box). >>>>>>>>>>> >>>>>>>>>>>Suggestions? >>>>>>>>>>> >>>>>>>>>>>Thanks, >>>>>>>>>>>Alden >>>>>>>>>> >>>>>>>>>>Delete the copied pid, then stop MailScanner and run >>>>>>>>>>touch /var/run/sendmail.in.pid >>>>>>>>>>then restart MailScanner and see if that helps. >>>>>>>>> >>>>>>>>>I tried that. When I check service MailScanner status, I get: >>>>>>>>>Checking MailScanner daemons: >>>>>>>>> MailScanner: [ OK ] >>>>>>>>> incoming sendmail: [FAILED] >>>>>>>>> outgoing sendmail: [ OK ] >>>>>>>>> >>>>>>>>>And in my mail logs, I get: >>>>>>>>>Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): >>>>>>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>>>>>>>>Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating >>>>>>>>>SMTP socket >>>>>>>>>Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): >>>>>>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>>>>>>>>Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating >>>>>>>>>SMTP socket >>>>>>>>> >>>>>>>>>Any other suggestions? >>>>>>>>> >>>>>>>>>Thanks, again, >>>>>>>>>Alden >>>>>>>> >>>>>>>>Did you stop sendmail and run chkconfig sendmail off as per the install >>>>>>>>docs? >>>>>>> >>>>>>>Can you check if you have any postfix processes running? Many RedHat >>>>>>>systems ship using Postfix by default instead of sendmail. There is a >>>>>>>tool somewhere to switch which MTA you are using on your RedHat setup. >>>>>> >>>>>>The tool is called system-switch-mail-nox, it's in /usr/bin so will be >>>>>>on your $PATH already. >>>>> >>>>>Hi, Julian. >>>>> >>>>>No postfix processes running. Our MTA is sendmail. >>>>> >>>>>Dimitri >>>>> >>>>>------------------------ MailScanner list ------------------------ >>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>'leave mailscanner' in the body of the email. >>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>>Support MailScanner development - buy the book off the website! >>>> >>>>Dimitri, >>>> >>>>What's the output from: netstat -tpa|grep :smtp >>>> >>>>Denis >>> >>>Hi, Denis. >>> >>>I worked with a guy from Sherbrooke once. Nice person (all Canadians are, in >>>my estimation). Sorry for the aside, all. >>> >>>Here's the output of : >>> >>>tcp 0 0 *:smtps *:* >>>LISTEN 1753/stunnel >>>tcp 0 0 *:smtp *:* >>>LISTEN 17087/sendmail: acc >>> >>>Looks like the last line was concatenated, but still gives the general >>>picture. >>> >>>Dimitri >> >> >> >> There are no postfix processes running on my system. I DID have this >> running properly in an earlier version, but I'll keep checking to make sure >> my host didn't "fix" anything when they were actually fixing another problem. >> >> The output is: >> # netstat -tpa|grep :smtp >> tcp 0 0 *:smtp *:* LISTEN >> 25916/sendmail: acc >> >> I also had the following the first time I ran it >> tcp 0 0 engine.engineno9i:37521 mailwash26.pair.co:smtp TIME_WAIT >> >> but that's gone now. >> >> I'm still scratching my head, because it SEEMS to be working (none of my >> clients are complaining). >> >> Oddly, service MailScanner status returned: >> Checking MailScanner daemons: >> MailScanner: [ OK ] >> incoming sendmail: [ OK ] >> outgoing sendmail: [FAILED] >> >> before I restarted. Now it's back to: >> Checking MailScanner daemons: >> MailScanner: [ OK ] >> incoming sendmail: [FAILED] >> outgoing sendmail: [ OK ] >> >> Stranger and stranger.... >> >> --Alden >> >Does the sendmail section of /etc/sysconfig/MailScanner look ok? >Especially the inpid and outpid declarations. >Also check /etc/rc.d/init.d/MailScanner for the same thing. >Somewhere, the init scripts have a problem. >Also look for MailScanner.rpmnew. Maybe an old init script is lurking >and the .rpmnew just needs to be renamed. > > >-- That's it! Scott (and everyone else): Thank you! It WAS the init scripts. After viewing MailScanner.rpmnew in both /etc/sysconfig and /etc/rc.d/init.d and comparing them with MailScanner, I realized that they needed to be replaced. Thank you! --Alden ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Sep 22 21:28:34 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] /var/spool/mqueue* messages Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Koen Teugels > Sent: Thursday, September 22, 2005 3:03 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] /var/spool/mqueue* messages > > > Mailscanner version 4.36.4 > > maillog : > > mqueue.in 1 file dfj8KFAQdB000811 > /var/log/maillog:Sep 20 17:57:56 mail sendmail[811]: j8KFAQdB000811: > from=, size=315934, class=0, nrcpts=1, > msgid=<433023E5.1000300@ubizen.com>, proto=SMTP, daemon=MTA, > relay=batty.be.ubizen.com [212.113.70.10] > /var/log/maillog:Sep 20 17:57:56 mail sendmail[811]: j8KFAQdB000811: > Milter (milter-ahead): write(D) returned -1, expected 45: Broken pipe > /var/log/maillog:Sep 20 17:57:56 mail sendmail[811]: j8KFAQdB000811: > Milter (milter-ahead): to error state > > mqueue 4 files > -rw------- 1 root root 791 Sep 19 20:16 dfj8JIGF2X001620 > -rw------- 1 root root 791 Sep 19 20:27 dfj8JIRBeF005307 > -rw------- 1 root root 1241 Sep 22 21:00 qfj8JIGF2X001620 > -rw------- 1 root root 1241 Sep 22 21:00 qfj8JIRBeF005307 > > /var/log/maillog:Sep 22 20:45:21 mail sendmail[18443]: j8JIGF2X001620: > to=, delay=3+00:29:05, > xdelay=00:00:00, mailer=esmtp, pri=26221213, > relay=outmx026.isp.belgacom.be. [195.238.2.91], dsn=4.0.0, stat=Deferred: > Connection refused by outmx026.isp.belgacom.be. > /var/log/maillog:Sep 22 21:00:21 mail sendmail[18639]: j8JIGF2X001620: > to=, delay=3+00:44:05, > xdelay=00:00:00, mailer=esmtp, pri=26311213, > relay=outmx026.isp.belgacom.be. [195.238.2.91], dsn=4.0.0, stat=Deferred: > Connection refused by outmx026.isp.belgacom.be. > > /var/log/maillog:Sep 22 20:45:21 mail sendmail[18443]: j8JIRBeF005307: > to=, delay=3+00:18:10, > xdelay=00:00:00, mailer=esmtp, pri=26221213, > relay=outmx024.isp.belgacom.be. [195.238.2.128], dsn=4.0.0, stat=Deferred: > Connection refused by outmx024.isp.belgacom.be. > /var/log/maillog:Sep 22 21:00:21 mail sendmail[18639]: j8JIRBeF005307: > to=, delay=3+00:33:10, > xdelay=00:00:00, mailer=esmtp, pri=26311213, > relay=outmx024.isp.belgacom.be. [195.238.2.128], dsn=4.0.0, stat=Deferred: > Connection refused by outmx024.isp.belgacom.be. > > These files are error files bad content reply messages. > > Thanks Koen > Koen, I notice a couple of things: /var/log/maillog:Sep 20 17:57:56 mail sendmail[811]: j8KFAQdB000811: Milter (milter-ahead): write(D) returned -1, expected 45: Broken pipe Milter-ahead is failing. This is not stopping your mail but you shoud try to restart milter-ahead or possible update to the latest version is the problem persists. These mails are not being delivered because"Connection refused by outmx024.isp.belgacom.be" This is normal and they will sit in the queue for 5 days if you have a normal sendmail configuration. Hope this helps, Steve Steve Swaney Fort Systems Ltd. steve.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Thu Sep 22 21:53:08 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] /var/spool/mqueue* messages Message-ID: >These mails are not being delivered because"Connection refused by >outmx024.isp.belgacom.be" This is normal and they will sit in the queue for >5 days if you have a normal sendmail configuration. i have the defualt sendmail config where every such message is retried every 15 minutes for 5 days and its slowing down the legit e-mail delivery any pointers to ideal/best practice sendmail configuration options will be helpful to me. There are lot of retry messages getting infront of the valid e-mail causing delays. Any points or your sendmail config would be helpful. Thanks current config divert(0)dnl include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`$Id: sendmail-procmail.mc,v 1.1 2003/04/24 21:18:58 avenj Exp $') dnl OSTYPE(linux)dnl DOMAIN(generic)dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl define(`confSMTP_LOGIN_MSG', `$j - $b') define(`confTO_IDENT',`0s')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(`local_lmtp',`/usr/sbin/mail.local')dnl FEATURE(`local_procmail')dnl FEATURE(`no_default_msa',`dnl')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl LOCAL_DOMAIN(`localhost')dnl MAILER(local)dnl MAILER(smtp)dnl MAILER(procmail)dnl ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 22 22:31:56 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] MS 4.45.4-1 installation help Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alden Levy spake the following on 9/22/2005 1:18 PM: > On Thu, 22 Sep 2005 12:08:56 -0700, Scott Silva wrote: > > >>Alden Levy spake the following on 9/22/2005 11:44 AM: >> >>>On Thu, 22 Sep 2005 13:44:19 -0400, Dimitri Yioulos >>>wrote: >>> >>> >>> >>>>On Thursday 22 September 2005 1:24 pm, Denis Beauchemin wrote: >>>> >>>> >>>>>Dimitri Yioulos wrote: >>>>> >>>>> >>>>>>On Thursday 22 September 2005 12:45 pm, Julian Field wrote: >>>>>> >>>>>> >>>>>>>Julian Field wrote: >>>>>>> >>>>>>> >>>>>>>>Scott Silva wrote: >>>>>>>> >>>>>>>> >>>>>>>>>Alden Levy spake the following on 9/21/2005 5:33 PM: >>>>>>>>> >>>>>>>>> >>>>>>>>>>On Wed, 21 Sep 2005 16:57:39 -0700, Scott Silva >>>>>>>>>> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>Alden Levy spake the following on 9/21/2005 4:26 PM: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>Sorry for the duplicate messages. I realized that I had written the >>>>>>>>>>>>messages first from my mail program, then from the web interface, >>>>>>>>>>>>and--after >>>>>>>>>>>>realizing that noone would get these messages--from the jiscmail >>>>>>>>>>>>interface. >>>>>>>>>>>> >>>>>>>>>>>>In any event, I still have one problem, but it still looks like it's >>>>>>>>>>>>working, namely: >>>>>>>>>>>> incoming sendmail: head: /var/run/sendmail.in.pid: No such >>>>>>>>>>>>file or >>>>>>>>>>>>directory >>>>>>>>>>>> >>>>>>>>>>>>There was no file named sendmail.in.pid, so I copied sendmail.pid >>>>>>>>>>>>over. >>>>>>>>>>>>While the system works, when I check the status of MailScanner, I >>>>>>>>>>>>get: >>>>>>>>>>>>Checking MailScanner daemons: >>>>>>>>>>>> MailScanner: [ OK ] >>> >>> >>>>>>>>>>>> incoming sendmail: [FAILED] >>>>>>>>>>>> outgoing sendmail: [ OK ] >>>>>>>>>>>> >>>>>>>>>>>>However, I seem to have the same services running as I had this >>>>>>>>>>>>morning. I >>>>>>>>>>>>am able to send emails to accounts on this box from outside >>>>>>>>>>>>accounts, as >>>>>>>>>>>>well as send emails from accounts on this box to accounts outside >>>>>>>>>>>>this box >>>>>>>>>>>>(and, of course, emails between accounts on this box). >>>>>>>>>>>> >>>>>>>>>>>>Suggestions? >>>>>>>>>>>> >>>>>>>>>>>>Thanks, >>>>>>>>>>>>Alden >>>>>>>>>>> >>>>>>>>>>>Delete the copied pid, then stop MailScanner and run >>>>>>>>>>>touch /var/run/sendmail.in.pid >>>>>>>>>>>then restart MailScanner and see if that helps. >>>>>>>>>> >>>>>>>>>>I tried that. When I check service MailScanner status, I get: >>>>>>>>>>Checking MailScanner daemons: >>>>>>>>>> MailScanner: [ OK ] >>>>>>>>>> incoming sendmail: [FAILED] >>>>>>>>>> outgoing sendmail: [ OK ] >>>>>>>>>> >>>>>>>>>>And in my mail logs, I get: >>>>>>>>>>Sep 21 20:35:42 engine sendmail[27938]: NOQUEUE: SYSERR(root): >>>>>>>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>>>>>>>>>Sep 21 20:35:42 engine sendmail[27938]: daemon MTA: problem creating >>>>>>>>>>SMTP socket >>>>>>>>>>Sep 21 20:35:45 engine sendmail[28052]: NOQUEUE: SYSERR(root): >>>>>>>>>>opendaemonsocket: daemon MTA: cannot bind: Address already in use >>>>>>>>>>Sep 21 20:35:45 engine sendmail[28052]: daemon MTA: problem creating >>>>>>>>>>SMTP socket >>>>>>>>>> >>>>>>>>>>Any other suggestions? >>>>>>>>>> >>>>>>>>>>Thanks, again, >>>>>>>>>>Alden >>>>>>>>> >>>>>>>>>Did you stop sendmail and run chkconfig sendmail off as per the install >>>>>>>>>docs? >>>>>>>> >>>>>>>>Can you check if you have any postfix processes running? Many RedHat >>>>>>>>systems ship using Postfix by default instead of sendmail. There is a >>>>>>>>tool somewhere to switch which MTA you are using on your RedHat setup. >>>>>>> >>>>>>>The tool is called system-switch-mail-nox, it's in /usr/bin so will be >>>>>>>on your $PATH already. >>>>>> >>>>>>Hi, Julian. >>>>>> >>>>>>No postfix processes running. Our MTA is sendmail. >>>>>> >>>>>>Dimitri >>>>>> >>>>>>------------------------ MailScanner list ------------------------ >>>>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>>'leave mailscanner' in the body of the email. >>>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>>Support MailScanner development - buy the book off the website! >>>>> >>>>>Dimitri, >>>>> >>>>>What's the output from: netstat -tpa|grep :smtp >>>>> >>>>>Denis >>>> >>>>Hi, Denis. >>>> >>>>I worked with a guy from Sherbrooke once. Nice person (all Canadians are, in >>>>my estimation). Sorry for the aside, all. >>>> >>>>Here's the output of : >>>> >>>>tcp 0 0 *:smtps *:* >>>>LISTEN 1753/stunnel >>>>tcp 0 0 *:smtp *:* >>>>LISTEN 17087/sendmail: acc >>>> >>>>Looks like the last line was concatenated, but still gives the general >>>>picture. >>>> >>>>Dimitri >>> >>> >>> >>>There are no postfix processes running on my system. I DID have this >>>running properly in an earlier version, but I'll keep checking to make sure >>>my host didn't "fix" anything when they were actually fixing another problem. >>> >>>The output is: >>># netstat -tpa|grep :smtp >>>tcp 0 0 *:smtp *:* LISTEN >>> 25916/sendmail: acc >>> >>>I also had the following the first time I ran it >>>tcp 0 0 engine.engineno9i:37521 mailwash26.pair.co:smtp TIME_WAIT >>> >>>but that's gone now. >>> >>>I'm still scratching my head, because it SEEMS to be working (none of my >>>clients are complaining). >>> >>>Oddly, service MailScanner status returned: >>>Checking MailScanner daemons: >>> MailScanner: [ OK ] >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [FAILED] >>> >>>before I restarted. Now it's back to: >>>Checking MailScanner daemons: >>> MailScanner: [ OK ] >>> incoming sendmail: [FAILED] >>> outgoing sendmail: [ OK ] >>> >>>Stranger and stranger.... >>> >>>--Alden >>> >> >>Does the sendmail section of /etc/sysconfig/MailScanner look ok? >>Especially the inpid and outpid declarations. >>Also check /etc/rc.d/init.d/MailScanner for the same thing. >>Somewhere, the init scripts have a problem. >>Also look for MailScanner.rpmnew. Maybe an old init script is lurking >>and the .rpmnew just needs to be renamed. >> >> >>-- > > That's it! Scott (and everyone else): Thank you! It WAS the init scripts. > After viewing MailScanner.rpmnew in both /etc/sysconfig and > /etc/rc.d/init.d and comparing them with MailScanner, I realized that they > needed to be replaced. > > Thank you! > > --Alden > You must have been replacing a very old version of MailScanner, as that bit me at least a year or more ago. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 22 22:49:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] /var/spool/mqueue* messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Venkata Achanta spake the following on 9/22/2005 1:53 PM: >>These mails are not being delivered because"Connection refused by >>outmx024.isp.belgacom.be" This is normal and they will sit in the queue for >>5 days if you have a normal sendmail configuration. > > > i have the defualt sendmail config where every such message is retried > every 15 minutes for 5 days and its slowing down the legit e-mail delivery > any pointers to ideal/best practice sendmail configuration options will be > helpful to me. There are lot of retry messages getting infront of the valid > e-mail causing delays. > > Any points or your sendmail config would be helpful. > > Thanks > > > current config > > divert(0)dnl > include(`/usr/share/sendmail-cf/m4/cf.m4')dnl > VERSIONID(`$Id: sendmail-procmail.mc,v 1.1 2003/04/24 21:18:58 avenj Exp $') > dnl > OSTYPE(linux)dnl > DOMAIN(generic)dnl > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > define(`confSMTP_LOGIN_MSG', `$j - $b') > define(`confTO_IDENT',`0s')dnl > FEATURE(`smrsh',`/usr/sbin/smrsh')dnl > FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl > FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl > FEATURE(`local_lmtp',`/usr/sbin/mail.local')dnl > FEATURE(`local_procmail')dnl > FEATURE(`no_default_msa',`dnl')dnl > define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl > FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl > LOCAL_DOMAIN(`localhost')dnl > MAILER(local)dnl > MAILER(smtp)dnl > MAILER(procmail)dnl > Some more good options are; add nobodyreturn to confPRIVACY_FLAGS to stop bouncing others spam, as they can spoof the envelope sender and make you a spam relay. You would still send a bounce message, but without the attached content. define(`confBAD_RCPT_THROTTLE',`1')dnl slow down any dictionary attacks on your system. You can change the 1 to a higher number. define(`confDOUBLE_BOUNCE_ADDRESS',`') or define(`confDOUBLE_BOUNCE_ADDRESS',`some-user-account') to stop double-bounce. The first just kills them, the second example if you actually want someone to check them. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Thu Sep 22 22:54:47 2005 From: Dave (Dave) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Exclusion lists Message-ID: 1) How do I tell MailScanner not to scan any e-mail going to target.dom ? Some programmers are still miming there mail over . 2) Has anyone has Fraud and Disarm problems with people sending e-newsletters? Software in question is Subscribe Me. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 23 08:46:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] TNEF Patch problems on FreeBSD Message-ID: When it creates any directory, it does so with just rw permissions and not rwx so it winds up with a useless directory. I haven't submitted it to anyone, I just worked around it with a chmod. Or at least that's what I seem to remember, but I might be wrong. "cvs log" doesn't seem to show me the info I typed in whenever I committed it, useless tool :-( On 22 Sep 2005, at 19:47, Koopmann, Jan-Peter wrote: > On Monday, September 05, 2005 2:45 PM Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> No thanks, I have found the problem (bug in Convert::TNEF). >> > > Just encountered this one too. How did you fix it? A patch to > Convert::TNEF? Is it released to the developer yet? I would like to > change the Convert::TNEF port of FreeBSD as well. > > Moreover: I do not think the TNEF code changed on that particular > box for ages. But this started all of the sudden with 4.44. Did you > change anything in that version? > > Regards, > JP > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 23 08:48:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Exclusion lists Message-ID: Please read about rulesets. They are documented in all the MailScanner documentation. Have you bought the Book yet? As for the phishing net, e-newsletters are just about the worst offenders. You should add the real sites to phishing.safe.sites.conf. 1) How do I tell MailScanner not to scan any e-mail going to target.dom ? Some programmers are still miming there mail over . 2) Has anyone has Fraud and Disarm problems with people sending e-newsletters? Software in question is Subscribe Me. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 23 08:53:06 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] TNEF Patch problems on FreeBSD Message-ID: JP Jules has a patch for his code that does as he describes. BUT on my FreeBSD I had to hand install the patch (just a few lines) as the patch seems to work on slightly different code to the tar.gz install I use. Other way is to install the latest beta.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Koopmann, Jan-Peter Sent: 22 September 2005 19:47 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] TNEF Patch problems on FreeBSD On Monday, September 05, 2005 2:45 PM Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > No thanks, I have found the problem (bug in Convert::TNEF). Just encountered this one too. How did you fix it? A patch to Convert::TNEF? Is it released to the developer yet? I would like to change the Convert::TNEF port of FreeBSD as well. Moreover: I do not think the TNEF code changed on that particular box for ages. But this started all of the sudden with 4.44. Did you change anything in that version? Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Fri Sep 23 08:55:30 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Ignore test message Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > No, it's up, but it has suddenly started tagging all the > subject lines. And this appears to be a per-user setting. And > I don't believe everyone suddenly switched it on at the same time. > I have logged a fault about it, and am waiting for them to > get back to me. Any chans of removing the tagging or at least put it in the end of subjectline? > > On 22 Sep 2005, at 15:01, Rick Cooper wrote: > > > I haven't seen a message since early yesterday. Is the list down? > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Sep 23 08:59:31 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] TNEF Patch problems on FreeBSD Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, September 23, 2005 08:53, Martin Hepworth wrote: > JP > > Jules has a patch for his code that does as he describes. > > BUT on my FreeBSD I had to hand install the patch (just a few lines) as > the > patch seems to work on slightly different code to the tar.gz install I > use. > > Other way is to install the latest beta.. And looking at the patch the bug was indeed got round by using chmod (Jules memory is pretty good :-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From stef at L5NET.NET Fri Sep 23 09:51:17 2005 From: stef at L5NET.NET (Stef Morrell) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Convert HTML To Text rule doesn't work as expected Message-ID: Bart Smit wrote: >> Bart Smit wrote: >>> I am having problems with stripping HTML from inbound messages. One >>> of our customers wants all HTML stripped but recently they have >>> requested that messages from a trusted sending domain need to >>> arrive with HTML intact. >>> >> >> So... if I have this correct. >> >> Do not strip html >> Unless to recipient.domain except if from sender.domain. >> >> So surely the rules need to be... >> >> From: sender@sender.domain no >> To: *@recipient.domain yes >> FromOrTo: default no > I prefer to exclude senders by IP address, since this is > harder to spoof. > Even if the rule didn't allow selection by IP, then the > To: recipient@recipient.domain no > line should ensure that the recipient gets all emails with > HTML included. > This is the first thing I tried. > > I get the feeling that the selection by recipient domain rule > takes precedence over all other rules. No, they should be applied in order, until a match is found. I'm confused - you say in your original message that email *from* a particular sending domain should be left intact, but now you are talking about excluding email *to* a particular recipient. Can you clarify what you are trying to achieve? Stef Stefan Morrell | Director Tel: 0870 365 2813 | Level 5 Internet Ltd Fax: 0192 450 7307 | Part of the Alpha Omega Group stef@l5net.net | stef@aoc-uk.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Sep 23 12:11:24 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Latest Bagel varients Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 21/09/05, Rick Cooper wrote: > I noticed this morning that the latest couple bagel varients are not being > caught by bit defender and f-prot (clam gets them as of early this morning). > > bdc will catch them if the --nohed (unknown virus detection) switch is used > but that switch is not in the default CommonOptions setting of > SweepViruses.pm. Should it be, or does someone know of a reason it isn't at > this time? > > > Rick Cooper > I *think* it's because that will generate a fair bit of FPs. Might be wrong though. My experience was that bdc got some of the variants fairly early and clamav and mcafee got some others, so in total none slipped by (would've triggered the file name/type thingies)... And after a few hours they we're pretty much on par (all getting everything)... Until the next "spamming of bagels" round:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Sep 23 12:31:42 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 21/09/05, Douglas Ward wrote: > I am using a postfix/MailScanner combination on our e-mail gateways. We use > the relay_domain and relay_recipient options to only allow mail through if > it is first a valid domain and second if it is a valid recipient on the > domain. It is a bit of manual work to keep the recipient list up to date > but they tell me pretty quickly if I forget! :) With this setup postfix > automatically rejects the message. I don't see many NDR's in the queue > waiting to be processed. I figure its either that I haven't been dictionary > attacked yet or postfix is doing a good job! > Very likely that Postfix is doing its job well! I imagine you've looked at http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users#rejecting_unknown_non-local_users and http://www-personal.umich.edu/~malth/gaptuning/postfix/ for some examples of nice scripts that remove the need for "manual intervention"... If you're using a "non-local" server which present it's userbase/mailboxes via LDAP, at least. It's also fairly simple to script something around ldapsearch (I had already done that when I saw this info the first time:). Run from cron, this makes it so the M-Sexchange admin can do whatever he likes, postfix will know about it within X minutes (15 in my case). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Fri Sep 23 13:03:52 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:48 2006 Subject: [MAILSCANNER] cannot stop spam mail Message-ID: I'm trying to stop certain emails from coming in. I've run the sa-learn against the mail but they keep getting past. When I look at the score it is still quite low and because it finds the mail clean it sends it through. Is there a way to see exactly what was checked? The fact that sa-learn isn't "learning" is a bit of a concern. What do I have to do to get this marked as spam? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/PLAIN 22 lines. ] [ Unable to print this part. ] From Dave Fri Sep 23 13:13:30 2005 From: Dave (Dave) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] Exclusion lists Message-ID: On Fri, Sep 23, 2005 at 08:48:19AM +0100, Julian Field wrote: > Please read about rulesets. They are documented in all the > MailScanner documentation. > Have you bought the Book yet? > We are not talking about a spam(assassin) related incdient. just something that stops defanging mail for certain domains hosted here. Also, I do not know if the book is available in Canada. > As for the phishing net, e-newsletters are just about the worst > offenders. You should add the real sites to phishing.safe.sites.conf. Considering this from localhost AND that it is a virtual domain, should I add the both my domain and the customers' doing e-newsletters? > > 1) How do I tell MailScanner not to scan any e-mail going to > target.dom ? > > Some programmers are still miming there mail over . > > 2) Has anyone has Fraud and Disarm problems with people sending > e-newsletters? Software in question is Subscribe Me. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 23 13:36:51 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] cannot stop spam mail Message-ID: Jon Depends on what version of SA you have and what extra rules you have from the standard ones....I've got about 20 extra rule files covering all sorts of stuff. If you can drop an example of the stuff that's getting through to a web page somewhere (full headers etc) I can run over my system and let you know if any of my rules fire and can then advise from there.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jon Miller Sent: 23 September 2005 13:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] cannot stop spam mail I'm trying to stop certain emails from coming in. I've run the sa-learn against the mail but they keep getting past. When I look at the score it is still quite low and because it finds the mail clean it sends it through. Is there a way to see exactly what was checked? The fact that sa-learn isn't "learning" is a bit of a concern. What do I have to do to get this marked as spam? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Sep 23 13:48:46 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] Lost the list again Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I seem to have lost the list again, I looked at my account settings but don't see anything odd. Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Sep 23 13:53:12 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] Exclusion lists Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 23/09/05, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Fri, Sep 23, 2005 at 08:48:19AM +0100, Julian Field wrote: > > Please read about rulesets. They are documented in all the > > MailScanner documentation. > > Have you bought the Book yet? > > > > We are not talking about a spam(assassin) related incdient. just > something that stops defanging mail for certain domains hosted here. Jules isn't talking about SA rules, but MS rulesets... A mechanism for having different MS setups depending on things like sender/recipient address/IP address etc. In other words, exactly what you need. As Julian mentions, this is documented in the book, so buying it might be a good idea. You also have some examples in the rules directory (/etc/MailScanner/rules or wherever), and last (but not least:-) in the wiki... Have a long and good look at http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets > Also, I do not know if the book is available in Canada. I'd imagine CaféPress to deliver there too... If you like to pay more for it, and give Jules less, order it from amazon... (snip) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri Sep 23 16:33:49 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Koopmann, Jan-Peter) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] TNEF Patch problems on FreeBSD Message-ID: On Friday, September 23, 2005 9:53 AM Martin Hepworth wrote: > JP > > Jules has a patch for his code that does as he describes. > > BUT on my FreeBSD I had to hand install the patch (just a few lines) > as the patch seems to work on slightly different code to the tar.gz > install I use. If one of you guys could please send me the patch. I will then adjust the FreeBSD port for the latest stable ASAP. Thanks! Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 23 16:37:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] Ignore test message Message-ID: On 23 Sep 2005, at 08:55, Anders Andersson, IT wrote: >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >> No, it's up, but it has suddenly started tagging all the >> subject lines. And this appears to be a per-user setting. And >> I don't believe everyone suddenly switched it on at the same time. >> I have logged a fault about it, and am waiting for them to >> get back to me. >> > > Any chans of removing the tagging or at least put it in the end of > subjectline? > They are currently investigating why everyone suddenly started getting tagged list postings. I have asked them to fix it, I can't stand it either. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Sep 23 16:40:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] cannot stop spam mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > I'm trying to stop certain emails from coming in. I've run the sa-learn against the mail but they keep getting past. When I look at the score it is still quite low and because it finds the mail clean it sends it through. > Is there a way to see exactly what was checked? The fact that sa-learn isn't "learning" is a bit of a concern. What do I have to do to get this marked as spam? 1) what version of SpamAssassin are you using? 2) are you using any add-on rulesets? 3) post a X-*-MailScanner-SpamCheck: header for the message in question. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Sep 23 16:48:39 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] TNEF Patch problems on FreeBSD Message-ID: JP http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/TNEF.pm.patch.gz -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Koopmann, Jan-Peter Sent: 23 September 2005 16:34 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] TNEF Patch problems on FreeBSD On Friday, September 23, 2005 9:53 AM Martin Hepworth wrote: > JP > > Jules has a patch for his code that does as he describes. > > BUT on my FreeBSD I had to hand install the patch (just a few lines) > as the patch seems to work on slightly different code to the tar.gz > install I use. If one of you guys could please send me the patch. I will then adjust the FreeBSD port for the latest stable ASAP. Thanks! Regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Fri Sep 23 17:08:54 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Koopmann, Jan-Peter) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] TNEF Patch problems on FreeBSD Message-ID: On Friday, September 23, 2005 5:49 PM Martin Hepworth wrote: > JP > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/TNEF.pm.patch.gz Wounderful. Must have missed that one! Julian I take it this is already included in the latest beta then? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 23 17:15:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] TNEF Patch problems on FreeBSD Message-ID: On 23 Sep 2005, at 17:08, Koopmann, Jan-Peter wrote: > On Friday, September 23, 2005 5:49 PM Martin Hepworth wrote: > > >> JP >> >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/TNEF.pm.patch.gz >> > > Wounderful. Must have missed that one! > > Julian I take it this is already included in the latest beta then? Can't remember. The News section will tell you. If I have released a beta since the patch then it will be included. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevinold at gmail.com Thu Sep 22 17:02:02 2005 From: kevinold at gmail.com (Kevin Old) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] Block outgoing mail with rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 9/22/05, Julian Field wrote: > On 22 Sep 2005, at 02:27, Kevin Old wrote: [snip] > > To: email.addy@idontwantsetto and From: bad.user@mydomain blahblahblah > > Instead of blahblahblah you should put whatever would have been the > correct result for that configuration option if you hadn't used a > ruleset at all. For example, if this is going on the "Archive Mail" > option, then the correct blahblahblah would be a directory or file name. Ok, according to EXAMPLES in /etc/MailScanner/rules , I've done this: I put this into /etc/MailScanner/MailScanner.conf: Block Outgoing To = /etc/MailScanner/rules/block.outgoing.rules And here's my /etc/MailScanner/rules/block.outgoing.rules To: kevinold@gmail.com and From: kevin.old@uavco.com /tmp/kdo.txt Here's the error I get from MailScanner: Sep 22 11:41:30 uavco MailScanner[13358]: Syntax error(s) in configuration file: Sep 22 11:41:30 uavco MailScanner[13358]: Unrecognised keyword "blockoutgoingto" at line 1911 Sep 22 11:41:30 uavco MailScanner[13358]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. How do I define a new keyword for a new rules file? Should I put this in another rules file? Any help is appreciated, -- Kevin Old kevinold@gmail.com From davidj at synaq.com Sat Sep 24 09:40:47 2005 From: davidj at synaq.com (David Jacobson) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] MailScanner + Exim (Bug?) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Gents, I have a small problem with one of our production servers. It's currently running : MailScanner 4.42.9 Exim 4.43 Basically what's happening is I see a large amount of the exim inbound process running (currently 3000) after further investigation, I notice that even though there are 0 mails in the inbound queue there are 3000 half messages in the queue (Virus body's without matching header portion) The above is causing exim to use a lot of resources, so what I do is manually clean up the queue, then a few seconds later it starts again. At first I thought it was an Exim bug, seeing that there should never be half messages in the queue, but after a bit of diagnostic tests I believe the problem is with MailScanner not taking the message correctly and leaving half behind (perhaps due to attempting to move it to outbound queue before it is finished writing to inbound queue? - I'm not sure... Anyway, does anyone have any suggestions on how I can fix this problem? If you require any additional info let me know eg exim conf file etc. Thanks in advance. -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 0860 0 SYNAQ (79627) Direct: 011 290 6388 Fax: 011 290 6389 Cell: 083 235 0760 Mail: davidj@synaq.com Web: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Sun Sep 25 01:45:40 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] cannot stop spam mail Message-ID: Received: from mail.mmtnetworks.com.au ([192.168.3.3]) by mmtnetworks.com.au; Fri, 23 Sep 2005 20:56:20 +0800 Received: from halcrowpk.com.pk (unknown [222.33.128.58]) by mail.mmtnetworks.com.au (Postfix) with ESMTP id A2145150004 for ; Fri, 23 Sep 2005 20:54:13 +0800 (WST) Sender: To: jlmiller@mmtnetworks.com.au X-Sender: From: sweeney_ri@bristoldesign.bc.ca In-Reply-To: <4b4201c5bb87$b13a4297$e1b35772@ia4f0ex> Subject: seems to be a real deal Reply-To: "(null)" Date: Tue, 27 Sep 2005 16:39:58 +10000 Message-ID: <5e8501c5c03b$ce28e4e6$5eb09949@tf152d2> Content-Type: text/plain; charset="us-ascii" X-mmtnet-MailScanner: Found to be clean X-mmtnet-MailScanner-SpamScore: s X-MailScanner-From: sweeney_ri@bristoldesign.bc.ca Content-Transfer-Encoding: quoted-printable >>> mkettler@EVI-INC.COM 11:40:05 pm 23/09/2005 >>> Jon Miller wrote: > I'm trying to stop certain emails from coming in. I've run the sa-learn against the mail but they keep getting past. When I look at the score it is still quite low and because it finds the mail clean it sends it through. > Is there a way to see exactly what was checked? The fact that sa-learn isn't "learning" is a bit of a concern. What do I have to do to get this marked as spam? 1) what version of SpamAssassin are you using? 2) are you using any add-on rulesets? 3) post a X-*-MailScanner-SpamCheck: header for the message in question. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/HTML 55 lines. ] [ Unable to print this part. ] From jlmiller at MMTNETWORKS.COM.AU Sun Sep 25 01:56:26 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] cannot stop spam mail Message-ID: SpamAssassin version 3.0.3 location of header file http://www.mmtnetworks.com.au/Mime-1 Thanks >>> martinh@SOLID-STATE-LOGIC.COM 8:36:51 pm 23/09/2005 >>> Jon Depends on what version of SA you have and what extra rules you have from the standard ones....I've got about 20 extra rule files covering all sorts of stuff. If you can drop an example of the stuff that's getting through to a web page somewhere (full headers etc) I can run over my system and let you know if any of my rules fire and can then advise from there.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jon Miller Sent: 23 September 2005 13:04 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] cannot stop spam mail I'm trying to stop certain emails from coming in. I've run the sa-learn against the mail but they keep getting past. When I look at the score it is still quite low and because it finds the mail clean it sends it through. Is there a way to see exactly what was checked? The fact that sa-learn isn't "learning" is a bit of a concern. What do I have to do to get this marked as spam? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/HTML 63 lines. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Sun Sep 25 16:58:00 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] cannot stop spam mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > SpamAssassin version 3.0.3 > > location of header file > > http://www.mmtnetworks.com.au/Mime-1 > > Thanks > Urgh.. Looks like your SA report is off... check your mailscanner.conf. Do you have this option? Always Include SpamAssassin Report = yes If not, turn it on and try again. It's impossible to debug the problem without that report added to the headers. In particular I'm interested to see if ALL_TRUSTED or BAYES_00 fired off. (IMHO, turning this option off is a very bad idea. I'm sure Julian added it because someone asked, but I still think it's a bad idea unless you're comfortable greping logs on a regular basis) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Sun Sep 25 17:00:11 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] cannot stop spam mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > SpamAssassin version 3.0.3 > > location of header file > > http://www.mmtnetworks.com.au/Mime-1 For reference, I rack up 30.1 points when I scan that message: X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on xanadu.evi-inc.com X-Spam-Level: ****************************** X-Spam-Status: Yes, hits=30.1 required=5.0 tests=AB_URI_RBL,BAYES_50, BLACK_URI_RBL,DCC_CHECK,FAKE_HELO_JUNO,JP_URI_RBL,OB_URI_RBL, PENIS_ENLARGE2,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK, RCVD_FAKE_HELO_DOTCOM,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL, RCVD_IN_SORBS_DUL,RCVD_IN_XBL,SARE_ADULT2,SPAMCOP_URI_RBL,WS_URI_RBL autolearn=spam version=2.64 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Sep 25 17:20:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:49 2006 Subject: [MAILSCANNER] cannot stop spam mail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Kettler wrote: > Always Include SpamAssassin Report = yes > >If not, turn it on and try again. It's impossible to debug the problem without >that report added to the headers. In particular I'm interested to see if >ALL_TRUSTED or BAYES_00 fired off. > >(IMHO, turning this option off is a very bad idea. I'm sure Julian added it >because someone asked, but I still think it's a bad idea unless you're >comfortable greping logs on a regular basis) > > If you are doing any spam checking at all, it will force it to run every message through SpamAssassin. If you are using "Spam List" to do a DNSBL or two, it will force an expensive SpamAssassin check for every message, even if your config didn't ask it to. So mail whitelisted in spam.whitelist.rules will still be checked with SpamAssassin, even though you whitelisted it. Depending on your particular setup, this could add a considerable overhead to produce reports that you didn't really want in the first place. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzbOMRH2WUcUFbZUEQJcFgCg7OUCWmsEwX7mfWy4ZeM42h0IRt4AoJbk 2PmRVvJtlJZykbz/RZZbG/oe =3RG3 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Sun Sep 25 22:11:17 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:49 2006 Subject: Pyzor errors Message-ID: Has no one seen this before or indeed have an ideas at all? Usually FreeBSD ports just work, I must be really unlucky :-( Drew On 18 Sep 2005, at 00:45, Drew Marshall wrote: > Hi all > > Just installed SA 3.1.0 and it's all running nicely. As Razor and > DCC are licensed and not used by default I thought I would give > Pyzor a go. > > It's all installed nicely but it just won't run. Pyzor discover > works fine but if i run it from either SA or command line I get: > > Traceback (most recent call last): > File "/usr/local/bin/pyzor", line 4, in ? > pyzor.client.run() > File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", > line 934, in run > ExecCall().run() > File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", > line 188, in run > if not apply(dispatch, (self, args)): > File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", > line 284, in report > self.client.report): > File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", > line 299, in send_digest > runner.run(server, (digest, spec, server)) > File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", > line 725, in run > response = apply(self.routine, varargs, kwargs) > File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", > line 48, in report > self.send(msg, address) > File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", > line 77, in send > self.socket.sendto(mac_msg_str, 0, address) > socket.error: (13, 'Permission denied') > > > Now clearly the last line is significant. I have run this as root > so it's not (Or shouldn't be) a permissions problem with files or > directories and as root I shouldn't have issues with binding to low > numbered ports, which was one suggestion from Google. > > Any ideas any one? > > For the record: > > FreeBSD 5.4 with python 2.4 and the latest pyzor installed from ports. > > TIA > > Drew > > -- > In line with our policy, this message hasbeen scanned for viruses > and dangerouscontent by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Mon Sep 26 02:48:17 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:49 2006 Subject: cannot stop spam mail Message-ID: This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_BC9EC5F3.E180FA73 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline after looking at the mailscanner.conf file I see that: 1) Always Include SpamAssassin Report =3D no 2) Spam Actions =3D deliver 3) High Scoring Spam Actions =3D deliver I've changed #1 to =3D yes, but should #2 & #3 be set to delete if that is = what I what done? Jon >>> mkettler@EVI-INC.COM 11:58:00 pm 25/09/2005 >>> Jon Miller wrote: > SpamAssassin version 3.0.3=20 >=20 > location of header file >=20 > http://www.mmtnetworks.com.au/Mime-1 >=20 > Thanks >=20 Urgh.. Looks like your SA report is off... check your mailscanner.conf. Do = you have this option? Always Include SpamAssassin Report =3D yes If not, turn it on and try again. It's impossible to debug the problem = without that report added to the headers. In particular I'm interested to see if ALL_TRUSTED or BAYES_00 fired off. (IMHO, turning this option off is a very bad idea. I'm sure Julian added = it because someone asked, but I still think it's a bad idea unless you're comfortable greping logs on a regular basis) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --=_BC9EC5F3.E180FA73 Content-Type: TEXT/HTML Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="TEXT.htm" Content-Description: HTML PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PXVzLWFzY2lpIj4NCjxNRVRBIGNvbnRlbnQ9Ik1TSFRNTCA2 LjAwLjI5MDAuMjcyMiIgbmFtZT1HRU5FUkFUT1I+PC9IRUFEPg0KPEJPRFkgc3R5bGU9Ik1BUkdJ Ti1UT1A6IDJweDsgRk9OVDogMTBwdCBBcmlhbDsgTUFSR0lOLUxFRlQ6IDJweCI+DQo8RElWPmFm dGVyIGxvb2tpbmcgYXQgdGhlIG1haWxzY2FubmVyLmNvbmYgZmlsZSBJIHNlZSB0aGF0OjwvRElW Pg0KPERJVj4xKSBBbHdheXMgSW5jbHVkZSBTcGFtQXNzYXNzaW4gUmVwb3J0ID0gbm88L0RJVj4N CjxESVY+MikgU3BhbSBBY3Rpb25zID0gZGVsaXZlcjwvRElWPg0KPERJVj4zKSBIaWdoIFNjb3Jp bmcgU3BhbSBBY3Rpb25zID0gZGVsaXZlcjwvRElWPg0KPERJVj4mbmJzcDs8L0RJVj4NCjxESVY+ SSd2ZSBjaGFuZ2VkICMxIHRvID0geWVzLCBidXQgc2hvdWxkICMyICZhbXA7ICMzIGJlIHNldCB0 byBkZWxldGUgaWYgdGhhdCANCmlzIHdoYXQgSSB3aGF0IGRvbmU/PC9ESVY+DQo8RElWPiZuYnNw OzwvRElWPg0KPERJVj5Kb248QlI+PEJSPiZndDsmZ3Q7Jmd0OyBta2V0dGxlckBFVkktSU5DLkNP TSAxMTo1ODowMCBwbSAyNS8wOS8yMDA1IA0KJmd0OyZndDsmZ3Q7PEJSPkpvbiBNaWxsZXIgd3Jv dGU6PEJSPiZndDsmbmJzcDsgU3BhbUFzc2Fzc2luIHZlcnNpb24gMy4wLjMgDQo8QlI+Jmd0OyA8 QlI+Jmd0OyBsb2NhdGlvbiBvZiBoZWFkZXIgZmlsZTxCUj4mZ3Q7IDxCUj4mZ3Q7IDxBIA0KaHJl Zj0iaHR0cDovL3d3dy5tbXRuZXR3b3Jrcy5jb20uYXUvTWltZS0xIj5odHRwOi8vd3d3Lm1tdG5l dHdvcmtzLmNvbS5hdS9NaW1lLTE8L0E+PEJSPiZndDsgDQo8QlI+Jmd0OyBUaGFua3M8QlI+Jmd0 OyA8QlI+VXJnaC4uIExvb2tzIGxpa2UgeW91ciBTQSByZXBvcnQgaXMgb2ZmLi4uIGNoZWNrIA0K eW91ciBtYWlsc2Nhbm5lci5jb25mLiBEbyB5b3U8QlI+aGF2ZSB0aGlzIG9wdGlvbj88QlI+PEJS PkFsd2F5cyBJbmNsdWRlIA0KU3BhbUFzc2Fzc2luIFJlcG9ydCA9IHllczxCUj48QlI+SWYgbm90 LCB0dXJuIGl0IG9uIGFuZCB0cnkgYWdhaW4uIEl0J3MgDQppbXBvc3NpYmxlIHRvIGRlYnVnIHRo ZSBwcm9ibGVtIHdpdGhvdXQ8QlI+dGhhdCByZXBvcnQgYWRkZWQgdG8gdGhlIGhlYWRlcnMuIElu IA0KcGFydGljdWxhciBJJ20gaW50ZXJlc3RlZCB0byBzZWUgaWY8QlI+QUxMX1RSVVNURUQgb3Ig QkFZRVNfMDAgZmlyZWQgDQpvZmYuPEJSPjxCUj4oSU1ITywgdHVybmluZyB0aGlzIG9wdGlvbiBv ZmYgaXMgYSB2ZXJ5IGJhZCBpZGVhLiBJJ20gc3VyZSBKdWxpYW4gDQphZGRlZCBpdDxCUj5iZWNh dXNlIHNvbWVvbmUgYXNrZWQsIGJ1dCBJIHN0aWxsIHRoaW5rIGl0J3MgYSBiYWQgaWRlYSB1bmxl c3MgDQp5b3UncmU8QlI+Y29tZm9ydGFibGUgZ3JlcGluZyBsb2dzIG9uIGEgcmVndWxhciANCmJh c2lzKTxCUj48QlI+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIE1haWxTY2FubmVyIGxpc3QgDQot LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08QlI+VG8gdW5zdWJzY3JpYmUsIGVtYWlsIGppc2NtYWls QGppc2NtYWlsLmFjLnVrIHdpdGggDQp0aGUgd29yZHM6PEJSPidsZWF2ZSBtYWlsc2Nhbm5lcicg aW4gdGhlIGJvZHkgb2YgdGhlIGVtYWlsLjxCUj5CZWZvcmUgcG9zdGluZywgDQpyZWFkIHRoZSBX aWtpICg8QSANCmhyZWY9Imh0dHA6Ly93aWtpLm1haWxzY2FubmVyLmluZm8vKSI+aHR0cDovL3dp a2kubWFpbHNjYW5uZXIuaW5mby8pPC9BPiANCmFuZDxCUj50aGUgYXJjaGl2ZXMgKDxBIA0KaHJl Zj0iaHR0cDovL3d3dy5qaXNjbWFpbC5hYy51ay9saXN0cy9tYWlsc2Nhbm5lci5odG1sKS4iPmh0 dHA6Ly93d3cuamlzY21haWwuYWMudWsvbGlzdHMvbWFpbHNjYW5uZXIuaHRtbCkuPC9BPjxCUj48 QlI+U3VwcG9ydCANCk1haWxTY2FubmVyIGRldmVsb3BtZW50IC0gYnV5IHRoZSBib29rIG9mZiB0 aGUgd2Vic2l0ZSE8QlI+PC9ESVY+PC9CT0RZPjwvSFRNTD4NCg== --=_BC9EC5F3.E180FA73-- From Jeff.Mills at POCOLD.COM.AU Mon Sep 26 02:45:29 2005 From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:30:49 2006 Subject: cannot stop spam mail Message-ID: Yes, right now you are telling MailScanner to deliver all spam that it = detects. High scoring spam should probably be set to delete. You need to decide if you want to delete lower scoring spam, or tag the = subject and let the user decide if its spam or not. > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Jon Miller > Sent: Monday, 26 September 2005 11:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] cannot stop spam mail >=20 >=20 > after looking at the mailscanner.conf file I see that: > 1) Always Include SpamAssassin Report =3D no > 2) Spam Actions =3D deliver > 3) High Scoring Spam Actions =3D deliver >=20 > I've changed #1 to =3D yes, but should #2 & #3 be set to delete=20 > if that is what I what done? >=20 > Jon >=20 > >>> mkettler@EVI-INC.COM 11:58:00 pm 25/09/2005 >>> > Jon Miller wrote: > > SpamAssassin version 3.0.3=20 > >=20 > > location of header file > >=20 > > http://www.mmtnetworks.com.au/Mime-1 > >=20 > > Thanks > >=20 > Urgh.. Looks like your SA report is off... check your=20 > mailscanner.conf. Do you > have this option? >=20 > Always Include SpamAssassin Report =3D yes >=20 > If not, turn it on and try again. It's impossible to debug=20 > the problem without > that report added to the headers. In particular I'm=20 > interested to see if > ALL_TRUSTED or BAYES_00 fired off. >=20 > (IMHO, turning this option off is a very bad idea. I'm sure=20 > Julian added it > because someone asked, but I still think it's a bad idea unless you're > comfortable greping logs on a regular basis) >=20 > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >=20 > Support MailScanner development - buy the book off the website! >=20 > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >=20 > Support MailScanner development - buy the book off the website! >=20 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Sep 26 04:40:54 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:49 2006 Subject: MailScanner discussion on webmin mail list Message-ID: Craig White wrote: > http://sourceforge.net/mailarchive/forum.php? > thread_id=8301109&forum_id=3156 > > Anyone care to comment? > > MailScanner works fine for me (and postfix) IIRC, the only developer of any of the MTAs which has made any public criticism of the approach used by MailScanner is Wietse Venema, author of Postfix. His objections were quite similar to those off the webmin list. Postfix aside, I'm not so sure one can argue that sendmail's queues are undocumented. Particularly when all MS is doing is moving mail from one queue to another, with modifications to the data portion (df*) and not the queue information (qf*). *shrug* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Sep 26 06:45:47 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:49 2006 Subject: MailScanner discussion on webmin mail list Message-ID: On 26 Sep 2005, at 04:19, Craig White wrote: > http://sourceforge.net/mailarchive/forum.php? > thread_id=8301109&forum_id=3156 > > Anyone care to comment? > > MailScanner works fine for me (and postfix) > > Craig This one has been round the block a few times. Basically the authors of Exim are happy although they don't document specifically MailScanner's co-existence (Although I believe they use MailScanner themselves in some form). Sendmail's queue structure is not exactly scientific and is well documented due to it's age. As pointed out by Matt, Postfix is the only MTA that has a public 'black mark' and that is covered in the wiki here http://wiki.mailscanner.info/doku.php? id=documentation:configuration:mta:postfix:politics I would suggest the guy bad mouthing MailScanner is almost certainly a Postfix use as he is using all the hot air expressions that Weitse has used over the years (And there has been some!). The wiki piece was written for just such occasions and yes I guess *if* the Postfix queue structure was changed then I am sure Julian would have to adjust MailScanner to accommodate (As he has done once already) but it's unlikely to change in a big way as Postfix is pretty mature and from what I have seen software developers rarely re- invent the wheel once they have published their design and vision of how a wheel should work (Which is another way of saying that the Postfix/ MailScanner 'battle' is unlikely to ever change...) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Mon Sep 26 09:15:36 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:49 2006 Subject: MailScanner discussion on webmin mail list Message-ID: On 26/09/05, Drew Marshall wrote: > On 26 Sep 2005, at 04:19, Craig White wrote: > > > http://sourceforge.net/mailarchive/forum.php? > > thread_id=3D8301109&forum_id=3D3156 > > > > Anyone care to comment? > > > > MailScanner works fine for me (and postfix) > > > > Craig > > This one has been round the block a few times. Basically the authors > of Exim are happy although they don't document specifically > MailScanner's co-existence (Although I believe they use MailScanner > themselves in some form). Sendmail's queue structure is not exactly > scientific and is well documented due to it's age. As pointed out by > Matt, Postfix is the only MTA that has a public 'black mark' and that > is covered in the wiki here http://wiki.mailscanner.info/doku.php? > id=3Ddocumentation:configuration:mta:postfix:politics I would suggest > the guy bad mouthing MailScanner is almost certainly a Postfix use as > he is using all the hot air expressions that Weitse has used over the > years (And there has been some!). > > The wiki piece was written for just such occasions and yes I guess > *if* the Postfix queue structure was changed then I am sure Julian > would have to adjust MailScanner to accommodate (As he has done once > already) but it's unlikely to change in a big way as Postfix is > pretty mature and from what I have seen software developers rarely re- > invent the wheel once they have published their design and vision of > how a wheel should work (Which is another way of saying that the > Postfix/ MailScanner 'battle' is unlikely to ever change...) > > Drew > Couldn't agree more. Craig, I don't think it'll be particularly productive to try win over Mr Pittman ... Give the OP the wiki link and a friendly tip that s/he should perhaps go here and ask away... (Pretty much as you've already done:-) And stress that this is an issue with more than one answer, since it in large part is _opinion_, not technology. I suspect we're quite a few who go for Postfix&MailScanner;) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 26 09:25:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:49 2006 Subject: MailScanner discussion on webmin mail list Message-ID: This old chestnut. Wietse (Postfix author) doesn't like me, never has, never will. What they say about sendmail not documenting their internal queue format is simply untrue, see pages 379-392 of the O'Reilly sendmail book, 2nd edition. All documented in excruciating detail. All the Exim support code in MailScanner has been double-checked, line by line, by the guys who wrote Exim in the first place, and they are quite happy with it and use it themselves for all 19,000 users at Cambridge University, UK. It's only Wietse who has a problem with it. As other people will confirm, the Postfix support works fine. But no- one is forcing you to use either Postfix or MailScanner. If you want to use an entirely documented and supported setup, just switch MTA on your MailScanner server. With most gateway systems, this is actually fairly easy to do. Or else throw away the advantages of using MailScanner and switch to amavis (which has forked into 4 separate development branches, as no-one can agree on how to make it work). But I would say that, wouldn't I. :-) On 26 Sep 2005, at 04:19, Craig White wrote: > http://sourceforge.net/mailarchive/forum.php? > thread_id=8301109&forum_id=3156 > > Anyone care to comment? > > MailScanner works fine for me (and postfix) > > Craig > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Sep 26 10:04:25 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:49 2006 Subject: MailScanner discussion on webmin mail list Message-ID: On Mon, September 26, 2005 09:25, Julian Field wrote: > Or else throw away the advantages of using > MailScanner and switch to amavis (which has forked into 4 separate > development branches, as no-one can agree on how to make it work). And of cause the drop in functionality and the load potential caused by message spikes when running concurrent per message scanning and ... ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roalda at GMAIL.COM Mon Sep 26 10:12:22 2005 From: roalda at GMAIL.COM (Roald) Date: Thu Jan 12 21:30:49 2006 Subject: "Blocked" webadresses and mailadresses Message-ID: ------=_Part_1323_13923336.1127725942799 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi! Which rule rewrites mail addresses and web addresses i signatures in mail? My boss gets his mail address rewritten as follows: "blocked::blocked:: mailto:boss@company.no ". This also happens with the link to our homepage: "blocked::blocked:: http://www.company.no/" I guess it is some rule that I need to disable but can't find out which.. Thanks! -- Mvh Roald Amundsen ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------=_Part_1323_13923336.1127725942799 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi!

