From nauman at worldcall.net.pk Sat Apr 1 05:43:04 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Sat Apr 1 05:43:13 2006 Subject: problem in Mailscanner-mrtg Graphs References: Message-ID: <004101c65546$c5913f60$23c051cb@noc> ERROR IN /var/log/maillog : Mailserver MailScanner-MRTG[3544]: Unable to find a mountpoint for /var/www/html/mailscanner-mrtg/incoming/. Please set MailScanner Work Directory in mailscanner-mrtg.conf to a valid mountpoint. You can see a list of mointpoints on your system by using the df command I m using a.. mailscanner-mrtg-0.10.00-1.src.rpm b.. mrtg-2.13.2.tar.gz c.. gd-2.0.11.tar.gz d.. zlib-1.2.3.tar.gz e.. libpng-1.2.5.tar.gz f.. And SENDMAIL 8.13.5 and MailScanner I M using MRTG for the Base and Mailscanner-mrtg tool to Maintaine My Graphs for my MailServer I only Have these mount Points [root@Jadoo]# df -h Filesystem Mounted on /dev/sda3 / /dev/sda1 /boot none /dev/shm /dev/sdb1 /var Is there ANY Way - i can Make the Above Graph - Visible ?????????? Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From damian at workgroupsolutions.com Sat Apr 1 07:19:25 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Sat Apr 1 07:19:36 2006 Subject: segmentation fault starting MailScanner Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CCFD2@core01.workgroupsolutions.com> Any ideas what could be causing the following problem when starting MailScanner version 4.50.15, Sendmail 8.13.6, Spamassassin 3.1.0 and Perl 5.8.1 - I've been fighting this problems for months now when starting MailScanner though it does not happen every time I manually start MailScanner. Starting MailScanner daemons: incoming sendmail: /etc/init.d/MailScanner: line 390: 11791 Segmentation fault $SENDMAIL -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=$INQDIR -OPidFile=$INPID When the problem occurs, MailScanner does not start. I can make the problem happen by starting and stopping MailScanner about four times in a row. Thanks, Damian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060331/e0df86f1/attachment.html From karl.bailey at landmark-information.co.uk Sat Apr 1 10:49:50 2006 From: karl.bailey at landmark-information.co.uk (Karl Bailey) Date: Sat Apr 1 10:49:58 2006 Subject: Not often I post Message-ID: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6F22@exmx04.corp.edrlandmark.net> I've updated MailScanner as suggested & supplied the "broken" message directly to Julian. Hopefully this will help with this issue. Thanks for the responses. Regards KArl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Freegard Sent: 31 March 2006 09:32 To: MailScanner discussion Subject: Re: Not often I post Hi Karl, On Thu, 2006-03-30 at 23:02 +0100, Karl Bailey wrote: > Only when I have a problem, which I seem to at the moment. Two day in > a row now I have had a problem with MailScanner 4.51.5-1 running in > RedHat FC1. It employs spam assassin, kaspersky, f-prot & mcafee virus > scanning. CPU usage etc hovers around 25% & all in all it works very > well processing around 20000 messages (6GBytes) a day. > > > > I have received a single message that brings mailscanner to it's > knees .. the message enters the inbound mail queue, the MailScanner > processes defunct one by one till MailScanner is effectively not > processing mail any more, mail builds up in the inbound mail queue. > This is exasperated by the fact that although MailScanner reports as > defunct in the process list it is actually still identifying spam, & > generating spam warning messages, which in turn end up in the inbound > queue... this seems to lead to a "DOS" effect. > > > > I have isolated the single message in it's raw queue qf & df files. > Every time I place it into the inbound queue the processes defunct, & > yes I am ensuring there is no file permissions problems... If anyone > wants a copy of the message I can send them the queue files.... I'm > suspicious though that the Virus Scanning is where the problem lies, > hence without the combination of VC's listed above it may run through > the queue ... Any ideas? The one thing I've noticed about the header (qf > file) is that there seems to be some very long boundary strings > emplyed. > We had a number of customers with exactly the same problem on 4.51.5 - an upgrade to 4.51.6 solved the problem for them. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. Tel: +44 (0)1243 200 001 Mobile: +44 (0)7740 364 348 Skype: smfreegard -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Registered Office: 5-7 Abbey Court, Eagle Way, Sowton, Exeter, Devon, EX2 7HY Registered Number 2892803 Registered in England & Wales The information contained in this e-mail is confidential and may be subject to legal privilege. If you are not the intended recipient, you must not use, copy, distribute or disclose the e-mail or any part of its contents or take any action in reliance on it. If you have received this e-mail in error, please e-mail the sender by replying to this message. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. Landmark Information Group Limited cannot accept responsibility for loss or damage arising from the use of this e-mail or attachments and recommend that you subject these to your virus checking procedures prior to use. www.landmarkinfo.co.uk From glenn.steen at gmail.com Sat Apr 1 11:46:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 1 11:46:25 2006 Subject: segmentation fault starting MailScanner In-Reply-To: <0C941442AC84A8449448BA2207DD4F4D0CCFD2@core01.workgroupsolutions.com> References: <0C941442AC84A8449448BA2207DD4F4D0CCFD2@core01.workgroupsolutions.com> Message-ID: <223f97700604010246of6158d6g3eb0cc585edc678c@mail.gmail.com> On 01/04/06, Damian Mendoza wrote: > > > > Any ideas what could be causing the following problem when starting > MailScanner version 4.50.15, Sendmail 8.13.6, Spamassassin 3.1.0 and Perl > 5.8.1 ? I've been fighting this problems for months now when starting > MailScanner though it does not happen every time I manually start > MailScanner. > > > > Starting MailScanner daemons: > > incoming sendmail: /etc/init.d/MailScanner: line 390: 11791 > Segmentation fault $SENDMAIL -bd -OPrivacyOptions=noetrn > -ODeliveryMode=queueonly -OQueueDirectory=$INQDIR -OPidFile=$INPID > > > > When the problem occurs, MailScanner does not start. > > > > I can make the problem happen by starting and stopping MailScanner about > four times in a row. > > > > > > Thanks, > > > > Damian This is very likely a HW problem. Start troubleshooting by running a memory tester worth its salt on the system (http://www.memtest86.com/ ... Assuming you are running on an x86 architecture... It is included on many Live-CD distros, Ubuntu etc etc). Also run fsck on every filesystem on the box (means you need boot to something else .... Knoppix, SystemResqueCD, R.I.P. or your OS' normal "non-disk" boot method). It's fairly unlikely, but a bum filesystem *could* trip you up. If those are "green", then something else is tipping you up (bum NIC, bad drivers, botched libs .... the list is "endless":-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Apr 1 13:04:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 1 13:05:20 2006 Subject: MailScanner ANNOUNCE: Stable 4.52 released Message-ID: <442E6C64.6080906@ecs.soton.ac.uk> I have just released the stable release for April, version 4.52. It's been a quiet month, just one major new feature which I hope the ISP's among you, in particular, will find useful. There is now an option in the Phishing Net settings that will make it slightly less strict. If you have a web server email.domain.com pretending to be www.domain.com it will not complain as the "domain.com" strings match. It also knows a pretty complete list of all the second level domains used by many countries. So email.domain.org.uk and www.domain.org.uk will match. But www.domain1.org.uk and www.domain2.org.uk will _not_ match. This is because it knows that ".org.uk" is a generic domain name used by the UK to cover a whole group of different websites (UK non-profits). This also adds a new configuration file, %etc-dir%/country.domains.conf. Download it as usual from www.mailscanner.info. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 1 13:09:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 1 13:09:17 2006 Subject: Not often I post In-Reply-To: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6F22@exmx04.corp.edrlandmark.net> References: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6F22@exmx04.corp.edrlandmark.net> Message-ID: <442E6D67.2040309@ecs.soton.ac.uk> I think this was fixed in 4.51.6, it certainly doesn't appear to cause any problems now. Karl Bailey wrote: > I've updated MailScanner as suggested & supplied the "broken" message > directly to Julian. Hopefully this will help with this issue. Thanks for > the responses. > > Regards > KArl > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve > Freegard > Sent: 31 March 2006 09:32 > To: MailScanner discussion > Subject: Re: Not often I post > > Hi Karl, > > On Thu, 2006-03-30 at 23:02 +0100, Karl Bailey wrote: > >> Only when I have a problem, which I seem to at the moment. Two day in >> a row now I have had a problem with MailScanner 4.51.5-1 running in >> RedHat FC1. It employs spam assassin, kaspersky, f-prot & mcafee virus >> scanning. CPU usage etc hovers around 25% & all in all it works very >> well processing around 20000 messages (6GBytes) a day. >> >> >> >> I have received a single message that brings mailscanner to it's >> knees .. the message enters the inbound mail queue, the MailScanner >> processes defunct one by one till MailScanner is effectively not >> processing mail any more, mail builds up in the inbound mail queue. >> This is exasperated by the fact that although MailScanner reports as >> defunct in the process list it is actually still identifying spam, & >> generating spam warning messages, which in turn end up in the inbound >> queue... this seems to lead to a "DOS" effect. >> >> >> >> I have isolated the single message in it's raw queue qf & df files. >> Every time I place it into the inbound queue the processes defunct, & >> yes I am ensuring there is no file permissions problems... If anyone >> wants a copy of the message I can send them the queue files.... I'm >> suspicious though that the Virus Scanning is where the problem lies, >> hence without the combination of VC's listed above it may run through >> the queue ... Any ideas? The one thing I've noticed about the header >> > (qf > >> file) is that there seems to be some very long boundary strings >> emplyed. >> >> > > We had a number of customers with exactly the same problem on 4.51.5 - > an upgrade to 4.51.6 solved the problem for them. > > Kind regards, > Steve. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From tac.forums at gmail.com Sat Apr 1 13:36:04 2006 From: tac.forums at gmail.com (TAC Forums) Date: Sat Apr 1 13:36:08 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> References: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> Message-ID: On 3/31/06, Julian Field wrote: > Switch off the incoming sendmail (kill the one that listening for > messages). Is that the one that says 'sendmail: accepting connections' when I do a 'ps ax', or is the one that says '/usr/sbin/sendmail -q15m -OPidFile /var/run/sendmail.out.pid' > Wait for MailScanner to stop delivering any new messages. > Delete everything left in mqueue.in. > Stop MailScanner completely and restart it. Wouldn't this work fine too? =================================== cd /var/spool/mqueue.in find . -mtime +5 -print | xargs rm =================================== -- TAC Support Team From tac.forums at gmail.com Sat Apr 1 13:46:01 2006 From: tac.forums at gmail.com (TAC Forums) Date: Sat Apr 1 13:46:03 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: On 3/31/06, Jeff A. Earickson wrote: > First, figure out the maximum time that you hold email before returning > it as undeliverable. Mine is three days, eg "Timeout.queuereturn=3d" > in my sendmail settings. Then cd to the queue directory in question, > and do: > > find . -mtime +3 -print | xargs rm > > Voila, old files are gone. No need to stop sendmail or MailScanner. Hi Jeff This is great. Worked wonders... thanks a bunch for this... The default was 5d for my server. On a separate note, would you care to share why you configured it for 3 days instead of the default 5 days that was configured on my sendmail configuration? Regards -- TAC Support Team From tac.forums at gmail.com Sat Apr 1 13:46:54 2006 From: tac.forums at gmail.com (TAC Forums) Date: Sat Apr 1 13:46:57 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: On 4/1/06, Mark McCoy wrote: > Do a 'man find' first. On some Unices, "-mtime +3" means "older than > 3 minutes", not "older than 3 days". Ah! thanks for pointing this out. I checked the man page. Apparently this version of Linux means days, so we're okay on that. Thanks for the warning. Regards -- TAC Support Team From jaearick at colby.edu Sat Apr 1 14:02:09 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat Apr 1 14:07:16 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: As others pointed out, RTFM before using a new UNIX command. I didn't know that +3 could mean minutes on some Linux systems. I would expect the syntax to be something like "+3m" for that, so as not to break for older UNIX systems (Solaris in my case). I use 3 days because if a message won't go in 3 days, it almost certainly won't go in 5. DNS/dead server issues are usually noticed and fixed in three days. The rest is typos, replies to spam and bogus addresses. Get it outta my mail queue! I also use Timeout.queuewarn=4h instead of the one day default, to give users a quicker clue that their message isn't moving (so they can fix their typos). Jeff Earickson Colby College On Sat, 1 Apr 2006, TAC Forums wrote: > Date: Sat, 1 Apr 2006 18:16:01 +0530 > From: TAC Forums > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: mqueue and mqueue.in have more files than necessary ... should I > worry? > > On 3/31/06, Jeff A. Earickson wrote: >> First, figure out the maximum time that you hold email before returning >> it as undeliverable. Mine is three days, eg "Timeout.queuereturn=3d" >> in my sendmail settings. Then cd to the queue directory in question, >> and do: >> >> find . -mtime +3 -print | xargs rm >> >> Voila, old files are gone. No need to stop sendmail or MailScanner. > > Hi Jeff > > This is great. Worked wonders... thanks a bunch for this... > > The default was 5d for my server. > > On a separate note, would you care to share why you configured it for > 3 days instead of the default 5 days that was configured on my > sendmail configuration? > > Regards > -- > TAC Support Team > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Sat Apr 1 18:31:13 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Apr 1 18:31:19 2006 Subject: Suggestion: include only .pm files from CustomFunctions Message-ID: Yesterday I put a small test file in CustomFunctions for debugging a problem with module SQLSpamSettings.pm and left it there after I finished. Later I found in the logs that MailScanner had tried (and failed, of course) to include it. Wouldn't it be better to just include files with the standard perl module suffix of .pm? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dfilchak at sympatico.ca Sat Apr 1 22:23:36 2006 From: dfilchak at sympatico.ca (Dave Filchak) Date: Sat Apr 1 22:25:48 2006 Subject: rulesets Message-ID: <442EEF58.4010006@sympatico.ca> Just updated my spamassassin rule sets and got this message: EvilNumber has changed on host.domain.net. Version line: # Version: 02.00.01 # The evilnumber set has been renamed to match SARE's updated standards, the new name is 70_sare_evilnum0.cf. Please remove evilnumber local language files Where do I find the evilnumber local language files? dave From MailScanner at ecs.soton.ac.uk Sat Apr 1 23:44:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 1 23:44:22 2006 Subject: Suggestion: include only .pm files from CustomFunctions In-Reply-To: References: Message-ID: <442F0234.7090601@ecs.soton.ac.uk> I'm pretty sure I've already done that. Kai Schaetzl wrote: > Yesterday I put a small test file in CustomFunctions for debugging a > problem with module SQLSpamSettings.pm and left it there after I finished. > Later I found in the logs that MailScanner had tried (and failed, of > course) to include it. Wouldn't it be better to just include files with > the standard perl module suffix of .pm? > > Kai > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Sun Apr 2 02:40:14 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 02:40:21 2006 Subject: Suggestion: include only .pm files from CustomFunctions In-Reply-To: <442F0234.7090601@ecs.soton.ac.uk> References: <442F0234.7090601@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sat, 01 Apr 2006 23:44:04 +0100: > I'm pretty sure I've already done that. I'm running 4.51.6 Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From butler at globeserver.com Sun Apr 2 02:57:16 2006 From: butler at globeserver.com (Philip Butler) Date: Sun Apr 2 02:57:57 2006 Subject: Strange syslog message.... Message-ID: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> Hi all, I was scanning my syslog and found the following: mailscanner[1794]: called with 2 bind variables when 0 are needed and this repeats. All seems to be working properly but I am wondering what this message really means and how to correct it. Any ideas ?? Phil From naolson at gmail.com Sun Apr 2 03:02:06 2006 From: naolson at gmail.com (Nathan Olson) Date: Sun Apr 2 03:02:09 2006 Subject: Strange syslog message.... In-Reply-To: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> References: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> Message-ID: <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> It looks like a DBI (database abstraction layer) error. Nate From maillists at conactive.com Sun Apr 2 11:02:34 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 11:02:42 2006 Subject: Strange syslog message.... In-Reply-To: <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> References: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> Message-ID: Nathan Olson wrote on Sat, 1 Apr 2006 20:02:06 -0600: > It looks like a DBI (database abstraction layer) error. Yes. Do you use any CustomFunctions, f.i. for/from Mailwatch? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun Apr 2 11:02:34 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 11:02:42 2006 Subject: rulesets In-Reply-To: <442EEF58.4010006@sympatico.ca> References: <442EEF58.4010006@sympatico.ca> Message-ID: Dave Filchak wrote on Sat, 01 Apr 2006 16:23:36 -0500: > Where do I find the evilnumber local language files? /etc/mail/spamassassin Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From smf at f2s.com Sun Apr 2 13:05:58 2006 From: smf at f2s.com (Steve Freegard) Date: Sun Apr 2 13:03:25 2006 Subject: Suggestion: include only .pm files from CustomFunctions In-Reply-To: <442F0234.7090601@ecs.soton.ac.uk> References: <442F0234.7090601@ecs.soton.ac.uk> Message-ID: <1143979558.16392.510.camel@localhost.localdomain> On Sat, 2006-04-01 at 23:44 +0100, Julian Field wrote: > I'm pretty sure I've already done that. You did as it was one of my feature requests -- as of 4.50, only files of extensions .pl or .pm are included. Cheers, Steve. From butler at globeserver.com Sun Apr 2 15:18:39 2006 From: butler at globeserver.com (Philip Butler) Date: Sun Apr 2 15:19:19 2006 Subject: Strange syslog message.... In-Reply-To: References: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> Message-ID: <8C320493-9173-418B-AE2B-491783D739B3@globeserver.com> No - not using custom functions... Phil On Apr 2, 2006, at 6:02 AM, Kai Schaetzl wrote: > Nathan Olson wrote on Sat, 1 Apr 2006 20:02:06 -0600: > >> It looks like a DBI (database abstraction layer) error. > > Yes. Do you use any CustomFunctions, f.i. for/from Mailwatch? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From kevins at bmrb.co.uk Sun Apr 2 18:31:07 2006 From: kevins at bmrb.co.uk (Kevin Spicer) Date: Sun Apr 2 18:31:25 2006 Subject: problem in Mailscanner-mrtg Graphs In-Reply-To: <004101c65546$c5913f60$23c051cb@noc> References: <004101c65546$c5913f60$23c051cb@noc> Message-ID: <1143999067.5884.8.camel@bach.kevinspicer.co.uk> On Sat, 2006-04-01 at 09:43 +0500, Muhammad Nauman wrote: > ERROR IN /var/log/maillog : > > Mailserver MailScanner-MRTG[3544]: Unable to find a mountpoint for > /var/www/html/mailscanner-mrtg/incoming/. Please set MailScanner Work > Directory in mailscanner-mrtg.conf to a valid mountpoint. You can see a > list of mointpoints on your system by using the df command > This has been discussed many times on the MSMRTG forums on the sourceforge site. Given your partitioning you should set 'MailScanner Work Directory' in mailscanner-mrtg.conf to /var (and certainly not what you appear to have set it to which doesn't look like anything that would normally be used for MailScanner's work directory). If this is a production machine you might want to reconsider you partitioning scheme, having logs, spool and work directory on the same partition will not give you the best performance (not to mention the risk to your mail flow if your logs fill up the disk). Kevin ================================================================= BMRB wins two BMRA awards - http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From maillists at conactive.com Sun Apr 2 18:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 18:31:30 2006 Subject: Suggestion: include only .pm files from CustomFunctions In-Reply-To: <1143979558.16392.510.camel@localhost.localdomain> References: <442F0234.7090601@ecs.soton.ac.uk> <1143979558.16392.510.camel@localhost.localdomain> Message-ID: Steve Freegard wrote on Sun, 02 Apr 2006 13:05:58 +0100: > You did as it was one of my feature requests -- as of 4.50, only files > of extensions .pl or .pm are included. That's what I mean! Why .pl? Official Perl module extension is .pm. Why include .pl? If I want to troubleshoot a module the first thing is put a pl file in there and include the .pm ... Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mikej at rogers.com Sun Apr 2 20:43:44 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Apr 2 20:43:41 2006 Subject: Why does MS rename postfix queue IDs? Message-ID: <44302970.7040509@rogers.com> So, as the topic says, why does MS rename postfix queue IDs? Whats is the reason for this? -- Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: client=localhost[127.0.0.1] Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header Received: ... Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to F39462B2043 -- Why add the .##### to the ID? Also, is it really necessary to change the ID when re queuing the message? From dfilchak at sympatico.ca Sun Apr 2 22:35:47 2006 From: dfilchak at sympatico.ca (Dave Filchak) Date: Sun Apr 2 22:33:49 2006 Subject: rulesets Message-ID: <443043B3.7070703@sympatico.ca> I do not see anything in /etc/mail/spamassassin that resembles a local language file?? Dave Dave Filchak wrote on Sat, 01 Apr 2006 16:23:36 -0500: > > Where do I find the evilnumber local language files? > /etc/mail/spamassassin Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Sun Apr 2 22:36:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 2 22:36:57 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <44302970.7040509@rogers.com> References: <44302970.7040509@rogers.com> Message-ID: <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> On 02/04/06, Mike Jakubik wrote: > So, as the topic says, why does MS rename postfix queue IDs? Whats is > the reason for this? > > -- > Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: > client=localhost[127.0.0.1] > Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header > Received: > ... > Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to > F39462B2043 > -- > > Why add the .##### to the ID? Also, is it really necessary to change the > ID when re queuing the message? This is a bit of a FAQ it seems, for the postfix implementation... I noticed that with MW and PF, since PF _will reuse queue IDs_, that I got a rather disturbing amount of duplicates in my database.... (Could've been any database logging too, or even a script calculating things based on the queue ID. Any such system was bound to have a fair amount of errors, particularly if you employ a "less than simplistic partitioning scheme", since the amount of continuous i-node consumption will play a role too. I had var on its own partition, so got hit pretty bad) ... I badgered first Steve for a fix, then Jules... Who was gracious enough to oblige. As mentioned, the whole problem is that the queue ID will be reused, since it is calculated from the i-node and the present microsecond... Sounds rather random, but simply isn't "random enough" (as Jules comment in the code goes:).... Even in some rather common "standard setups" you _will_ be bit by this. Jules solution (to manage some extra randomness, tagged on behind a very "scriptabe"/"ignorable" is purely briliant. And no, it should stay, no matter what;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Apr 2 22:41:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 2 22:41:58 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> Message-ID: <223f97700604021441u746a52f9ib9f4a09ceb84d07b@mail.gmail.com> On 02/04/06, Glenn Steen wrote: > On 02/04/06, Mike Jakubik wrote: > > So, as the topic says, why does MS rename postfix queue IDs? Whats is > > the reason for this? > > > > -- > > Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: > > client=localhost[127.0.0.1] > > Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header > > Received: > > ... > > Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to > > F39462B2043 > > -- > > > > Why add the .