Which rule rewrites mail addresses and web addresses i signatures in mail?

My boss gets his mail address rewritten as follows: "blocked::blocked::mailto:boss@comp= any.no". This also happens with the link to our homepage: "bl= ocked::blocked:: http://www.company.no/"

I guess it is some rule that I need to disable but can't find out which..

Thanks!

--
Mvh Roald Amundsen
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
------=_Part_1323_13923336.1127725942799-- From MailScanner at ecs.soton.ac.uk Mon Sep 26 11:14:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:49 2006 Subject: "Blocked" webadresses and mailadresses Message-ID: Something else is adding "blocked::". MailScanner doesn't ever add that to anything. On 26 Sep 2005, at 10:12, Roald wrote: > Which rule rewrites mail addresses and web addresses i signatures > in mail? > > My boss gets his mail address rewritten as follows: > "blocked::blocked:: > mailto:boss@company.no ". This also happens with > the link > to our homepage: "blocked::blocked:: > http://www.company.no/" > > I guess it is some rule that I need to disable but can't find out > which.. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Mon Sep 26 12:28:03 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:30:49 2006 Subject: Sign Clean Messages in MailScanner 4.45 Message-ID: Since I have installed MailScanner last version 4.45 most delivered clean messages are signed with "This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean." but I checked Sign Clean Messages = no in Mailscanner.conf How can I disable this feature at all? Thank you very much Jose ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 26 14:09:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:49 2006 Subject: Sign Clean Messages in MailScanner 4.45 Message-ID: Did you "reload" or "restart" MailScanner after making the change? The feature works just fine, as far as I am aware. I would, of course, be happier if you left it enabled, it gets=20=20 MailScanner more publicity :-) But you should certainly be able to disable it! On 26 Sep 2005, at 12:28, Jos=E9 Angel Blanco Gonz=E1lez wrote: > Since I have installed MailScanner last version 4.45 most delivered=20=20 > clean > messages are signed with > "This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean." > > but I checked > Sign Clean Messages =3D no > in Mailscanner.conf > > How can I disable this feature at all? > > Thank you very much --=20 Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 --=20 This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From augustin.siaens at AQUADEV.ORG Mon Sep 26 14:38:19 2005 From: augustin.siaens at AQUADEV.ORG (Augustin Siaens) Date: Thu Jan 12 21:30:49 2006 Subject: spamassassin not functioning Message-ID: --q4+)3s+U-4,np/9glsU(nZ1tw?mX'HMml+?60Czv+ZDkCHGcBQjm99Eyf1JaGjdpJ7?gH6 Content-Transfer-Encoding: 7bit Content-Type: text/plain Hello, I'm running MailScanner 4.45 on a Fedora 1. I've recently upgraded MailScanner from the 4.3xx version, SpamAssassin to version 3.0.1 and SpamAssassin-tools to 3.0.1 as wel as perl-Mail-SpamAssassin to 3.0.1 too Now MailScanner is working fine but SpamAssassin doesn't seem to scan anything. I've sent myself a spam and it went through. I didn't see anything scanning at all in the logs. I've ran in debug mode and got the attached information. Could someone please check quickly to spot the cause of the problem? thanks (a lot) in advance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --q4+)3s+U-4,np/9glsU(nZ1tw?mX'HMml+?60Czv+ZDkCHGcBQjm99Eyf1JaGjdpJ7?gH6 Content-Transfer-Encoding: 7bit Content-Type: TEXT/PLAIN; name="mailscan.txt" debug: SpamAssassin version 3.0.1 debug: Score set 0 chosen. debug: running in taint mode? no SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock debug: ignore: test message to precompile patterns and load modules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/local.cf debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa74a064) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa74a094) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa74a064) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) inhibited further callbacks debug: bayes: 31866 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 31866 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 2 bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 160. debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: 31866 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 31866 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 2 bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 160. debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) implements 'parsed_metadata' debug: dns_available set to yes in config file, skipping test debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa74a064)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xa74a094)) debug: SPF: message was delivered entirely via trusted relays, not required debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa74a064)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa74a094)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xa74a094)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa74a094)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa74a094)) debug: running body-text per-line regexp tests; score so far=-2.623 debug: running uri tests; score so far=-2.623 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034)) debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf sep 26 15:16:48.074744 check[31866]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout sep 26 15:16:48.075199 check[31866]: [ 5] computed razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, ident=/root/.razor/identity-ru8GtwKyKw sep 26 15:16:48.075441 check[31866]: [ 8] Client supported_engines: 4 sep 26 15:16:48.075802 check[31866]: [ 8] prep_mail done: mail 1 headers=102, mime0=1376 sep 26 15:16:48.076153 check[31866]: [ 5] read_file: 1 items read from /root/.razor/servers.discovery.lst sep 26 15:16:48.076444 check[31866]: [ 5] read_file: 2 items read from /root/.razor/servers.nomination.lst sep 26 15:16:48.076697 check[31866]: [ 5] read_file: 1 items read from /root/.razor/servers.catalogue.lst sep 26 15:16:48.077056 check[31866]: [ 9] Assigning defaults to joy.cloudmark.com sep 26 15:16:48.077256 check[31866]: [ 9] Assigning defaults to folly.cloudmark.com sep 26 15:16:48.077490 check[31866]: [ 9] Assigning defaults to shock.cloudmark.com sep 26 15:16:48.078206 check[31866]: [ 5] read_file: 17 items read from /root/.razor/server.wonder.cloudmark.com.conf sep 26 15:16:48.078696 check[31866]: [ 5] read_file: 17 items read from /root/.razor/server.wonder.cloudmark.com.conf sep 26 15:16:48.079183 check[31866]: [ 5] read_file: 17 items read from /root/.razor/server.pride.cloudmark.com.conf sep 26 15:16:48.079642 check[31866]: [ 5] read_file: 17 items read from /root/.razor/server.pride.cloudmark.com.conf sep 26 15:16:48.080110 check[31866]: [ 5] read_file: 17 items read from /root/.razor/server.thrill.cloudmark.com.conf sep 26 15:16:48.080558 check[31866]: [ 5] read_file: 17 items read from /root/.razor/server.thrill.cloudmark.com.conf sep 26 15:16:48.080990 check[31866]: [ 5] read_file: 14 items read from /root/.razor/server.folly.cloudmark.com.conf sep 26 15:16:48.081404 check[31866]: [ 5] read_file: 14 items read from /root/.razor/server.folly.cloudmark.com.conf sep 26 15:16:48.081957 check[31866]: [ 5] read_file: 16 items read from /root/.razor/server.stress.cloudmark.com.conf sep 26 15:16:48.082445 check[31866]: [ 5] read_file: 16 items read from /root/.razor/server.stress.cloudmark.com.conf sep 26 15:16:48.082909 check[31866]: [ 5] read_file: 16 items read from /root/.razor/server.robust.cloudmark.com.conf sep 26 15:16:48.083348 check[31866]: [ 5] read_file: 16 items read from /root/.razor/server.robust.cloudmark.com.conf sep 26 15:16:48.083817 check[31866]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf sep 26 15:16:48.084258 check[31866]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf sep 26 15:16:48.084711 check[31866]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf sep 26 15:16:48.085143 check[31866]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf sep 26 15:16:48.085370 check[31866]: [ 5] 150093 seconds before closest server discovery sep 26 15:16:48.085564 check[31866]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5084; computed min_cf=6, Server se: C8 sep 26 15:16:48.085808 check[31866]: [ 8] Computed supported_engines: 4 sep 26 15:16:48.085971 check[31866]: [ 8] Using next closest server shock.cloudmark.com:2703, cached info srl 5084 sep 26 15:16:48.086151 check[31866]: [ 8] mail 1 has no subject sep 26 15:16:48.087148 check[31866]: [ 6] preproc: mail 1.0 went from 1376 bytes to 1339 sep 26 15:16:48.087349 check[31866]: [ 6] computing sigs for mail 1.0, len 1339 sep 26 15:16:48.088325 check[31866]: [ 6] skipping whitelist file (empty?): /root/.razor/razor-whitelist sep 26 15:16:48.088541 check[31866]: [ 5] Connecting to shock.cloudmark.com ... sep 26 15:16:51.464388 check[31866]: [ 8] Connection established sep 26 15:16:51.464530 check[31866]: [ 4] shock.cloudmark.com >> 36 server greeting: sn=C&srl=5084&a=l&a=cg&ep4=7542-10 sep 26 15:16:51.464781 check[31866]: [ 4] shock.cloudmark.com << 25 sep 26 15:16:51.464847 check[31866]: [ 6] cn=razor-agents&cv=2.40 sep 26 15:16:51.465006 check[31866]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5084; computed min_cf=6, Server se: C8 sep 26 15:16:51.465167 check[31866]: [ 8] Computed supported_engines: 4 sep 26 15:16:51.465276 check[31866]: [ 8] mail 1.0 e4 sig: xFaZIZUVHk90OQfARnenjx5BZTMA sep 26 15:16:51.465401 check[31866]: [ 8] preparing 1 queries sep 26 15:16:51.465545 check[31866]: [ 8] sending 1 batches sep 26 15:16:51.465658 check[31866]: [ 4] shock.cloudmark.com << 52 sep 26 15:16:51.465706 check[31866]: [ 6] a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA sep 26 15:16:56.231841 check[31866]: [ 4] shock.cloudmark.com >> 5 sep 26 15:16:56.231931 check[31866]: [ 6] response to sent.2 p=0 sep 26 15:16:56.232214 check[31866]: [ 6] mail 1.0 e=4 sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. sep 26 15:16:56.232300 check[31866]: [ 7] method 4: mail 1.0: no-contention part, spam=0 sep 26 15:16:56.232359 check[31866]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam sep 26 15:16:56.232408 check[31866]: [ 3] mail 1 is not known spam. sep 26 15:16:56.232468 check[31866]: [ 5] disconnecting from server shock.cloudmark.com sep 26 15:16:56.232586 check[31866]: [ 4] shock.cloudmark.com << 5 sep 26 15:16:56.232633 check[31866]: [ 6] a=q debug: Using results from Razor v2.40 debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-2.623 debug: running full-text regexp tests; score so far=-2.623 debug: Razor2 is available debug: Current PATH is: /sbin:/bin:/usr/sbin:/usr/bin debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 31869: ruid=0 euid=0 debug: Pyzor: got response: 66.250.40.33:24441 TimeoutError: debug: leaving helper-app run mode debug: Pyzor: couldn't grok response "66.250.40.33:24441 TimeoutError: " debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is available: /usr/local/bin/dccproc debug: entering helper-app run mode debug: setuid: helper proc 31870: ruid=0 euid=0 debug: DCC: got response: X-DCC-NIET-Metrics: server1 1080; Body=18879 Fuz1=98941 Fuz2=98941 debug: leaving helper-app run mode debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa74a034) implements 'check_post_dnsbl' debug: running meta tests; score so far=-2.623 debug: running header regexp tests; score so far=-1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.053 debug: running header regexp tests; score so far=-1.053 debug: lock: 31866 created /root/.spamassassin/auto-whitelist.lock.server1.31866 debug: lock: 31866 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 31866 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: -1.053, autolearn score: -1.053, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 31866 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: -1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: is spam? score=-1.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hoff.milo at gmail.com Mon Sep 26 15:02:44 2005 From: hoff.milo at gmail.com (Milo Hoffman) Date: Thu Jan 12 21:30:49 2006 Subject: Quarantine folder Empty Message-ID: ------=_Part_4529_13201652.1127743364300 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 9/20/05, Nilesh Shastrakar wrote: > > > I have Installed MailScanner on my test server with Clamav and > Spamassassin. > it working fine but I am having some problems , I have tried to send mail > with Eicar.com attchment > the mail has been marked as Virus e-mail but cant save removed > message/attachement in quaratine folder > The report says > > Warning: This message has had one omore attachments removed > Warning: (eicar.com , eicar_com.zip) > Warning: Please read the :Test-Attachment-Warning.txt" for more > inforamtion > The original e-mail attachment eicar_com.zip belived to be infected by a > virus and > has been replaced by this warning message > > /Var/Spoo/MailScanner/quaratine/20050919 (message j8xxxxxxxx) > > But checking folder was empty it is not saved. > > How can I solve this problem > What are your parameters for the following in MailScanner.conf Quarantine Infections Quarantine Silent Viruses Silent Viruses regards Milo > Regards > Nilesh. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.ukwith the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------=_Part_4529_13201652.1127743364300 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline

On 9/20/05, Nilesh Shastrakar <nilesh.shastrakar@gmail.com> wrote:


I have Installed MailScanner on my test server with Clamav and Spamassassin= .
it working fine but I am having some problems , I have tried to send mail w= ith Eicar.com attchment
the mail has been marked as Virus e-mail but cant save removed message/atta= chement in quaratine folder
The report says

Warning: This message has had one omore attachments removed
Warning: (eicar.com, eicar_com.zip)
Warning: Please read the :Test-Attachment-Warning.txt" for more infora= mtion
The original e-mail attachment eicar_com.zip belived to be infected by a vi= rus and
has been replaced by this warning message 

/Var/Spoo/MailScanner/quaratine/20050919 (message j8xxxxxxxx)

But checking folder was empty it is not saved.