##### to the ID? Also, is it really necessary to change the > > ID when re queuing the message? > > This is a bit of a FAQ it seems, for the postfix implementation... I > noticed that with MW and PF, since PF _will reuse queue IDs_, that I > got a rather disturbing amount of duplicates in my database.... > (Could've been any database logging too, or even a script calculating > things based on the queue ID. Any such system was bound to have a fair > amount of errors, particularly if you employ a "less than simplistic > partitioning scheme", since the amount of continuous i-node > consumption will play a role too. I had var on its own partition, so > got hit pretty bad) ... I badgered first Steve for a fix, then > Jules... Who was gracious enough to oblige. > > As mentioned, the whole problem is that the queue ID will be reused, > since it is calculated from the i-node and the present microsecond... > Sounds rather random, but simply isn't "random enough" (as Jules > comment in the code goes:).... Even in some rather common "standard > setups" you _will_ be bit by this. > > Jules solution (to manage some extra randomness, tagged on behind a > very "scriptabe"/"ignorable" is purely > briliant. And no, it should stay, no matter what;-). > (Replying to myself.... Sigh:-) About the requeueing bit, that is necessary, yes. "man postsuper" tells a lot about the "hoary" details of how PF really works:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikej at rogers.com Sun Apr 2 22:53:08 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Apr 2 22:53:14 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <223f97700604021441u746a52f9ib9f4a09ceb84d07b@mail.gmail.com> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> <223f97700604021441u746a52f9ib9f4a09ceb84d07b@mail.gmail.com> Message-ID: <443047C4.40000@rogers.com> Glenn Steen wrote: > On 02/04/06, Glenn Steen wrote: > >> On 02/04/06, Mike Jakubik wrote: >> >>> So, as the topic says, why does MS rename postfix queue IDs? Whats is >>> the reason for this? >>> >>> -- >>> Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: >>> client=localhost[127.0.0.1] >>> Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header >>> Received: >>> ... >>> Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to >>> F39462B2043 >>> -- >>> >>> Why add the .##### to the ID? Also, is it really necessary to change the >>> ID when re queuing the message? >>> >> This is a bit of a FAQ it seems, for the postfix implementation... I >> noticed that with MW and PF, since PF _will reuse queue IDs_, that I >> got a rather disturbing amount of duplicates in my database.... >> (Could've been any database logging too, or even a script calculating >> things based on the queue ID. Any such system was bound to have a fair >> amount of errors, particularly if you employ a "less than simplistic >> partitioning scheme", since the amount of continuous i-node >> consumption will play a role too. I had var on its own partition, so >> got hit pretty bad) ... I badgered first Steve for a fix, then >> Jules... Who was gracious enough to oblige. >> >> As mentioned, the whole problem is that the queue ID will be reused, >> since it is calculated from the i-node and the present microsecond... >> Sounds rather random, but simply isn't "random enough" (as Jules >> comment in the code goes:).... Even in some rather common "standard >> setups" you _will_ be bit by this. >> >> Jules solution (to manage some extra randomness, tagged on behind a >> very "scriptabe"/"ignorable" is purely >> briliant. And no, it should stay, no matter what;-). >> >> > (Replying to myself.... Sigh:-) > About the requeueing bit, that is necessary, yes. "man postsuper" > tells a lot about the "hoary" details of how PF really works:-). > Thats for the detailed explanation. In this case i agree with you, things should stay the same. Do you think it is safe to assume that a logged msg id in a db will not be duplicated, say over a span of 3 years? I think one should probably still refer to records by record id, not msg id, just to be safe... From maillists at conactive.com Sun Apr 2 23:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 23:31:26 2006 Subject: Bad Content Checks Message-ID: I found a file like this getting quarantined as "bad content". (Ahm, what actually happens then - the message is delivered without the attachment, or what happens?) 042-06-Logos.ly01.pdf This is the rule that hit on it. I don't see the value of this rule. # Deny all other double file extensions. This catches any hidden filenames. deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension What is the point of disallowing whatever.whatever.pdf? Why is this trying tho hide the real filename extension? Maybe that (whatever.bat.pdf) is doing this, but it's much less troublesome than (whatever.pdf.bat). Can I rule this over with allow \.pdf$ ? If so, I suggest adding quite a few of these exclusions. Moreover. How can I release that file? I released it and it was immediately caught again although 127.0.0.1 is whitelisted and Mailwatch lists a Status of "W/L Bad Content" now. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at grayonline.id.au Sun Apr 2 22:40:16 2006 From: james at grayonline.id.au (James Gray) Date: Mon Apr 3 00:21:54 2006 Subject: MailScanner on Mac OSX? Message-ID: <200604030740.21324.james@grayonline.id.au> Hi All, I'm hoping I'm not about to "break new ground" :) Has anyone got any reports on using MailScanner on Mac OSX (Intel)? I'm simplifying my network at home with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. So far I've figured out that OSX is using Perl 5.8.6 and Postfix of some flavour. Does anyone have any pre-installation validation tools or advice on what to expect? I know OSX is BSD under the hood, but the directory structure is seriously weird for someone coming from a "pure" Linux/BSD/Unix background. BTW - where the hell does OSX keep it's cron jobs and services? I've got Apache+MySQL running on it but they both came with neato *.dmg packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's though I'm happy to work with Julian to get the bugs sorted and possibly create a OSX "port" complete with dmg package etc....now THAT interests me! Thanks in advance. James -- I've got a bad feeling about this. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/7c0425c9/attachment.bin From maillists at conactive.com Mon Apr 3 00:31:29 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 00:31:37 2006 Subject: rulesets In-Reply-To: <443043B3.7070703@sympatico.ca> References: <443043B3.7070703@sympatico.ca> Message-ID: Dave Filchak wrote on Sun, 02 Apr 2006 17:35:47 -0400: > I do not see anything in /etc/mail/spamassassin that resembles a local language file?? I see. Sorry, I can't be of more help, I abandoned evilnumbers long ago. Maybe there are different files for numbers by country and they refer to that? Ask on the satalk list. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From craig at csfs.co.za Mon Apr 3 07:57:31 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Mon Apr 3 07:57:53 2006 Subject: Spam Reporting Address Message-ID: Hi Julian / All, This might have been asked before, sorry if a repost ;-) Is it possible to set up an email address on a server that mailscanner picks up as a spam reporting address to which the users can forward emails that the users consider spam for SpamAssassin to learn from. If not, might this not be a nifty feature 8) Thx Craig -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/7841a331/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 3 08:48:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 08:49:02 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> Message-ID: <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> On 2 Apr 2006, at 22:36, Glenn Steen wrote: > Jules solution (to manage some extra randomness, tagged on behind a > very "scriptabe"/"ignorable" is purely > briliant. And no, it should stay, no matter what;-). You're too kind :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 08:55:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 08:55:35 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <200604030740.21324.james@grayonline.id.au> References: <200604030740.21324.james@grayonline.id.au> Message-ID: On 2 Apr 2006, at 22:40, James Gray wrote: > Hi All, > > I'm hoping I'm not about to "break new ground" :) Has anyone got > any reports > on using MailScanner on Mac OSX (Intel)? I'm simplifying my > network at home > with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. There are a few people (and I mean _very_ few) doing this, after a guy at Sophos got it working on 10.3. It's one of the projects I want to get onto, and may be able to put in some time on it very soon. There are those 2 packaging systems (Fink and the other one I can't remember) which would provide an easy, though cumbersome, solution. Would that be good enough for now? What I really