How can I solve this problem


What are your parameters for the following in MailScanner.conf

Quarantine Infections
Quarantine Silent Viruses
Silent Viruses
 
regards

Milo

Regards
Nilesh.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@j= iscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (ht= tp://wiki.mailscanner.info/)
and the archives (= http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
------=_Part_4529_13201652.1127743364300-- From martinh at SOLID-STATE-LOGIC.COM Mon Sep 26 15:17:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:49 2006 Subject: spamassassin not functioning Message-ID: Augustin Have you tried spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -D --lint and see if SA's working? Also 3.0.1 is very old and does have some vulnerabilities... 3.0.4 is the last update bevore 3.1.0 which many people are now running. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Augustin Siaens Sent: 26 September 2005 14:38 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] spamassassin not functioning Hello, I'm running MailScanner 4.45 on a Fedora 1. I've recently upgraded MailScanner from the 4.3xx version, SpamAssassin to version 3.0.1 and SpamAssassin-tools to 3.0.1 as wel as perl-Mail-SpamAssassin to 3.0.1 too Now MailScanner is working fine but SpamAssassin doesn't seem to scan anything. I've sent myself a spam and it went through. I didn't see anything scanning at all in the logs. I've ran in debug mode and got the attached information. Could someone please check quickly to spot the cause of the problem? thanks (a lot) in advance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From augustin.siaens at AQUADEV.ORG Mon Sep 26 17:28:32 2005 From: augustin.siaens at AQUADEV.ORG (augustin siaens) Date: Thu Jan 12 21:30:49 2006 Subject: spamassassin not functioning Message-ID: This is a multi-part message in MIME format. --------------050806040500010300010205 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by kili.jiscmail.ac.uk id j8QER16w028479 Hi Martin OK, i've ran the debug command and here's the result. Could it be a perl location problem? I remember that the first time I=20 had to install spamassassin, I had to copy files from=20 /usr/lib/perl5/perl_site/5.6.1 to 5.8.1. If I upgrade to 3.4, do I also have to upgrade spamassassin-tools and=20 perl-mail-spamassassin accordingly? Martin Hepworth wrote: >Augustin > >Have you tried > >spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -D --lint > >and see if SA's working? > >Also 3.0.1 is very old and does have some vulnerabilities... 3.0.4 is th= e >last update bevore 3.1.0 which many people are now running. > >-- >Martin Hepworth=20 >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Be= half >Of Augustin Siaens >Sent: 26 September 2005 14:38 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: [MAILSCANNER] spamassassin not functioning > >Hello, > >I'm running MailScanner 4.45 on a Fedora 1. I've recently upgraded >MailScanner from the 4.3xx version, SpamAssassin to version 3.0.1 and >SpamAssassin-tools to 3.0.1 as wel as perl-Mail-SpamAssassin to 3.0.1 to= o > >Now MailScanner is working fine but SpamAssassin doesn't seem to scan >anything. I've sent myself a spam and it went through. I didn't see anyt= hing >scanning at all in the logs.=20 > >I've ran in debug mode and got the attached information. Could someone >please check quickly to spot the cause of the problem? > >thanks (a lot) in advance > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean.=09 > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > =20 > --=20 Augustin Siaens AQUADEV Rue des Carm=E9lites 151 Karmelietenstraat 1180 Bruxelles - Brussel Tel: +32 2 347 70 00 Fax: +32 2 347 00 36 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --------------050806040500010300010205 Content-Type: text/plain; name="spamassassin_debug.txt" Content-Disposition: inline; filename="spamassassin_debug.txt" Content-Transfer-Encoding: 7bit debug: SpamAssassin version 3.0.1 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/b in:/usr/X11R6/bin debug: diag: module installed: DBI, version 1.37 debug: diag: module installed: DB_File, version 1.808 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.05 debug: diag: module installed: Net::DNS, version 0.23 debug: diag: module installed: Net::LDAP, version 0.2701 debug: diag: module installed: Razor2::Client::Agent, version 2.40 debug: diag: module installed: Storable, version 2.09 debug: diag: module installed: URI, version 1.35 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/local.cf debug: using "/root/.spamassassin" for user state dir debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9b87d4c) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9b646ec) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9b87d4c) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) inhibited further callbacks warning: description for REMOVE_PAGE is over 50 chars warning: description for FROM_WEBMAIL_END_NUMS6 is over 50 chars warning: description exists for non-existent rule DNS_FROM_RFCI_DSN warning: description for MAILTO_SUBJ_REMOVE is over 50 chars warning: description for SUBJ_ILLEGAL_CHARS is over 50 chars warning: description for EXCUSE_4 is over 50 chars warning: description for RCVD_IN_MAPS_DUL is over 50 chars warning: description for PORN_15 is over 50 chars warning: description for MAILTO_TO_SPAM_ADDR is over 50 chars warning: description exists for non-existent rule RCVD_IN_OPM_WINGATE warning: description for DATE_IN_FUTURE_96_XX is over 50 chars warning: description for DCC_CHECK is over 50 chars warning: description for UNDISC_RECIPS is over 50 chars warning: description for X_MSMAIL_PRIORITY_HIGH is over 50 chars warning: description for DATE_IN_FUTURE_48_96 is over 50 chars warning: description for FORGED_MUA_OIMO is over 50 chars warning: description for FORGED_MUA_EUDORA is over 50 chars warning: description for SOME_BREAKTHROUGH is over 50 chars warning: description for RATWARE_EGROUPS is over 50 chars warning: description for GAPPY_SUBJECT is over 50 chars warning: description for URI_IS_POUND is over 50 chars warning: description for BAYES_60 is over 50 chars warning: description for FORGED_QUALCOMM_TAGS is over 50 chars warning: description for MULTI_FORGED is over 50 chars warning: description for MICRO_CAP_WARNING is over 50 chars warning: description for MAILTO_TO_REMOVE is over 50 chars warning: description for SUBJ_HAS_UNIQ_ID is over 50 chars warning: description for NONEXISTENT_CHARSET is over 50 chars warning: description for LOTS_OF_STUFF is over 50 chars warning: description for DATE_IN_FUTURE_06_12 is over 50 chars warning: description for FREE_PREVIEW is over 50 chars warning: description for RATWARE_OE_MALFORMED is over 50 chars warning: description for EXCUSE_3 is over 50 chars warning: description for BANKRUPTCY is over 50 chars warning: description for RCVD_IN_MAPS_RBL is over 50 chars warning: description for BILL_1618 is over 50 chars warning: description for EXCUSE_12 is over 50 chars warning: description exists for non-existent rule HTML_WITH_BGCOLOR warning: description exists for non-existent rule HTML_IMAGE_ONLY_02 warning: description for HTML_IMAGE_ONLY_04 is over 50 chars warning: description for MILLION_USD is over 50 chars warning: description for BAYES_20 is over 50 chars warning: description for RATWARE_HASH_2_V2 is over 50 chars warning: description for ROUND_THE_WORLD is over 50 chars warning: description for FULL_REFUND is over 50 chars warning: description for MIME_HEADER_CTYPE_ONLY is over 50 chars warning: description for BAYES_40 is over 50 chars warning: description for SUBJ_YOUR_DEBT is over 50 chars warning: description for REMOVE_POSTAL is over 50 chars warning: description for DATE_IN_PAST_12_24 is over 50 chars warning: description for START_NOW_CAPS is over 50 chars warning: description for FROM_NO_USER is over 50 chars warning: description for MIME_BOUND_RKFINDY is over 50 chars warning: description for BODY_ENHANCEMENT2 is over 50 chars warning: description for CANNOT_BE_SPAM is over 50 chars warning: description for DATE_IN_FUTURE_12_24 is over 50 chars warning: description for BEST_PORN is over 50 chars warning: description for EXCUSE_6 is over 50 chars warning: description for FORGED_JUNO_RCVD is over 50 chars warning: description for PLING_QUERY is over 50 chars warning: description for PRIORITY_NO_NAME is over 50 chars warning: description for RCVD_FAKE_HELO_DOTCOM is over 50 chars warning: description exists for non-existent rule RCVD_IN_OPM_ROUTER warning: description for BAYES_00 is over 50 chars warning: description for BODY_ENHANCEMENT is over 50 chars warning: description for TO_NO_USER is over 50 chars warning: description for UNCLAIMED_MONEY is over 50 chars warning: description for EXCUSE_19 is over 50 chars warning: description for HTML_WEB_BUGS is over 50 chars warning: description for FROM_NUM_AT_WEBMAIL is over 50 chars warning: description for FROM_AND_TO_SAME is over 50 chars warning: description for MISSING_MIMEOLE is over 50 chars warning: description for FORGED_MUA_IMS is over 50 chars warning: description for DATE_IN_PAST_24_48 is over 50 chars warning: description for BARGAIN_URL is over 50 chars warning: description for RAZOR2_CF_RANGE_51_100 is over 50 chars warning: description for EXCUSE_REMOVE is over 50 chars warning: description for BAYES_99 is over 50 chars warning: description for RCVD_IN_DSBL is over 50 chars warning: description for RATWARE_HASH_2 is over 50 chars warning: description for RCVD_IN_BSP_TRUSTED is over 50 chars warning: description for RAZOR2_CHECK is over 50 chars warning: description for ADDR_NUMS_AT_BIGSITE is over 50 chars warning: description for HEAD_ILLEGAL_CHARS is over 50 chars warning: description for RICH is over 50 chars warning: description for BAYES_05 is over 50 chars warning: description for GUARANTEED_100_PERCENT is over 50 chars warning: description for CELL_PHONE_IMPROVE is over 50 chars warning: description for FORGED_TELESP_RCVD is over 50 chars warning: description exists for non-existent rule RCVD_IN_OPM_SOCKS warning: description for NO_DNS_FOR_FROM is over 50 chars warning: description for NO_REAL_NAME is over 50 chars warning: description for DATE_IN_PAST_03_06 is over 50 chars warning: description for UNWANTED_LANGUAGE_BODY is over 50 chars warning: description for SUBJ_AS_SEEN is over 50 chars warning: description for FORGED_AOL_RCVD is over 50 chars warning: description for WHY_WAIT is over 50 chars warning: description for INVALID_DATE_TZ_ABSURD is over 50 chars warning: description for USERPASS is over 50 chars warning: description for TO_ADDRESS_EQ_REAL is over 50 chars warning: description for MIME_BOUND_NEXTPART is over 50 chars warning: description for HABEAS_INFRINGER is over 50 chars warning: description for TO_EMPTY is over 50 chars warning: description for MIME_BASE64_BLANKS is over 50 chars warning: description for FROM_NO_LOWER is over 50 chars warning: description for YOU_WON is over 50 chars warning: description for OBSCURED_EMAIL is over 50 chars warning: description for HTML_FONT_FACE_CAPS is over 50 chars warning: description for HTML_IMAGE_ONLY_12 is over 50 chars warning: description for FROM_HAS_ULINE_NUMS is over 50 chars warning: description for WE_HONOR_ALL is over 50 chars warning: description for HTML_IMAGE_ONLY_08 is over 50 chars warning: description for FORGED_MUA_OUTLOOK is over 50 chars warning: description for RESISTANCE_IS_FUTILE is over 50 chars warning: description for DATE_IN_PAST_48_96 is over 50 chars warning: description for HTML_IMAGE_ONLY_10 is over 50 chars warning: description exists for non-existent rule HTML_IMAGE_ONLY_10 warning: description for MIME_BOUND_DIGITS_7 is over 50 chars warning: description for BAYES_50 is over 50 chars warning: description for FREE_SAMPLE is over 50 chars warning: description exists for non-existent rule RCVD_IN_OPM_HTTP warning: description for WITH_LC_SMTP is over 50 chars warning: description for PREST_NON_ACCREDITED is over 50 chars warning: description for EXCUSE_7 is over 50 chars warning: description for BEEN_TURNED_DOWN is over 50 chars warning: description for MIME_HTML_ONLY is over 50 chars warning: description for DATE_IN_FUTURE_24_48 is over 50 chars warning: description for SORTED_RECIPS is over 50 chars warning: description exists for non-existent rule RCVD_IN_OPM_HTTP_POST warning: description for PORN_16 is over 50 chars warning: description for FREE_ACCESS is over 50 chars warning: description for RCVD_IN_BSP_OTHER is over 50 chars warning: description for DATE_IN_PAST_96_XX is over 50 chars warning: description for FORGED_EUDORAMAIL_RCVD is over 50 chars warning: description for FAKED_UNDISC_RECIPS is over 50 chars warning: description for DATE_IN_PAST_06_12 is over 50 chars warning: description for BAYES_80 is over 50 chars warning: description for MIME_BOUND_MANY_HEX is over 50 chars warning: description for ROUND_THE_WORLD_LOCAL is over 50 chars warning: description for OBFUSCATING_COMMENT is over 50 chars warning: description for SEDUCTION is over 50 chars warning: description for MARKETING_PARTNERS is over 50 chars warning: description for DATE_IN_FUTURE_03_06 is over 50 chars warning: description for AOL_USERS_LINK is over 50 chars warning: description for NO_PURCHASE is over 50 chars warning: description for HTML_FONT_INVISIBLE is over 50 chars warning: description for RCVD_IN_MAPS_NML is over 50 chars warning: description for SUSPICIOUS_RECIPS is over 50 chars warning: description for US_DOLLARS_3 is over 50 chars warning: description for BE_BOSS is over 50 chars warning: description for NO_OBLIGATION is over 50 chars warning: description for HTML_IMAGE_ONLY_06 is over 50 chars warning: description exists for non-existent rule HTML_IMAGE_ONLY_06 warning: description for EXCUSE_10 is over 50 chars warning: description for FREE_QUOTE_INSTANT is over 50 chars warning: description for FROM_ALL_NUMS is over 50 chars warning: description for SUBJ_BUY is over 50 chars warning: description for SELECTED_YOU is over 50 chars warning: description for BAYES_95 is over 50 chars warning: description for NIGERIAN_SUBJECT2 is over 50 chars warning: description for FORGED_MUA_MOZILLA is over 50 chars warning: description for RATWARE_JPFREE is over 50 chars warning: description for EXCUSE_23 is over 50 chars warning: description for HIDE_WIN_STATUS is over 50 chars warning: description for EXCUSE_24 is over 50 chars warning: description for RCVD_IN_MAPS_RSS is over 50 chars warning: description for HTML_EVENT_UNSAFE is over 50 chars warning: description for MONEY_BACK is over 50 chars warning: description for MIME_SUSPECT_NAME is over 50 chars warning: description for COPY_ACCURATELY is over 50 chars warning: score set for non-existent rule X_OSIRU_DUL_FH warning: score set for non-existent rule RCVD_IN_OSIRUSOFT_COM warning: score set for non-existent rule X_OSIRU_SPAM_SRC warning: score set for non-existent rule X_OSIRU_OPEN_RELAY warning: score set for non-existent rule X_OSIRU_SPAMWARE_SITE warning: score set for non-existent rule X_OSIRU_DUL debug: using "/root/.spamassassin" for user state dir debug: bayes: 32691 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 32691 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 2 bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStor e/DBM.pm line 160. debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: 32691 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 32691 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 2 bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStor e/DBM.pm line 160. debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) implements 'parsed_metadata' debug: dns_available set to yes in config file, skipping test debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9b87d4c)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9b646ec)) debug: SPF: message was delivered entirely via trusted relays, not required debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9b87d4c)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9b646ec)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x9b646ec)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9b646ec)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x9b646ec)) debug: running body-text per-line regexp tests; score so far=-2.623 debug: running uri tests; score so far=-2.623 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8)) debug: Razor2 is available debug: entering helper-app run mode Razor-Log: Computed razorhome from env: /root/.razor Razor-Log: Found razorhome: /root/.razor Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf sep 26 16:13:53.421860 check[32691]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout sep 26 16:13:53.422405 check[32691]: [ 5] computed razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf, ident=/roo t/.razor/identity-ru8GtwKyKw sep 26 16:13:53.422660 check[32691]: [ 8] Client supported_engines: 4 sep 26 16:13:53.423096 check[32691]: [ 8] prep_mail done: mail 1 headers=93, mime0=1376 sep 26 16:13:53.423596 check[32691]: [ 5] read_file: 1 items read from /root/.razor/servers.discovery.lst sep 26 16:13:53.423993 check[32691]: [ 5] read_file: 2 items read from /root/.razor/servers.nomination.lst sep 26 16:13:53.424335 check[32691]: [ 5] read_file: 1 items read from /root/.razor/servers.catalogue.lst sep 26 16:13:53.424667 check[32691]: [ 9] Assigning defaults to joy.cloudmark.com sep 26 16:13:53.424899 check[32691]: [ 9] Assigning defaults to folly.cloudmark.com sep 26 16:13:53.425065 check[32691]: [ 9] Assigning defaults to shock.cloudmark.com sep 26 16:13:53.425933 check[32691]: [ 5] read_file: 17 items read from /root/.razor/server.wonder.cloudmark.com.conf sep 26 16:13:53.426553 check[32691]: [ 5] read_file: 17 items read from /root/.razor/server.wonder.cloudmark.com.conf sep 26 16:13:53.427128 check[32691]: [ 5] read_file: 17 items read from /root/.razor/server.pride.cloudmark.com.conf sep 26 16:13:53.427739 check[32691]: [ 5] read_file: 17 items read from /root/.razor/server.pride.cloudmark.com.conf sep 26 16:13:53.428363 check[32691]: [ 5] read_file: 17 items read from /root/.razor/server.thrill.cloudmark.com.conf sep 26 16:13:53.428928 check[32691]: [ 5] read_file: 17 items read from /root/.razor/server.thrill.cloudmark.com.conf sep 26 16:13:53.429455 check[32691]: [ 5] read_file: 14 items read from /root/.razor/server.folly.cloudmark.com.conf sep 26 16:13:53.429974 check[32691]: [ 5] read_file: 14 items read from /root/.razor/server.folly.cloudmark.com.conf sep 26 16:13:53.430596 check[32691]: [ 5] read_file: 16 items read from /root/.razor/server.stress.cloudmark.com.conf sep 26 16:13:53.431167 check[32691]: [ 5] read_file: 16 items read from /root/.razor/server.stress.cloudmark.com.conf sep 26 16:13:53.432149 check[32691]: [ 5] read_file: 16 items read from /root/.razor/server.robust.cloudmark.com.conf sep 26 16:13:53.432872 check[32691]: [ 5] read_file: 16 items read from /root/.razor/server.robust.cloudmark.com.conf sep 26 16:13:53.433510 check[32691]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf sep 26 16:13:53.434043 check[32691]: [ 5] read_file: 16 items read from /root/.razor/server.tension.cloudmark.com.conf sep 26 16:13:53.434594 check[32691]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf sep 26 16:13:53.435141 check[32691]: [ 5] read_file: 16 items read from /root/.razor/server.shock.cloudmark.com.conf sep 26 16:13:53.435428 check[32691]: [ 5] 141573 seconds before closest server discovery sep 26 16:13:53.435641 check[32691]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5084; computed min_cf=6, Server s e: C8 sep 26 16:13:53.435901 check[32691]: [ 8] Computed supported_engines: 4 sep 26 16:13:53.436066 check[32691]: [ 8] Using next closest server shock.cloudmark.com:2703, cached info srl 5084 sep 26 16:13:53.436290 check[32691]: [ 8] mail 1 has no subject sep 26 16:13:53.437381 check[32691]: [ 6] preproc: mail 1.0 went from 1376 bytes to 1339 sep 26 16:13:53.437617 check[32691]: [ 6] computing sigs for mail 1.0, len 1339 sep 26 16:13:53.438682 check[32691]: [ 6] skipping whitelist file (empty?): /root/.razor/razor-whitelist sep 26 16:13:53.438932 check[32691]: [ 5] Connecting to shock.cloudmark.com ... sep 26 16:13:53.972273 check[32691]: [ 8] Connection established sep 26 16:13:53.972447 check[32691]: [ 4] shock.cloudmark.com >> 36 server greeting: sn=C&srl=5084&a=l&a=cg&ep4=7542-10 sep 26 16:13:53.972784 check[32691]: [ 4] shock.cloudmark.com << 25 sep 26 16:13:53.972849 check[32691]: [ 6] cn=razor-agents&cv=2.40 sep 26 16:13:53.973165 check[32691]: [ 6] shock.cloudmark.com is a Catalogue Server srl 5084; computed min_cf=6, Server s e: C8 sep 26 16:13:53.973351 check[32691]: [ 8] Computed supported_engines: 4 sep 26 16:13:53.973474 check[32691]: [ 8] mail 1.0 e4 sig: xFaZIZUVHk90OQfARnenjx5BZTMA sep 26 16:13:53.973631 check[32691]: [ 8] preparing 1 queries sep 26 16:13:53.973785 check[32691]: [ 8] sending 1 batches sep 26 16:13:53.973909 check[32691]: [ 4] shock.cloudmark.com << 52 sep 26 16:13:53.973961 check[32691]: [ 6] a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA sep 26 16:14:00.516528 check[32691]: [ 4] shock.cloudmark.com >> 5 sep 26 16:14:00.516626 check[32691]: [ 6] response to sent.2 p=0 sep 26 16:14:00.516956 check[32691]: [ 6] mail 1.0 e=4 sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found. sep 26 16:14:00.517046 check[32691]: [ 7] method 4: mail 1.0: no-contention part, spam=0 sep 26 16:14:00.517098 check[32691]: [ 7] method 4: mail 1: all non-contention parts not spam, mail not spam sep 26 16:14:00.517149 check[32691]: [ 3] mail 1 is not known spam. sep 26 16:14:00.517214 check[32691]: [ 5] disconnecting from server shock.cloudmark.com sep 26 16:14:00.517336 check[32691]: [ 4] shock.cloudmark.com << 5 sep 26 16:14:00.517388 check[32691]: [ 6] a=q debug: Using results from Razor v2.40 debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0 debug: leaving helper-app run mode debug: Razor2 results: spam? 0 highest cf score: 0 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-2.623 debug: running full-text regexp tests; score so far=-2.623 debug: Razor2 is available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin :/usr/X11R6/bin debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: setuid: helper proc 32693: ruid=0 euid=0 debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 debug: leaving helper-app run mode debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is available: /usr/local/bin/dccproc debug: entering helper-app run mode debug: setuid: helper proc 32694: ruid=0 euid=0 debug: leaving helper-app run mode debug: DCC -> check timed out after 10 secs. debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8f3f7a8) implements 'check_post_dnsbl' debug: running meta tests; score so far=-2.623 debug: running header regexp tests; score so far=-1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.053 debug: running header regexp tests; score so far=-1.053 debug: using "/root/.spamassassin" for user state dir debug: lock: 32691 created /root/.spamassassin/auto-whitelist.lock.server1.32691 debug: lock: 32691 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 32691 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: -1.053, autolearn score: -1.053, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 32691 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: -1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: is spam? score=-1.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID lint: 176 issues detected. please rerun with debug enabled for more information. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --------------050806040500010300010205-- From Denis.Beauchemin at USHERBROOKE.CA Mon Sep 26 15:42:54 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:49 2006 Subject: Does not detect some spam Message-ID: This is a cryptographically signed message in MIME format. --------------ms010308040702030207050309 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Joakim Cefalk wrote: > Hi! > > When i get spam like this, that will not be stopped. any suggestions=20 > what to do? Joakim, My MS+SA setup scored your email this way: X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste bla= nche), SpamAssassin (score=3D21.053, requis 5, BAYES_40 -1.10, SARE_HTML_A_HIDE 0.62, SARE_RECV_SKANOVA 0.73, SARE_SPEC_LEO_LINE03 1.04, SARE_SPEC_LEO_LINE04 0.84, SARE_SPEC_LEO_LINE04d 0.65, SARE_SPEC_LEO_LINE06 0.74, UPPERCASE_25_50 0.03, URIBL_AB_SURBL 3.00, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 4.00, URIBL_SBL 3.50, URIBL_WS_SURBL 3.00) "liste blanche" means whitelisted. But the score was 21! As you can=20 see, URIBL is really good at detecting those emails. Denis --=20 _ =B0v=B0 Denis Beauchemin, analyste /(_)\ Universit=E9 de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --------------ms010308040702030207050309 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJITCC AuswggJUoAMCAQICAw92jDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwOTEyMTMyMTA4WhcNMDYwOTEyMTMyMTA4 WjBRMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMS4wLAYJKoZIhvcNAQkBFh9E ZW5pcy5CZWF1Y2hlbWluQFVTaGVyYnJvb2tlLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAsf/Jnu0L1ZHdkseNuWNn9MYN3PkbwQWzuJd6vxLlVt3xm5N+e1SN/ri5Vj6g 1cf/JvqJ8kghfOM9+0Ev4FtJTxt5U7ZL9FT9JonMfTVn7JlXYrbdOZV2L667L6HuXyNbn9v4 gVYCDkbuRYR72BGiGyaJJj6HA5gZ4ICLGvmzWtCOcmcEOeXwqBzduFwLujp+WcpnXUTFBWTd EF6bB3x9UgNWyrRgKC9c4KVURRrxGIPLFJBKCv+ZH123OpogIkzV/eKVycz1Hpxx0/duA8Um j/BGkAnC3YrWjRmZq5fMBTWJj81dp5I3JHcss1bvx0XOdThT4AqUZXE4ygvI221CCwIDAQAB ozwwOjAqBgNVHREEIzAhgR9EZW5pcy5CZWF1Y2hlbWluQFVTaGVyYnJvb2tlLmNhMAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEApoWEVlSstsu67uruXRbI5PTrXmHO/lqqy1rq aqkiTPGlVVuB4HlU32KLo97oSQf8M+zpBhfiJGSR6gtIClYjvChAHX8KFlFaQgWNAkFJCMPn QdWQ+itWISco9Z04N0vMhRLyECpY9jcHFIr6DMLeGcynVj3LQQRLUesKrsLrKwUwggLrMIIC VKADAgECAgMPdowwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1MDkxMjEzMjEwOFoXDTA2MDkxMjEzMjEwOFowUTEf MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEuMCwGCSqGSIb3DQEJARYfRGVuaXMu QmVhdWNoZW1pbkBVU2hlcmJyb29rZS5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALH/yZ7tC9WR3ZLHjbljZ/TGDdz5G8EFs7iXer8S5Vbd8ZuTfntUjf64uVY+oNXH/yb6 ifJIIXzjPftBL+BbSU8beVO2S/RU/SaJzH01Z+yZV2K23TmVdi+uuy+h7l8jW5/b+IFWAg5G 7kWEe9gRohsmiSY+hwOYGeCAixr5s1rQjnJnBDnl8Kgc3bhcC7o6flnKZ11ExQVk3RBemwd8 fVIDVsq0YCgvXOClVEUa8RiDyxSQSgr/mR9dtzqaICJM1f3ilcnM9R6ccdP3bgPFJo/wRpAJ wt2K1o0ZmauXzAU1iY/NXaeSNyR3LLNW78dFznU4U+AKlGVxOMoLyNttQgsCAwEAAaM8MDow KgYDVR0RBCMwIYEfRGVuaXMuQmVhdWNoZW1pbkBVU2hlcmJyb29rZS5jYTAMBgNVHRMBAf8E AjAAMA0GCSqGSIb3DQEBBAUAA4GBAKaFhFZUrLbLuu7q7l0WyOT0615hzv5aqsta6mqpIkzx pVVbgeB5VN9ii6Pe6EkH/DPs6QYX4iRkkeoLSApWI7woQB1/ChZRWkIFjQJBSQjD50HVkPor ViEnKPWdODdLzIUS8hAqWPY3BxSK+gzC3hnMp1Y9y0EES1HrCq7C6ysFMIIDPzCCAqigAwIB AgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEo MCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVl bWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkG A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNV BAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9R zgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4H v0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB /wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1Ro YXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAc MRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oL LswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsA xRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwh GTXeJLHTHUb/XV9lTzGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMPdowwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUwOTI2MTQ0MjU0WjAjBgkqhkiG9w0BCQQx FgQULK8x3fp82dOXU5rQoQFSac1ybq8wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAO BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw eAYJKwYBBAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1 bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0ECAw92jDB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNV BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMPdowwDQYJKoZIhvcNAQEBBQAEggEAd3MmYJju J9jLFL0LEU2J/zwCNlF8JIRAqyz6cgy/bG8weBxpwIWWXlwXwUrUETW/foRi8RUf+/RsVtkM UuJjU7XlXOTWcdfBGli424ue2oRt0f2KFRSrkbKZdS1aRoo+TKniWE4t12atB/xC1T+eTpTT D86aRviG008b+Ksj8n0u4E2ZCHPPLVz4SpvGAnIy5uGL7Al4v2KTHiiLhxnP8RywZVigQv50 4q4goHYGU7m473dGJq5A19phK9RBVHo1bnzMOp0KzIELcajzXATgTH9CHw3MUNwAtcH8ZQUA oxysgRvvKn14WF1X7nacVqpIBZLLJ9eaz0I03dP3TUZuagAAAAAAAA== --------------ms010308040702030207050309-- From Q.G.Campbell at NEWCASTLE.AC.UK Mon Sep 26 15:51:57 2005 From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell) Date: Thu Jan 12 21:30:49 2006 Subject: Problem with install-Clam-SA's ./install.sh script Message-ID: Julian Am running MS 4.45.4-1 with SA 3.0.4 and ClamAV 0.87 on a RHAS4 system. Want to upgrade to SA 3.1.0 so unpacked the "install-Clam-SA" tar ball. When did "install.sh" got: ... Finished Build Compile Stage^M ^M Manifying blib/man3/Mail::ClamAV.3pm^M PERL_DL_NONLAZY=3D1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t^M t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9)^M # Tried to use 'Mail::ClamAV'.^M # Error: Had problems bootstrapping Inline module 'Mail::ClamAV'^M # ^M # Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230.^M # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500^M # ^M # ^M # at /tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188^M # BEGIN failed--compilation aborted at /tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532.^M # Compilation failed in require at (eval 1) line 2.^M ^M ^Mt/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11^M Can't continue after import errors at t/Mail-ClamAV.t line 11^M # Looks like you planned 10 tests but only ran 1.^M ^M ^Mt/Mail-ClamAV....dubious^M Test returned status 10 (wstat 2560, 0xa00)^M DIED. FAILED tests 1-10^M Failed 10/10 tests, 0.00% okay^M Failed Test Stat Wstat Total Fail Failed List of Failed^M ------------------------------------------------------------------------ ------- ... Ignored this as not using 'clamavmodule'.=20 However when doing 'spamassassin -D' get indication that all is not well with 3.1.0: ... [10935] warn: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 870. [10935] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 944. X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on cheviot70.ncl.ac.uk ... Have looked through the MailScanner list for clues and googled the problem but am none the wiser. Have I missed something in the recent flurry of MailScanner list traffic? Quentin=20 --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ Any opinion expressed above is mine. The University can get its own.=20 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joakim at CEFALK.COM Mon Sep 26 16:30:36 2005 From: joakim at CEFALK.COM (Joakim Cefalk) Date: Thu Jan 12 21:30:49 2006 Subject: Does not detect some spam Message-ID: Thanks but how do I activating URIBL? Joakim Denis Beauchemin wrote: > Joakim Cefalk wrote: > >> Hi! >> >> When i get spam like this, that will not be stopped. any suggestions >> what to do? > > > Joakim, > > My MS+SA setup scored your email this way: > > X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste > blanche), > SpamAssassin (score=21.053, requis 5, BAYES_40 -1.10, > SARE_HTML_A_HIDE 0.62, SARE_RECV_SKANOVA 0.73, > SARE_SPEC_LEO_LINE03 1.04, SARE_SPEC_LEO_LINE04 0.84, > SARE_SPEC_LEO_LINE04d 0.65, SARE_SPEC_LEO_LINE06 0.74, > UPPERCASE_25_50 0.03, URIBL_AB_SURBL 3.00, URIBL_JP_SURBL 4.00, > URIBL_OB_SURBL 4.00, URIBL_SBL 3.50, URIBL_WS_SURBL 3.00) > > "liste blanche" means whitelisted. But the score was 21! As you can > see, URIBL is really good at detecting those emails. > > Denis > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon Sep 26 16:54:18 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:49 2006 Subject: Does not detect some spam Message-ID: This is a cryptographically signed message in MIME format. --------------ms060303010400020701080709 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Joakim Cefalk wrote: > Thanks but how do I activating URIBL? > > Joakim > > Denis Beauchemin wrote: > >> Joakim Cefalk wrote: >> >>> Hi! >>> >>> When i get spam like this, that will not be stopped. any suggestions = >>> what to do? >> >> >> >> Joakim, >> >> My MS+SA setup scored your email this way: >> >> X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste = >> blanche), >> SpamAssassin (score=3D21.053, requis 5, BAYES_40 -1.10, >> SARE_HTML_A_HIDE 0.62, SARE_RECV_SKANOVA 0.73, >> SARE_SPEC_LEO_LINE03 1.04, SARE_SPEC_LEO_LINE04 0.84, >> SARE_SPEC_LEO_LINE04d 0.65, SARE_SPEC_LEO_LINE06 0.74, >> UPPERCASE_25_50 0.03, URIBL_AB_SURBL 3.00, URIBL_JP_SURBL 4.00, >> URIBL_OB_SURBL 4.00, URIBL_SBL 3.50, URIBL_WS_SURBL 3.00) >> >> "liste blanche" means whitelisted. But the score was 21! As you can=20 >> see, URIBL is really good at detecting those emails. >> >> Denis >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > A quick search in the wiki (link at the bottom of every mail from the=20 list) revealed:=20 http://wiki.mailscanner.info/doku.php?id=3Ddocumentation:anti_spam:spamas= sassin:rules:recommended&s=3Duribl Denis --=20 _ =B0v=B0 Denis Beauchemin, analyste /(_)\ Universit=E9 de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --------------ms060303010400020701080709 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJITCC AuswggJUoAMCAQICAw92jDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwOTEyMTMyMTA4WhcNMDYwOTEyMTMyMTA4 WjBRMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMS4wLAYJKoZIhvcNAQkBFh9E ZW5pcy5CZWF1Y2hlbWluQFVTaGVyYnJvb2tlLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAsf/Jnu0L1ZHdkseNuWNn9MYN3PkbwQWzuJd6vxLlVt3xm5N+e1SN/ri5Vj6g 1cf/JvqJ8kghfOM9+0Ev4FtJTxt5U7ZL9FT9JonMfTVn7JlXYrbdOZV2L667L6HuXyNbn9v4 gVYCDkbuRYR72BGiGyaJJj6HA5gZ4ICLGvmzWtCOcmcEOeXwqBzduFwLujp+WcpnXUTFBWTd EF6bB3x9UgNWyrRgKC9c4KVURRrxGIPLFJBKCv+ZH123OpogIkzV/eKVycz1Hpxx0/duA8Um j/BGkAnC3YrWjRmZq5fMBTWJj81dp5I3JHcss1bvx0XOdThT4AqUZXE4ygvI221CCwIDAQAB ozwwOjAqBgNVHREEIzAhgR9EZW5pcy5CZWF1Y2hlbWluQFVTaGVyYnJvb2tlLmNhMAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEApoWEVlSstsu67uruXRbI5PTrXmHO/lqqy1rq aqkiTPGlVVuB4HlU32KLo97oSQf8M+zpBhfiJGSR6gtIClYjvChAHX8KFlFaQgWNAkFJCMPn QdWQ+itWISco9Z04N0vMhRLyECpY9jcHFIr6DMLeGcynVj3LQQRLUesKrsLrKwUwggLrMIIC VKADAgECAgMPdowwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1MDkxMjEzMjEwOFoXDTA2MDkxMjEzMjEwOFowUTEf MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEuMCwGCSqGSIb3DQEJARYfRGVuaXMu QmVhdWNoZW1pbkBVU2hlcmJyb29rZS5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALH/yZ7tC9WR3ZLHjbljZ/TGDdz5G8EFs7iXer8S5Vbd8ZuTfntUjf64uVY+oNXH/yb6 ifJIIXzjPftBL+BbSU8beVO2S/RU/SaJzH01Z+yZV2K23TmVdi+uuy+h7l8jW5/b+IFWAg5G 7kWEe9gRohsmiSY+hwOYGeCAixr5s1rQjnJnBDnl8Kgc3bhcC7o6flnKZ11ExQVk3RBemwd8 fVIDVsq0YCgvXOClVEUa8RiDyxSQSgr/mR9dtzqaICJM1f3ilcnM9R6ccdP3bgPFJo/wRpAJ wt2K1o0ZmauXzAU1iY/NXaeSNyR3LLNW78dFznU4U+AKlGVxOMoLyNttQgsCAwEAAaM8MDow KgYDVR0RBCMwIYEfRGVuaXMuQmVhdWNoZW1pbkBVU2hlcmJyb29rZS5jYTAMBgNVHRMBAf8E AjAAMA0GCSqGSIb3DQEBBAUAA4GBAKaFhFZUrLbLuu7q7l0WyOT0615hzv5aqsta6mqpIkzx pVVbgeB5VN9ii6Pe6EkH/DPs6QYX4iRkkeoLSApWI7woQB1/ChZRWkIFjQJBSQjD50HVkPor ViEnKPWdODdLzIUS8hAqWPY3BxSK+gzC3hnMp1Y9y0EES1HrCq7C6ysFMIIDPzCCAqigAwIB AgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEo MCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVl bWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkG A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNV BAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9R zgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4H v0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB /wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1Ro YXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAc MRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oL LswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsA xRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwh GTXeJLHTHUb/XV9lTzGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMPdowwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUwOTI2MTU1NDE4WjAjBgkqhkiG9w0BCQQx FgQU1HgXGaZtu8ZRW6nQ1b2iPSx5+88wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAO BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw eAYJKwYBBAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1 bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0ECAw92jDB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNV BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMPdowwDQYJKoZIhvcNAQEBBQAEggEAi7cZ8UsJ szwW/roPnSsVmBIkgBdE0rxCtrn340PBTEO7ST/JZ1kVnAjVvRxyPoChXMp7BMXpqaie22tf X3VzWCpcr0HY0STfQmJX370aXypiIHB7pxJCdBnThhWlc8K2x13yDmhLVAPfuwKhuMA3YUXK s/Gb5+8ja+iLxiwJU+Fh54Jwg0u/6kqcZvxCq+01V+p8yEqTvDZ1j2RV8c0gyzs75d2KA2n1 svJIE3SlJLHxHdElke9jJ9PiP74CBL5xQjVCh0dW89thJtsYExjWxauo7bkqbf1j/I/e5kBN GR48qT5TJ/wnyHrwtYMTC8bbrPKYxfSlMEA7uV358zwZNQAAAAAAAA== --------------ms060303010400020701080709-- From ssilva at SGVWATER.COM Mon Sep 26 17:07:31 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:49 2006 Subject: spamassassin not functioning Message-ID: Augustin Siaens spake the following on 9/26/2005 6:38 AM: > Hello, > > I'm running MailScanner 4.45 on a Fedora 1. I've recently upgraded > MailScanner from the 4.3xx version, SpamAssassin to version 3.0.1 and > SpamAssassin-tools to 3.0.1 as wel as perl-Mail-SpamAssassin to 3.0.1 too > > Now MailScanner is working fine but SpamAssassin doesn't seem to scan > anything. I've sent myself a spam and it went through. I didn't see anything > scanning at all in the logs. > > I've ran in debug mode and got the attached information. Could someone > please check quickly to spot the cause of the problem? > > thanks (a lot) in advance --clip > debug: bayes: 31866 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 31866 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 2 > bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 160. You need to convert your bayes database when going from 2.xx to 3.xx Stop MailScanner and run the following; sa-learn --rebuild sa-learn --sync Then try another lint test. > debug: Pyzor: got response: 66.250.40.33:24441 TimeoutError: > debug: leaving helper-app run mode > debug: Pyzor: couldn't grok response "66.250.40.33:24441 TimeoutError: " Also make sure you run your "pyzor discover" everyday, as you will not score on pyzor if it times out. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From augustin.siaens at AQUADEV.ORG Mon Sep 26 19:39:26 2005 From: augustin.siaens at AQUADEV.ORG (augustin siaens) Date: Thu Jan 12 21:30:49 2006 Subject: spamassassin not functioning Message-ID: sa-learn doesn't seem to work, I'll investigate... but I found out the problem. As I didn't see anything regarding=20 MailScanner in the log I decided to check since when MailScanner stopped=20 filtering. It appears that MailScanner stopped filtering on september=20 20. I checked with ps aux to see and found that a sendmail process was=20 dating from the exact same day. I killed it and, miracle, everything=20 seems to go back to normal... Scott Silva wrote: >Augustin Siaens spake the following on 9/26/2005 6:38 AM: > =20 > >>Hello, >> >>I'm running MailScanner 4.45 on a Fedora 1. I've recently upgraded >>MailScanner from the 4.3xx version, SpamAssassin to version 3.0.1 and >>SpamAssassin-tools to 3.0.1 as wel as perl-Mail-SpamAssassin to 3.0.1 t= oo >> >>Now MailScanner is working fine but SpamAssassin doesn't seem to scan >>anything. I've sent myself a spam and it went through. I didn't see any= thing >>scanning at all in the logs.=20 >> >>I've ran in debug mode and got the attached information. Could someone >>please check quickly to spot the cause of the problem? >> >>thanks (a lot) in advance >> =20 >> >--clip > =20 > >>debug: bayes: 31866 tie-ing to DB file R/O /root/.spamassassin/bayes_to= ks >>debug: bayes: 31866 tie-ing to DB file R/O /root/.spamassassin/bayes_se= en >>debug: bayes: found bayes db version 2 >>bayes: bayes db version 2 is not able to be used, aborting! at /usr/lib= /perl5/site_perl/5.8.3/Mail/SpamAssassin/BayesStore/DBM.pm line 160. >> =20 >> >You need to convert your bayes database when going from 2.xx to 3.xx >Stop MailScanner and run the following; >sa-learn --rebuild >sa-learn --sync >Then try another lint test. > > =20 > >>debug: Pyzor: got response: 66.250.40.33:24441 TimeoutError: >>debug: leaving helper-app run mode >>debug: Pyzor: couldn't grok response "66.250.40.33:24441 Timeout= Error: " >> =20 >> >Also make sure you run your "pyzor discover" everyday, as you will not >score on pyzor if it times out. > > > =20 > --=20 Augustin Siaens AQUADEV Rue des Carm=E9lites 151 Karmelietenstraat 1180 Bruxelles - Brussel Tel: +32 2 347 70 00 Fax: +32 2 347 00 36 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 26 18:33:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:49 2006 Subject: Problem with install-Clam-SA's ./install.sh script Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's not actually a bug in my script really. You need to add /usr/local/lib to your /etc/ld.so.conf file so that it knows to look for libraries in /usr/local/lib. Then Mail::ClamAV will be able to work. As for the other problem, upgrade MailScanner to my latest beta and the output goes away. It's quite harmless, feel free to ignore it. Quentin Campbell wrote: >Julian > >Am running MS 4.45.4-1 with SA 3.0.4 and ClamAV 0.87 on a RHAS4 system. > >Want to upgrade to SA 3.1.0 so unpacked the "install-Clam-SA" tar ball. > >When did "install.sh" got: > >... >Finished Build Compile Stage^M >^M >Manifying blib/man3/Mail::ClamAV.3pm^M >PERL_DL_NONLAZY=3D1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t^M >t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9)^M ># Tried to use 'Mail::ClamAV'.^M ># Error: Had problems bootstrapping Inline module 'Mail::ClamAV'^M ># ^M ># Can't load >'/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module >Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such >file or directory at >/usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230.^M ># at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500^M ># ^M ># ^M ># at /tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188^M ># BEGIN failed--compilation aborted at >/tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532.^M ># Compilation failed in require at (eval 1) line 2.^M >^M >^Mt/Mail-ClamAV....NOK 1"all" is not defined in >%Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11^M >Can't continue after import errors at t/Mail-ClamAV.t line 11^M ># Looks like you planned 10 tests but only ran 1.^M >^M >^Mt/Mail-ClamAV....dubious^M > Test returned status 10 (wstat 2560, 0xa00)^M >DIED. FAILED tests 1-10^M > Failed 10/10 tests, 0.00% okay^M >Failed Test Stat Wstat Total Fail Failed List of Failed^M >------------------------------------------------------------------------ >------- >... > >Ignored this as not using 'clamavmodule'.=20 > >However when doing 'spamassassin -D' get indication that all is not well >with 3.1.0: > >... >[10935] warn: Use of uninitialized value in pattern match (m//) at >/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line >870. >[10935] warn: Use of uninitialized value in concatenation (.) or string >at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line >944. >X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on >cheviot70.ncl.ac.uk >... > >Have looked through the MailScanner list for clues and googled the >problem but am none the wiser. Have I missed something in the recent >flurry of MailScanner list traffic? > >Quentin=20 >--- >PHONE: +44 191 222 8209 Information Systems and Services (ISS), > University of Newcastle, > Newcastle upon Tyne, >FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >------------------------------------------------------------------------ >Any opinion expressed above is mine. The University can get its own.=20 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzgxBRH2WUcUFbZUEQKR8QCfSjDoahMUwWNW9eVBZnsMrgF4tDEAn0vY HqanDvgMrA6Su262VwHZbqd6 =Ioe8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 26 18:49:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:49 2006 Subject: Problem with install-Clam-SA's ./install.sh script Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have added code to the install.sh script to check for this and add the appropriate line if necessary, before the Mail::ClamAV module is built. Should make it easier for novice sysadmins, which is always worth doing where I can. Julian Field wrote: >* PGP Signed by an unmatched address: 09/26/05 at 18:33:57 > >It's not actually a bug in my script really. You need to add >/usr/local/lib to your /etc/ld.so.conf file so that it knows to look for >libraries in /usr/local/lib. Then Mail::ClamAV will be able to work. > >As for the other problem, upgrade MailScanner to my latest beta and the >output goes away. It's quite harmless, feel free to ignore it. > >Quentin Campbell wrote: > > > >>Julian >> >>Am running MS 4.45.4-1 with SA 3.0.4 and ClamAV 0.87 on a RHAS4 system. >> >>Want to upgrade to SA 3.1.0 so unpacked the "install-Clam-SA" tar ball. >> >>When did "install.sh" got: >> >>... >>Finished Build Compile Stage^M >>^M >>Manifying blib/man3/Mail::ClamAV.3pm^M >>PERL_DL_NONLAZY=3D1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >>"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t^M >>t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9)^M >># Tried to use 'Mail::ClamAV'.^M >># Error: Had problems bootstrapping Inline module 'Mail::ClamAV'^M >># ^M >># Can't load >>'/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module >>Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such >>file or directory at >>/usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230.^M >># at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500^M >># ^M >># ^M >># at /tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188^M >># BEGIN failed--compilation aborted at >>/tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532.^M >># Compilation failed in require at (eval 1) line 2.^M >>^M >>^Mt/Mail-ClamAV....NOK 1"all" is not defined in >>%Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11^M >>Can't continue after import errors at t/Mail-ClamAV.t line 11^M >># Looks like you planned 10 tests but only ran 1.^M >>^M >>^Mt/Mail-ClamAV....dubious^M >> Test returned status 10 (wstat 2560, 0xa00)^M >>DIED. FAILED tests 1-10^M >> Failed 10/10 tests, 0.00% okay^M >>Failed Test Stat Wstat Total Fail Failed List of Failed^M >>------------------------------------------------------------------------ >>------- >>... >> >>Ignored this as not using 'clamavmodule'.=20 >> >>However when doing 'spamassassin -D' get indication that all is not well >>with 3.1.0: >> >>... >>[10935] warn: Use of uninitialized value in pattern match (m//) at >>/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line >>870. >>[10935] warn: Use of uninitialized value in concatenation (.) or string >>at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line >>944. >>X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on >>cheviot70.ncl.ac.uk >>... >> >>Have looked through the MailScanner list for clues and googled the >>problem but am none the wiser. Have I missed something in the recent >>flurry of MailScanner list traffic? >> >>Quentin=20 >>--- >>PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> University of Newcastle, >> Newcastle upon Tyne, >>FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>------------------------------------------------------------------------ >>Any opinion expressed above is mine. The University can get its own.=20 >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> >> > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzg0qBH2WUcUFbZUEQIihgCfbLqamPxzxcuu+NGokMgOE1rJn5oAoObg AzpgaZqdpFZtKXxDYtLVFw4p =iYwx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joakim at CEFALK.COM Mon Sep 26 19:42:15 2005 From: joakim at CEFALK.COM (Joakim Cefalk) Date: Thu Jan 12 21:30:49 2006 Subject: Does not detect some spam Message-ID: I found the problem. First I upgrade SA to version 3.1.0 from 3.0.0 but It didn=B4t work. My perl module Net::DNS was old 0.26, but after an update to version=20 0.53 the URIBL was working and the spam detected. Thanks for all help. Joakim Joakim Cefalk wrote: > Thanks but how do I activating URIBL? > > Joakim > > Denis Beauchemin wrote: > >> Joakim Cefalk wrote: >> >>> Hi! >>> >>> When i get spam like this, that will not be stopped. any suggestions=20 >>> what to do? >> >> >> >> Joakim, >> >> My MS+SA setup scored your email this way: >> >> X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste=20 >> blanche), >> SpamAssassin (score=3D21.053, requis 5, BAYES_40 -1.10, >> SARE_HTML_A_HIDE 0.62, SARE_RECV_SKANOVA 0.73, >> SARE_SPEC_LEO_LINE03 1.04, SARE_SPEC_LEO_LINE04 0.84, >> SARE_SPEC_LEO_LINE04d 0.65, SARE_SPEC_LEO_LINE06 0.74, >> UPPERCASE_25_50 0.03, URIBL_AB_SURBL 3.00, URIBL_JP_SURBL 4.00, >> URIBL_OB_SURBL 4.00, URIBL_SBL 3.50, URIBL_WS_SURBL 3.00) >> >> "liste blanche" means whitelisted. But the score was 21! As you can=20 >> see, URIBL is really good at detecting those emails. >> >> Denis >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Sep 26 20:13:22 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: Not a MailScanner issue, but ... Does anybody have any simple solutions for sendmail that only lets the backup MX accept mail when the primary is down? I don't want to re-invent the wheel if someone already has a working solution. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at CNPAPERS.COM Mon Sep 26 20:40:23 2005 From: campbell at CNPAPERS.COM (Steve Campbell) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: I believe DNS does this if you have your secondary MX defined in DNS with equal or lower priority than the primary. The primary will not accept mail as it's down. DNS will direct mail to the secondary automatically. I think this is all proper. I could be wrong though. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Scott Silva" To: Sent: Monday, September 26, 2005 3:13 PM Subject: [MAILSCANNER] Sendmail and backup MX > Not a MailScanner issue, but ... > Does anybody have any simple solutions for sendmail that only lets the > backup MX accept mail when the primary is down? > I don't want to re-invent the wheel if someone already has a working > solution. > > -- > > /-----------------------\ |~~\_____/~~\__ | > | MailScanner; The best |___________ \N1____====== )-+ > | protection on the net!| ~~~|/~~ | > \-----------------------/ () > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jeff at IMAGE-SRC.COM Mon Sep 26 20:45:04 2005 From: jeff at IMAGE-SRC.COM (Jeff Graves) Date: Thu Jan 12 21:30:49 2006 Subject: Custom Rules Message-ID: I'm getting a bunch of spamis spam slipping through and I'm running older versions of MailScanner and spamassasin (about a year old). I don't have time right now to update or patch MailScanner or spamassin or add new rules_du_jour or whatever. All I'd like to do for the time being, is add a quick custom rule to catch this phrase "[ S P A M I S NOTIFICATION ]:" but I have no Perl regex experience. Spamassasin --lint complains about this syntax to local.cf: body SPAMIS_CUSTOM_RULE \b\[ S P A M I S NOTIFICATION\] describe SPAMIS_CUSTOM_RULE Detects spam sent by spamis score SPAMIS_CUSTOM_RULE 12.0 ----- spamassassin --lint Backslash found where operator expected at /etc/mail/spamassassin/local.cf, rule SPAMIS_CUSTOM_RULE, line 1, near "b\" Backslash found where operator expected at /etc/mail/spamassassin/local.cf, rule SPAMIS_CUSTOM_RULE, line 1, near "NOTIFICATION\" Failed to compile body SpamAssassin tests, skipping: (syntax error at /etc/mail/spamassassin/local.cf, rule SPAMIS_CUSTOM_RULE, line 1, near "b\" I thought [] were reserved and need to be escaped with \... Help! Jeff Graves, MCSA Image Source, Inc. 10 Mill Street Bellingham, MA 02019 508.966.5200 x31 - Phone 508.966.5170 - Fax jeff@image-src.com - Email www.image-src.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon Sep 26 20:47:40 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: This is a cryptographically signed message in MIME format. --------------ms070009080108030108070507 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Steve Campbell wrote: > I believe DNS does this if you have your secondary MX defined in DNS=20 > with equal or lower priority than the primary. > > The primary will not accept mail as it's down. > DNS will direct mail to the secondary automatically. > > I think this is all proper. I could be wrong though. This will not prevent the backup MX from accepting emails while the=20 primary MX is up. And spammers like to send to backup MX servers in=20 case they have a lesser protection... Denis > ----- Original Message ----- From: "Scott Silva" > To: > Sent: Monday, September 26, 2005 3:13 PM > Subject: [MAILSCANNER] Sendmail and backup MX > > >> Not a MailScanner issue, but ... >> Does anybody have any simple solutions for sendmail that only lets the= >> backup MX accept mail when the primary is down? >> I don't want to re-invent the wheel if someone already has a working >> solution. >> >> --=20 >> >> /-----------------------\ |~~\_____/~~\__ | >> | MailScanner; The best |___________ \N1____=3D=3D=3D=3D=3D=3D )-+ >> | protection on the net!| ~~~|/~~ | >> \-----------------------/ () >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > --=20 _ =B0v=B0 Denis Beauchemin, analyste /(_)\ Universit=E9 de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --------------ms070009080108030108070507 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJITCC AuswggJUoAMCAQICAw92jDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwOTEyMTMyMTA4WhcNMDYwOTEyMTMyMTA4 WjBRMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMS4wLAYJKoZIhvcNAQkBFh9E ZW5pcy5CZWF1Y2hlbWluQFVTaGVyYnJvb2tlLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAsf/Jnu0L1ZHdkseNuWNn9MYN3PkbwQWzuJd6vxLlVt3xm5N+e1SN/ri5Vj6g 1cf/JvqJ8kghfOM9+0Ev4FtJTxt5U7ZL9FT9JonMfTVn7JlXYrbdOZV2L667L6HuXyNbn9v4 gVYCDkbuRYR72BGiGyaJJj6HA5gZ4ICLGvmzWtCOcmcEOeXwqBzduFwLujp+WcpnXUTFBWTd EF6bB3x9UgNWyrRgKC9c4KVURRrxGIPLFJBKCv+ZH123OpogIkzV/eKVycz1Hpxx0/duA8Um j/BGkAnC3YrWjRmZq5fMBTWJj81dp5I3JHcss1bvx0XOdThT4AqUZXE4ygvI221CCwIDAQAB ozwwOjAqBgNVHREEIzAhgR9EZW5pcy5CZWF1Y2hlbWluQFVTaGVyYnJvb2tlLmNhMAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEApoWEVlSstsu67uruXRbI5PTrXmHO/lqqy1rq aqkiTPGlVVuB4HlU32KLo97oSQf8M+zpBhfiJGSR6gtIClYjvChAHX8KFlFaQgWNAkFJCMPn QdWQ+itWISco9Z04N0vMhRLyECpY9jcHFIr6DMLeGcynVj3LQQRLUesKrsLrKwUwggLrMIIC VKADAgECAgMPdowwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1MDkxMjEzMjEwOFoXDTA2MDkxMjEzMjEwOFowUTEf MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEuMCwGCSqGSIb3DQEJARYfRGVuaXMu QmVhdWNoZW1pbkBVU2hlcmJyb29rZS5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALH/yZ7tC9WR3ZLHjbljZ/TGDdz5G8EFs7iXer8S5Vbd8ZuTfntUjf64uVY+oNXH/yb6 ifJIIXzjPftBL+BbSU8beVO2S/RU/SaJzH01Z+yZV2K23TmVdi+uuy+h7l8jW5/b+IFWAg5G 7kWEe9gRohsmiSY+hwOYGeCAixr5s1rQjnJnBDnl8Kgc3bhcC7o6flnKZ11ExQVk3RBemwd8 fVIDVsq0YCgvXOClVEUa8RiDyxSQSgr/mR9dtzqaICJM1f3ilcnM9R6ccdP3bgPFJo/wRpAJ wt2K1o0ZmauXzAU1iY/NXaeSNyR3LLNW78dFznU4U+AKlGVxOMoLyNttQgsCAwEAAaM8MDow KgYDVR0RBCMwIYEfRGVuaXMuQmVhdWNoZW1pbkBVU2hlcmJyb29rZS5jYTAMBgNVHRMBAf8E AjAAMA0GCSqGSIb3DQEBBAUAA4GBAKaFhFZUrLbLuu7q7l0WyOT0615hzv5aqsta6mqpIkzx pVVbgeB5VN9ii6Pe6EkH/DPs6QYX4iRkkeoLSApWI7woQB1/ChZRWkIFjQJBSQjD50HVkPor ViEnKPWdODdLzIUS8hAqWPY3BxSK+gzC3hnMp1Y9y0EES1HrCq7C6ysFMIIDPzCCAqigAwIB AgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEo MCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVl bWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkG A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNV BAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9R zgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4H v0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB /wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1Ro YXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAc MRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oL LswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsA xRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwh GTXeJLHTHUb/XV9lTzGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMPdowwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUwOTI2MTk0NzQwWjAjBgkqhkiG9w0BCQQx FgQU53nHXgTBPBqn9RNW6HIFW3gLgYswUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAO BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw eAYJKwYBBAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1 bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0ECAw92jDB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNV BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMPdowwDQYJKoZIhvcNAQEBBQAEggEAlLsOOAfR cUXgmVgmaMj92c7ckadIEhkAHc5ZHEwMcHw48L3a1a2EEiERUaeoxdPDQIB7gAw2CcsyKJOn rJdWFASa06T6GYd3Ex2Ppv/9huf39JsWa/5ziEQZkjMlm+M1um8GfCu4O53DvnZVXTqOfVKP Ia9pKgTR6PmGEcF/TGQ6a//1EADJBOHWXsocO6EfeTTzO0Hpt8oEdUwNSTtT91zPcwZHe8zR NE/FlUPrI6M2R//RzM1V1sjK1T7b2Wlic8PFtc8V/VOYEvQ5LFJ6V92/PuTgTsi0KEUwO+Sj QleAcR2EQcLipzTPgpWyqpelxw9FgtZjaLduDBmxR9GkYwAAAAAAAA== --------------ms070009080108030108070507-- From Kevin_Miller at CI.JUNEAU.AK.US Mon Sep 26 20:55:49 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: Steve Campbell wrote: > I believe DNS does this if you have your secondary MX defined in DNS > with equal or lower priority than the primary. > > The primary will not accept mail as it's down. > DNS will direct mail to the secondary automatically. > > I think this is all proper. I could be wrong though. Yes, that's right more or less. Except that in practice the primary doesn't have to be down - if it's up but momentarily busy the sender may fail over to the secondary. Also, many spammers target the lower priority servers, on the assumption that they're less likely to be updated w/the latest greatest spam filters. I have a terciery server that sees maybe a dozen real mails a day, and several hundred high scoring spams. I'm quite content to let it vaporize spam and send nary a real message - takes the load off my other mail servers. Don't have any examples for the OP, but I'd venture that a script in cron that checks for port 25 on the primary should be pretty easy. If it fails, have it kick off sendmail on the 2ndary. There's a number of status checkers out there... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon Sep 26 21:01:10 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:49 2006 Subject: Custom Rules Message-ID: This is a cryptographically signed message in MIME format. --------------ms040700060509040904030201 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Jeff Graves wrote: >I'm getting a bunch of spamis spam slipping through and I'm running olde= r >versions of MailScanner and spamassasin (about a year old). I don't have= >time right now to update or patch MailScanner or spamassin or add new >rules_du_jour or whatever. All I'd like to do for the time being, is add= a >quick custom rule to catch this phrase "[ S P A M I S NOTIFICATION ]:" = but >I have no Perl regex experience. Spamassasin --lint complains about this= >syntax to local.cf: > >body SPAMIS_CUSTOM_RULE \b\[ S P A M I S NOTIFICATION\] >describe SPAMIS_CUSTOM_RULE Detects spam sent by spamis >score SPAMIS_CUSTOM_RULE 12.0 > > =20 > Jeff, You only forgot to put your RE (Regular Expression) between /.../: body SPAMIS_CUSTOM_RULE /\[ S P A M I S NOTIFICATION\]/ While you're at it, append a trailing "i" to make it ignore case. Further refinement: use "\s*" in place of optional whitespace. body SPAMIS_CUSTOM_RULE /\[\s*S\s*P\s*A\s*M\s*I\s*S\s*NOTIFICATION\s*\]/i= Denis --=20 _ =B0v=B0 Denis Beauchemin, analyste /(_)\ Universit=E9 de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --------------ms040700060509040904030201 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJITCC AuswggJUoAMCAQICAw92jDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwOTEyMTMyMTA4WhcNMDYwOTEyMTMyMTA4 WjBRMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMS4wLAYJKoZIhvcNAQkBFh9E ZW5pcy5CZWF1Y2hlbWluQFVTaGVyYnJvb2tlLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAsf/Jnu0L1ZHdkseNuWNn9MYN3PkbwQWzuJd6vxLlVt3xm5N+e1SN/ri5Vj6g 1cf/JvqJ8kghfOM9+0Ev4FtJTxt5U7ZL9FT9JonMfTVn7JlXYrbdOZV2L667L6HuXyNbn9v4 gVYCDkbuRYR72BGiGyaJJj6HA5gZ4ICLGvmzWtCOcmcEOeXwqBzduFwLujp+WcpnXUTFBWTd EF6bB3x9UgNWyrRgKC9c4KVURRrxGIPLFJBKCv+ZH123OpogIkzV/eKVycz1Hpxx0/duA8Um j/BGkAnC3YrWjRmZq5fMBTWJj81dp5I3JHcss1bvx0XOdThT4AqUZXE4ygvI221CCwIDAQAB ozwwOjAqBgNVHREEIzAhgR9EZW5pcy5CZWF1Y2hlbWluQFVTaGVyYnJvb2tlLmNhMAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEApoWEVlSstsu67uruXRbI5PTrXmHO/lqqy1rq aqkiTPGlVVuB4HlU32KLo97oSQf8M+zpBhfiJGSR6gtIClYjvChAHX8KFlFaQgWNAkFJCMPn QdWQ+itWISco9Z04N0vMhRLyECpY9jcHFIr6DMLeGcynVj3LQQRLUesKrsLrKwUwggLrMIIC VKADAgECAgMPdowwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1MDkxMjEzMjEwOFoXDTA2MDkxMjEzMjEwOFowUTEf MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEuMCwGCSqGSIb3DQEJARYfRGVuaXMu QmVhdWNoZW1pbkBVU2hlcmJyb29rZS5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALH/yZ7tC9WR3ZLHjbljZ/TGDdz5G8EFs7iXer8S5Vbd8ZuTfntUjf64uVY+oNXH/yb6 ifJIIXzjPftBL+BbSU8beVO2S/RU/SaJzH01Z+yZV2K23TmVdi+uuy+h7l8jW5/b+IFWAg5G 7kWEe9gRohsmiSY+hwOYGeCAixr5s1rQjnJnBDnl8Kgc3bhcC7o6flnKZ11ExQVk3RBemwd8 fVIDVsq0YCgvXOClVEUa8RiDyxSQSgr/mR9dtzqaICJM1f3ilcnM9R6ccdP3bgPFJo/wRpAJ wt2K1o0ZmauXzAU1iY/NXaeSNyR3LLNW78dFznU4U+AKlGVxOMoLyNttQgsCAwEAAaM8MDow KgYDVR0RBCMwIYEfRGVuaXMuQmVhdWNoZW1pbkBVU2hlcmJyb29rZS5jYTAMBgNVHRMBAf8E AjAAMA0GCSqGSIb3DQEBBAUAA4GBAKaFhFZUrLbLuu7q7l0WyOT0615hzv5aqsta6mqpIkzx pVVbgeB5VN9ii6Pe6EkH/DPs6QYX4iRkkeoLSApWI7woQB1/ChZRWkIFjQJBSQjD50HVkPor ViEnKPWdODdLzIUS8hAqWPY3BxSK+gzC3hnMp1Y9y0EES1HrCq7C6ysFMIIDPzCCAqigAwIB AgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEo MCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVl bWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkG A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNV BAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9R zgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4H v0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB /wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1Ro YXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAc MRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oL LswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsA xRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwh GTXeJLHTHUb/XV9lTzGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMPdowwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUwOTI2MjAwMTEwWjAjBgkqhkiG9w0BCQQx FgQU+cH9Y/DRy2bi8InJ0lJ2JgHR9SYwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAO BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw eAYJKwYBBAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1 bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0ECAw92jDB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNV BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMPdowwDQYJKoZIhvcNAQEBBQAEggEAX/Ncio8g 3XCAp9vhNIoCASUu3I4UNUqkYD+wVJG6s9WvTRmDHoe5BlQbH14ufSLDtiMeTNW2j8dsHGtI aLXSutx+/a0CKI1UlzWXqiBp7ospxPkGrADeVjRMfgdsDteurtwHO+tksLDrjk7ye2Ad5Gog Ez73p9P5U/Axmc6XfdCcPngZ0Kj+R5kfziN6qVtYEGA41szjQH0NtDEk2pzwBPMWaTi5Brft BpMjVyTx8GlPk6XDqCkRj+V3LuLNUrzQ4D0b9N17tKTxEWc9cbx65XOdBeFhf0bP54KAklvM Sena0OCOqBFEZAktMfdi23J8kmXuEr4/p9lYxunq0TJXPwAAAAAAAA== --------------ms040700060509040904030201-- From jaearick at COLBY.EDU Mon Sep 26 21:01:21 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: You might want to look at smtptrapd for your high MX. See: http://smtptrapd.inodes.org I run this on a second machine that does not run sendmail in daemon mode (in fact none of my machines run sendmail except my mail server). It always gives a 400 "try again later" message. It keeps the high-MX spammers busy, thus leaving my real mail server alone. This didn't answer your question, but maybe this is what you were thinking. Jeff Earickson Colby College On Mon, 26 Sep 2005, Scott Silva wrote: > Date: Mon, 26 Sep 2005 12:13:22 -0700 > From: Scott Silva > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Sendmail and backup MX > > Not a MailScanner issue, but ... > Does anybody have any simple solutions for sendmail that only lets the > backup MX accept mail when the primary is down? > I don't want to re-invent the wheel if someone already has a working > solution. > > -- > > /-----------------------\ |~~\_____/~~\__ | > | MailScanner; The best |___________ \N1____====== )-+ > | protection on the net!| ~~~|/~~ | > \-----------------------/ () > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at CNPAPERS.COM Mon Sep 26 21:05:18 2005 From: campbell at CNPAPERS.COM (Steve Campbell) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: Well, I guess I misinterpretted the question. I thought he meant "simple solutions for sendmail that only lets the backup MX accept mail when the primary is down?" and not anytime such as when the primary is up. BTW, Denis, when you send "certified" mail, it makes it very difficult to reply to your message. Thanks all for correcting me. I stand corrected. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Kevin Miller" To: Sent: Monday, September 26, 2005 3:55 PM Subject: Re: [MAILSCANNER] Sendmail and backup MX > Steve Campbell wrote: >> I believe DNS does this if you have your secondary MX defined in DNS >> with equal or lower priority than the primary. >> >> The primary will not accept mail as it's down. >> DNS will direct mail to the secondary automatically. >> >> I think this is all proper. I could be wrong though. > > Yes, that's right more or less. Except that in practice the primary > doesn't > have to be down - if it's up but momentarily busy the sender may fail over > to the secondary. Also, many spammers target the lower priority servers, > on > the assumption that they're less likely to be updated w/the latest > greatest > spam filters. I have a terciery server that sees maybe a dozen real mails > a > day, and several hundred high scoring spams. I'm quite content to let it > vaporize spam and send nary a real message - takes the load off my other > mail servers. > > Don't have any examples for the OP, but I'd venture that a script in cron > that checks for port 25 on the primary should be pretty easy. If it > fails, > have it kick off sendmail on the 2ndary. There's a number of status > checkers out there... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jeff at IMAGE-SRC.COM Mon Sep 26 21:30:18 2005 From: jeff at IMAGE-SRC.COM (Jeff Graves) Date: Thu Jan 12 21:30:49 2006 Subject: Custom Rules Message-ID: Works great. Thanks! Jeff Graves, MCSA Image Source, Inc. 508.966.5200 x31=20 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On = Behalf Of Denis Beauchemin Sent: Monday, September 26, 2005 4:01 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] Custom Rules Jeff Graves wrote: >I'm getting a bunch of spamis spam slipping through and I'm running=20 >older versions of MailScanner and spamassasin (about a year old). I=20 >don't have time right now to update or patch MailScanner or spamassin=20 >or add new rules_du_jour or whatever. All I'd like to do for the time=20 >being, is add a quick custom rule to catch this phrase "[ S P A M I S =20 >NOTIFICATION ]:" but I have no Perl regex experience. Spamassasin=20 >--lint complains about this syntax to local.cf: > >body SPAMIS_CUSTOM_RULE \b\[ S P A M I S NOTIFICATION\] describe=20 >SPAMIS_CUSTOM_RULE Detects spam sent by spamis score SPAMIS_CUSTOM_RULE = >12.0 > > =20 > Jeff, You only forgot to put your RE (Regular Expression) between /.../: body SPAMIS_CUSTOM_RULE /\[ S P A M I S NOTIFICATION\]/ While you're at it, append a trailing "i" to make it ignore case. Further refinement: use "\s*" in place of optional whitespace. body SPAMIS_CUSTOM_RULE /\[\s*S\s*P\s*A\s*M\s*I\s*S\s*NOTIFICATION\s*\]/i Denis --=20 _ =B0v=B0 Denis Beauchemin, analyste /(_)\ Universit=E9 de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Mon Sep 26 21:50:22 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: Steve Campbell wrote: > BTW, Denis, when you send "certified" mail, it makes it very difficult = > to reply to your message. > I know. Other people told me before but I can't tell Thunderbird to not = sign any mail sent to this mailing list... so I forget to turn it off=20 manually most of the times... :-[ Denis PS: This time it is not there... ;-) --=20 _ =B0v=B0 Denis Beauchemin, analyste /(_)\ Universit=E9 de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Mon Sep 26 21:53:54 2005 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:30:49 2006 Subject: No subject Message-ID: All, I am getting tons of the below messages, yet email is being received and processed by spam assassin (lots of timeouts there though) and mailscanner. This ocurred after a recent update to latest mailscanner (today). Thoughts? thanks, Steve Sep 26 16:49:35 mailscan sm-msp-queue[665]: j8ONEDB4031211: to=postmaster, delay=1+21:29:25, xdelay=00:00:00, mailer=relay, pri=15609283, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1] Sep 26 16:49:36 mailscan sm-msp-queue[665]: j8ONEDB5031211: to=postmaster, delay=1+21:29:26, xdelay=00:00:00, mailer=relay, pri=15609353, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Mon Sep 26 22:18:12 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:30:49 2006 Subject: High Positive SA AWL rule ? Message-ID: This is a multi-part message in MIME format. --------------070909010301090200070907 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Has anyone noticed SA run AWL giving high positive scores like; Spam Report: Score Matching Rule Description 7.42 AWL From: address is in the auto white-list -2.60 BAYES_00 Bayesian spam probability is 0 to 1% Once I released this mail from quarantine, it gave the AWL a minus score. Any ideas ? Cheers. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --------------070909010301090200070907 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Has anyone noticed SA run AWL giving high positive scores like;