want is a system that uses launchd properly and at least has a system preference for starting and stopping it. Slimserver nearly does this, but in a pre-Tiger form, not using launchd. I would much rather "do it properly" than hack something together. If anyone can point me in the right direction, such as an example package that already does all this that I can plug into, that would be fantastic. But even working out how to program for launchd would be a start. The OSX way of booting appears to be very complicated, involving reams of XML. Sorry that doesn't really answer your question, but.... > > So far I've figured out that OSX is using Perl 5.8.6 and Postfix of > some > flavour. Does anyone have any pre-installation validation tools or > advice on > what to expect? I know OSX is BSD under the hood, but the directory > structure is seriously weird for someone coming from a "pure" Linux/ > BSD/Unix > background. > > BTW - where the hell does OSX keep it's cron jobs and services? > I've got > Apache+MySQL running on it but they both came with neato *.dmg > packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's > though I'm > happy to work with Julian to get the bugs sorted and possibly > create a OSX > "port" complete with dmg package etc....now THAT interests me! > > Thanks in advance. > > James > -- > I've got a bad feeling about this. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 09:08:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 09:08:19 2006 Subject: Spam Reporting Address In-Reply-To: References: Message-ID: On 3 Apr 2006, at 07:57, Craig Retief ((CSFS)) wrote: > Is it possible to set up an email address on a server that > mailscanner picks up as a spam reporting address to which the users > can forward emails that the users consider spam for SpamAssassin to > learn from. Funnily enough, it's already there. Your users must "redirect" or "bounce" their message to the address, as "forward" results in all sorts of mangling happen to the message on the way. All you need to do is collect that mail in a mailbox on your MailScanner server, run sa-learn on it, move it to the end of a "cumulative" file, and repeat every day. You want to move it out of the way as otherwise you will be re- teaching SpamAssassin stuff it has already seen, which is a waste of time. But I would still keep it so you can re-teach it all if your Bayes db dies/corrupts. Start by reading the docs for "sa-learn", it can slurp in an entire Unix mbox format mailbox at one go (with the "--mbox" switch). Hope that helps get you started. Here's the cron job I use to do it, which you might find useful. #!/bin/sh SPAM=/var/spool/mail/spam NOTSPAM=/var/spool/mail/notspam TOTAL=.cumulative LOGFILE=/var/log/learn.spam.log #PREFS=/etc/MailScanner/spam.assassin.prefs.conf SALEARN=/usr/bin/sa-learn date >> $LOGFILE if [ -f $SPAM ]; then BOX=${SPAM}.processing mv $SPAM $BOX sleep 5 # Wait for writing current message to complete $SALEARN --spam --mbox $BOX >> $LOGFILE 2>&1 cat $BOX >> ${SPAM}${TOTAL} echo >> ${SPAM}${TOTAL} rm -f $BOX fi if [ -f $NOTSPAM ]; then BOX=${NOTSPAM}.processing mv $NOTSPAM $BOX sleep 5 # Wait for writing current message to complete $SALEARN --ham --mbox $BOX >> $LOGFILE 2>&1 cat $BOX >> ${NOTSPAM}${TOTAL} echo >> ${NOTSPAM}${TOTAL} rm -f $BOX fi -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/6412434b/attachment.html From glenn.steen at gmail.com Mon Apr 3 09:13:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 3 09:13:49 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <443047C4.40000@rogers.com> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> <223f97700604021441u746a52f9ib9f4a09ceb84d07b@mail.gmail.com> <443047C4.40000@rogers.com> Message-ID: <223f97700604030113m32a65bfcl9ebc4a1f9f197896@mail.gmail.com> On 02/04/06, Mike Jakubik wrote: > Glenn Steen wrote: > > On 02/04/06, Glenn Steen wrote: > > > >> On 02/04/06, Mike Jakubik wrote: > >> > >>> So, as the topic says, why does MS rename postfix queue IDs? Whats is > >>> the reason for this? > >>> > >>> -- > >>> Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: > >>> client=localhost[127.0.0.1] > >>> Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header > >>> Received: > >>> ... > >>> Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to > >>> F39462B2043 > >>> -- > >>> > >>> Why add the .##### to the ID? Also, is it really necessary to change the > >>> ID when re queuing the message? > >>> > >> This is a bit of a FAQ it seems, for the postfix implementation... I > >> noticed that with MW and PF, since PF _will reuse queue IDs_, that I > >> got a rather disturbing amount of duplicates in my database.... > >> (Could've been any database logging too, or even a script calculating > >> things based on the queue ID. Any such system was bound to have a fair > >> amount of errors, particularly if you employ a "less than simplistic > >> partitioning scheme", since the amount of continuous i-node > >> consumption will play a role too. I had var on its own partition, so > >> got hit pretty bad) ... I badgered first Steve for a fix, then > >> Jules... Who was gracious enough to oblige. > >> > >> As mentioned, the whole problem is that the queue ID will be reused, > >> since it is calculated from the i-node and the present microsecond... > >> Sounds rather random, but simply isn't "random enough" (as Jules > >> comment in the code goes:).... Even in some rather common "standard > >> setups" you _will_ be bit by this. > >> > >> Jules solution (to manage some extra randomness, tagged on behind a > >> very "scriptabe"/"ignorable" is purely > >> briliant. And no, it should stay, no matter what;-). > >> > >> > > (Replying to myself.... Sigh:-) > > About the requeueing bit, that is necessary, yes. "man postsuper" > > tells a lot about the "hoary" details of how PF really works:-). > > > > Thats for the detailed explanation. In this case i agree with you, > things should stay the same. Do you think it is safe to assume that a > logged msg id in a db will not be duplicated, say over a span of 3 > years? I think one should probably still refer to records by record id, > not msg id, just to be safe... > I haven't "done the math" for that long a time-period. Remember that the likelihood of "ID reuse" is dependant not only on the time period (3 years), but also on the frequency (meaning amount of messages handled)... And on how you've partitioned things. In my case it would be safe for that time-period, yes, but fortunately I don't need to handle more than three months, so ... I'm "super-safe":-). Without the fix, I had several duplicates/day, seriously confusing things ... particularily in the quarantine view.... So for me this is an essential fix. >From the message POV, record id is meaningless. Sure, that makes the duplicates "non-duplicates" from a DB POV, but they don't really help with the messages (where you often don't have anything more than the message ID or queue ID to start with, if that), so ... yes and no:-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Apr 3 09:14:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 3 09:14:58 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> Message-ID: <223f97700604030114nd1d9475sb3200040f17b356d@mail.gmail.com> On 03/04/06, Julian Field wrote: > On 2 Apr 2006, at 22:36, Glenn Steen wrote: > > Jules solution (to manage some extra randomness, tagged on behind a > > very "scriptabe"/"ignorable" is purely > > briliant. And no, it should stay, no matter what;-). > > You're too kind :-) > On the contrary, one cannot be kind enough about this;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From craigwhite at azapple.com Mon Apr 3 09:18:33 2006 From: craigwhite at azapple.com (Craig White) Date: Mon Apr 3 09:18:44 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> Message-ID: <1144052314.19913.18.camel@lin-workstation.azapple.com> On Mon, 2006-04-03 at 08:48 +0100, Julian Field wrote: > On 2 Apr 2006, at 22:36, Glenn Steen wrote: > > Jules solution (to manage some extra randomness, tagged on behind a > > very "scriptabe"/"ignorable" is purely > > briliant. And no, it should stay, no matter what;-). > > You're too kind :-) > ---- I found it convenient to add... *Remove = Requeue to /etc/log.d/conf/services/mailscanner.conf so I didn't get all of them logged though because they contributed to the nightmare in logwatch Craig From craig at csfs.co.za Mon Apr 3 09:20:40 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Mon Apr 3 09:21:02 2006 Subject: Spam Reporting Address In-Reply-To: Message-ID: Thx Julian, helps a lot. ;-) Craig On 3 Apr 2006, at 07:57, Craig Retief ((CSFS)) wrote: Is it possible to set up an email address on a server that mailscanner picks up as a spam reporting address to which the users can forward emails that the users consider spam for SpamAssassin to learn from. Funnily enough, it's already there. Your users must "redirect" or "bounce" their message to the address, as "forward" results in all sorts of mangling happen to the message on the way. All you need to do is collect that mail in a mailbox on your MailScanner server, run sa-learn on it, move it to the end of a "cumulative" file, and repeat every day. You want to move it out of the way as otherwise you will be re-teaching SpamAssassin stuff it has already seen, which is a waste of time. But I would still keep it so you can re-teach it all if your Bayes db dies/corrupts. Start by reading the docs for "sa-learn", it can slurp in an entire Unix mbox format mailbox at one go (with the "--mbox" switch). Hope that helps get you started. Here's the cron job I use to do it, which you might find useful. #!/bin/sh SPAM=/var/spool/mail/spam NOTSPAM=/var/spool/mail/notspam TOTAL=.cumulative LOGFILE=/var/log/learn.spam.log #PREFS=/etc/MailScanner/spam.assassin.prefs.conf SALEARN=/usr/bin/sa-learn date >> $LOGFILE if [ -f $SPAM ]; then BOX=${SPAM}.processing mv $SPAM $BOX sleep 5 # Wait for writing current message to complete $SALEARN --spam --mbox $BOX >> $LOGFILE 2>&1 cat $BOX >> ${SPAM}${TOTAL} echo >> ${SPAM}${TOTAL} rm -f $BOX fi if [ -f $NOTSPAM ]; then BOX=${NOTSPAM}.processing mv $NOTSPAM $BOX sleep 5 # Wait for writing current message to complete $SALEARN --ham --mbox $BOX >> $LOGFILE 2>&1 cat $BOX >> ${NOTSPAM}${TOTAL} echo >> ${NOTSPAM}${TOTAL} rm -f $BOX fi -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From drew at themarshalls.co.uk Mon Apr 3 09:50:56 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon Apr 3 09:51:18 2006 Subject: rulesets In-Reply-To: References: <443043B3.7070703@sympatico.ca> Message-ID: <38199.194.70.180.170.1144054256.squirrel@webmail.r-bit.net> On Mon, April 3, 2006 00:31, Kai Schaetzl wrote: > Dave Filchak wrote on Sun, 02 Apr 2006 17:35:47 -0400: > >> I do not see anything in /etc/mail/spamassassin that resembles a local >> language file?? I think you will find it called evilnumbers.cf. The SARE naming scheme is more like xx_sare_rule.cf where xx is a pair of digits. I would suggest having a read about the new evilnumbers rules as there are now 4 types to pick from. http://www.rulesemporium.com Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From gmatt at nerc.ac.uk Mon Apr 3 11:16:55 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 11:17:03 2006 Subject: Problem of removed carriage return on attached txt-files In-Reply-To: References: Message-ID: <1144059415.12412.33.camel@lea.nerc-wallingford.ac.uk> On Mon, 2006-03-20 at 10:41 +0100, Bernard.Lheureux@ibsbe.be wrote: > > I wanted to know if there was a solution for the problem of "removed > carriage returns" in attached text files passing through a MailScanner > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and > Sophos. > I have read in the mailinglist that it should be a perl bug but in > which module, and how to fix it ? > Do you have an idea where I could point my searches to ? this problem is not fixed, the only workaround appears to be turn off "Sign Clean Messages". Unfortunately, it doesnt look like this problem will be fixed any time soon. As I understand it, it is a "hard" problem involving perl itself, rather than the MIME::Tools module but IANAP. G > > Best regards / Vriendelijke groeten / Cordialement, > > --- > Bernard Lheureux > Consultant / System Engineer - Networking Team > > IBS TECHNOLOGY AND SERVICES > Leuvense Steenweg, 643 > 1930 Zaventem - Belgium > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > http://www.ibsts.be > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Mon Apr 3 12:02:29 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 12:02:39 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <44270AEA.9080001@evi-inc.com> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> Message-ID: <1144062149.12412.37.camel@lea.nerc-wallingford.ac.uk> 'scuse top post... I've never implemented a vacation message because I've seen far too much of this sort of thing. Is there any docu on implementing sensible vac message that wont spam lists, wont respond more than once per sender etc plus any other gotchas? G On Sun, 2006-03-26 at 16:43 -0500, Matt Kettler wrote: > And one wonders why so many people despise lists which insert a "Reply-To" > header that points back to the list.. > > Too many *CENSORED* out there that think "reply" is an appropriate behavior for > a vacation rule. > > Of course, if we're lucky someone will spamcop freecom.net's mailservers. > > (Spamcop DOES accept reports for broken vacation rules, which this clearly is, > and it was done by a systems admin who should know better. While I hate to see > companies listed because some *CENSORED* in marketing crafted up his own > vacation rule without following procedure, I don't have any sympathy for freecom > if they get listed for this.) > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Mon Apr 3 13:06:48 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 13:06:58 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> Message-ID: <1144066008.12412.41.camel@lea.nerc-wallingford.ac.uk> I often get "orphaned" data files lying around. ie those df files without a corresponding qf envelope file. I use the following script to clean them up: #!/bin/bash # clean up orphaned df* files in mqueue.in # no known cause for these files yet. /etc/init.d/MailScanner stop sleep 2 dir="/var/spool/mqueue.in" file=`find $dir -mtime +1` for i in ${file} do m=`basename ${i}` j=${m:2} if [ ! -e "${dir}/qf${j}" ]; then mv ${i} /var/tmp/ fi done echo df -hl /etc/init.d/MailScanner start exit 0 -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From jethro.binks at strath.ac.uk Mon Apr 3 13:16:21 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon Apr 3 13:16:22 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <1144062149.12412.37.camel@lea.nerc-wallingford.ac.uk> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> <1144062149.12412.37.camel@lea.nerc-wallingford.ac.uk> Message-ID: <20060403130412.S33576@defjam.cc.strath.ac.uk> On Mon, 3 Apr 2006, Greg Matthews wrote: > I've never implemented a vacation message because I've seen far too much > of this sort of thing. Is there any docu on implementing sensible vac > message that wont spam lists, wont respond more than once per sender etc > plus any other gotchas? I wrote an extensive configuration for Exim. Here are some parts of it, which may provide clues. The trick is basically to severely limit the things to which an autoreply message will be sent. ## Vacation functionality attempts to follow best practice; in particular it ## heeds some parts of these: ## http://www.faqs.org/rfcs/rfc3834.html (Autoresponder rules) ## http://www.ietf.org/internet-drafts/draft-ietf-sieve-vacation-06.txt ## http://www.ietf.org/rfc/rfc2369.txt (List-* headers) ... condition = "${if or { \ { match {$h_precedence:} {(?i)junk|bulk|list} } \ { eq {$sender_address} {} } \ { def:header_X-Cron-Env: } \ { def:header_Auto-Submitted: } \ { def:header_List-Help: } \ { def:header_List-Unsubscribe: } \ { def:header_List-Subscribe: } \ { def:header_List-Owner: } \ { def:header_List-Archive: } \ { def:header_Autorespond: } \ { def:header_X-Autoresponse: } \ { def:header_X-eBay-MailTracker: } \ { def:header_X-MaxCode-Template: } \ { match {$h_X-FC-MachineGenerated:} {true} } \ { match {$message_body} {\\N^Your \"cron\" job on\\N} } \ { match {$h_Subject:} {\\N^Out of Office\\N} } \ { match {$h_Subject:} {\\N^Auto-Reply:\\N} } \ { match {$h_Subject:} {\\N^Autoresponse:\\N} } \ { match {$h_From:} {\\N(via the vacation program)\\N } } \ { match_address {$header_X-Local-Original-Recipient:} \ {$header_To: $header_CC: $header_Bcc: \ $header_Resent-To: $header_Resent-Cc: $header_Resent-Bcc:} \ } \ } {no} {yes} \ }" You may also include a test for mail that you scored as spam, and not reply to that. You should also ensure any autoresponder system only replies once per sender address, at least within a fixed time period (7 days perhaps). The autoresponse itself should contain an "Auto-Submitted:" header field with the value "auto-replied". Finally, you shouldn't respond to a message from certain addresses; here is a partial list of regular expressions I use: ^.*-request@.* ^owner-.*@.* ^.*-owner@.* ^.*-admin@.* ^bounce-.*@.* ^.*-outgoing@.* ^.*-relay@.* ^.*-bounces@.* ^mailer@.* ^postmaster@.* ^mailer-daemon@.* ^mailer_daemon@.* ^majordomo@.* ^majordom@.* ^mailman@.* ^nobody@.* ^reminder@.* ^listserv@.* ^daemon@.* ^server@.* ^root@.* ^noreply@.* ^bounce@.* ^news@.