Spam Report:
Score Matching Rule Description
7.42 AWL From: address is in the auto white-list
-2.60 BAYES_00 Bayesian spam probability is 0 to 1%

Once I released this mail from quarantine, it gave the AWL a minus score.

Any ideas ?

Cheers.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
--------------070909010301090200070907-- From ssilva at SGVWATER.COM Mon Sep 26 22:28:25 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: Jeff A. Earickson spake the following on 9/26/2005 1:01 PM: > You might want to look at smtptrapd for your high MX. See: > > http://smtptrapd.inodes.org > > I run this on a second machine that does not run sendmail in > daemon mode (in fact none of my machines run sendmail except my > mail server). It always gives a 400 "try again later" message. > It keeps the high-MX spammers busy, thus leaving my real mail server alone. > > This didn't answer your question, but maybe this is what you > were thinking. > > Jeff Earickson > Colby College The only problem is that while it is a secondary for one system, it is a primary for another. I might just have to write something similar to a heartbeat monitor to enable/disable the secondary. Or mabye add a spamtrapd running PC and put it even farther up the MX chain. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Mon Sep 26 22:37:04 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: On Sep 26, 2005, at 12:13, Scott Silva wrote: > Not a MailScanner issue, but ... > Does anybody have any simple solutions for sendmail that only lets the > backup MX accept mail when the primary is down? > I don't want to re-invent the wheel if someone already has a working > solution. > Get mimedefang. Run it on your backup. www.mimedefang.org There's a function it has called "filter_recipient" which you have to write (in /etc/mail/mimedefang-filter), and which you have to turn on in the startup script. Here's what I would suggest: sub filter_recipient { my ($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; my ($type, $msg); # if the recipient is in the domain I secondary if ($recip =~ /\@primary\.domain\.name\b/i) { # verify a known recipient on the primary ($type, $msg) = md_check_against_smtp_server($sender, $recip, # known recipient "secondary.host.name", # your backup/MX server "primary.host.name"); # the primary mail server if ($type eq "REJECT") { # the recipient doesn't exist, hard reject even if # the primary is up return ('REJECT', "Unknown Recipient"); } elsif ($type eq "CONTINUE") { # if you can verify it, then the primary is up # TEMPFAIL (or REJECT) the message return ('TEMPFAIL', "Only call me when the primary is down"); } else { # else, primary is down or having problems return ('CONTINUE', "OK"); } } } ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Sep 26 23:41:18 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: John Rudd spake the following on 9/26/2005 2:37 PM: > On Sep 26, 2005, at 12:13, Scott Silva wrote: > >> Not a MailScanner issue, but ... >> Does anybody have any simple solutions for sendmail that only lets the >> backup MX accept mail when the primary is down? >> I don't want to re-invent the wheel if someone already has a working >> solution. >> > > Get mimedefang. Run it on your backup. www.mimedefang.org > > > There's a function it has called "filter_recipient" which you have to > write (in /etc/mail/mimedefang-filter), and which you have to turn on in > the startup script. Here's what I would suggest: > > > sub filter_recipient { > my ($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, > $rcpt_host, $rcpt_addr) = @_; > my ($type, $msg); > > # if the recipient is in the domain I secondary > if ($recip =~ /\@primary\.domain\.name\b/i) { > > # verify a known recipient on the primary > ($type, $msg) = md_check_against_smtp_server($sender, > $recip, # known recipient > "secondary.host.name", # your backup/MX server > "primary.host.name"); # the primary mail server > > if ($type eq "REJECT") { > # the recipient doesn't exist, hard reject even if > # the primary is up > return ('REJECT', "Unknown Recipient"); > } > elsif ($type eq "CONTINUE") { > # if you can verify it, then the primary is up > # TEMPFAIL (or REJECT) the message > return ('TEMPFAIL', "Only call me when the primary is down"); > } > else { > # else, primary is down or having problems > return ('CONTINUE', "OK"); > } > } > } > I'll look at this this week! Looks like it will do the equivalent of milter-ahead also. Thanks!! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Tue Sep 27 00:05:01 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: On Sep 26, 2005, at 15:41, Scott Silva wrote: > John Rudd spake the following on 9/26/2005 2:37 PM: >> On Sep 26, 2005, at 12:13, Scott Silva wrote: >> >>> Not a MailScanner issue, but ... >>> Does anybody have any simple solutions for sendmail that only lets >>> the >>> backup MX accept mail when the primary is down? >>> I don't want to re-invent the wheel if someone already has a working >>> solution. >>> >> >> Get mimedefang. Run it on your backup. www.mimedefang.org >> >> >> There's a function it has called "filter_recipient" which you have to >> write (in /etc/mail/mimedefang-filter), and which you have to turn on >> in >> the startup script. Here's what I would suggest: >> >> >> sub filter_recipient { >> my ($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, >> $rcpt_host, $rcpt_addr) = @_; >> my ($type, $msg); >> >> # if the recipient is in the domain I secondary >> if ($recip =~ /\@primary\.domain\.name\b/i) { >> >> # verify a known recipient on the primary >> ($type, $msg) = md_check_against_smtp_server($sender, >> $recip, # known recipient >> "secondary.host.name", # your backup/MX server >> "primary.host.name"); # the primary mail >> server >> >> if ($type eq "REJECT") { >> # the recipient doesn't exist, hard reject even if >> # the primary is up >> return ('REJECT', "Unknown Recipient"); >> } >> elsif ($type eq "CONTINUE") { >> # if you can verify it, then the primary is up >> # TEMPFAIL (or REJECT) the message >> return ('TEMPFAIL', "Only call me when the primary is down"); >> } >> else { >> # else, primary is down or having problems >> return ('CONTINUE', "OK"); >> } >> } >> } >> > I'll look at this this week! > Looks like it will do the equivalent of milter-ahead also. > Thanks!! > Yes, you can also use this as a means of replacing milter-ahead. You can also implement greylisting with it. Though, be careful. It will detect any virus scanners you have installed, and the default mimedefang-filter will try to run them. That can put a lot of extra work on your machine, since you'll be doing it both in mimedefang and mailscanner. So, when you do the "configure" in mimedefang, you should look and see what you need to do to turn off whatever virus scanners you're using. (there's also a way to turn them off in mimedefang-filter, OR you can simple comment out the parts of "filter_begin", "filter", "filter_multipart", and "filter_end" which duplicate mailscanner functionality; virus scanning is in filter_begin, attachment filename/etc. checking is in filter and filter_multipart, and spam assassin is in filter_end) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 27 00:59:40 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: John Rudd spake the following on 9/26/2005 4:05 PM: > On Sep 26, 2005, at 15:41, Scott Silva wrote: > >> John Rudd spake the following on 9/26/2005 2:37 PM: >> >>> On Sep 26, 2005, at 12:13, Scott Silva wrote: >>> >>>> Not a MailScanner issue, but ... >>>> Does anybody have any simple solutions for sendmail that only lets the >>>> backup MX accept mail when the primary is down? >>>> I don't want to re-invent the wheel if someone already has a working >>>> solution. >>>> >>> >>> Get mimedefang. Run it on your backup. www.mimedefang.org >>> >>> >>> There's a function it has called "filter_recipient" which you have to >>> write (in /etc/mail/mimedefang-filter), and which you have to turn on in >>> the startup script. Here's what I would suggest: >>> >>> >>> sub filter_recipient { >>> my ($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, >>> $rcpt_host, $rcpt_addr) = @_; >>> my ($type, $msg); >>> >>> # if the recipient is in the domain I secondary >>> if ($recip =~ /\@primary\.domain\.name\b/i) { >>> >>> # verify a known recipient on the primary >>> ($type, $msg) = md_check_against_smtp_server($sender, >>> $recip, # known recipient >>> "secondary.host.name", # your backup/MX server >>> "primary.host.name"); # the primary mail server >>> >>> if ($type eq "REJECT") { >>> # the recipient doesn't exist, hard reject even if >>> # the primary is up >>> return ('REJECT', "Unknown Recipient"); >>> } >>> elsif ($type eq "CONTINUE") { >>> # if you can verify it, then the primary is up >>> # TEMPFAIL (or REJECT) the message >>> return ('TEMPFAIL', "Only call me when the primary is down"); >>> } >>> else { >>> # else, primary is down or having problems >>> return ('CONTINUE', "OK"); >>> } >>> } >>> } >>> >> I'll look at this this week! >> Looks like it will do the equivalent of milter-ahead also. >> Thanks!! >> > > Yes, you can also use this as a means of replacing milter-ahead. You > can also implement greylisting with it. > > Though, be careful. It will detect any virus scanners you have > installed, and the default mimedefang-filter will try to run them. That > can put a lot of extra work on your machine, since you'll be doing it > both in mimedefang and mailscanner. So, when you do the "configure" in > mimedefang, you should look and see what you need to do to turn off > whatever virus scanners you're using. > > (there's also a way to turn them off in mimedefang-filter, OR you can > simple comment out the parts of "filter_begin", "filter", > "filter_multipart", and "filter_end" which duplicate mailscanner > functionality; virus scanning is in filter_begin, attachment > filename/etc. checking is in filter and filter_multipart, and spam > assassin is in filter_end) > I think I just want to use the above, and let MailScanner do the rest. I have a copy of the mimedefang howto in my hands right now. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Tue Sep 27 01:32:11 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:49 2006 Subject: cannot stop spam mail Message-ID: This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_00227680.FB9AE068 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline I still do not see any difference in the nail header with the report = =3Dyes turned on. Is there a way of checking this? see http://www.mmtnetworks.com.au/Mime-2 Thanks Jon >>> mkettler@EVI-INC.COM 12:00:11 am 26/09/2005 >>> Jon Miller wrote: > SpamAssassin version 3.0.3=20 >=20 > location of header file >=20 > http://www.mmtnetworks.com.au/Mime-1 For reference, I rack up 30.1 points when I scan that message: X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on xanadu.evi-inc.co= m X-Spam-Level: ****************************** X-Spam-Status: Yes, hits=3D30.1 required=3D5.0 tests=3DAB_URI_RBL,BAYES_50,= BLACK_URI_RBL,DCC_CHECK,FAKE_HELO_JUNO,JP_URI_RBL,OB_URI_RBL, PENIS_ENLARGE2,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK, RCVD_FAKE_HELO_DOTCOM,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL, RCVD_IN_SORBS_DUL,RCVD_IN_XBL,SARE_ADULT2,SPAMCOP_URI_RBL,WS_URI_RB= L autolearn=3Dspam version=3D2.64 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --=_00227680.FB9AE068 Content-Type: TEXT/HTML Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="TEXT.htm" Content-Description: HTML PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PXVzLWFzY2lpIj4NCjxNRVRBIGNvbnRlbnQ9Ik1TSFRNTCA2 LjAwLjI5MDAuMjcyMiIgbmFtZT1HRU5FUkFUT1I+PC9IRUFEPg0KPEJPRFkgc3R5bGU9Ik1BUkdJ Ti1UT1A6IDJweDsgRk9OVDogMTBwdCBBcmlhbDsgTUFSR0lOLUxFRlQ6IDJweCI+DQo8RElWPkkg c3RpbGwgZG8gbm90IHNlZSBhbnkgZGlmZmVyZW5jZSBpbiB0aGUgbmFpbCBoZWFkZXIgd2l0aCB0 aGUgcmVwb3J0ID15ZXMgDQp0dXJuZWQgb24uJm5ic3A7IElzIHRoZXJlIGEgd2F5IG9mIGNoZWNr aW5nIHRoaXM/PC9ESVY+DQo8RElWPiZuYnNwOzwvRElWPg0KPERJVj5zZWUgPEEgDQpocmVmPSJo dHRwOi8vd3d3Lm1tdG5ldHdvcmtzLmNvbS5hdS9NaW1lLTIiPmh0dHA6Ly93d3cubW10bmV0d29y a3MuY29tLmF1L01pbWUtMjwvQT48L0RJVj4NCjxESVY+Jm5ic3A7PC9ESVY+DQo8RElWPlRoYW5r czwvRElWPg0KPERJVj4mbmJzcDs8L0RJVj4NCjxESVY+Sm9uPEJSPjxCUj4mZ3Q7Jmd0OyZndDsg bWtldHRsZXJARVZJLUlOQy5DT00gMTI6MDA6MTEgYW0gMjYvMDkvMjAwNSANCiZndDsmZ3Q7Jmd0 OzxCUj5Kb24gTWlsbGVyIHdyb3RlOjxCUj4mZ3Q7Jm5ic3A7IFNwYW1Bc3Nhc3NpbiB2ZXJzaW9u IDMuMC4zIA0KPEJSPiZndDsgPEJSPiZndDsgbG9jYXRpb24gb2YgaGVhZGVyIGZpbGU8QlI+Jmd0 OyA8QlI+Jmd0OyA8QSANCmhyZWY9Imh0dHA6Ly93d3cubW10bmV0d29ya3MuY29tLmF1L01pbWUt MSI+aHR0cDovL3d3dy5tbXRuZXR3b3Jrcy5jb20uYXUvTWltZS0xPC9BPjxCUj48QlI+Rm9yIA0K cmVmZXJlbmNlLCBJIHJhY2sgdXAgMzAuMSBwb2ludHMgd2hlbiBJIHNjYW4gdGhhdCANCm1lc3Nh Z2U6PEJSPjxCUj5YLVNwYW0tQ2hlY2tlci1WZXJzaW9uOiBTcGFtQXNzYXNzaW4gMi42NCAoMjAw NC0wMS0xMSkgb24gDQp4YW5hZHUuZXZpLWluYy5jb208QlI+WC1TcGFtLUxldmVsOiANCioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKjxCUj5YLVNwYW0tU3RhdHVzOiBZZXMsIGhpdHM9MzAu MSByZXF1aXJlZD01LjAgDQp0ZXN0cz1BQl9VUklfUkJMLEJBWUVTXzUwLDxCUj4mbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgDQpCTEFDS19VUklfUkJMLERDQ19DSEVD SyxGQUtFX0hFTE9fSlVOTyxKUF9VUklfUkJMLE9CX1VSSV9SQkwsPEJSPiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyANClBFTklTX0VOTEFSR0UyLFJBWk9SMl9DRl9S QU5HRV81MV8xMDAsUkFaT1IyX0NIRUNLLDxCUj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgDQpSQ1ZEX0ZBS0VfSEVMT19ET1RDT00sUkNWRF9JTl9CTF9TUEFNQ09Q X05FVCxSQ1ZEX0lOX0RTQkwsPEJSPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyANClJDVkRfSU5fU09SQlNfRFVMLFJDVkRfSU5fWEJMLFNBUkVfQURVTFQyLFNQQU1D T1BfVVJJX1JCTCxXU19VUklfUkJMPEJSPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyANCmF1dG9sZWFybj1zcGFtIHZlcnNpb249Mi42NDxCUj48QlI+LS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tIE1haWxTY2FubmVyIGxpc3QgDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS08QlI+VG8gdW5zdWJzY3JpYmUsIGVtYWlsIGppc2NtYWlsQGppc2NtYWlsLmFjLnVrIHdpdGgg DQp0aGUgd29yZHM6PEJSPidsZWF2ZSBtYWlsc2Nhbm5lcicgaW4gdGhlIGJvZHkgb2YgdGhlIGVt YWlsLjxCUj5CZWZvcmUgcG9zdGluZywgDQpyZWFkIHRoZSBXaWtpICg8QSANCmhyZWY9Imh0dHA6 Ly93aWtpLm1haWxzY2FubmVyLmluZm8vKSI+aHR0cDovL3dpa2kubWFpbHNjYW5uZXIuaW5mby8p PC9BPiANCmFuZDxCUj50aGUgYXJjaGl2ZXMgKDxBIA0KaHJlZj0iaHR0cDovL3d3dy5qaXNjbWFp bC5hYy51ay9saXN0cy9tYWlsc2Nhbm5lci5odG1sKS4iPmh0dHA6Ly93d3cuamlzY21haWwuYWMu dWsvbGlzdHMvbWFpbHNjYW5uZXIuaHRtbCkuPC9BPjxCUj48QlI+U3VwcG9ydCANCk1haWxTY2Fu bmVyIGRldmVsb3BtZW50IC0gYnV5IHRoZSBib29rIG9mZiB0aGUgd2Vic2l0ZSE8QlI+PC9ESVY+ PC9CT0RZPjwvSFRNTD4NCg== --=_00227680.FB9AE068-- From jrudd at UCSC.EDU Tue Sep 27 01:25:20 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:49 2006 Subject: Sendmail and backup MX Message-ID: On Sep 26, 2005, at 16:59, Scott Silva wrote: > I think I just want to use the above, and let MailScanner do the rest. > I > have a copy of the mimedefang howto in my hands right now. > Ok, if you have any questions, let me know, and I'll answer what I can. (I don't know if you want to do it off list, or not, but either way, I'll answer what I can) Though, the mimedefang mailing list is very helpful. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bg.mahesh at INDIAINFO.COM Tue Sep 27 03:01:58 2005 From: bg.mahesh at INDIAINFO.COM (BG Mahesh) Date: Thu Jan 12 21:30:49 2006 Subject: A sudden increase in drug spam emails Message-ID: hi Since one week there has been a sudden increase in spam emails on our serve= r. Most of them have the geocities.com URL. They all seem to be related to = some drugs. Are there any new rules to add to stop this sudden flood of spams? -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ --=20 ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.c= om=20 Check out our value-added Premium features, such as an extra 20MB for mail = storage, POP3, e-mail forwarding, and ads-free mailboxes! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patpng7 at yahoo.com Tue Sep 27 04:47:02 2005 From: patpng7 at yahoo.com (pat png) Date: Thu Jan 12 21:30:49 2006 Subject: How to Stop sending mail to Receipent Message-ID: --0-1050186214-1127792822=:40123 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit MailScanner.conf file entry. Maximum Message Size = %rules-dir%/messagesize.rule messagesize.rule FromOrTo: user@* 50000 FromOrTo: default 10000000 I saw the message has been picked up as too big when I send a 64K attachment. The sender get the message that it has been blocked and the receiver get the warning message with the attached 64K file instead of the VirusWarning.txt Warning message to it. How do I stop the mail sending to the receipent. rgds Patrick --------------------------------- Yahoo! for Good Click here to donate to the Hurricane Katrina relief effort. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! --0-1050186214-1127792822=:40123 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit
MailScanner.conf file entry.

Maximum Message Size = %rules-dir%/messagesize.rule

messagesize.rule
FromOrTo:       user@* 50000
FromOrTo:       default 10000000

I saw the message has been picked up as too big when I send a 64K
attachment. The sender get the message that it has been blocked and the receiver get
the warning message with the attached 64K file instead of the
VirusWarning.txt Warning message to it.
 
How do I stop the mail sending to the receipent.
 
rgds
Patrick

Yahoo! for Good
Click here to donate to the Hurricane Katrina relief effort.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
--0-1050186214-1127792822=:40123-- From mailscanner at SMITS.CO.UK Tue Sep 27 08:03:41 2005 From: mailscanner at SMITS.CO.UK (Bart Smit) Date: Thu Jan 12 21:30:50 2006 Subject: Convert HTML To Text rule doesn't work as expected Message-ID: > >> Bart Smit wrote: > >>> I am having problems with stripping HTML from inbound messages. One > >>> of our customers wants all HTML stripped but recently they have > >>> requested that messages from a trusted sending domain need to > >>> arrive with HTML intact. > >>> > >> > >> So... if I have this correct. > >> > >> Do not strip html > >> Unless to recipient.domain except if from sender.domain. > >> > >> So surely the rules need to be... > >> > >> From: sender@sender.domain no > >> To: *@recipient.domain yes > >> FromOrTo: default no > > > I prefer to exclude senders by IP address, since this is > > harder to spoof. > > Even if the rule didn't allow selection by IP, then the > > To: recipient@recipient.domain no > > line should ensure that the recipient gets all emails with > > HTML included. > > This is the first thing I tried. > > > > I get the feeling that the selection by recipient domain rule > > takes precedence over all other rules. > > No, they should be applied in order, until a match is found. > > I'm confused - you say in your original message that email *from* a > particular sending domain should be left intact, but now you are talking > about excluding email *to* a particular recipient. > > Can you clarify what you are trying to achieve? > > Stef Sorry to confuse you; both aspects of the message should lead to the message staying intact. I.e. I know the source domain of the emails and I know the recipient for them. These are reports generated by a web server that always go to the same recipient. The HTML stripping makes them all but undecipherable. I also think that the rules are applied in order but this just doesn't seem to be the case; the first rule should cause the message to be exempted from HTML stripping but it is still stripped. Bart... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Sep 27 08:58:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: Hi There's a big discussion about this on the sa users email list. Search their archives for the rules you need. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of BG Mahesh Sent: 27 September 2005 03:02 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] A sudden increase in drug spam emails hi Since one week there has been a sudden increase in spam emails on our server. Most of them have the geocities.com URL. They all seem to be related to some drugs. Are there any new rules to add to stop this sudden flood of spams? -- B.G. Mahesh bg.mahesh@indiainfo.com http://www.indiainfo.com/ -- ______________________________________________ IndiaInfo Mail - the free e-mail service with a difference! www.indiainfo.com Check out our value-added Premium features, such as an extra 20MB for mail storage, POP3, e-mail forwarding, and ads-free mailboxes! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Sep 27 09:00:34 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: Hi, > Since one week there has been a sudden increase in spam emails on our > server. Most of them have the geocities.com URL. They all seem to be > related to some drugs. > > Are there any new rules to add to stop this sudden flood of spams? This issue has been discussed on the SpamAssassin mailing list in the past, links to the list archives can be found here: http://wiki.apache.org/spamassassin/MailingLists I am using the following rule, which I got from the discussions on the list. # Based on rules posted on users@spamassassin.apache.org # uri CHIME_URL_GEOC /\buk\.geocities\.com\b/i describe CHIME_URL_GEOC High amounts of spam from Geocities. score CHIME_URL_GEOC 1.0 -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Screens are sometimes called displays because they display stuff ..." - UNIX for Dummies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Sep 27 09:12:50 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote: > > I am using the following rule, which I got from the discussions on > the list. > > # Based on rules posted on users@spamassassin.apache.org > # > uri CHIME_URL_GEOC /\buk\.geocities\.com\b/i > describe CHIME_URL_GEOC High amounts of spam from Geocities. > score CHIME_URL_GEOC 1.0 > With more spam from uk/it/ar/de, i now use the following as suggested earlier on this list. uri GEO_CHECK /^http:\/\/[a-z0-9-]{1,30}\.geocities\.com\b/i You could also check out http://antispam.imp.ch/rules/asciispam.cf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Sep 27 09:22:42 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: Hi, > Anthony Peacock wrote: > > > > I am using the following rule, which I got from the discussions on > > the list. > > > > # Based on rules posted on users@spamassassin.apache.org > > # > > uri CHIME_URL_GEOC /\buk\.geocities\.com\b/i > > describe CHIME_URL_GEOC High amounts of spam from > > Geocities. score CHIME_URL_GEOC 1.0 > > > > With more spam from uk/it/ar/de, i now use the following as suggested > earlier on this list. > > uri GEO_CHECK /^http:\/\/[a-z0-9-]{1,30}\.geocities\.com\b/i > > You could also check out http://antispam.imp.ch/rules/asciispam.cf I could, but these mails are now being caught more by Bayes and URIBLs that this rule doesn't really make much difference now. It worked great while Bayes and the BLs caught up, but doesn't make much impact now. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Sep 27 09:45:02 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote: > Hi, >>>I am using the following rule, which I got from the discussions on >>>the list. >>> >>># Based on rules posted on users@spamassassin.apache.org >>># >>>uri CHIME_URL_GEOC /\buk\.geocities\.com\b/i >>>describe CHIME_URL_GEOC High amounts of spam from >>>Geocities. score CHIME_URL_GEOC 1.0 >>> >> >>With more spam from uk/it/ar/de, i now use the following as suggested >>earlier on this list. >> >>uri GEO_CHECK /^http:\/\/[a-z0-9-]{1,30}\.geocities\.com\b/i >> >>You could also check out http://antispam.imp.ch/rules/asciispam.cf > > I could, but these mails are now being caught more by Bayes and > URIBLs that this rule doesn't really make much difference now. It > worked great while Bayes and the BLs caught up, but doesn't make much > impact now. > Apologies, i meant to communicate this to the OP. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Sep 27 09:57:44 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:50 2006 Subject: Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, September 26, 2005 21:53, Steve Hickel wrote: > All, > > I am getting tons of the below messages, yet email is being received and > processed by spam assassin (lots of timeouts there though) and > mailscanner. This ocurred after a recent update to latest mailscanner > (today). Thoughts? > > thanks, > > Steve > > > Sep 26 16:49:35 mailscan sm-msp-queue[665]: j8ONEDB4031211: to=postmaster, > delay=1+21:29:25, xdelay=00:00:00, mailer=relay, pri=15609283, > relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with > [127.0.0.1] > Sep 26 16:49:36 mailscan sm-msp-queue[665]: j8ONEDB5031211: to=postmaster, > delay=1+21:29:26, xdelay=00:00:00, mailer=relay, pri=15609353, > relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with > [127.0.0.1] Why is your server trying to connect to localhost (127.0.0.1)? This smacks of some set up for another AV/ Spam system that is not actually being used. I would check your config files (Sorry I'm not a Sendmail guru so can't really help there). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Sep 27 10:00:15 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: Hi, > Anthony Peacock wrote: > > Hi, > >>>I am using the following rule, which I got from the discussions on > >>>the list. > >>> > >>># Based on rules posted on users@spamassassin.apache.org > >>># > >>>uri CHIME_URL_GEOC /\buk\.geocities\.com\b/i > >>>describe CHIME_URL_GEOC High amounts of spam from > >>>Geocities. score CHIME_URL_GEOC 1.0 > >>> > >> > >>With more spam from uk/it/ar/de, i now use the following as > >>suggested earlier on this list. > >> > >>uri GEO_CHECK /^http:\/\/[a-z0-9-]{1,30}\.geocities\.com\b/i > >> > >>You could also check out http://antispam.imp.ch/rules/asciispam.cf > > > > I could, but these mails are now being caught more by Bayes and > > URIBLs that this rule doesn't really make much difference now. It > > worked great while Bayes and the BLs caught up, but doesn't make > > much impact now. > > > > Apologies, i meant to communicate this to the OP. No apologies necessary. It is useful to explore the various flavours, I think the best advice for the OP (which others have given as well) is to check out the SpamAssassin users list archive, as this has all the rules and discussions about the pros and cons for them. The basic rule that I used worked well for my site, until Bayes and URIBLs caught up. and we didn't get any of the non-uk variety getting through, so I didn't 'upgrade' my version of the rule. In fact I suspect I could stop using it now and not notice any drop in quality of filtering. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Whoever said nothing is impossible never tried slamming a revolving door." - Melissa O'Brien ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Nicolas.Schmitz at EC-NANTES.FR Tue Sep 27 10:25:16 2005 From: Nicolas.Schmitz at EC-NANTES.FR (Nicolas Schmitz) Date: Thu Jan 12 21:30:50 2006 Subject: ProcessClamAVOutput unrecognised line with up-to-date clamav Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I've got the same trouble here, from time to time I see the following lines : MailScanner[17637]: poster.pdf MailScanner[17637]: ProcessClamAVOutput: unrecognised line "poster.pdf". Please contact the authors! MailScanner (4.41.3-2) is running on Debian sarge , with latest clamav package from volatile : 0.87-0volatile1. anybody has an idea ? Thanks. Information Services a écrit : > While checking my logs I noticed the following errors: > > MailScanner[22723]: ProcessClamAVOutput: unrecognised line "rcng/". > Please contact the authors! > MailScanner[22723]: ProcessClamAVOutput: unrecognised line "rcng/ogo- > zidestore.sh". Please contact the authors! > MailScanner[22723]: ProcessClamAVOutput: unrecognised line > "rcng/ogo-xmlrpcd.sh". Please contact the authors! > MailScanner[22723]: ProcessClamAVOutput: unrecognised line "rcng/ogo- > nhsd.sh". Please contact the authors! > MailScanner[22723]: ProcessClamAVOutput: unrecognised line > "rcng/ogo-webui.sh". Please contact the authors! > > > The information above was from 11:41am on Sept 6, 2005. Previous to > this message shows ClamAV found 2 viruses at 7am of the same day. In > between there were no postings for ClamAV until this above error. > There have been no postings in the logs concerning ClamAV since. From > what I am seeing from this, clamav has not been running since > yesterday. Has anyone seen this before? > > I am running: > CentOS 4.1 > MailScanner 4.44.1-1 > sendmail 8.13.4-1 > clamav 0.86.2 > > > Casey > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Nicolas Schmitz Centre de Ressources Informatiques | tel : 02 40 37 68 06 Ecole Centrale de Nantes | fax : 02 40 37 25 78 1 rue de la Noe - BP 92101 44321 NANTES CEDEX 03 http://www.ec-nantes.fr ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Tue Sep 27 08:38:27 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad A Padmanabhan) Date: Thu Jan 12 21:30:50 2006 Subject: syslog buffering in FreeBSD Message-ID: Hi I am trying to tune up my Mailscanner installation for performance on Free BSD I want to enable syslog buffering as per http://wiki.mailscanner.info/doku.php?id=maq:index I have been searching for syslog buffering , any pointers ? Thanks Ram ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Sep 27 11:28:46 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote: > > The basic rule that I used worked well for my site, until Bayes and > URIBLs caught up. and we didn't get any of the non-uk variety > getting through, so I didn't 'upgrade' my version of the rule. In > fact I suspect I could stop using it now and not notice any drop in > quality of filtering. > BTW, i was under the impression that none of the URIBLs (surbl / uribl.com) chose to blacklist geocities for various reasons.. what URIBL are you using to block *. geocities dot com? - dhawal Yay!!! the jiscmail subject problem seems to be corrected now. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Sep 27 11:43:41 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: Hi, > Anthony Peacock wrote: > > > > The basic rule that I used worked well for my site, until Bayes and > > URIBLs caught up. and we didn't get any of the non-uk variety > > getting through, so I didn't 'upgrade' my version of the rule. In > > fact I suspect I could stop using it now and not notice any drop in > > quality of filtering. > > > > BTW, i was under the impression that none of the URIBLs (surbl / > uribl.com) chose to blacklist geocities for various reasons.. what > URIBL are you using to block *. geocities dot com? You are probably right, sorry I was being lazy and imprecise, using my memory instead of looking it up. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is a sobering thought, for example, that when Mozart was my age, he had been dead for two years." - Tom Lehrer ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Tue Sep 27 11:56:08 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:50 2006 Subject: syslog buffering in FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 9/27/05, Ramprasad A Padmanabhan wrote: > I am trying to tune up my Mailscanner installation for performance on > Free BSD > I want to enable syslog buffering as per > http://wiki.mailscanner.info/doku.php?id=maq:index From ssilva at SGVWATER.COM Tue Sep 27 16:06:00 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:50 2006 Subject: A sudden increase in drug spam emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BG Mahesh spake the following on 9/26/2005 7:01 PM: > hi > > Since one week there has been a sudden increase in spam emails on our server. Most of them have the geocities.com URL. They all seem to be related to some drugs. > > Are there any new rules to add to stop this sudden flood of spams? > > -- > B.G. Mahesh > bg.mahesh@indiainfo.com > http://www.indiainfo.com/ > > I found this on the lists a couple of weeks ago, but had to shorten the names as they gave me errors. uri PUBWEB_GEO_CHECK1 /^http:\/\/.*\.geocities\.com\// score PUBWEB_GEO_CHECK1 15.0 describe PUBWEB_GEO_CHECK1 PUBWEB_GEO_CHECK1, Body This will add a score to everything from geocities.com. You can add this to /etc/MailScanner/spam.assassin.prefs.conf and change the score accordingly. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Sep 27 20:27:38 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:50 2006 Subject: Pyzor errors {Solved} Message-ID: On 25 Sep 2005, at 22:11, Drew Marshall wrote: >> Hi all >> >> Just installed SA 3.1.0 and it's all running nicely. As Razor and >> DCC are licensed and not used by default I thought I would give >> Pyzor a go. >> >> It's all installed nicely but it just won't run. Pyzor discover >> works fine but if i run it from either SA or command line I get: >> >> Traceback (most recent call last): >> File "/usr/local/bin/pyzor", line 4, in ? >> pyzor.client.run() >> File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", >> line 934, in run >> ExecCall().run() >> File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", >> line 188, in run >> if not apply(dispatch, (self, args)): >> File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", >> line 284, in report >> self.client.report): >> File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", >> line 299, in send_digest >> runner.run(server, (digest, spec, server)) >> File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", >> line 725, in run >> response = apply(self.routine, varargs, kwargs) >> File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", >> line 48, in report >> self.send(msg, address) >> File "/usr/local/lib/python2.4/site-packages/pyzor/client.py", >> line 77, in send >> self.socket.sendto(mac_msg_str, 0, address) >> socket.error: (13, 'Permission denied') >> >> >> Now clearly the last line is significant. I have run this as root >> so it's not (Or shouldn't be) a permissions problem with files or >> directories and as root I shouldn't have issues with binding to >> low numbered ports, which was one suggestion from Google. >> >> Any ideas any one? >> >> For the record: >> >> FreeBSD 5.4 with python 2.4 and the latest pyzor installed from >> ports. >> >> TIA >> >> Drew OK kinda sad responding to my own posting but for the benefit of the archives I'll close this one. Classic firewall issue! If you don't open the port it doesn't work! /Blushes and runs away through embarrassment Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony at GAMES-MASTER.CO.UK Tue Sep 27 20:38:35 2005 From: tony at GAMES-MASTER.CO.UK (Tony Spencer) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: Hi all I’ve installed MailScanner to virus and spam scan emails. This seems to be working fine for email that is delivered locally on the server MailScanner is running. However the server is also an MX for domains for which email is forwarded onto different final destination servers, these emails aren’t being scanned. The emails have the following in their headers: ######### X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-MailScanner-SpamScore: sss ######### How can I get MailScanner to scan all port 25 traffic even if the final destination isn’t local? TIA Tony ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Sep 27 20:52:22 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 27 Sep 2005, at 20:38, Tony Spencer wrote: Hi all   I^Òve installed MailScanner to virus and spam scan emails. This seems to be working fine for email that is delivered locally on the server MailScanner is running. However the server is also an MX for domains for which email is forwarded onto different final destination servers, these emails aren^Òt being scanned. The emails have the following in their headers:   ######### X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-MailScanner-SpamScore: sss #########   How can I get MailScanner to scan all port 25 traffic even if the final destination isn^Òt local? Looks like you have a ruleset created to not scan mail. What do your logs say? That might even tell you which ruleset is being used. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Sep 27 21:09:58 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:50 2006 Subject: Sendmail et Lock Type Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, I just discovered that one of my servers running sendmail 8.13.1 has a blank "Lock Type" in MailScanner.conf (running version 4.44.6). I sometimes see lines line the following in the log: Sep 27 14:20:01 smtpe2 sendmail[9072]: j8RGeDXL003186: SYSERR(root): readqf: cannot open ./dfj8RGeDXL003186: No such file or directory I guess they are related. I tried to remember how to get confirmation that my sendmail was indeed using posix locks but couldn't find anything... I tried "sendmail -d0.1 [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tony Spencer wrote: > Hi all > > I^Òve installed MailScanner to virus and spam scan emails. > > This seems to be working fine for email that is delivered locally on > the server MailScanner is running. > > However the server is also an MX for domains for which email is > forwarded onto different final destination servers, these emails > aren^Òt being scanned. > > The emails have the following in their headers: > > ######### > > X-MailScanner-Information: Please contact the ISP for more information > > X-MailScanner: Not scanned: please contact your Internet E-Mail > Service Provider for details > > X-MailScanner-SpamScore: sss > > ######### > > How can I get MailScanner to scan all port 25 traffic even if the > final destination isn^Òt local? > Tony, Are you sure those were added by YOUR MS server? Nowadays there should be the %org-name% appearing such as: X-MyOrganization-MailScanner-Information: Please contact the ISP for more information Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From esandquist at IHMS.NET Tue Sep 27 21:56:19 2005 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:30:50 2006 Subject: Sendmail configuration for gateway Message-ID: I’ve got MailScanner/SpamAssassin/Sendmail set up to act as a gateway to out Exchange server. I setup the tables as instructed in Wiki. However, Sendmail keeps rejecting all the incoming email stating that the user doesn’t exist. Well, of course they don’t exist on filter/gateway machine. They only exist in the Exchange environment. How do I get Sendmail to just accept incoming mail for all or against a frequently updated list of Exchange users? Eric When a person studies Bible and Mishnah . . . but is dishonest in business, and does not speak gently with people, what do people say of him? ‘Woe unto him who studies Torah. . . . This man studied Torah; look how corrupt are his deeds, how ugly his ways.’" -- Babylonian Talmud, Yoma 86a ________________________________________________________________________________ I am using the free version of SPAMfighter for private users. It has removed 52399 spam emails to date. Paying users do not have this message in their emails. Try SPAMfighter for free now! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (Name: "esandquist@ihms.net.vcf") 19 lines. ] [ Unable to print this part. ] From KGoods at AIAINSURANCE.COM Tue Sep 27 22:22:15 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:30:50 2006 Subject: Sendmail configuration for gateway Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Eric Sandquist wrote: > I've got MailScanner/SpamAssassin/Sendmail set up to act as a gateway > to out Exchange server. I setup the tables as instructed in Wiki. > However, Sendmail keeps rejecting all the incoming email stating that > the user doesn't exist. Well, of course they don't exist on > filter/gateway machine. They only exist in the Exchange environment. > How do I get Sendmail to just accept incoming mail for all or against > a frequently updated list of Exchange users? > > Eric > > When a person studies Bible and Mishnah . . . but is dishonest in > business, and does not speak gently with people, what do people say > of him? 'Woe unto him who studies Torah. . . . This man studied > Torah; look how corrupt are his deeds, how ugly his ways.'" -- > Babylonian Talmud, Yoma 86a > > > > > I am using the free version of SPAMfighter for private users. > It has removed 52399 spam emails to date. > Paying users do not have this message in their emails. > Try SPAMfighter for free now! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! I'm doing the same thing... look at mailertable and virtusertable in the sendmail docs. If you have any trouble post back and I can elaborate. This may be better on the Sendmail list anyway... ;) Good luck, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Sep 27 23:03:43 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:50 2006 Subject: Sendmail et Lock Type Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin spake the following on 9/27/2005 1:09 PM: > Hello all, > > I just discovered that one of my servers running sendmail 8.13.1 has a > blank "Lock Type" in MailScanner.conf (running version 4.44.6). I > sometimes see lines line the following in the log: > Sep 27 14:20:01 smtpe2 sendmail[9072]: j8RGeDXL003186: SYSERR(root): > readqf: cannot open ./dfj8RGeDXL003186: No such file or directory > > I guess they are related. I tried to remember how to get confirmation > that my sendmail was indeed using posix locks but couldn't find anything... > > I tried "sendmail -d0.1 about locks... can someone help me out? > > Thanks! > > Denis > Try "sendmail -bt -d0.10 < /dev/null | grep HASFLOCK" -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Tue Sep 27 23:39:54 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:50 2006 Subject: new rules placement Message-ID: where do I place the new rules in the same location as /etc/spamassassin/local.cf or in the /etc/spamassassin/RulesDuJour location? Thanks Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/PLAIN 29 lines. ] [ Unable to print this part. ] From mike at CAMAROSS.NET Wed Sep 28 01:07:38 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:50 2006 Subject: Sendmail configuration for gateway Message-ID: @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited { COLOR: purple; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline } SPAN.EmailStyle17 { COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose } DIV.Section1 { page: Section1 } You should add the domain that your Exchange server accepts mail for to /etc/mail/relay-domains and then restart MailScanner. Add an entry to /etc/mail/mailertable like so: yourdomain.com esmtp:[192.168.x.x] Then run make to hash the file to db If your Exchange is configured to reject unknown users, your MailScanner box should be fine. I run milter-sender on mine which calls the Exchange server (or any other MX) to verify the recipient prior to accepting the message. It also calls back to verify the sender prior to accepting a message. Mike ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Eric Sandquist Sent: Tuesday, September 27, 2005 3:56 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sendmail configuration for gateway I’ve got MailScanner/SpamAssassin/Sendmail set up to act as a gateway to out Exchange server. I setup the tables as instructed in Wiki. However, Sendmail keeps rejecting all the incoming email stating that the user doesn’t exist. Well, of course they don’t exist on filter/gateway machine. They only exist in the Exchange environment. How do I get Sendmail to just accept incoming mail for all or against a frequently updated list of Exchange users? Eric When a person studies Bible and Mishnah . . . but is dishonest in business, and does not speak gently with people, what do people say of him? ‘Woe unto him who studies Torah. . . . This man studied Torah; look how corrupt are his deeds, how ugly his ways.’" -- Babylonian Talmud, Yoma 86a ________________________________________________________________________________ I am using the free version of SPAMfighter for private users. It has removed 52399 spam emails to date. Paying users do not have this message in their emails. Try SPAMfighter for free now! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Wed Sep 28 01:41:24 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:30:50 2006 Subject: /var/spool/mqueue* messages Message-ID: >define(`confBAD_RCPT_THROTTLE',`1')dnl slow down any dictionary attacks >on your system. You can change the 1 to a higher number. Thanks for the suggestions what would be the best number for this. Is every one using 1 or a higher number to mitigate the dictionary attacks ? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Sep 28 02:09:47 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:30:50 2006 Subject: Regexp (slightly OT) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have had a need to start making my own custom rules for SA. Seems like most people can already do this easily, but i kept making typos and having issues making them work without retrying a few times. Does anyone use any kind of validator, other than thier live system or lint, to see if thier regexp are failing and if so where? I found http://desktopengineer.com/home/all_articles/free_regular_expression_tester this tool that does a fair job, but its not a linux shell tool and its almost too overwhelming. Anyone got any ideas on a shell tool that can do a similar job? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nats at SSCRMNL.EDU.PH Wed Sep 28 02:33:35 2005 From: nats at SSCRMNL.EDU.PH (Jose Nathaniel Nengasca) Date: Thu Jan 12 21:30:50 2006 Subject: Anyone has milter-sender? Can you send one? Message-ID: Hi, Do anyone has a milter-sender? The version before the official stable release. Thanks JOSE NATHANIEL G. NENGASCA Network Administrator San Sebastian College-Recoletos Manila ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Sep 28 03:45:14 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:30:50 2006 Subject: /var/spool/mqueue* messages Message-ID: I have mine set to 4, don't remember why. My mail server gets 30K to 40K messages a day. Jeff Earickson Colby College On Wed, 28 Sep 2005, Venkata Achanta wrote: > Date: Wed, 28 Sep 2005 01:41:24 +0100 > From: Venkata Achanta > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: /var/spool/mqueue* messages > >> define(`confBAD_RCPT_THROTTLE',`1')dnl slow down any dictionary attacks >> on your system. You can change the 1 to a higher number. > > Thanks for the suggestions > > what would be the best number for this. Is every one using 1 or a higher > number to mitigate the dictionary attacks ? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Sep 28 09:01:24 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: Tony Depends on your MailScanner.conf, but as someelse said it's interesting the org-name isn't appearing in the headers... what version of MailScanner are you running? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tony Spencer Sent: 27 September 2005 20:39 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Mailscanner not scanning all emails Hi all I've installed MailScanner to virus and spam scan emails. This seems to be working fine for email that is delivered locally on the server MailScanner is running. However the server is also an MX for domains for which email is forwarded onto different final destination servers, these emails aren't being scanned. The emails have the following in their headers: ######### X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-MailScanner-SpamScore: sss ######### How can I get MailScanner to scan all port 25 traffic even if the final destination isn't local? TIA Tony ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony at GAMES-MASTER.CO.UK Wed Sep 28 11:18:01 2005 From: tony at GAMES-MASTER.CO.UK (Tony Spencer) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: [ The following text is in the "windows-1250" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I purposely removed the org name in the headers until I decide what to put there. I finally sorted the scanning of spam and what it was displaying in the headers, there were some config options on what it would display if the email was marked as spam. The option was set to just display a "s" for the spam score, one "s" for each score, so a score of 2 would show "ss". I've also setup the virus scanner, Clamav and that's working fine now also, email incoming is now virus and spam scanned. Although I tried to use the Clamav perl module and use that by changing the config line to: ## Virus Scanners = clamavmodule ### But the maillog shows: ######## Sep 28 07:22:34 scan MailScanner[20444]: Enabling SpamAssassin auto-whitelist functionality... Sep 28 07:22:36 scan MailScanner[20444]: ClamAV Perl module not found, did you install it? ############ Maybe it's something to do with the line in virus.scanners.conf: ## clamav /usr/lib/MailScanner/clamav-wrapper /usr/local clamavmodule /bin/false /tmp ## Compared to the clamav line I'm not sure it looks right. Anyone got any ideas? Thanks Tony -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: 28 September 2005 09:01 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner not scanning all emails Tony Depends on your MailScanner.conf, but as someelse said it's interesting the org-name isn't appearing in the headers... what version of MailScanner are you running? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tony Spencer Sent: 27 September 2005 20:39 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Mailscanner not scanning all emails Hi all I've installed MailScanner to virus and spam scan emails. This seems to be working fine for email that is delivered locally on the server MailScanner is running. However the server is also an MX for domains for which email is forwarded onto different final destination servers, these emails aren't being scanned. The emails have the following in their headers: ######### X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-MailScanner-SpamScore: sss ######### How can I get MailScanner to scan all port 25 traffic even if the final destination isn't local? TIA Tony ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Sep 28 11:38:38 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 28/09/05, Tony Spencer wrote: (snip) > Although I tried to use the Clamav perl module and use that by changing the > config line to: > > ## > Virus Scanners = clamavmodule > ### > > But the maillog shows: > > ######## > Sep 28 07:22:34 scan MailScanner[20444]: Enabling SpamAssassin > auto-whitelist functionality... > Sep 28 07:22:36 scan MailScanner[20444]: ClamAV Perl module not found, did > you install it? > ############ > > Maybe it's something to do with the line in virus.scanners.conf: > > ## > clamav /usr/lib/MailScanner/clamav-wrapper /usr/local > clamavmodule /bin/false /tmp > ## > > Compared to the clamav line I'm not sure it looks right. > Anyone got any ideas? > > Thanks > Tony > (snip) Show us the output from "MailScanner -v"... You oprobably haven't installed Mail::ClamAV (will show as "missing Mail::ClamAV" in the output). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Sep 28 12:14:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: On 28 Sep 2005, at 11:38, Glenn Steen wrote: > On 28/09/05, Tony Spencer wrote: > (snip) > >> Although I tried to use the Clamav perl module and use that by >> changing the >> config line to: >> >> ## >> Virus Scanners = clamavmodule >> ### >> >> But the maillog shows: >> >> ######## >> Sep 28 07:22:34 scan MailScanner[20444]: Enabling SpamAssassin >> auto-whitelist functionality... >> Sep 28 07:22:36 scan MailScanner[20444]: ClamAV Perl module not >> found, did >> you install it? >> ############ >> >> Maybe it's something to do with the line in virus.scanners.conf: >> >> ## >> clamav /usr/lib/MailScanner/clamav-wrapper /usr/local >> clamavmodule /bin/false /tmp >> ## >> >> Compared to the clamav line I'm not sure it looks right. >> Anyone got any ideas? >> >> Thanks >> Tony >> >> > (snip) > Show us the output from "MailScanner -v"... You oprobably haven't > installed Mail::ClamAV (will show as "missing Mail::ClamAV" in the > output). If you download my install-Clam-SA.tar.gz package from near the bottom of the downloads page on www.mailscanner.info, you will find it sets all this lot up for you. It will save you quite a bit of time fiddling around tweaking things to make it work. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony at GAMES-MASTER.CO.UK Wed Sep 28 12:30:57 2005 From: tony at GAMES-MASTER.CO.UK (Tony Spencer) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: [ The following text is in the "windows-1250" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That^Òs how I installed it in the first place. It installed fine with no errors, but mailscanner -v gives: Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Trying to install it again under cpan give: cpan> install Mail::ClamAV Mail::ClamAV is up to date. Strange..... Tony -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 28 September 2005 12:15 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner not scanning all emails On 28 Sep 2005, at 11:38, Glenn Steen wrote: > On 28/09/05, Tony Spencer wrote: > (snip) > >> Although I tried to use the Clamav perl module and use that by >> changing the >> config line to: >> >> ## >> Virus Scanners = clamavmodule >> ### >> >> But the maillog shows: >> >> ######## >> Sep 28 07:22:34 scan MailScanner[20444]: Enabling SpamAssassin >> auto-whitelist functionality... >> Sep 28 07:22:36 scan MailScanner[20444]: ClamAV Perl module not >> found, did >> you install it? >> ############ >> >> Maybe it's something to do with the line in virus.scanners.conf: >> >> ## >> clamav /usr/lib/MailScanner/clamav-wrapper /usr/local >> clamavmodule /bin/false /tmp >> ## >> >> Compared to the clamav line I'm not sure it looks right. >> Anyone got any ideas? >> >> Thanks >> Tony >> >> > (snip) > Show us the output from "MailScanner -v"... You oprobably haven't > installed Mail::ClamAV (will show as "missing Mail::ClamAV" in the > output). If you download my install-Clam-SA.tar.gz package from near the bottom of the downloads page on www.mailscanner.info, you will find it sets all this lot up for you. It will save you quite a bit of time fiddling around tweaking things to make it work. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony at GAMES-MASTER.CO.UK Wed Sep 28 12:43:31 2005 From: tony at GAMES-MASTER.CO.UK (Tony Spencer) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: [ The following text is in the "windows-1250" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just in case I did something wrong or missed something I re-installed using install-Clam-SA.tar.gz again, but found the following errors: ## Finished Build Compile Stage Manifying blib/man3/Mail::ClamAV.3pm PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 188 # BEGIN failed--compilation aborted at /tmp/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 532. # Compilation failed in require at (eval 1) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. t/Mail-ClamAV....dubious Test returned status 10 (wstat 2560, 0xa00) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ---------------------------------------------------------------------------- --- t/Mail-ClamAV.t 10 2560 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 ## So it looks like it installed but won't load. Tony -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Tony Spencer Sent: 28 September 2005 12:31 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner not scanning all emails That^Òs how I installed it in the first place. It installed fine with no errors, but mailscanner -v gives: Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Trying to install it again under cpan give: cpan> install Mail::ClamAV Mail::ClamAV is up to date. Strange..... Tony -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 28 September 2005 12:15 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner not scanning all emails On 28 Sep 2005, at 11:38, Glenn Steen wrote: > On 28/09/05, Tony Spencer wrote: > (snip) > >> Although I tried to use the Clamav perl module and use that by >> changing the >> config line to: >> >> ## >> Virus Scanners = clamavmodule >> ### >> >> But the maillog shows: >> >> ######## >> Sep 28 07:22:34 scan MailScanner[20444]: Enabling SpamAssassin >> auto-whitelist functionality... >> Sep 28 07:22:36 scan MailScanner[20444]: ClamAV Perl module not >> found, did >> you install it? >> ############ >> >> Maybe it's something to do with the line in virus.scanners.conf: >> >> ## >> clamav /usr/lib/MailScanner/clamav-wrapper /usr/local >> clamavmodule /bin/false /tmp >> ## >> >> Compared to the clamav line I'm not sure it looks right. >> Anyone got any ideas? >> >> Thanks >> Tony >> >> > (snip) > Show us the output from "MailScanner -v"... You oprobably haven't > installed Mail::ClamAV (will show as "missing Mail::ClamAV" in the > output). If you download my install-Clam-SA.tar.gz package from near the bottom of the downloads page on www.mailscanner.info, you will find it sets all this lot up for you. It will save you quite a bit of time fiddling around tweaking things to make it work. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Wed Sep 28 13:02:30 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:30:50 2006 Subject: Sign Clean Messages in MailScanner 4.45 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Solved, maybe restarting problems Thank you very much Jose ----- Original Message ----- From: "Julian Field" To: Sent: Monday, September 26, 2005 3:09 PM Subject: Re: [MAILSCANNER] Sign Clean Messages in MailScanner 4.45 > Did you "reload" or "restart" MailScanner after making the change? > The feature works just fine, as far as I am aware. > > I would, of course, be happier if you left it enabled, it gets > MailScanner more publicity :-) > But you should certainly be able to disable it! > > On 26 Sep 2005, at 12:28, José Angel Blanco González wrote: > >> Since I have installed MailScanner last version 4.45 most delivered >> clean >> messages are signed with >> "This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean." >> >> but I checked >> Sign Clean Messages = no >> in Mailscanner.conf >> >> How can I disable this feature at all? >> >> Thank you very much > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at kipness.com Wed Sep 28 13:36:40 2005 From: max at kipness.com (Max Kipness) Date: Thu Jan 12 21:30:50 2006 Subject: Couple lines of spam Message-ID: I have Bayes, SA rules du jour, a couple of black hole lists, DCC and Razor2 configured and working, and these catch over 10k of spam a day. However, lately, I’ve been getting quite a few pieces of spam that are a couple of lines long, sometimes with misspelled words, and a link. Bayes picks them up as 100%, but nothing else does, so they are not considered spam. What is the best method for catching these? Higher score on bayes (which means the db has to be very accurate), add more black hole lists, more SA rules, or is there some other method of catching these? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Sep 28 13:39:44 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: Download the latest version of my install-Clam-SA.tar.gz and try again, I have added some more intelligence to it in the last day or so. It will now set up your ld.so so that the module build process can find the ClamAV library, without you having to edit any files by hand. On 28 Sep 2005, at 12:43, Tony Spencer wrote: > Just in case I did something wrong or missed something I re- > installed using > install-Clam-SA.tar.gz again, but found the following errors: > > ## > Finished Build Compile Stage > > Manifying blib/man3/Mail::ClamAV.3pm > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ > ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > file: No > such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Wed Sep 28 14:59:43 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:30:50 2006 Subject: Regexp (slightly OT) Message-ID: Regex Coach is a life saver... http://weitz.de/regex-coach/ -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Russell Sent: Tuesday, September 27, 2005 9:10 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Regexp (slightly OT) I have had a need to start making my own custom rules for SA. Seems like most people can already do this easily, but i kept making typos and having issues making them work without retrying a few times. Does anyone use any kind of validator, other than thier live system or lint, to see if thier regexp are failing and if so where? I found http://desktopengineer.com/home/all_articles/free_regular_expression_tester this tool that does a fair job, but its not a linux shell tool and its almost too overwhelming. Anyone got any ideas on a shell tool that can do a similar job? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Sep 28 15:13:15 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:50 2006 Subject: Sendmail et Lock Type Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: >Denis Beauchemin spake the following on 9/27/2005 1:09 PM: > > >>Hello all, >> >>I just discovered that one of my servers running sendmail 8.13.1 has a >>blank "Lock Type" in MailScanner.conf (running version 4.44.6). I >>sometimes see lines line the following in the log: >>Sep 27 14:20:01 smtpe2 sendmail[9072]: j8RGeDXL003186: SYSERR(root): >>readqf: cannot open ./dfj8RGeDXL003186: No such file or directory >> >>I guess they are related. I tried to remember how to get confirmation >>that my sendmail was indeed using posix locks but couldn't find anything... >> >>I tried "sendmail -d0.1>about locks... can someone help me out? >> >>Thanks! >> >>Denis >> >> >> >Try "sendmail -bt -d0.10 < /dev/null | grep HASFLOCK" > > > Scott, It prints nothing. So I guess it doesn't use FLOCK but uses LOCKF (or Posix) locks? Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Sep 28 15:24:34 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:50 2006 Subject: Couple lines of spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 28/09/05, Max Kipness wrote: > > > > I have Bayes, SA rules du jour, a couple of black hole lists, DCC and > Razor2 configured and working, and these catch over 10k of spam a day. > > > > However, lately, I've been getting quite a few pieces of spam that are a > couple of lines long, sometimes with misspelled words, and a link. Bayes > picks them up as 100%, but nothing else does, so they are not considered > spam. > > > > What is the best method for catching these? Higher score on bayes (which > means the db has to be very accurate), add more black hole lists, more SA > rules, or is there some other method of catching these? > > > > Thanks, > > Max > Depends... Probably custon SA rule(s). Geocities or msn? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Sep 28 15:31:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:50 2006 Subject: Sendmail et Lock Type Message-ID: On 28 Sep 2005, at 15:13, Denis Beauchemin wrote: > Scott Silva wrote: > > >> Denis Beauchemin spake the following on 9/27/2005 1:09 PM: >> >> >>> Hello all, >>> >>> I just discovered that one of my servers running sendmail 8.13.1 >>> has a >>> blank "Lock Type" in MailScanner.conf (running version 4.44.6). I >>> sometimes see lines line the following in the log: >>> Sep 27 14:20:01 smtpe2 sendmail[9072]: j8RGeDXL003186: SYSERR(root): >>> readqf: cannot open ./dfj8RGeDXL003186: No such file or directory >>> >>> I guess they are related. I tried to remember how to get >>> confirmation >>> that my sendmail was indeed using posix locks but couldn't find >>> anything... >>> >>> I tried "sendmail -d0.1>> output >>> about locks... can someone help me out? >>> >>> Thanks! >>> >>> Denis >>> >>> >>> >> Try "sendmail -bt -d0.10 < /dev/null | grep HASFLOCK" >> >> >> > Scott, > > It prints nothing. So I guess it doesn't use FLOCK but uses LOCKF > (or Posix) locks? Correct. You need to set "Lock Type = posix". -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony at GAMES-MASTER.CO.UK Wed Sep 28 16:02:01 2005 From: tony at GAMES-MASTER.CO.UK (Tony Spencer) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: [ The following text is in the "windows-1250" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I still got the same problems with the newer version. However I've solved it now. Looking at the error: ### Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. ### When doing a make test. I did a locate on libclamav.so.1 and found it was installed in /usr/local/lib so I added the following symlinks: ln -s /usr/local/lib/libclamav.so.1.0.16 /usr/lib/libclamav.so.1 ln -s /usr/local/lib/libclamav.so.1.0.16 /usr/lib/libclamav.so Did a make test again and got no errors. Maillog now shows no errors when virus scanning. Thanks for your help. Tony -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 28 September 2005 13:40 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner not scanning all emails Download the latest version of my install-Clam-SA.tar.gz and try again, I have added some more intelligence to it in the last day or so. It will now set up your ld.so so that the module build process can find the ClamAV library, without you having to edit any files by hand. On 28 Sep 2005, at 12:43, Tony Spencer wrote: > Just in case I did something wrong or missed something I re- > installed using > install-Clam-SA.tar.gz again, but found the following errors: > > ## > Finished Build Compile Stage > > Manifying blib/man3/Mail::ClamAV.3pm > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ > ClamAV.so' > for module Mail::ClamAV: libclamav.so.1: cannot open shared object > file: No > such file or directory at > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.8/113 - Release Date: 27/09/2005 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mikea at MIKEA.ATH.CX Wed Sep 28 16:19:21 2005 From: mikea at MIKEA.ATH.CX (mikea) Date: Thu Jan 12 21:30:50 2006 Subject: Regexp (slightly OT) Message-ID: On Wed, Sep 28, 2005 at 11:09:47AM +1000, Peter Russell wrote: > I have had a need to start making my own custom rules for SA. Seems like > most people can already do this easily, but i kept making typos and > having issues making them work without retrying a few times. > > Does anyone use any kind of validator, other than thier live system or > lint, to see if thier regexp are failing and if so where? > > I found > http://desktopengineer.com/home/all_articles/free_regular_expression_tester > this tool that does a fair job, but its not a linux shell tool and its > almost too overwhelming. > > Anyone got any ideas on a shell tool that can do a similar job? I built an _extremely_ quick-and-dirty Perl script to help me build rules. It's immediately below. It isn't pretty, it doesn't do meta-rules, and it lacks any semblance of elegance, nicety, or refinement. But it's useful. #! /usr/bin/perl # spmassassin rule builder # takes type (header, body, raw, uri, etc.), name, # pattern or string to be matched, # description, and score, # and writes rule # Does *NO* parsing of patterns # Does not run Spamassassin --lint # # appends rulesets to ~/buildrule.rules and # prints them to the standard output. # Maybe test rules using eval? Hmmmmmmm! This could be cool! # first see if ~/buildrule.rules exists -e "/home/mikea/buildrule.rules" or warn "/home/mikea/buildrule.rules does not exist; creating it.\n"; open(RULES, ">>", "/home/mikea/buildrule.rules") or die "Can't create /home/mikea/buildrule.rules: $!"; while (1) { # outer loop $ruletype=""; # $headerstr is null at entry; will be changed to # " =~ ", with first character of capitalized. # e.g., "Subject =~ " $headerstr=""; # ruletype can be header, body, uri, or rawbody while ((lc($ruletype) !~ "^h") && (lc($ruletype) !~ "^b") && (lc($ruletype) !~ "^u") && (lc($ruletype) !~ "^r")) { print "SpamAssassin rulebuilder: /home/mikea/bin/buildrule\n"; print "version of 20050217 10:00 CST\n"; if ($ruletype ne "") {print "$ruletype is not a valid entry.\n";} print "ruletype entry. to quit; else one of header, body, uri, rawbody: "; $ruletype=<>; chomp $ruletype; if (length($ruletype) == 0) {goto QUIT}; if (lc($ruletype) =~ "^h") {$ruletype="header"} elsif (lc($ruletype) =~ "^b") {$ruletype="body"} elsif (lc($ruletype) =~ "^u") {$ruletype="uri"} elsif (lc($ruletype) =~ "^r") {$ruletype="rawbody"}; $ucruletype = $ruletype; $ucruletype =~ tr/a-z/A-Z/; print "\$ruletype=$ruletype\n"; } # headertype can be subject, to, from, received, or message-id # (or possibly resent-to, or one of the others) # but we concentrate on subject, to, from, received, and message-id # If the ruletype is "header", then we want to get the subtype, # perhaps from the actual rule entry, perhaps by asking for it. # A good way to make sure that the header type is one of the # permissible types is to print the permissible types and then # prompt and validate. if (lc($ruletype) =~ "^h") { $headertype = ""; while ((lc($headertype) !~ "^s") && (lc($headertype) !~ "^t") && (lc($headertype) !~ "^r") && # added mla 20050725 (lc($headertype) !~ "^f") && (lc($headertype) !~ "^m")) { if ($headertype ne "") {print "$headertype is not a valid entry.\n";} print "headertype entry. to quit; else one of Subject, To, From, Received, Message-ID:\n"; $headertype=<>; chomp $headertype; } if (lc($headertype) =~ "^s") {$headertype="Subject"} elsif (lc($headertype) =~ "^t") {$headertype="To"} elsif (lc($headertype) =~ "^r") {$headertype="Received"} # added 20050725 mla elsif (lc($headertype) =~ "^f") {$headertype="From"} elsif (lc($headertype) =~ "^m") {$headertype="Message-ID"}; # handle capitalization: just the first character, please; the rest lower # $ruletype = ucfirst(lc($headertype)); $ruletype = "header"; $ucheadertype = $headertype; $ucheadertype =~ tr/a-z/A-Z/; print "Header rule: \$headertype=$headertype\n"; $headerstr = ucfirst( $headertype." =~ "); } print "Rulename entry. Blanks and - will be replaced with _, \n"; print "and all letters will be capitalized. Specify rulename: "; $rulename = <>; chomp $rulename; $rulename =~ tr/a-z/A-Z/; $rulename =~ tr/\\. -/____/; # Build the entire rulename at this point by prepending ODOT # and the uppercased ruletype to the current rulename. $rulename = "ODOT_".$ucruletype."_".$rulename; print "Rulename will be $rulename\n"; print "pattern or string entry. Enter the pattern *EXACTLY* \n"; print "as you want it to appear in the rule. Delimiters will be \"/\",.\n"; print "matching will be caseless (\/pattern\/i).\n"; $pattern_string=<>; chomp $pattern_string; print "description entry. Enter the description exactly as you want it\n"; print "to appear in the rule: "; $desc = <>; chomp $desc; print "score entry. Enter the score part of the rule exactly as you want it\n"; print "to appear in the rule: "; $score=<>; chomp $score; EVAL: print "Want to evaluate the rule? Y (or y or 1 or yes) / N (or n or 0 or no)? :"; $eval = <>; chomp $eval; if ( (lc(substr($eval,0,1)) eq "1" ) or (lc(substr($eval,0,1)) eq "y" ) ) { # eval the string against various inputs print "enter the body or header text to test your rule, or just to stop testing: "; $evalstring = " "; while (length($evalstring) != 0) { # testing the string for a match here $evalstring = <>; chomp $evalstring; if ($evalstring =~ m/$pattern_string/i) { print "$evalstring matched $pattern_string\n"; } else { print "$evalstring failed to match $pattern_string\n"; } } # end of testing the string for a match here print "end of eval loop\n"; } # end of eval loop $saveit = "xxxx"; #print "substr(\$saveit,0,1)=substr($saveit,0,1)\n"; while ( (substr($saveit,0,1) ne "0") && (substr($saveit,0,1) ne "1") && (substr($saveit,0,1) ne "n") && (substr($saveit,0,1) ne "y") && (substr($saveit,0,1) ne "N") && (substr($saveit,0,1) ne "Y") ) { print "Want to save the rule? Y (or y or 1 or yes) / N (or n or 0 or no or just ): "; $saveit = lc(<>); chomp $saveit; # print "\$saveit=$saveit\n"; } ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime; # $wday is numeric, Monday is day 1 # $year is 1900-based (year 2005 means $year=105) # $mon is 0-based: January means $month=0 $year += 1900; @dayname=(Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday); $day=$dayname[$wday]; @monthname=(Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec); $month=$monthname[$mon]; if ( (substr($saveit,0,1) eq "1") or (substr($saveit,0,1) eq "y") ) { print "--------> appended to /home/mikea/buildrule.rules \n"; print "\n\n\n\n"; print "# generated by /home/mikea/bin/buildrule at $hour:$min:$sec on $day $year.$month.$mday\n"; print "$ruletype $rulename $headerstr\/$pattern_string/i\n"; print "describe $rulename (LOCAL RULE) $desc\n"; print "score $rulename $score\n"; print "\n\n\n\n"; print RULES "# generated by /home/mikea/bin/buildrule at $hour:$min:$sec on $day $year.$month.$mday\n"; print RULES "$ruletype $rulename $headerstr\/$pattern_string/i\n"; print RULES "describe $rulename (LOCAL RULE) $desc\n"; print RULES "score $rulename $score\n"; print RULES "\n"; } } # outer loop QUIT: close RULES or die "Unable to close RULES: $!\n"; print "any rules saved have been appended to /home/mikea/buildrule.rules\n"; print "do you want to edit /home/mikea/buildrule.rules? (Y or n): "; $edit = <>; chomp $edit; $edit = lc ( $edit); #print "\$edit=\"$edit\".\n"; if (length($edit) > 0) { $edit = substr($edit,0,1); if ( ($edit ne "0") or ($edit ne "n") or (length($edit) == 0) ) { # print "would have run vim here\n"; system "vim /home/mikea/buildrule.rules"; } } exit(0); -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Wed Sep 28 17:10:25 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:50 2006 Subject: Not sure if Mailscanner is scanning all emails or setup properly Message-ID: I am also having some trouble and that I am not sure MS or SA is all working properly. Below is an example header output. What I am concerned with is the line which shows tests=AWL,HTML_MESSAGE but my mailscanner.conf indicates Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 Now since the message header example below also goes through my ISP (ez-web-hosting.com) who uses SA, I suspect that the X-Spam-Status line is from them, and the ones below are from my MailScanner/SA setup. But why does the header not show the full X-PBCO-Spam-Status or any other information? The route this message took was -Sent from pbco.ca through internal SA and MS setup. -Received at openenterprise.ca (hosted by ez-web-hosting.com) who also run SA -Polled with fetchmail from my home server and dumped into internal sendmail with SA running. Header: (some stuff at the top has been removed which I dont think is needed to diagnose) Date: Wed, 28 Sep 2005 08:46:03 -0700 From: "Johnny Stork" Sender: "Johnny Stork" To: "Johnny Stork" Message-ID: <"H0000067000b414c.1127922362.pbco-server2.pbco.ca*"@MHS> Subject: Another Test Delivery-date: Wed, 28 Sep 2005 11:47:42 -0400 x-scalix-Hops: 1 Envelope-to: stork@openenterprise.ca X-Spam-Status: No, score=0.1 required=4.0 tests=AWL,HTML_MESSAGE autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on ez6.ez-web-hosting.com X-Spam-Level: X-PBCO-MailScanner-Information: Please contact the ISP for more information X-PBCO-MailScanner: Found to be clean X-PBCO-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.439, required 5, autolearn=not spam, ALL_TRUSTED -1.44, HTML_MESSAGE 0.00) X-PBCO-MailScanner-From: jstork@pbco.ca MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="scalix-part-005e24496d=_02" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Wed Sep 28 17:25:27 2005 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:30:50 2006 Subject: mailscan sm-msp-queue and 127.0.0.1 timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] all, I upgraded to the latest mailscanner and perl spamassassin and now my maillog is filled with the below even though email still flows in etc. Any thoughts? vr, Steve Hickel 28 12:22:54 mailscan sm-msp-queue[3471]: j8SChUqJ009502: to=postmaster, delay=03:31:39, xdelay=00:00:00, mailer=relay, pri=849363, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1] Sep 28 12:22:55 mailscan sm-msp-queue[3471]: j8SChUqK009502: to=postmaster, delay=03:31:39, xdelay=00:00:00, mailer=relay, pri=849385, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1] Sep 28 12:22:55 mailscan sm-msp-queue[3471]: j8SChUqL009502: to= ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at PBCO.CA Wed Sep 28 17:27:02 2005 From: jstork at PBCO.CA (Johnny Stork) Date: Thu Jan 12 21:30:50 2006 Subject: Mostly negative SA scores Message-ID: In addition to my previous post about whether my SA and MS are configured properly, I see mostly negative SA scores? Is this correct? X-PBCO-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.439, required 5, autolearn=not spam, ALL_TRUSTED -1.44, HTML_MESSAGE 0.00) ----------------------------------------------------------- Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office #301 - 1190 Hornby St. Vancouver, BC (V6Z-2K5) 604-806-8840 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Wed Sep 28 17:31:16 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:50 2006 Subject: mailscan sm-msp-queue and 127.0.0.1 timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > 28 12:22:54 mailscan sm-msp-queue[3471]: j8SChUqJ009502: to=postmaster, delay=03:31:39, xdelay=00:00:00, mailer=relay, pri=849363, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1] >Sep 28 12:22:55 mailscan sm-msp-queue[3471]: j8SChUqK009502: to=postmaster, delay=03:31:39, xdelay=00:00:00, mailer=relay, pri=849385, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1] >Sep 28 12:22:55 mailscan sm-msp-queue[3471]: j8SChUqL009502: to= > > I had this on one of my systems and it turned out there is no process listening on 127.0.0.1:25 - what does "netstat -nat" show? matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Sep 28 17:39:46 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:30:50 2006 Subject: Mostly negative SA scores Message-ID: Johnny Looks like the ALL_TRUSTED misfiring. Have a look in the docs for how to configure this properly. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Johnny Stork Sent: 28 September 2005 17:27 To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] Mostly negative SA scores In addition to my previous post about whether my SA and MS are configured properly, I see mostly negative SA scores? Is this correct? X-PBCO-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.439, required 5, autolearn=not spam, ALL_TRUSTED -1.44, HTML_MESSAGE 0.00) ----------------------------------------------------------- Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office #301 - 1190 Hornby St. Vancouver, BC (V6Z-2K5) 604-806-8840 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Wed Sep 28 17:45:37 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:50 2006 Subject: Not sure if Mailscanner is scanning all emails Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, September 28, 2005 17:10, Johnny Stork wrote: > I am also having some trouble and that I am not sure MS or SA is all > working properly. Below is an example header output. What I am concerned > with is the line which shows > > tests=AWL,HTML_MESSAGE That's MailScanner working. > > > but my mailscanner.conf indicates > > Spam List = ORDB-RBL SBL+XBL SPAMHAUS NJABL BLITZED CBL DSBL UCEL1 I would take those out as your local host (Fetchmail) will never be listed. Those tests are only applied on the (SMTP) connecting machine and as that's your fetchmail, save your bandwidth. > > Now since the message header example below also goes through my ISP > (ez-web-hosting.com) who uses SA, I suspect that the X-Spam-Status line is > from them, and the ones below are from my MailScanner/SA setup. But why > does the header not show the full X-PBCO-Spam-Status or any other > information? > > The route this message took was > > -Sent from pbco.ca through internal SA and MS setup. > -Received at openenterprise.ca (hosted by ez-web-hosting.com) who also run > SA > -Polled with fetchmail from my home server and dumped into internal > sendmail with SA running. > > > > Header: (some stuff at the top has been removed which I dont think is > needed to diagnose) > > > Date: Wed, 28 Sep 2005 08:46:03 -0700 > From: "Johnny Stork" > Sender: "Johnny Stork" > To: "Johnny Stork" > Message-ID: <"H0000067000b414c.1127922362.pbco-server2.pbco.ca*"@MHS> > Subject: Another Test > Delivery-date: Wed, 28 Sep 2005 11:47:42 -0400 > x-scalix-Hops: 1 > Envelope-to: stork@openenterprise.ca > X-Spam-Status: No, score=0.1 required=4.0 tests=AWL,HTML_MESSAGE > > autolearn=ham version=3.1.0 > X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on > > ez6.ez-web-hosting.com > X-Spam-Level: ^^^^^^^^^^^^ This is all done by your ISP > X-PBCO-MailScanner-Information: Please contact the ISP for more > information > X-PBCO-MailScanner: Found to be clean > X-PBCO-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.439, > > required 5, autolearn=not spam, ALL_TRUSTED -1.44, > > HTML_MESSAGE 0.00) > X-PBCO-MailScanner-From: jstork@pbco.ca ^^^^^^^^^^^^^^ This is your MailScanner The interesting part is the All_Trusted rule firing, which normally indicates that you either have your network strangly set up or that SpamAssassin is confused as to what is your local (And therefore trusted) network. I am not the expert on this but there was a thread in the list about All_Trusted so I would suggest a search (And maybe even a look in the wiki as it could be in there. Hope this helps (A bit!) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wright at CYBERVALE.COM Wed Sep 28 17:04:51 2005 From: wright at CYBERVALE.COM (Terran Wright) Date: Thu Jan 12 21:30:50 2006 Subject: Old messages no being processed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey Guys, Running CentOS4 Postfix, MailScanner 4.41.3, SA ClamAV & Bitdefender. Had a problem with disk space a couple days ago where the /var/dcc/log directory grew so large (about 8 Gigs) the disk became full. I deleted all the files in that directory and restarted mailScanner and thins were fine except for the thousands of mails backed up. My problem now is that it seems that only new mails are being processed and the older mails in the queue are being neglected. The queue went down to less than 2000 mails and has now gone back up to > 7000 mails. I've implemented spamhaus, spamcop and various other rbls at the MTA level temporarily to help clear up the queue however this is not helping. This machine has been up for near 5 months and has managed it's load well and has always been able to recover from downtime and backed up mails in reasonable time. 2 Questions: 1. What's the purpose of the files in the log directory and should I delete them regularly? 2. How can I ensure that the older mails are processed? TIA for your suggestions ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Wed Sep 28 18:28:30 2005 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:30:50 2006 Subject: mailscan sm-msp-queue and 127.0.0.1 timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt, Here is the output of netstat -nat (thanks!): [root@mailscan root]# netstat -nat Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:30001 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 1 192.168.1.21:1260 127.0.0.1:25 SYN_SENT tcp 0 0 192.168.1.21:22 192.168.1.107:35164 ESTABLISHED > 28 12:22:54 mailscan sm-msp-queue[3471]: j8SChUqJ009502: to=postmaster, delay=03:31:39, xdelay=00:00:00, mailer=relay, pri=849363, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1] >Sep 28 12:22:55 mailscan sm-msp-queue[3471]: j8SChUqK009502: to=postmaster, delay=03:31:39, xdelay=00:00:00, mailer=relay, pri=849385, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1] >Sep 28 12:22:55 mailscan sm-msp-queue[3471]: j8SChUqL009502: to= > > I had this on one of my systems and it turned out there is no process listening on 127.0.0.1:25 - what does "netstat -nat" show? matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Sep 28 18:37:48 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:50 2006 Subject: Mostly negative SA scores Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Johnny Stork wrote: > In addition to my previous post about whether my SA and MS are > configured properly, I see mostly negative SA scores? Is this correct? > > X-PBCO-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.439, > required 5, autolearn=not spam, ALL_TRUSTED -1.44, HTML_MESSAGE 0.00) > > No.. You should never see ALL_TRUSTED for outside email. If you do, you have a broken trust path. (Generally caused by having a mailserver that is NATed) You'll need to set your trusted_networks correctly to fix it: http://wiki.apache.org/spamassassin/TrustPath ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Wed Sep 28 18:39:06 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:50 2006 Subject: mailscan sm-msp-queue and 127.0.0.1 timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Hickel wrote: >[root@mailscan root]# netstat -nat >Active Internet connections (servers and established) >Proto Recv-Q Send-Q Local Address Foreign Address State >tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN >tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN >tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN >tcp 0 0 0.0.0.0:30001 0.0.0.0:* LISTEN >tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > > OK - next line shows you have a process listening on all interfaces >tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN > > But this line is interesting: >tcp 0 1 192.168.1.21:1260 127.0.0.1:25 SYN_SENT > > I would have expected to so a connection 127.0.0.1 <-> 127.0.0.1 not from its other address Have you modified your sendmail configs recently? matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Wed Sep 28 19:24:14 2005 From: smhickel at CHARTERMI.NET (Steve Hickel) Date: Thu Jan 12 21:30:50 2006 Subject: mailscan sm-msp-queue and 127.0.0.1 timeouts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt, Only thing I can think of would have been in the forward domain adding 127.0.0.1 there, which probably should be removed as it is also a local domain as localhost.localdomain also the smtp port option states: Name=MTA (is that correct?). STeve ps. thus I will remove 127.0.0.1 from forward domains but it was doing the below errors before I put it there. Steve Hickel wrote: >[root@mailscan root]# netstat -nat >Active Internet connections (servers and established) >Proto Recv-Q Send-Q Local Address Foreign Address State >tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN >tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN >tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN >tcp 0 0 0.0.0.0:30001 0.0.0.0:* LISTEN >tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > > OK - next line shows you have a process listening on all interfaces >tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN > > But this line is interesting: >tcp 0 1 192.168.1.21:1260 127.0.0.1:25 SYN_SENT > > I would have expected to so a connection 127.0.0.1 <-> 127.0.0.1 not from its other address Have you modified your sendmail configs recently? matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Sep 28 19:36:05 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:30:50 2006 Subject: Old messages no being processed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Terran Wright wrote: >Hey Guys, > >Running CentOS4 Postfix, MailScanner 4.41.3, SA ClamAV & Bitdefender. > >Had a problem with disk space a couple days ago where the /var/dcc/log >directory grew so large (about 8 Gigs) the disk became full. I deleted all >the files in that directory and restarted mailScanner and thins were fine >except for the thousands of mails backed up. > >... > >2 Questions: >1. What's the purpose of the files in the log directory and should I delete >them regularly? > > I don't know exactly why they are there but you can manage them this way: 1. modify /var/dcc/dcc_conf : DBCLEAN_LOGDAYS=14 to a much smaller value (I use 5) 2. copy misc/cron-dccd from your install dir to /etc/cron.daily That way it shouldn't fill up your disk. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Sep 28 20:04:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:50 2006 Subject: Mailscanner not scanning all emails Message-ID: [ The following text is in the "windows-1250" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That is not the correct solution, but a slightly nasty hack workaround. It won't last, however, your system will rewrite all the soft links you have put in and remove them again. What you need to do is: 1. Add the line "/usr/local/lib" to /etc/ld.so.conf. 2. Run the "ldconfig" command. That's what the latest version of my install-Clam-SA.tar.gz installation does. I would advise you remove the links you have added and do steps 1 and 2 above. You may well find your links will disappear when you run ldconfig, which is run every time you update any RPM containing shared library (*.so) files. Tony Spencer wrote: >I still got the same problems with the newer version. >However I've solved it now. >Looking at the error: > >### >Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for >module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such >file or directory at >/usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. >### > >When doing a make test. >I did a locate on libclamav.so.1 and found it was installed in >/usr/local/lib so I added the following symlinks: > >ln -s /usr/local/lib/libclamav.so.1.0.16 /usr/lib/libclamav.so.1 >ln -s /usr/local/lib/libclamav.so.1.0.16 /usr/lib/libclamav.so > >Did a make test again and got no errors. >Maillog now shows no errors when virus scanning. > >Thanks for your help. > >Tony > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: 28 September 2005 13:40 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Mailscanner not scanning all emails > >Download the latest version of my install-Clam-SA.tar.gz and try >again, I have added some more intelligence to it in the last day or >so. It will now set up your ld.so so that the module build process >can find the ClamAV library, without you having to edit any files by >hand. > >On 28 Sep 2005, at 12:43, Tony Spencer wrote: > > > >>Just in case I did something wrong or missed something I re- >>installed using >>install-Clam-SA.tar.gz again, but found the following errors: >> >>## >>Finished Build Compile Stage >> >>Manifying blib/man3/Mail::ClamAV.3pm >>PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >>"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >>t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) >># Tried to use 'Mail::ClamAV'. >># Error: Had problems bootstrapping Inline module 'Mail::ClamAV' >># >># Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ >>ClamAV.so' >>for module Mail::ClamAV: libclamav.so.1: cannot open shared object >>file: No >>such file or directory at >>/usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. >># at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 >> >> > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzrpVhH2WUcUFbZUEQLTFwCfaHrSvmUnYJClhswUXuXVdH1bDBQAoM+6 PKdPYKXwOtuOoMwHZtd/gvC6 =0MP4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Sep 28 20:06:14 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:50 2006 Subject: new rules placement Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > where do I place the new rules in the same location as /etc/spamassassin/local.cf or in the /etc/spamassassin/RulesDuJour location? > /etc/spamassassin/RulesDuJour is for RDJ's usage *ONLY*. You should not be using it for your own rules. This directory used to support RDJ's ability to "roll back" a ruleset if a new one fails to pass spamassassin --lint. You can place your new rules in /etc/spamassassin/. SpamAssassin will read all *.cf files in here, so you can use local.cf, or any other filename you wish as long as it ends in .cf. These rules will be used any time SpamAssassin is invoked, either normally or through MailScanner. If you want to create SA settings that are only used with MailScanner and not used any other time, those should be in /etc/MailScanner/spam.assassin.prefs.conf. When MailScanner runs, this takes the place of the normal user_prefs file. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Sep 28 20:36:53 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:50 2006 Subject: Old messages no being processed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Terran Wright wrote: >My problem now is that it seems that only new mails are being processed and >the older mails in the queue are being neglected. The queue went down to >less than 2000 mails and has now gone back up to > 7000 mails. I've >implemented spamhaus, spamcop and various other rbls at the MTA level >temporarily to help clear up the queue however this is not helping. > > What you are seeing is a side-effect of the failure of the "Emergency Queue-Clearing Mode" that MailScanner will switch into when the queue gets very large. Normally, MailScanner processes messages in strict date order, oldest first. In order to do this, for every batch it has to read in the entire directory and sort it by date. On some filesystem designs this can take a very long time. So when the queue gets bigger than the "Max Normal Queue Size", MailScanner switches into a mode where it just processes the first messages it finds in the queue, regardless of how old they are. On many systems, this is a lot faster as it doesn't have to read in the whole dir or do any sorting. If you think about it, you will see that if you process the first 30 and delete them from the incoming queue, that leaves 30 blank slots that will be filled by the next 30 messages to arrive in the queue. So if you are only just keeping up, you will end up continuously processing the newest messages and not clearing the backlog very much. This is actually exactly what most people want as it enables MailScanner to continue to process new mail very quickly, giving the appearance of it staying responsive to your users. When your incoming mail load drops (when everyone goes home or to sleep or whatever your users do), it will slog through the old backlog and sort itself out. If you look at your system when it has a high incoming load in this state, it won't appear to be processing old mail very much, if at all. So you can either leave it to get on with it, as it will deliver the old messages when it can. Or else you can raise the "Max Normal Queue Size" number a lot to force it to stay in the normal date-order processing mode. But that will add a large delay to all new mail as well as the old stuff currently in the queue. So it will actually appear to be worse to your users than just letting it get on with it. It's actually quite a bit more clever about it than my explanation above, especially when and if it decides to switch back to normal oldest-first processing. It's not a trivial solution, as you need some hysterisis in it to avoid a positive feedback oscillating system. And who would have thought that an email system involved concepts explained in detail in 2nd-year degree level mathematics. Feedback theory, hmmm..... Sorry that's quite so long an explanation, but the background and rationale for it is quite a complex behaviour model. I suspect that most other systems out there don't quite go to such lengths :-) Hope that helps explain what's happening, Jules. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzrw1hH2WUcUFbZUEQL4GACeOyHMB1amU5/JFGHEFvMqtzsyQgcAoNJU pUPMNIjPKyaysP0Uib0v40aZ =jjhm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Sep 28 21:08:04 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:50 2006 Subject: High Positive SA AWL rule ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mailscanner wrote: > Has anyone noticed SA run AWL giving high positive scores like; > > Spam Report: > Score Matching Rule Description 7.42 AWL From: address is in the > auto white-list > -2.60 BAYES_00 Bayesian spam probability is 0 to 1% > Sure, I've seen it do that lots of times. Is there a specific problem, or were you merely confused about the AWL having a large positive score? In general, you might want to read up on how the AWL works. Once you have a basic handle on what the AWL *really* is (hint: it's a score averager, not a whitelist), you'll have a better idea what to look at to try to figure out problems you may have with it. http://wiki.apache.org/spamassassin/AutoWhitelist > > Once I released this mail from quarantine, it gave the AWL a minus score. > > Any ideas ? When you "released" it from the quarantine, did you do so in a way that changed the sender? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From esandquist at IHMS.NET Wed Sep 28 21:57:48 2005 From: esandquist at IHMS.NET (Eric Sandquist) Date: Thu Jan 12 21:30:50 2006 Subject: Sendmail configuration for gateway Message-ID: I had the relay domains in the local-host-names file too… Pulled them out and everything is working as it should, thanks for the help… Eric ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher Sent: Tuesday, September 27, 2005 7:08 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Sendmail configuration for gateway You should add the domain that your Exchange server accepts mail for to /etc/mail/relay-domains and then restart MailScanner. Add an entry to /etc/mail/mailertable like so: yourdomain.com esmtp:[192.168.x.x] Then run make to hash the file to db If your Exchange is configured to reject unknown users, your MailScanner box should be fine. I run milter-sender on mine which calls the Exchange server (or any other MX) to verify the recipient prior to accepting the message. It also calls back to verify the sender prior to accepting a message. Mike ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Eric Sandquist Sent: Tuesday, September 27, 2005 3:56 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Sendmail configuration for gateway I’ve got MailScanner/SpamAssassin/Sendmail set up to act as a gateway to out Exchange server. I setup the tables as instructed in Wiki. However, Sendmail keeps rejecting all the incoming email stating that the user doesn’t exist. Well, of course they don’t exist on filter/gateway machine. They only exist in the Exchange environment. How do I get Sendmail to just accept incoming mail for all or against a frequently updated list of Exchange users? Eric When a person studies Bible and Mishnah . . . but is dishonest in business, and does not speak gently with people, what do people say of him? ‘Woe unto him who studies Torah. . . . This man studied Torah; look how corrupt are his deeds, how ugly his ways.’" -- Babylonian Talmud, Yoma 86a ________________________________________________________________________________ I am using the free version of SPAMfighter for private users. It has removed 52399 spam emails to date. Paying users do not have this message in their emails. Try SPAMfighter for free now! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ I am using the free version of SPAMfighter for private users. It has removed 53397 spam emails to date. Paying users do not have this message in their emails. Try SPAMfighter for free now! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Wed Sep 28 23:26:01 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:30:50 2006 Subject: creating rules Message-ID: I need to create a rule where if the subject has Re[1]: or any number between the [] that it is picked up as spam. How do I create the header so that it's a single entry yet works for any number from a blank [] to any character? Does the * works and means anything? ex: # 15 Subject: Re[1]: header PROLO_GSPAM15 Subject =~ /Re[*]:/i score PROLO_GSPAM15 8 describe PROLO_GSPAM15 Spam - custom rule set Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/PLAIN 26 lines. ] [ Unable to print this part. ] From naolson at gmail.com Wed Sep 28 23:20:02 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:50 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] \d is a better choice. /Re[(\d)*]:/i Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Thu Sep 29 00:08:31 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:30:50 2006 Subject: Block Message's with Invalid Date Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] OK this might have been covered before but I don't see it, how can I reject or just mark as HIGH scoring SPAM messages that have an invalid date. Allot of junk email is sent with way off dates and times, often the wrong year. How can I reject messages with such bogus information? Seems like I have been seeing 3 or 4 a day like that getting through MailScanner and into my email box so I'm sure there are many more. Thanks Chris -- To those of you who read the text at the bottom of emails, check out Firefox for web browsing its much faster then IE and less prone to being a security risk. Also instead of Outlook or Outlook Express check out Thunderbird its much faster and cleaner, not to mention FREE! Just click below and your halfway there. Get Firefox! Get Thunderbird! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2.2, Image/GIF 6.6KB. ] [ Unable to print this part. ] [ Part 2.3, Image/PNG 14KB. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Thu Sep 29 00:13:40 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:50 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > I need to create a rule where if the subject has Re[1]: or any number between the [] that it is picked up as spam. How do I create the header so that it's a single entry yet works for any number from a blank [] to any character? > Does the * works and means anything? > > ex: > # 15 Subject: Re[1]: > header PROLO_GSPAM15 Subject =~ /Re[*]:/i > score PROLO_GSPAM15 8 > describe PROLO_GSPAM15 Spam - custom rule set 1) * isn't a character wildcard in regex, it's a repeat-count wildcard. ie: d* will match any number of d's in a row (including 0). 2) anytime you want to use a bracket, you must escape it with a backslash, otherwise you're declaring a character range. i.e.: [a-z] will match any single lower-case letter. 3) \d is a good way to match a "numeric digit" and is equivalent to [0-9] in light of 1-3 I'd rewrite that as: header PROLO_GSPAM15 Subject =~ /Re\[\d\]:/i That said, I'd be very wary of assigning an 8-point score to such a rule. You WILL get false positives, because there ARE real mail clients that do that to messages, for example Microsoft outlook with the auto-bcc plugin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Sep 29 00:19:27 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:50 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Jon Miller wrote: > >>I need to create a rule where if the subject has Re[1]: or any number between the [] that it is picked up as spam. How do I create the header so that it's a single entry yet works for any number from a blank [] to any character? >>Does the * works and means anything? >> >>ex: >># 15 Subject: Re[1]: >>header PROLO_GSPAM15 Subject =~ /Re[*]:/i >>score PROLO_GSPAM15 8 >>describe PROLO_GSPAM15 Spam - custom rule set > > > 1) * isn't a character wildcard in regex, it's a repeat-count wildcard. ie: d* > will match any number of d's in a row (including 0). One more thing I forgot to mention. You might want to get a perl regex quick-reference. I keep this one printed out and stuck to my wall. It doesn't cover everything, but covers all the common stuff. http://www.erudil.com/preqr.pdf ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Sep 29 00:28:59 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:50 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 29/09/05, Matt Kettler wrote: (snip) > 1) * isn't a character wildcard in regex, it's a repeat-count wildcard. ie: d* > will match any number of d's in a row (including 0). (snip) > in light of 1-3 I'd rewrite that as: > > header PROLO_GSPAM15 Subject =~ /Re\[\d\]:/i Um, wouldn't header PROLO_GSPAM15 Subject =~ /Re\[\d\d*\]:/i or header PROLO_GSPAM15 Subject =~ /Re\[\d+\]:/i be better? I see a fair amount of these, and the're almost always "Re [12[" or somesuch... Then again, for some reason most of these are caught (BLs IIRC... @home now, can check tomorrow if anyone really cares). (snip) > to messages, for example Microsoft outlook with the auto-bcc plugin. A lot of *curse-words* there:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Sep 29 00:34:36 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:50 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 29/09/05, Glenn Steen wrote: > I see a fair amount of these, and the're almost always "Re [12[" ... Obviously both haöf-blind _and_ tired.... That should've read: I see a fair amount of these, and they're almost always "Re [12]" ... -- -- Glenn (a.k.a Le Grand Typo) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Thu Sep 29 00:39:03 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:50 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think, in summary, the answer to his immediate question is /Re\[(\d)*\]:/i Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Sep 29 00:35:19 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:30:50 2006 Subject: Block Message's with Invalid Date Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Sweeney spake the following on 9/28/2005 4:08 PM: > OK this might have been covered before but I don't see it, how can I > reject or just mark as HIGH scoring SPAM messages that have an invalid > date. Allot of junk email is sent with way off dates and times, often > the wrong year. How can I reject messages with such bogus information? > Seems like I have been seeing 3 or 4 a day like that getting through > MailScanner and into my email box so I'm sure there are many more. > > Thanks > Chris You could change the scores for the spamassassin rules that check dates; DATE_IN_PASTxxx and DATE_IN_FUTURExxx are several that stick out in my mind. Look at http://spamassassin.apache.org/tests_3_0_x.html or http://spamassassin.apache.org/tests_2_6x.html if you haven't upgraded yet. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Sep 29 01:01:09 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:50 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 29/09/05, Nathan Olson wrote: > I think, in summary, the answer to his immediate question is /Re\[(\d)*\]:/i > > Nate Uuuuh, nah... I think the () are spurious (or at least meaningless) in this context. Might be wrong though:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Sep 29 01:13:50 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:51 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > On 29/09/05, Matt Kettler wrote: > (snip) > >>1) * isn't a character wildcard in regex, it's a repeat-count wildcard. ie: d* >>will match any number of d's in a row (including 0). > > (snip) > >>in light of 1-3 I'd rewrite that as: >> >>header PROLO_GSPAM15 Subject =~ /Re\[\d\]:/i > > Um, wouldn't > header PROLO_GSPAM15 Subject =~ /Re\[\d\d*\]:/i > or > header PROLO_GSPAM15 Subject =~ /Re\[\d+\]:/i > be better? I see a fair amount of these, and the're almost always "Re > [12[" or somesuch... Then again, for some reason most of these are > caught (BLs IIRC... @home now, can check tomorrow if anyone really > cares). > (snip) Personally, I'd use a range.. I'd do \d{1,2} or \d{1,3}.. I never use + or * in spamassassin rules as a matter of general principle. While it would be harmless to use + or * here, they are quite dangerous and can cause extraordinarily large regex expansions which are painfully slow. In particular, putting .* in a SA body rule can burn quite a lot of CPU cycles if the text leading up to it is common. For example /e.*xactly/i will do this very nicely. For every "e" in the message, it's going to have to scan the rest of the body looking for "xactly" anywhere in it, then go back and look for the next e... ouch! > >>to messages, for example Microsoft outlook with the auto-bcc plugin. > > A lot of *curse-words* there:-) True, but a lot of not-that-uncommon *curse-words* there. Remember, management falls in the same class of curse words... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Sep 29 01:43:34 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:51 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, In summary the answer is: /Re\[\d{1,3}\]:/i Nathan Olson wrote: > I think, in summary, the answer to his immediate question is /Re\[(\d)*\]:/i Ouch.. use of * and creation of a back-reference.. two points for the CPU wasters :) I'd also question accuracy. The above would also match Re[] with no numbers in between. Although that's not likely to happen, I don't think is intended and unintended hits are the bane of any regex writer. Regex performance tip 1: Never use () in a SA regex without really knowing what you're doing. In particular never parenthesis a single-element like that unless you intend to do a back reference later (ie: you know what \1 does and mean to use it). The parens above serve no purpose except to create a back reference. \d* would work the same as (\d)*, but the latter burns more memory and cpu to run. Don't believe me? try this: $ perl -Mre=debug -e '/(\d)*/' Compiling REx `(\d)*' size 10 Got 84 bytes for offset annotations. $ perl -Mre=debug -e '/\d*/' Compiling REx `\d*' size 3 Got 28 bytes for offset annotations. Ouch. If you must use parens, use (?: instead of (. The ?: modifier tells perl not to store a back-reference. Check the rules that come with SA, they ALL use this syntax. For example: body FIN_FREE /\bfinancial(?:ly)? free/i regex performance tip 2: (re-iterated from previous mail) don't use * or + in your SA rules if you can avoid it. If you must, think LONG and HARD about the maximal likely expansion size. In general, use {n,n} syntax instead to avoid over-long expansions. While *'s are generally safe in header rules, they can be catastrophic in body rules, so it's just a good habit to avoid them altogether. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Sep 29 01:47:24 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:30:51 2006 Subject: Block Message's with Invalid Date Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > You could change the scores for the spamassassin rules that check dates; > DATE_IN_PASTxxx and DATE_IN_FUTURExxx are several that stick out in my > mind. > Look at http://spamassassin.apache.org/tests_3_0_x.html > or http://spamassassin.apache.org/tests_2_6x.html if you haven't > upgraded yet. In light of the fact that 3.1 is released, I suggest this correction: Look at http://spamassassin.apache.org/tests_3_1_x.html or http://spamassassin.apache.org/tests_3_0_x.html if you haven't upgraded yet or http://spamassassin.apache.org/tests_2_6x.html if you live in the stone ages (like me, as I currently run 2.64) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Thu Sep 29 02:09:35 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:51 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I was aware it created a backreference, and that that wasn't as efficient as possible. I wasn't sure whether the parentheses were needed or not, so I erred toward caution. He mentioned he needed it to match the empty [] or any number. I didn't pre-optimize. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at gmail.com Thu Sep 29 02:33:43 2005 From: naolson at gmail.com (Nathan Olson) Date: Thu Jan 12 21:30:51 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 9/29/05, Matt Kettler wrote: > No, In summary the answer is: > > /Re\[\d{1,3}\]:/i Everything you said is also true :) Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patpng7 at yahoo.com Thu Sep 29 05:40:58 2005 From: patpng7 at yahoo.com (pat png) Date: Thu Jan 12 21:30:51 2006 Subject: Error when Update of Geo IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Downloading file, please wait.... Warning: fopen("temp/GeoIPCountryCSV.zip", "w+") - No such file or directory in /var/www/html/mailscanner/geoip_update.php on line 53 Unable to open temp/GeoIPCountryCSV.zip for writing. Can someone help? rgds Patrick ________________________________________________________________________________ Yahoo! for Good Click here to donate to the Hurricane Katrina relief effort. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tony at GAMES-MASTER.CO.UK Thu Sep 29 06:38:20 2005 From: tony at GAMES-MASTER.CO.UK (Tony Spencer) Date: Thu Jan 12 21:30:51 2006 Subject: Mailscanner not scanning all emails Message-ID: I'm all for doing things correctly but I had already tried the correct way you mentioned but the make on Mail::ClamAV still gave an error. In fact you were correct in that the install script had put the line into /etc/ld.so.conf but was still looking in /usr/lib for the shared libraries. It looks like the links won't disappear as I've run ldconfig a couple of times and they have remained. Is there an init script for MailScanner to stop and start it? Tony -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 28 September 2005 20:05 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Mailscanner not scanning all emails -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That is not the correct solution, but a slightly nasty hack workaround. It won't last, however, your system will rewrite all the soft links you have put in and remove them again. What you need to do is: 1. Add the line "/usr/local/lib" to /etc/ld.so.conf. 2. Run the "ldconfig" command. That's what the latest version of my install-Clam-SA.tar.gz installation does. I would advise you remove the links you have added and do steps 1 and 2 above. You may well find your links will disappear when you run ldconfig, which is run every time you update any RPM containing shared library (*.so) files. Tony Spencer wrote: >I still got the same problems with the newer version. >However I've solved it now. >Looking at the error: > >### >Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ClamAV.so' for >module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such >file or directory at >/usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. >### > >When doing a make test. >I did a locate on libclamav.so.1 and found it was installed in >/usr/local/lib so I added the following symlinks: > >ln -s /usr/local/lib/libclamav.so.1.0.16 /usr/lib/libclamav.so.1 >ln -s /usr/local/lib/libclamav.so.1.0.16 /usr/lib/libclamav.so > >Did a make test again and got no errors. >Maillog now shows no errors when virus scanning. > >Thanks for your help. > >Tony > > >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf >Of Julian Field >Sent: 28 September 2005 13:40 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Mailscanner not scanning all emails > >Download the latest version of my install-Clam-SA.tar.gz and try >again, I have added some more intelligence to it in the last day or >so. It will now set up your ld.so so that the module build process >can find the ClamAV library, without you having to edit any files by >hand. > >On 28 Sep 2005, at 12:43, Tony Spencer wrote: > > > >>Just in case I did something wrong or missed something I re- >>installed using >>install-Clam-SA.tar.gz again, but found the following errors: >> >>## >>Finished Build Compile Stage >> >>Manifying blib/man3/Mail::ClamAV.3pm >>PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >>"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >>t/Mail-ClamAV....# Failed test (t/Mail-ClamAV.t at line 9) >># Tried to use 'Mail::ClamAV'. >># Error: Had problems bootstrapping Inline module 'Mail::ClamAV' >># >># Can't load '/tmp/Mail-ClamAV-0.17/blib/arch/auto/Mail/ClamAV/ >>ClamAV.so' >>for module Mail::ClamAV: libclamav.so.1: cannot open shared object >>file: No >>such file or directory at >>/usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. >># at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 >> >> > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzrpVhH2WUcUFbZUEQLTFwCfaHrSvmUnYJClhswUXuXVdH1bDBQAoM+6 PKdPYKXwOtuOoMwHZtd/gvC6 =0MP4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Thu Sep 29 07:22:54 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:30:51 2006 Subject: High Positive SA AWL rule ? Message-ID: On 28 Sep 2005, at 21:08, Matt Kettler wrote: > Mailscanner wrote: > >> Has anyone noticed SA run AWL giving high positive scores like; >> >> Spam Report: >> Score Matching Rule Description 7.42 AWL From: >> address is in the >> auto white-list >> -2.60 BAYES_00 Bayesian spam probability is 0 to 1% >> >> > > Sure, I've seen it do that lots of times. Is there a specific > problem, or were > you merely confused about the AWL having a large positive score? > > In general, you might want to read up on how the AWL works. Once > you have a > basic handle on what the AWL *really* is (hint: it's a score > averager, not a > whitelist), you'll have a better idea what to look at to try to > figure out > problems you may have with it. > > http://wiki.apache.org/spamassassin/AutoWhitelist I know with SA versions before 3.x it was recommended to turn off AWL. Since then I have played with this being on and off. It works fine for a while until a nice spam message or two get hit with a nice big negative score and it sails through. I was wondering if I am just not giving the system enough time to sort it's self out or if SA with MailScanner is better off with out AWL? Opinions on a postcard to... (Damn that dates me, for those in the UK who remember... :-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Sep 29 07:37:48 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:51 2006 Subject: Error when Update of Geo IP Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] pat png wrote: > Downloading file, please wait.... > > Warning: fopen("temp/GeoIPCountryCSV.zip", "w+") - No such file or > directory in /var/www/html/mailscanner/geoip_update.php on line 53 > > Unable to open temp/GeoIPCountryCSV.zip for writing. > > Can someone help? > > rgds > Patrick You'd be better off asking this question on the mailwatch list rather than the mailscanner list.. Anyways follow these steps 1. mkdir /var/www/html/mailscanner/temp 2. chown apache:apache /var/www/html/mailscanner/temp (replace apache:apache with the user:group your apache daemon runs as) 3. try again - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eidenschink at WEB.DE Thu Sep 29 08:10:39 2005 From: eidenschink at WEB.DE (Bernd Eidenschink) Date: Thu Jan 12 21:30:51 2006 Subject: Max Message Size Rule Message-ID: Dear List, I'm asked to temporarily free a user's mailbox from messages greater than a defined size. After a few days the user wants the "big" messages back in her mailbox. I think a 'Maximum Message Size' ruleset would be a fast solution to do this, right? Can I configure a rule to forward mails above x KB to a different mailbox? Thank you, Bernd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at OMEGADATA.NO Thu Sep 29 08:23:15 2005 From: john at OMEGADATA.NO (John Berntsen) Date: Thu Jan 12 21:30:51 2006 Subject: Error when Update of Geo IP Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy > Sent: 29. september 2005 08:38 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Error when Update of Geo IP > > pat png wrote: > > Downloading file, please wait.... > > > > Warning: fopen("temp/GeoIPCountryCSV.zip", "w+") - No such file or > > directory in /var/www/html/mailscanner/geoip_update.php on line 53 > > > > Unable to open temp/GeoIPCountryCSV.zip for writing. > > > > Can someone help? > > > > rgds > > Patrick > > You'd be better off asking this question on the mailwatch list rather > than the mailscanner list.. > > Anyways follow these steps > 1. mkdir /var/www/html/mailscanner/temp > 2. chown apache:apache /var/www/html/mailscanner/temp (replace > apache:apache with the user:group your apache daemon runs as) > 3. try again > > - dhawal The problem is with mysql, because maiwatch uses "load data local infile......" and the problem is that maybe your mysql config does not allow this. It it because of security, you can read in the mysql docs. What i did as a quick fix, was to load this file manually like this: # mysql -u root -p >use mailwatch; >LOAD DATA LOCAL INFILE 'GeoIPCountryWhois.csv' INTO TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '"'; Regards John ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Sep 29 08:32:09 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:51 2006 Subject: Error when Update of Geo IP Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] John Berntsen wrote: >>pat png wrote: >> >>>Downloading file, please wait.... >>> >>>Warning: fopen("temp/GeoIPCountryCSV.zip", "w+") - No such file or ^^^^^^^^^^^^ >>>directory in /var/www/html/mailscanner/geoip_update.php on line 53 >>> > > The problem is with mysql, because maiwatch uses "load data local > infile......" > and the problem is that maybe your mysql config does not allow this. > It it because of security, you can read in the mysql docs. > What i did as a quick fix, was to load this file manually like this: > Ummm.. no. The temp dir missing in /var/www/html/mailscanner/ is a known problem with mailwatch-1.0.2 (or was it 1.0.1), once created the problem is likely to go away. There are security limitations with the 'load data infile' command but thats another story. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Sep 29 09:08:51 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:51 2006 Subject: creating rules Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 29/09/05, Matt Kettler wrote: > Glenn Steen wrote: > > On 29/09/05, Matt Kettler wrote: > > (snip) > > > >>1) * isn't a character wildcard in regex, it's a repeat-count wildcard. ie: d* > >>will match any number of d's in a row (including 0). > > > > (snip) > > > >>in light of 1-3 I'd rewrite that as: > >> > >>header PROLO_GSPAM15 Subject =~ /Re\[\d\]:/i > > > > Um, wouldn't > > header PROLO_GSPAM15 Subject =~ /Re\[\d\d*\]:/i > > or > > header PROLO_GSPAM15 Subject =~ /Re\[\d+\]:/i > > be better? I see a fair amount of these, and the're almost always "Re > > [12[" or somesuch... Then again, for some reason most of these are > > caught (BLs IIRC... @home now, can check tomorrow if anyone really > > cares). > > (snip) > > Personally, I'd use a range.. I'd do \d{1,2} or \d{1,3}.. > > I never use + or * in spamassassin rules as a matter of general principle. While > it would be harmless to use + or * here, they are quite dangerous and can cause > extraordinarily large regex expansions which are painfully slow. > > In particular, putting .* in a SA body rule can burn quite a lot of CPU cycles > if the text leading up to it is common. For example /e.*xactly/i will do this > very nicely. For every "e" in the message, it's going to have to scan the rest > of the body looking for "xactly" anywhere in it, then go back and look for the > next e... ouch! Good point, very true. That's why, _if_ one needs have a wildcard, one should always try "anchor" the RE to some finite (and not to common) boundary... In scanning input lines, Anchoring to the beginning of the line isn't a bad stratagem. But best is to avoid the wildcards as much as possible. > > > > >>to messages, for example Microsoft outlook with the auto-bcc plugin. > > > > A lot of *curse-words* there:-) > > True, but a lot of not-that-uncommon *curse-words* there. Remember, management > falls in the same class of curse words... Oh, I live it... every day. Sigh. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-user at NELAND.DK Thu Sep 29 09:09:28 2005 From: mailscanner-user at NELAND.DK (Leif Neland) Date: Thu Jan 12 21:30:51 2006 Subject: Error when Update of Geo IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > John Berntsen wrote: >>> pat png wrote: >>> >>>> Downloading file, please wait.... >>>> >>>> Warning: fopen("temp/GeoIPCountryCSV.zip", "w+") - No such file or > ^^^^^^^^^^^^ >>>> directory in /var/www/html/mailscanner/geoip_update.php on line 53 >>>> >> >> The problem is with mysql, because maiwatch uses "load data local >> infile......" >> and the problem is that maybe your mysql config does not allow this. >> It it because of security, you can read in the mysql docs. >> What i did as a quick fix, was to load this file manually like this: >> > > Ummm.. no. The temp dir missing in /var/www/html/mailscanner/ is a > known problem with mailwatch-1.0.2 (or was it 1.0.1), once created > the problem is likely to go away. > > There are security limitations with the 'load data infile' command but > thats another story. > I get this: Error executing query: The used command is not allowed with this MySQL version SQL: LOAD DATA LOCAL INFILE '/usr/local/www/data/mailscanner/temp/GeoIPCountryWhois.csv' INTO TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '"'If I remove "LOCAL", ie LOAD DATA INFILE it works.mysql Ver 14.7 Distrib 4.1.14, for portbld-freebsd7.0 (i386) using 5.0Leif -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From patpng7 at yahoo.com Thu Sep 29 10:14:48 2005 From: patpng7 at yahoo.com (pat png) Date: Thu Jan 12 21:30:51 2006 Subject: Error when Update of Geo IP Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal, Thank you very much. Tried and it worked. Can you show me how to go mailwatch list to post the right question at the right server? rgds Patrick Dhawal Doshy wrote: pat png wrote: > Downloading file, please wait.... > > Warning: fopen("temp/GeoIPCountryCSV.zip", "w+") - No such file or > directory in /var/www/html/mailscanner/geoip_update.php on line 53 > > Unable to open temp/GeoIPCountryCSV.zip for writing. > > Can someone help? > > rgds > Patrick You'd be better off asking this question on the mailwatch list rather than the mailscanner list.. Anyways follow these steps 1. mkdir /var/www/html/mailscanner/temp 2. chown apache:apache /var/www/html/mailscanner/temp (replace apache:apache with the user:group your apache daemon runs as) 3. try again - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of t! he email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ________________________________________________________________________________ Yahoo! for Good Click here to donate to the Hurricane Katrina relief effort. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Sep 29 10:28:09 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:51 2006 Subject: Error when Update of Geo IP Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Leif Neland wrote: >> >> There are security limitations with the 'load data infile' command but >> thats another story. >> > I get this: > > Error executing query: > > The used command is not allowed with this MySQL version > > SQL: > > LOAD DATA LOCAL INFILE > '/usr/local/www/data/mailscanner/temp/GeoIPCountryWhois.csv' INTO TABLE > geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '"'If I remove > "LOCAL", ie LOAD DATA INFILE it works.mysql Ver 14.7 Distrib 4.1.14, > for portbld-freebsd7.0 (i386) using 5.0Leif > The original code used 'LOAD DATA INFILE' but was changed later to 'LOAD DATA LOCAL INFILE' based on feedback by beta testers. However if 'LOCAL' isn't required on freebsd, then probably Steve could make a change in the php code to provision for this as well. Could you report your complete observations this to the mailwatch-users list? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Sep 29 10:30:29 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:30:51 2006 Subject: Error when Update of Geo IP Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] pat png wrote: > Dhawal, > > Thank you very much. Tried and it worked. > > Can you show me how to go mailwatch list to post the right question at > the right > server? > > rgds > Patrick Go here and register yourself: http://lists.sourceforge.net/lists/listinfo/mailwatch-users The mailwatch list, like the mailscanner one is a gem with many helpful and knowledgeable people around. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jbayer at bayerfamily.net Thu Sep 29 15:12:02 2005 From: jbayer at bayerfamily.net (Jonathan B. Bayer) Date: Thu Jan 12 21:30:51 2006 Subject: How to add individual antivirus X headers to a message? Message-ID: Hello MAILSCANNER, I'd like to be able to add an X header as a result of each virus scanning engine. I don't see an easy way to do this, am I missing something? For example, I use Clam and bitdefender. I'd like to see a like for clam, and then another line for bitdefender. Thanks J.B.B. --- Jonathan B. Bayer mailto:jbayer@bayerfamily.net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From PHachey at CITY.CORNWALL.ON.CA Thu Sep 29 16:15:33 2005 From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey) Date: Thu Jan 12 21:30:51 2006 Subject: creating rules Message-ID: I use the following rules myself for the same purpose: header PJH_BRK_NUM Subject =~ /^(re)*\s*\[\d*\]/i describe PJH_BRK_NUM Subject begins with a bracketed number score PJH_BRK_NUM 3.0 This matches the handful of permutations I've seen of this sort of spam: a subject line beginning with (or without) any number of (case insensitive) "re", followed by zero or more spaces, followed by "[", followed by zero or more digits, followed by "]". This effectively matches subject lines starting with things like "[1]", "re [1]", "Re[1]", "reRe [324]", etc. The asterisk means "zero or more occurrences of the preceding pattern". The combination ".*" effectively matches anything. ---------------------------------- Philip J. Hachey, BCS(High Hons) Programmer-Analyst City of Cornwall ----- Message from Jon Miller on Thu, 29 Sep 2005 06:26:01 +0800 ----- Subject: creating rules I need to create a rule where if the subject has Re[1]: or any number between the [] that it is picked up as spam. How do I create the header so that it's a single entry yet works for any number from a blank [] to any character? Does the * works and means anything? ex: # 15 Subject: Re[1]: header PROLO_GSPAM15 Subject =~ /Re[*]:/i score PROLO_GSPAM15 8 describe PROLO_GSPAM15 Spam - custom rule set ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shardul.adhikari at gmail.com Thu Sep 29 16:15:31 2005 From: shardul.adhikari at gmail.com (Shardul Adhikari) Date: Thu Jan 12 21:30:51 2006 Subject: Virus Scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello MailScanner, I am not able to send html files with javascript in it i am using clamav as a virus scanner I have enabled all the Allowed Tags These are my lines in Mailscanner.conf file Allow IFrame Tags = yes Log IFrame Tags = no Allow Form Tags = yes Allow Object Codebase Tags = yes Convert Dangerous HTML To Text = no Convert HTML To Text = no Filename Rules = %etc-dir%/filename.rules.conf These are the log sep 29 20:18:20 netserv MailScanner[12278]: Virus and Content Scanning: Starting Sep 29 20:18:22 netserv MailScanner[12278]: Content Checks: Detected HTML-specific exploits in j8TEmIX12606 Sep 29 20:18:22 netserv MailScanner[12278]: Content Checks: Found 1 problems Sep 29 20:18:22 netserv MailScanner[12278]: Saved infected ".dat" to /var/spool/MailScanner/quarantine/20050929/j8TEmIX12606 Any Input will be welcome. Regards Shardul ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Thu Sep 29 16:40:08 2005 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:30:51 2006 Subject: Max Message Size Rule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bernd Eidenschink wrote: > Dear List, > > I'm asked to temporarily free a user's mailbox from messages greater than a > defined size. After a few days the user wants the "big" messages back in her > mailbox. > > I think a 'Maximum Message Size' ruleset would be a fast solution to do this, > right? Can I configure a rule to forward mails above x KB to a different > mailbox? > > Thank you, > > Bernd. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > Not that I know of; the max size parameter is designed to drop mail that passes the threshold. Assuming the user wants to read messages from a low-bandwidth situation (dialup, for example), the user would be better off using webmail, IMAP, the MUA's option not to download messages larger than a certain size, or a service such as mail2web.com that lets you read your mail from the web. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Thu Sep 29 17:13:29 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:30:51 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, Could this change please be applied? I tested with both 5.0 and 5.5 versions of kaspersky, and now I tested autoupdates - they all work. Regards, Nerijus On Thu, 18 Aug 2005 09:22:41 +0100 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can one or two people using Kaspersky verify and confirm this change > please? > > And Nerijus, please can you add your bit to the wiki. > > On 18 Aug 2005, at 00:11, Nerijus Baliunas wrote: > > > On Fri, 29 Jul 2005 09:40:45 +0100 Julian Field > > wrote: > > > > > >>> I finally got MS work together with Kaspersky 5.5. > >>> First I had to change some access rights for the kaspersky > >>> installation, > >>> so user postfix could call some subprogramms of kaspersky. > >>> > > > > This should probably be added to the wiki. > > > > > >>> Next I changed the ScanOptions within wrapper-kaspersky to "-i0" > >>> and took > >>> the -j3 and -q out of the call: "${PackageDir}/$Scanner $ScanOptions > >>> -o$Report "$@ > >>> > >> > >> Is this agreed as a change I should make to the main source tree? > >> Does everyone have 5.5? Or are most/many people still running the > >> previous version? > >> > > > > I tried removing only one of the options at a time, and found out that > > removing only -j3 helps. So the diff is: > > > > --- kaspersky-wrapper.orig 2005-08-03 21:33:28.000000000 +0300 > > +++ kaspersky-wrapper 2005-08-18 01:36:39.079616824 +0300 > > @@ -51,7 +51,7 @@ > > > > Args=`echo "$@" | sed -e 's/ -I/ -i/g; s/^-I/-i/g; s/-- / /g;'` > > rm -f $Report > > - ${PackageDir}/$Scanner $ScanOptions -o$Report -j3 -q "$@" > > + ${PackageDir}/$Scanner $ScanOptions -o$Report -q "$@" > > cat $Report > > rm -f $Report > > exit > > > > And Kaspersky 5.0 still works with this change, so it can be > > safelly applied. > > I tested with both archived and plain viruses. > > > > Regards, > > Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Thu Sep 29 17:17:07 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:30:51 2006 Subject: kaspersky 5.5 Virusscan Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, 19 Aug 2005 17:31:04 +0300 Nerijus Baliunas wrote: > > > > --- kaspersky-wrapper.orig 2005-08-03 21:33:28.000000000 +0300 > > > > +++ kaspersky-wrapper 2005-08-18 01:36:39.079616824 +0300 > > > > @@ -51,7 +51,7 @@ > > > > > > > > Args=`echo "$@" | sed -e 's/ -I/ -i/g; s/^-I/-i/g; s/-- / /g;'` > > > > rm -f $Report > > > > - ${PackageDir}/$Scanner $ScanOptions -o$Report -j3 -q "$@" > > > > + ${PackageDir}/$Scanner $ScanOptions -o$Report -q "$@" > > > > cat $Report > > > > rm -f $Report > > > > exit > > > > > > > > And Kaspersky 5.0 still works with this change, so it can be safelly > > > > applied. > > > > I tested with both archived and plain viruses. > > > > I used the attached patches on my system. So far it seems to be working fine. > > I found that by making the one change listed above, MailScanner could not do > > the auto update. > > As well, I didn't want to break compatibility with older versions of > > Kaspersky. > > Could you please be more clear? What "attached patches" did you use? > The first patch, which patches more, or my patch, which just removes -j3? > What Kaspersky version do you use - 5.0 or 5.5? What breaks auto update? I've just tested autoupdate with both kaspersky versions, it still works with my patch (removing -j3 only). Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at kipness.com Thu Sep 29 18:13:33 2005 From: max at kipness.com (Max Kipness) Date: Thu Jan 12 21:30:51 2006 Subject: Couple lines of spam Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Glenn Steen > Sent: Wednesday, September 28, 2005 9:25 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Couple lines of spam > > On 28/09/05, Max Kipness wrote: > > > > > > > > I have Bayes, SA rules du jour, a couple of black hole lists, DCC and > > Razor2 configured and working, and these catch over 10k of spam a day. > > > > > > > > However, lately, I've been getting quite a few pieces of spam that are a > > couple of lines long, sometimes with misspelled words, and a link. Bayes > > picks them up as 100%, but nothing else does, so they are not considered > > spam. > > > > > > > > What is the best method for catching these? Higher score on bayes (which > > means the db has to be very accurate), add more black hole lists, more > SA > > rules, or is there some other method of catching these? > > > > > > > > Thanks, > > > > Max > > > Depends... Probably custon SA rule(s). Geocities or msn? These few sentences spam come from various domains. So you mean create custom rules based on the contents of these particular emails? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 29 19:34:23 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:51 2006 Subject: How to add individual antivirus X headers to a message? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jonathan B. Bayer wrote: >Hello MAILSCANNER, > >I'd like to be able to add an X header as a result of each virus >scanning engine. I don't see an easy way to do this, am I missing >something? > >For example, I use Clam and bitdefender. I'd like to see a like for >clam, and then another line for bitdefender. > > The only way I can think of doing this is with a Custom Function, which you could hook onto the "Information Header" configuration option. Apart from returning the string to be used, it could also look through the %{$message->{virusreports}} and pull out the reports from each of the virus scanners you use. Then you could add whatever you want into the headers by using the $global::MS->{mta}->AddHeader() function. You will need to know a bit of perl to be able to do this. If you want to hire me as a consultant, I'll write it for you if you can give me an accurate spec. But I don't come cheap, there are bills to pay :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzwzsBH2WUcUFbZUEQIxbACffGkoys/0/G7zxKow5f/vbOrxAO8An0C3 aaUo82oMawlQizuWjXGcwpTZ =+eXg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 29 19:45:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:51 2006 Subject: Virus Scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But what about Allow Script Tags? I would advise you set that to "disarm" Shardul Adhikari wrote: > Hello MailScanner, > I am not able to send html files with javascript in it > > i am using clamav as a virus scanner > > I have enabled all the Allowed Tags > > These are my lines in Mailscanner.conf file > > Allow IFrame Tags = yes > Log IFrame Tags = no > Allow Form Tags = yes > Allow Object Codebase Tags = yes > > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > Filename Rules = %etc-dir%/filename.rules.conf > > > These are the log > sep 29 20:18:20 netserv MailScanner[12278]: Virus and Content > Scanning: Starting > Sep 29 20:18:22 netserv MailScanner[12278]: Content Checks: Detected > HTML-specific exploits in j8TEmIX12606 > Sep 29 20:18:22 netserv MailScanner[12278]: Content Checks: Found 1 > problems > Sep 29 20:18:22 netserv MailScanner[12278]: Saved infected ".dat" to > /var/spool/MailScanner/quarantine/20050929/j8TEmIX12606 > > > > Any Input will be welcome. > > Regards > Shardul > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzw2aBH2WUcUFbZUEQIRHwCdEX5R4Gu7A830uSMYhwEO0mtD7l8AnRQV 7mWqzF1xwIYXjpm4BVLieHva =qlqh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 29 20:05:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:51 2006 Subject: Max Message Size Rule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: > Bernd Eidenschink wrote: > >> Dear List, >> >> I'm asked to temporarily free a user's mailbox from messages greater >> than a defined size. After a few days the user wants the "big" >> messages back in her mailbox. >> >> I think a 'Maximum Message Size' ruleset would be a fast solution to >> do this, right? Can I configure a rule to forward mails above x KB to >> a different mailbox? >> >> > > Not that I know of; the max size parameter is designed to drop mail > that passes the threshold. Assuming the user wants to read messages > from a low-bandwidth situation (dialup, for example), the user would > be better off using webmail, IMAP, the MUA's option not to download > messages larger than a certain size, or a service such as mail2web.com > that lets you read your mail from the web. Yes. Applying a ruleset to "Maximum Message Size" would merely allow you to change the maximum allowed size dependent on the message, it doesn't change what happens to the message. You could hook a Custom Function onto "Non-Spam Actions" which looked at the message size and looked at the message recipient. If it is too big and addressed to the relevant user, it could delete the recipients, replace them with a null address (i.e. an alias which is delivered to /dev/null) and also added the "different mailbox" file location into the $message->{archiveplaces} location list. Not a trivial solution, I agree. But I can't see an easier way of doing it, sorry. Ideally I would re-write a load of the code to add actions similar to the Spam Actions to lots more configuration parameters. But that isn't going to happen any time soon, sorry. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzw69RH2WUcUFbZUEQIhbgCg/IML01/9qt89kMzeiLFxxtEk2AkAnjZo USseWW0jzkJI6Qa+RvAs3a2v =Anfp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Thu Sep 29 20:07:56 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:30:51 2006 Subject: Kaspersky 5.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 15 Sep 2005 17:31:19 +0100 Chris Russell wrote: > When using MailScanner with Kaspersky 5.5, Virus Scanner = > kaspersky-4.5 will not work with Kaspersky 5.5 > > To resolve this, a change is required in the kaspersky-wrapper. Under > the section: > > # For KAV 4.5.0 > > Change: > > ${PackageDir}/$Scanner $ScanOptions -o$Report -j3 -q "$@" > > To > > ${PackageDir}/$Scanner $ScanOptions -o$Report -j5 -q "$@" I removed -j3 at all and it still works with both 5.0 and 5.5 versions. Could you please confirm this? Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Sep 29 20:43:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:51 2006 Subject: Kaspersky 5.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nerijus Baliunas wrote: >On Thu, 15 Sep 2005 17:31:19 +0100 Chris Russell wrote: > > > >> When using MailScanner with Kaspersky 5.5, Virus Scanner = >>kaspersky-4.5 will not work with Kaspersky 5.5 >> >> To resolve this, a change is required in the kaspersky-wrapper. Under >>the section: >> >># For KAV 4.5.0 >> >>Change: >> >> ${PackageDir}/$Scanner $ScanOptions -o$Report -j3 -q "$@" >> >>To >> >> ${PackageDir}/$Scanner $ScanOptions -o$Report -j5 -q "$@" >> >> > >I removed -j3 at all and it still works with both 5.0 and 5.5 versions. >Could you please confirm this? > > Do I need to fork off another variant of the "kaspersky-5.0" scanner, in addition to the 4.5 version and the older version? I would rather just take out the -j3 from the -wrapper script. But I need you to decide quickly whether Kaspersky 4.5 works correctly without the -j3, or not. I'm doing a stable release on Saturday, so I need a quick answer to this! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzxDyBH2WUcUFbZUEQICoACfUtc4UKtC01+EuQpjKLJe+s/7LbsAn1zr B9X2mljn/HbcKeLcT/GUCkRn =XeeX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Thu Sep 29 21:43:19 2005 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:30:51 2006 Subject: Max Message Size Rule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Bernd Eidenschink wrote: > Dear List, > > I'm asked to temporarily free a user's mailbox from messages greater than a > defined size. After a few days the user wants the "big" messages back in her > mailbox. > > I think a 'Maximum Message Size' ruleset would be a fast solution to do this, > right? Can I configure a rule to forward mails above x KB to a different > mailbox? A better solution (if it fits the purpose?) might be to ask the user to use the functionality of their email client to accomplish this. Most client software can pick up mail larger than x bytes and leave the rest. Ken > > Thank you, > > Bernd. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Thu Sep 29 22:27:02 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:30:51 2006 Subject: Kaspersky 5.5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 29 Sep 2005 20:43:04 +0100 Julian Field wrote: > >I removed -j3 at all and it still works with both 5.0 and 5.5 versions. > >Could you please confirm this? > > Do I need to fork off another variant of the "kaspersky-5.0" scanner, in > addition to the 4.5 version and the older version? > I would rather just take out the -j3 from the -wrapper script. But I > need you to decide quickly whether Kaspersky 4.5 works correctly without > the -j3, or not. > I'm doing a stable release on Saturday, so I need a quick answer to this! I've just tested with 4.5, it works. So it works with all 3 versions - 4.5, 5 and 5.5 and you don't need to fork off another variant. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From csweeney at OSUBUCKS.ORG Thu Sep 29 23:01:28 2005 From: csweeney at OSUBUCKS.ORG (Chris Sweeney) Date: Thu Jan 12 21:30:51 2006 Subject: Block Message's with Invalid Date Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] OK thanks, I'll talk alook at these settings. Chris To those of you who read the text at the bottom of emails, check out Firefox for web browsing its much faster then IE and less prone to being a security risk. Also instead of Outlook or Outlook Express check out Thunderbird its much faster and cleaner, not to mention FREE! Just click below and your halfway there. Get Firefox! Get Thunderbird! Matt Kettler wrote: You could change the scores for the spamassassin rules that check dates; DATE_IN_PASTxxx and DATE_IN_FUTURExxx are several that stick out in my mind. Look at http://spamassassin.apache.org/tests_3_0_x.html or http://spamassassin.apache.org/tests_2_6x.html if you haven't upgraded yet. In light of the fact that 3.1 is released, I suggest this correction: Look at http://spamassassin.apache.org/tests_3_1_x.html or http://spamassassin.apache.org/tests_3_0_x.html if you haven't upgraded yet or http://spamassassin.apache.org/tests_2_6x.html if you live in the stone ages (like me, as I currently run 2.64) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schwartzw at gmail.com Thu Sep 29 23:52:53 2005 From: schwartzw at gmail.com (William Schwartz) Date: Thu Jan 12 21:30:51 2006 Subject: Mailscanner maildir archive problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm archiving email in both mbox and maildir formats. I'm looking for a way to read the maildir archives on a Windows system. I haven't been able to find any clients that can do that directly so I was thinking about just reading them via the imap server. Problem is the file names don't match what my maildirs look like. My archive directory created with MailScanner looks like: 0654B1312B3.9394D 63AC812F683.5909B 8625A12F6F5.BAFDB D348B12F6F5.DD8F2 0855112F683.59A9B 6456312F683.16A49 8D74212F6F5.C1600 DA6B11312FA.EE0C3 250B81312EE.00033 682011312B3.29C63 8E0C612F6F5.D1A24 DAC1C12F683.D7BB8 393AA12F683.5C082 826A812F683.2C714 9A1EF12F683.A362D 5967F12F683.0625A 8542C13134B.62B8A A90981312B3.A4C0E And a sample maildir on my system looks like: x3 .SimpleShare # ls -la total 32 drwx------ 6 vmail 35003 4096 May 6 12:17 . drwx------ 21 vmail 35003 4096 Aug 5 13:53 .. -rw-r--r-- 1 vmail 35003 17 May 6 12:17 courierimapacl drwx------ 2 vmail 35003 4096 Sep 2 11:37 courierimapkeywords -rw-r--r-- 1 vmail 35003 528 Sep 2 23:21 courierimapuiddb drwx------ 2 vmail 35003 4096 Sep 2 23:21 cur -rw------- 1 vmail 35003 0 May 6 12:17 maildirfolder drwx------ 2 vmail 35003 4096 May 6 12:17 new drwx------ 2 vmail 35003 4096 Sep 13 02:03 tmp x3 .SimpleShare # ls -a cur . .. 1115403457.M838606P522V0000000000006811I002D80FB_0.x3,S=2306:2,RS 1115403457.M846794P522V0000000000006811I002D8139_1.x3,S=3712:2,RS 1115403457.M854269P522V0000000000006811I002D813A_2.x3,S=5966:2,RS 1115620725.M481683P6900V0000000000006811I002D811F_0.x3,S=8373:2,S 1115677751.M664280P25304V0000000000006811I002D8125_0.x3,S=9135:2,RS 1115831327.M205127P4081V0000000000006811I002D80C9_0.x3,S=10873:2,S 1125681630.M485726P13661V0000000000006811I002D806A_0.x3 ,S=3038:2,S 1125724881.M207359P25164V0000000000006811I002D844C_1.x3,S=1104:2, I need a way to get the filenames and direcotyr structure setup in a way that the IMAP server can serve the messages. Any help would be greatly appreciated. Bill ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schwartzw at gmail.com Fri Sep 30 00:30:26 2005 From: schwartzw at gmail.com (William Schwartz) Date: Thu Jan 12 21:30:51 2006 Subject: Archive/maildir question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think I fould part of my problem but I don't know how to fix it. x3 20050406 # file * 14B8512F9F9.A5488: data 1BFB6131051.312B2: data 266C412F9F9.E7AE6: data 278BC131051.29EB6: data 3424E12F9F9.BC528: data 3B8CD12FA1B.1231A: data 4743212F9F9.F1886: data 7C9BF12F9F9.BDE9C: data 7FE0612F9F9.78A46: data 99657131051.AB574: data CCC2512F9F9.7D808: data E150B12FA1B.7C4D8: data The type should be "smtp mail text" not "data" My archive.rules line looks like: FromOrTo: *@mydomain.com /data/mail_archive/mydomain.com/ What is the syntax to get it to make proper maildir archives? Thanks, Bill On 9/29/05, William Schwartz wrote: I'm archiving email in both mbox and maildir formats. I'm looking for a way to read the maildir archives on a Windows system. I haven't been able to find any clients that can do that directly so I was thinking about just reading them via the imap server. Problem is the file names don't match what my maildirs look like. My archive directory created with MailScanner looks like: 0654B1312B3.9394D 63AC812F683.5909B 8625A12F6F5.BAFDB D348B12F6F5.DD8F2 0855112F683.59A9B 6456312F683.16A49 8D74212F6F5.C1600 DA6B11312FA.EE0C3 250B81312EE.00033 682011312B3.29C63 8E0C612F6F5.D1A24 DAC1C12F683.D7BB8 393AA12F683.5C082 826A812F683.2C714 9A1EF12F683.A362D 5967F12F683.0625A 8542C13134B.62B8A A90981312B3.A4C0E And a sample maildir on my system looks like: x3 .SimpleShare # ls -la total 32 drwx------ 6 vmail 35003 4096 May 6 12:17 . drwx------ 21 vmail 35003 4096 Aug 5 13:53 .. -rw-r--r-- 1 vmail 35003 17 May 6 12:17 courierimapacl drwx------ 2 vmail 35003 4096 Sep 2 11:37 courierimapkeywords -rw-r--r-- 1 vmail 35003 528 Sep 2 23:21 courierimapuiddb drwx------ 2 vmail 35003 4096 Sep 2 23:21 cur -rw------- 1 vmail 35003 0 May 6 12:17 maildirfolder drwx------ 2 vmail 35003 4096 May 6 12:17 new drwx------ 2 vmail 35003 4096 Sep 13 02:03 tmp x3 .SimpleShare # ls -a cur . .. 1115403457.M838606P522V0000000000006811I002D80FB_0.x3,S=2306:2,RS 1115403457.M846794P522V0000000000006811I002D8139_1.x3,S=3712:2,RS 1115403457.M854269P522V0000000000006811I002D813A_2.x3,S=5966:2,RS 1115620725.M481683P6900V0000000000006811I002D811F_0.x3,S=8373:2,S 1115677751.M664280P25304V0000000000006811I002D8125_0.x3,S=9135:2,RS 1115831327.M205127P4081V0000000000006811I002D80C9_0.x3,S=10873:2,S 1125681630.M485726P13661V0000000000006811I002D806A_0.x3,S=3038:2,S 1125724881.M207359P25164V0000000000006811I002D844C_1.x3,S=1104:2, I need a way to get the filenames and direcotyr structure setup in a way that the IMAP server can serve the messages. Any help would be greatly appreciated. Bill ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schwartzw at gmail.com Thu Sep 29 23:50:26 2005 From: schwartzw at gmail.com (William Schwartz) Date: Thu Jan 12 21:30:51 2006 Subject: Archive/maildir question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm archiving email in both mbox and maildir formats. I'm looking for a way to read the maildir archives on a Windows system. I haven't been able to find any clients that can do that directly so I was thinking about just reading them via the imap server. Problem is the file names don't match what my maildirs look like. My archive directory created with MailScanner looks like: 0654B1312B3.9394D 63AC812F683.5909B 8625A12F6F5.BAFDB D348B12F6F5.DD8F2 0855112F683.59A9B 6456312F683.16A49 8D74212F6F5.C1600 DA6B11312FA.EE0C3 250B81312EE.00033 682011312B3.29C63 8E0C612F6F5.D1A24 DAC1C12F683.D7BB8 393AA12F683.5C082 826A812F683.2C714 9A1EF12F683.A362D 5967F12F683.0625A 8542C13134B.62B8A A90981312B3.A4C0E And a sample maildir on my system looks like: x3 .SimpleShare # ls -la total 32 drwx------ 6 vmail 35003 4096 May 6 12:17 . drwx------ 21 vmail 35003 4096 Aug 5 13:53 .. -rw-r--r-- 1 vmail 35003 17 May 6 12:17 courierimapacl drwx------ 2 vmail 35003 4096 Sep 2 11:37 courierimapkeywords -rw-r--r-- 1 vmail 35003 528 Sep 2 23:21 courierimapuiddb drwx------ 2 vmail 35003 4096 Sep 2 23:21 cur -rw------- 1 vmail 35003 0 May 6 12:17 maildirfolder drwx------ 2 vmail 35003 4096 May 6 12:17 new drwx------ 2 vmail 35003 4096 Sep 13 02:03 tmp x3 .SimpleShare # ls -a cur . .. 1115403457.M838606P522V0000000000006811I002D80FB_0.x3,S=2306:2,RS 1115403457.M846794P522V0000000000006811I002D8139_1.x3,S=3712:2,RS 1115403457.M854269P522V0000000000006811I002D813A_2.x3,S=5966:2,RS 1115620725.M481683P6900V0000000000006811I002D811F_0.x3,S=8373:2,S 1115677751.M664280P25304V0000000000006811I002D8125_0.x3,S=9135:2,RS 1115831327.M205127P4081V0000000000006811I002D80C9_0.x3,S=10873:2,S 1125681630.M485726P13661V0000000000006811I002D806A_0.x3,S=3038:2,S 1125724881.M207359P25164V0000000000006811I002D844C_1.x3,S=1104:2, I need a way to get the filenames and direcotyr structure setup in a way that the IMAP server can serve the messages. Any help would be greatly appreciated. Bill ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shardul.adhikari at gmail.com Fri Sep 30 06:27:06 2005 From: shardul.adhikari at gmail.com (Shardul Adhikari) Date: Thu Jan 12 21:30:51 2006 Subject: Virus Scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi , Thanks for the Prompt Reply , But i am using version 4.29.7 and i do not see Allow Script Tags directive in the conf file , do i need to upgrade mailscanner ? Thanks and Regard Shardul On 9/30/05, Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But what about Allow Script Tags? I would advise you set that to "disarm" Shardul Adhikari wrote: > Hello MailScanner, > I am not able to send html files with javascript in it > > i am using clamav as a virus scanner > > I have enabled all the Allowed Tags > > These are my lines in Mailscanner.conf file > > Allow IFrame Tags = yes > Log IFrame Tags = no > Allow Form Tags = yes > Allow Object Codebase Tags = yes > > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > Filename Rules = %etc-dir%/filename.rules.conf > > > These are the log > sep 29 20:18:20 netserv MailScanner[12278]: Virus and Content > Scanning: Starting > Sep 29 20:18:22 netserv MailScanner[12278]: Content Checks: Detected > HTML-specific exploits in j8TEmIX12606 > Sep 29 20:18:22 netserv MailScanner[12278]: Content Checks: Found 1 > problems > Sep 29 20:18:22 netserv MailScanner[12278]: Saved infected ".dat" to > /var/spool/MailScanner/quarantine/20050929/j8TEmIX12606 > > > > Any Input will be welcome. > > Regards > Shardul > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/ ) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQzw2aBH2WUcUFbZUEQIRHwCdEX5R4Gu7A830uSMYhwEO0mtD7l8AnRQV 7mWqzF1xwIYXjpm4BVLieHva =qlqh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-user at NELAND.DK Fri Sep 30 06:39:15 2005 From: mailscanner-user at NELAND.DK (Leif Neland) Date: Thu Jan 12 21:30:51 2006 Subject: Mailscanner disturbs my domainkey? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've added domainkeys with dk-milter to sendmail. The verifier at http://senderid.espcoalition.org/ shows the signature is there, but it does not verify. Is mailscanner messing up the headers so the signature is wrong? 8uye@senderid.espcoalition.org The verifier says: DomainKey-Status: bad: Signature failed verification DomainKey-Signature: a=rsa-sha1; s=arnold; d=neland.dk; c=nofws; q=dns; h=message-id:from:to:subject:date:mime-version:content-type: content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=KqKCCl3LSAL7ztA0QktPMHZSMnAbwwRYUeMJWowfD0SZt5PbuD/mWy92a1gtu+eHa JA8njDRZ4zh0iX239dsmw== ; <<>> DiG 9.3.1 <<>> -t txt arnold._domainkey.neland.dk @ns4.gratisdns.dk ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41315 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5 ;; QUESTION SECTION: ;arnold._domainkey.neland.dk. IN TXT ;; ANSWER SECTION: arnold._domainkey.neland.dk. 43200 IN TXT "g=\; k=rsa\; t=y\; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDitcv/6R1RMjPiGHCiIcTnvVsA+A3XGg5fCf2yKUrrf7NmJw7GB9Cj35GZavzHwOVSUxkQiRUknt/+2jJMS8UCAwEAAQ==" What's wrong? :-( -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From eidenschink at WEB.DE Fri Sep 30 07:25:07 2005 From: eidenschink at WEB.DE (Bernd Eidenschink) Date: Thu Jan 12 21:30:51 2006 Subject: Max Message Size Rule Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dear Ken, Julian, Alex, thanks for your answers and hints to solutions. For now I solved the problem by writing a small TCL script called by a */5 minute cron job. Works well as a one-time hack and the window of 5 minutes before a move, where a huge message could arrive and stop a download by the user can be considered irrelevant. Thanks, Bernd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 30 08:59:04 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:51 2006 Subject: Kaspersky 5.5 Message-ID: On 29 Sep 2005, at 22:27, Nerijus Baliunas wrote: > On Thu, 29 Sep 2005 20:43:04 +0100 Julian Field > wrote: > > >>> I removed -j3 at all and it still works with both 5.0 and 5.5 >>> versions. >>> Could you please confirm this? >>> >> >> Do I need to fork off another variant of the "kaspersky-5.0" >> scanner, in >> addition to the 4.5 version and the older version? >> I would rather just take out the -j3 from the -wrapper script. But I >> need you to decide quickly whether Kaspersky 4.5 works correctly >> without >> the -j3, or not. >> I'm doing a stable release on Saturday, so I need a quick answer >> to this! >> > > I've just tested with 4.5, it works. So it works with all 3 > versions - 4.5, 5 and 5.5 > and you don't need to fork off another variant. That's exactly what I wanted to hear! Many thanks for checking all this for me. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 30 09:35:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:51 2006 Subject: Beta 4.46.2 Message-ID: I have just released a last beta before tomorrow's stable release. If you could test it and check everything is okay, I would be very grateful. Change Log is this: * New Features and Improvements * - Improved phishing net JavaScript detection to make reports more sensible. - Loads of additions to phishing net safe sites list (thanks Denis!). - Improved Install-Clam-SA package so that it sets up your /etc/ ld.so.conf file for you, by adding /usr/local/lib if necessary. - Increased the default expansion factor of archives for the clamav scanner. - Removed -j3 from call to Kaspersky in kaspersky-wrapper, on advice from Kaspersky users. * Fixes * - Fixed problem with a few TNEF files and the internal TNEF decoder, caused crashes. - Fixed warnings with numeric tests in a couple of places. - Tested against SpamAssassin 3.1.0, one minor problem found and fixed. - Fixed minor bug in "actions" parser in ZMailer support code. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Sep 30 10:21:46 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:30:51 2006 Subject: Couple lines of spam Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 29/09/05, Max Kipness wrote: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Glenn Steen > > Sent: Wednesday, September 28, 2005 9:25 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Couple lines of spam > > (snip) > > Depends... Probably custon SA rule(s). Geocities or msn? > > These few sentences spam come from various domains. > > So you mean create custom rules based on the contents of these particular > emails? > > Thanks, > Max If they are unlike to the *.geocities.com (etc etc) spams, where one can find a least common denominator, that might turn rather ... onerous:). Could you share a snippet or two? Just to see what they look like... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Fri Sep 30 13:11:57 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:30:51 2006 Subject: Mailscanner disturbs my domainkey? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I've added domainkeys with dk-milter to sendmail. > > The verifier at http://senderid.espcoalition.org/ shows the signature is > there, but it does not verify. > > Is mailscanner messing up the headers so the signature is wrong? According to the rfc, [ http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-02.txt ] , it is a signature of the mail, including the headers below the DomainKey-Signature. As far as I can understand new headers need to be put before the signature not to conflict. -- Lars > > 8uye@senderid.espcoalition.org > > The verifier says: DomainKey-Status: bad: Signature failed verification > > DomainKey-Signature: a=rsa-sha1; s=arnold; d=neland.dk; c=nofws; q=dns; > h=message-id:from:to:subject:date:mime-version:content-type: > content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; > b=KqKCCl3LSAL7ztA0QktPMHZSMnAbwwRYUeMJWowfD0SZt5PbuD/mWy92a1gtu+eHa > JA8njDRZ4zh0iX239dsmw== > > ; <<>> DiG 9.3.1 <<>> -t txt arnold._domainkey.neland.dk @ns4.gratisdns.dk > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41315 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5 > > ;; QUESTION SECTION: > ;arnold._domainkey.neland.dk. IN TXT > > ;; ANSWER SECTION: > arnold._domainkey.neland.dk. 43200 IN TXT "g=\; k=rsa\; t=y\; > p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDitcv/6R1RMjPiGHCiIcTnvVsA+A3XGg5fCf2yKUrrf7NmJw7GB9Cj35GZavzHwOVSUxkQiRUknt/+2jJMS8UCAwEAAQ==" > > What's wrong? :-( > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at HOTMAIL.COM Fri Sep 30 14:03:50 2005 From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Cavalcanti) Date: Thu Jan 12 21:30:51 2006 Subject: Block null "from" in logs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Anyone can help me to make a rule to block e-mails that comes with null from in header (from=<> in mail.log). Thanks in advance, Mauricio ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Sep 30 14:34:58 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:30:51 2006 Subject: Block null "from" in logs Message-ID: I think if you do this, you break RFC's 821, 1123, 2505, and 2821. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mauricio Cavalcanti > Sent: Friday, September 30, 2005 8:04 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Block null "from" in logs > > Hi, > Anyone can help me to make a rule to block e-mails that comes > with null from in header (from=<> in mail.log). > > Thanks in advance, > Mauricio > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Sep 30 14:43:16 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:51 2006 Subject: Block null "from" in logs Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Kercher > Sent: Friday, September 30, 2005 9:35 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Block null "from" in logs > > I think if you do this, you break RFC's 821, 1123, 2505, and 2821. > > Mike > I knew it was at least RFC 1123 but when you're a small IPS getting a million + bounced messages a day from a vicious and intentional Joe job and your business is at stake, I can understand why one might consider this approach. The actual approach we took was to quickly setup another gateway and point all of the incoming email for the domain that was under attack at the new gateway that used this modified sendmail file. The other hosted domains then were then unaffected by the attack and the valid email to the domain under attack was delivered pretty much on time. But your point is very valid. DO NOT DO THIS unless this unless you have no other choice. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mauricio Cavalcanti > > Sent: Friday, September 30, 2005 8:04 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Block null "from" in logs > > > > Hi, > > Anyone can help me to make a rule to block e-mails that comes > > with null from in header (from=<> in mail.log). > > > > Thanks in advance, > > Mauricio > > > > ------------------------ MailScanner list > > ------------------------ To unsubscribe, email > > jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Sep 30 14:56:10 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:30:51 2006 Subject: Block null "from" in logs Message-ID: On 30 Sep 2005, at 14:43, Stephen Swaney wrote: >> -----Original Message----- >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Block null "from" in logs >> >> I think if you do this, you break RFC's 821, 1123, 2505, and 2821. >> >> Mike >> >> > > But your point is very valid. DO NOT DO THIS unless this unless you > have no > other choice. Or unless you are Microsoft. They do this on all their corporate mail. And they publicly admit it. It is one of their chief ways of blocking spam. Fortunately their staff are all so brilliant they never mistype an email address, as they sure won't get told when they send to non- existent addresses :-) >>> -----Original Message----- >>> From: MailScanner mailing list >>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mauricio Cavalcanti >>> Sent: Friday, September 30, 2005 8:04 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Block null "from" in logs >>> >>> Hi, >>> Anyone can help me to make a rule to block e-mails that comes >>> with null from in header (from=<> in mail.log). >>> >>> Thanks in advance, >>> Mauricio >>> >>> ------------------------ MailScanner list >>> ------------------------ To unsubscribe, email >>> jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Fri Sep 30 15:37:07 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:30:51 2006 Subject: Block null "from" in logs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >Anyone can help me to make a rule to block e-mails that comes with null from >in header (from=<> in mail.log). > > If you are running sendmail and don't mind running milters you can use milter-regex http://www.benzedrine.cx/milter-regex.html Takes some playing around to get it to compile under Linux but it works nicely. I have a client that was getting thousands of DSNs to his domain which were being sent to different users. His domain only has about 20 valid senders so this was all the result of spams. We have temporarily block all Null sender messages to his domain only by using the following: reject "This domain does not accept DSN messages" envrcpt /@domain.co.uk/ei and envfrom /^$/ envrcpt /@domain.co.uk/ei and envfrom /^<>$/ envrcpt /@domain.co.uk/ei and envfrom /mailer-daemon@/ei I will re-iterate what everyone else has said about RFC's. From direct experience we also have had to change the way in which mailfromd (a version of milter-sender) verifies addresses as sites that block DSNs were being blocked from sending to our clients. We use the address "addressverifier" rather than "<>" now and this reduces the number of failures. matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Fri Sep 30 15:52:04 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:30:51 2006 Subject: Block null "from" in logs Message-ID: On Sep 30, 2005, at 7:37 AM, Matt Hampton wrote: >> Anyone can help me to make a rule to block e-mails that comes with >> null from >> in header (from=<> in mail.log). >> > > If you are running sendmail and don't mind running milters you can use > milter-regex > > http://www.benzedrine.cx/milter-regex.html > And, if you use mimedefang, you can use the filter_sender function. (not knocking milter-regex, just saying that this is yet another thing that mimedefang covers; so if you're going to do multiple things in milters, it might be prudent to use one milter that does all of those functions instead of multiple milters ... though, I honestly don't know which which is faster) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Sep 30 15:58:54 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:30:51 2006 Subject: Block null "from" in logs Message-ID: Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Friday, September 30, 2005 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Block null "from" in logs > > On 30 Sep 2005, at 14:43, Stephen Swaney wrote: > >> -----Original Message----- > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: Block null "from" in logs > >> > >> I think if you do this, you break RFC's 821, 1123, 2505, and 2821. > >> > >> Mike > >> > >> > > > > But your point is very valid. DO NOT DO THIS unless this unless you > > have no > > other choice. > > Or unless you are Microsoft. They do this on all their corporate > mail. And they publicly admit it. It is one of their chief ways of > blocking spam. > > Fortunately their staff are all so brilliant they never mistype an > email address, as they sure won't get told when they send to non- > existent addresses :-) > For those of you who need a Microsoft education in how to handle spam (or maybe just need a good chuckle after a long hard week) you can download the article that Julian's referring above to from: http://www.microsoft.com/downloads/details.aspx?FamilyId=17DC35AD-8BA1-48B1- 91F3-563313EE878A&displaylang=en Download the file MessagingHygieneITVC.doc. If you don't happen to have M$ Word (or OpenOffice :) drop me a note off list. Enjoy and have a good weekend! Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Sep 30 19:00:17 2005 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jan 12 21:30:51 2006 Subject: Block null "from" in logs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Hampton wrote: >> Anyone can help me to make a rule to block e-mails that comes with >> null from >> in header (from=<> in mail.log). >> >> > > If you are running sendmail and don't mind running milters you can use > milter-regex > > http://www.benzedrine.cx/milter-regex.html > > Takes some playing around to get it to compile under Linux but it > works nicely. I have a client that was getting thousands of DSNs to > his domain which were being sent to different users. His domain only > has about 20 valid senders so this was all the result of spams. > We have temporarily block all Null sender messages to his domain only > by using the following: > > reject "This domain does not accept DSN messages" > envrcpt /@domain.co.uk/ei and envfrom /^$/ > envrcpt /@domain.co.uk/ei and envfrom /^<>$/ > envrcpt /@domain.co.uk/ei and envfrom /mailer-daemon@/ei > > I will re-iterate what everyone else has said about RFC's. From > direct experience we also have had to change the way in which > mailfromd (a version of milter-sender) verifies addresses as sites > that block DSNs were being blocked from sending to our clients. We > use the address "addressverifier" rather than "<>" now and this > reduces the number of failures. > > matt > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! I've also had to tweak milter-sender to use a valid address when verifying the sender, because a lot of ISP's in my country block from:<> messages. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Fri Sep 30 19:03:46 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:30:51 2006 Subject: Virus Scanning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Shardul Adhikari wrote: > But i am using version 4.29.7 and i do not see Allow Script Tags directive > in the conf file , do i need to upgrade mailscanner ? Maybe you need to upgrade your MailScanner.conf file because it was introduced in 4.29.7: 1/4/2004 New in Version 4.29.7 ============================== * New Features and Improvements * -