* ^httpd@.* ^www@.* ^nagios@.* ^sales@.* ^info@.* ^listmaster@.* ^mailmaster@.* ^squid@.* ^support@.* ^exim@.* scomp@aol.net with certain other local-only additions. Jethro. > > G > > On Sun, 2006-03-26 at 16:43 -0500, Matt Kettler wrote: > > And one wonders why so many people despise lists which insert a "Reply-To" > > header that points back to the list.. > > > > Too many *CENSORED* out there that think "reply" is an appropriate > > behavior for a vacation rule. > > > > Of course, if we're lucky someone will spamcop freecom.net's mailservers. > > > > (Spamcop DOES accept reports for broken vacation rules, which this > > clearly is, and it was done by a systems admin who should know better. > > While I hate to see companies listed because some *CENSORED* in > > marketing crafted up his own vacation rule without following > > procedure, I don't have any sympathy for freecom if they get listed > > for this.) > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From gmatt at nerc.ac.uk Mon Apr 3 13:16:40 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 13:16:52 2006 Subject: Spam Reporting Address In-Reply-To: References: Message-ID: <1144066600.12412.43.camel@lea.nerc-wallingford.ac.uk> On Mon, 2006-04-03 at 09:08 +0100, Julian Field wrote: > Funnily enough, it's already there. Your users must "redirect" or > "bounce" their message to the address, as "forward" results in all > sorts of mangling happen to the message on the way. good luck getting your users to "do the right thing" G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From craig at csfs.co.za Mon Apr 3 13:24:45 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Mon Apr 3 13:25:11 2006 Subject: Spam Reporting Address In-Reply-To: <1144066600.12412.43.camel@lea.nerc-wallingford.ac.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Greg Matthews Sent: 03 April 2006 02:17 PM To: MailScanner discussion Subject: Re: Spam Reporting Address On Mon, 2006-04-03 at 09:08 +0100, Julian Field wrote: > Funnily enough, it's already there. Your users must "redirect" or > "bounce" their message to the address, as "forward" results in all > sorts of mangling happen to the message on the way. >good luck getting your users to "do the right thing" I wish one had enough time to be able to train all the users to "do the right thing", unfortunately it one of the byproducts of having users ;-) C >G >-- >Greg Matthews 01491 692445 >Head of UNIX/Linux, iTSS Wallingford >-- >This message (and any attachments) is for the recipient only. NERC >s subject to the Freedom of Information Act 2000 and the contents >of this email and any reply you make may be disclosed by NERC unless >it is exempt from release under the Act. Any material supplied to >NERC may be stored in an electronic records management system. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Mon Apr 3 13:59:56 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 14:00:06 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <20060403130412.S33576@defjam.cc.strath.ac.uk> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> <1144062149.12412.37.camel@lea.nerc-wallingford.ac.uk> <20060403130412.S33576@defjam.cc.strath.ac.uk> Message-ID: <1144069196.12412.67.camel@lea.nerc-wallingford.ac.uk> Hi Jethro... thanks for the reply, I was really looking for a client-side solution. I run our coroporate "mail relay" system which feeds into the corporate mail system over which I have no control. The relay servers are not the place to implement vacation messages so client-side is my only option. However, your regex list looks quite useful. My local mailbox is served by sendmail on solaris and I connect with an IMAP client. I have shell (and root) access to the sendmail server. G On Mon, 2006-04-03 at 13:16 +0100, Jethro R Binks wrote: > On Mon, 3 Apr 2006, Greg Matthews wrote: > > > I've never implemented a vacation message because I've seen far too much > > of this sort of thing. Is there any docu on implementing sensible vac > > message that wont spam lists, wont respond more than once per sender etc > > plus any other gotchas? > > I wrote an extensive configuration for Exim. Here are some parts of it, > which may provide clues. The trick is basically to severely limit the > things to which an autoreply message will be sent. > > ## Vacation functionality attempts to follow best practice; in particular it > ## heeds some parts of these: > ## http://www.faqs.org/rfcs/rfc3834.html (Autoresponder rules) > ## http://www.ietf.org/internet-drafts/draft-ietf-sieve-vacation-06.txt > ## http://www.ietf.org/rfc/rfc2369.txt (List-* headers) > ... > condition = "${if or { \ > { match {$h_precedence:} {(?i)junk|bulk|list} } \ > { eq {$sender_address} {} } \ > { def:header_X-Cron-Env: } \ > { def:header_Auto-Submitted: } \ > { def:header_List-Help: } \ > { def:header_List-Unsubscribe: } \ > { def:header_List-Subscribe: } \ > { def:header_List-Owner: } \ > { def:header_List-Archive: } \ > { def:header_Autorespond: } \ > { def:header_X-Autoresponse: } \ > { def:header_X-eBay-MailTracker: } \ > { def:header_X-MaxCode-Template: } \ > { match {$h_X-FC-MachineGenerated:} {true} } \ > { match {$message_body} {\\N^Your \"cron\" job on\\N} } \ > { match {$h_Subject:} {\\N^Out of Office\\N} } \ > { match {$h_Subject:} {\\N^Auto-Reply:\\N} } \ > { match {$h_Subject:} {\\N^Autoresponse:\\N} } \ > { match {$h_From:} {\\N(via the vacation program)\\N } } \ > { match_address {$header_X-Local-Original-Recipient:} \ > {$header_To: $header_CC: $header_Bcc: \ > $header_Resent-To: $header_Resent-Cc: $header_Resent-Bcc:} \ > } \ > } {no} {yes} \ > }" > > You may also include a test for mail that you scored as spam, and not > reply to that. > > You should also ensure any autoresponder system only replies once per > sender address, at least within a fixed time period (7 days perhaps). > > The autoresponse itself should contain an "Auto-Submitted:" header field > with the value "auto-replied". > > Finally, you shouldn't respond to a message from certain addresses; here > is a partial list of regular expressions I use: > > ^.*-request@.* > ^owner-.*@.* > ^.*-owner@.* > ^.*-admin@.* > ^bounce-.*@.* > ^.*-outgoing@.* > ^.*-relay@.* > ^.*-bounces@.* > ^mailer@.* > ^postmaster@.* > ^mailer-daemon@.* > ^mailer_daemon@.* > ^majordomo@.* > ^majordom@.* > ^mailman@.* > ^nobody@.* > ^reminder@.* > ^listserv@.* > ^daemon@.* > ^server@.* > ^root@.* > ^noreply@.* > ^bounce@.* > ^news@.* > ^httpd@.* > ^www@.* > ^nagios@.* > ^sales@.* > ^info@.* > ^listmaster@.* > ^mailmaster@.* > ^squid@.* > ^support@.* > ^exim@.* > scomp@aol.net > > with certain other local-only additions. > > Jethro. > > > > > > G > > > > On Sun, 2006-03-26 at 16:43 -0500, Matt Kettler wrote: > > > And one wonders why so many people despise lists which insert a "Reply-To" > > > header that points back to the list.. > > > > > > Too many *CENSORED* out there that think "reply" is an appropriate > > > behavior for a vacation rule. > > > > > > Of course, if we're lucky someone will spamcop freecom.net's mailservers. > > > > > > (Spamcop DOES accept reports for broken vacation rules, which this > > > clearly is, and it was done by a systems admin who should know better. > > > While I hate to see companies listed because some *CENSORED* in > > > marketing crafted up his own vacation rule without following > > > procedure, I don't have any sympathy for freecom if they get listed > > > for this.) > > > > > -- > > Greg Matthews 01491 692445 > > Head of UNIX/Linux, iTSS Wallingford > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From adrik at salesmanager.nl Mon Apr 3 14:12:25 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Mon Apr 3 14:12:27 2006 Subject: Microsoft Word and Excel documents with embedded harmfull objects Message-ID: Recently some users have discovered a new trick to send blocked and potentially harmful file through the MailScanner gateway. They create an email messages with a Microsoft Word or Excel document attachment, which contains an embedded OLE object or package. The embedded object can by ANY other file, including executables etc. When scanned by MailScanner, the executable and other embedded objects are not detected and the message is passed through to the users mailbox! Obviously this is not what we would like to happen. I have found a little program 'ripOLE' on http://freshmeat.net/projects/ripole/, which will extract all embedded objects from a Word Document. Would it be easy to integrate 'ripOLE' or an equivalent program into MailScanner to be called for attachments? If the embedded objects are extracted into the normal temp directory, then MailScanner will subject them to the same file-name/type restrictions as normal attachments. Probably 'ripOLE' only need to be called when the /usr/bin/file command has determined the attachment to be some kind of 'Microsoft Office Data' file. Adri. From gmatt at nerc.ac.uk Mon Apr 3 14:13:30 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 14:13:39 2006 Subject: "reports and responses" problems Message-ID: <1144070011.12412.78.camel@lea.nerc-wallingford.ac.uk> If I quarantine messages above a certain size using: Maximum Message Size = 15000000 and then send a message larger than this, the recipient is sent the report defined by: Stored Virus Message Report = %report-dir%/stored.virus.message.txt I've rejigged our stored.virus.message.txt file to be more generic (less virus orientated) but shouldnt this have its own report? also, a small cleanup required for sender.error.report.txt: The mail scanner said this about the message: Report: $report should be: The mail scanner said this about the message: $report optionally, you might also want to change "virus scanner" to "mail scanner" or similar in these reports. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From alex at nkpanama.com Mon Apr 3 15:37:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 3 15:38:38 2006 Subject: Bad Content Checks In-Reply-To: References: Message-ID: <44313333.3080603@nkpanama.com> Kai Schaetzl wrote: > I found a file like this getting quarantined as "bad content". (Ahm, what > actually happens then - the message is delivered without the attachment, > or what happens?) > > 042-06-Logos.ly01.pdf > > This is the rule that hit on it. I don't see the value of this rule. > > # Deny all other double file extensions. This catches any hidden > filenames. > deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename > hiding Attempt to hide real filename extension > > What is the point of disallowing whatever.whatever.pdf? Why is this trying > tho hide the real filename extension? Maybe that (whatever.bat.pdf) is > doing this, but it's much less troublesome than (whatever.pdf.bat). > > Can I rule this over with > > allow \.pdf$ > > ? > If so, I suggest adding quite a few of these exclusions. > > Moreover. How can I release that file? I released it and it was > immediately caught again although 127.0.0.1 is whitelisted and Mailwatch > lists a Status of "W/L Bad Content" now. > > > > Kai > > You can, if you put it before the double extension rule. Depending on the clients' wishes, I either disable it altogether (the double extension rule) or I add allow rules at the top for trusted filetypes (my preferred choice). I think you can override it with another setting introduced a couple of versions ago. From alex at nkpanama.com Mon Apr 3 15:40:03 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 3 15:40:34 2006 Subject: MailScanner on Mac OSX? In-Reply-To: References: <200604030740.21324.james@grayonline.id.au> Message-ID: <443133C3.1080007@nkpanama.com> I once tried getting it to work on OS X Server, but gave up ;) - I think it can be done, except I'm not very postfix-savvy. You *could*, however, run it using any Linux-for-Mac distro; I haven't heard of any for the Intel Macs yet (if anybody knows, I'd appreciate the heads-up), but if one's not available right now I suspect they should be here RSN. Julian Field wrote: > > On 2 Apr 2006, at 22:40, James Gray wrote: > >> Hi All, >> >> I'm hoping I'm not about to "break new ground" :) Has anyone got any >> reports >> on using MailScanner on Mac OSX (Intel)? I'm simplifying my network >> at home >> with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. > > There are a few people (and I mean _very_ few) doing this, after a guy > at Sophos got it working on 10.3. > > It's one of the projects I want to get onto, and may be able to put in > some time on it very soon. > > There are those 2 packaging systems (Fink and the other one I can't > remember) which would provide an easy, though cumbersome, solution. > > Would that be good enough for now? > > What I really want is a system that uses launchd properly and at least > has a system preference for starting and stopping it. Slimserver > nearly does this, but in a pre-Tiger form, not using launchd. I would > much rather "do it properly" than hack something together. > > If anyone can point me in the right direction, such as an example > package that already does all this that I can plug into, that would be > fantastic. > > But even working out how to program for launchd would be a start. The > OSX way of booting appears to be very complicated, involving reams of > XML. > > Sorry that doesn't really answer your question, but.... > >> >> So far I've figured out that OSX is using Perl 5.8.6 and Postfix of some >> flavour. Does anyone have any pre-installation validation tools or >> advice on >> what to expect? I know OSX is BSD under the hood, but the directory >> structure is seriously weird for someone coming from a "pure" >> Linux/BSD/Unix >> background. >> >> BTW - where the hell does OSX keep it's cron jobs and services? I've >> got >> Apache+MySQL running on it but they both came with neato *.dmg >> packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's >> though I'm >> happy to work with Julian to get the bugs sorted and possibly create >> a OSX >> "port" complete with dmg package etc....now THAT interests me! >> >> Thanks in advance. >> >> James >> --I've got a bad feeling about this. >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Mon Apr 3 16:26:41 2006 From: brent.bolin at gmail.com (BB) Date: Mon Apr 3 16:26:45 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <200604030740.21324.james@grayonline.id.au> References: <200604030740.21324.james@grayonline.id.au> Message-ID: <787dcac20604030826o21fe62bm9e96fdf6cc2cfb5f@mail.gmail.com> /etc/crontab /var/cron/tabs On 4/2/06, James Gray wrote: > > Hi All, > > I'm hoping I'm not about to "break new ground" :) Has anyone got any > reports > on using MailScanner on Mac OSX (Intel)? I'm simplifying my network at > home > with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. > > So far I've figured out that OSX is using Perl 5.8.6 and Postfix of some > flavour. Does anyone have any pre-installation validation tools or advice > on > what to expect? I know OSX is BSD under the hood, but the directory > structure is seriously weird for someone coming from a "pure" > Linux/BSD/Unix > background. > > BTW - where the hell does OSX keep it's cron jobs and services? I've got > Apache+MySQL running on it but they both came with neato *.dmg > packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's though > I'm > happy to work with Julian to get the bugs sorted and possibly create a OSX > "port" complete with dmg package etc....now THAT interests me! > > Thanks in advance. > > James > -- > I've got a bad feeling about this. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/d28c5c1e/attachment.html From brent.bolin at gmail.com Mon Apr 3 16:31:58 2006 From: brent.bolin at gmail.com (BB) Date: Mon Apr 3 16:32:25 2006 Subject: MailScanner on Mac OSX? In-Reply-To: References: <200604030740.21324.james@grayonline.id.au> Message-ID: <787dcac20604030831g49e3ce9fw2eef49cd3c0b5cc5@mail.gmail.com> I agree the startup method of OSX is strange. I have not used it but /etc/rc refers to standard unix startup file. /etc/rc.local Darwin 8.5.0 Mac OSX 10.4.5 On 4/3/06, Julian Field wrote: > > > On 2 Apr 2006, at 22:40, James Gray wrote: > > > Hi All, > > > > I'm hoping I'm not about to "break new ground" :) Has anyone got > > any reports > > on using MailScanner on Mac OSX (Intel)? I'm simplifying my > > network at home > > with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. > > There are a few people (and I mean _very_ few) doing this, after a > guy at Sophos got it working on 10.3. > > It's one of the projects I want to get onto, and may be able to put > in some time on it very soon. > > There are those 2 packaging systems (Fink and the other one I can't > remember) which would provide an easy, though cumbersome, solution. > > Would that be good enough for now? > > What I really want is a system that uses launchd properly and at > least has a system preference for starting and stopping it. > Slimserver nearly does this, but in a pre-Tiger form, not using > launchd. I would much rather "do it properly" than hack something > together. > > If anyone can point me in the right direction, such as an example > package that already does all this that I can plug into, that would > be fantastic. > > But even working out how to program for launchd would be a start. The > OSX way of booting appears to be very complicated, involving reams of > XML. > > Sorry that doesn't really answer your question, but.... > > > > > So far I've figured out that OSX is using Perl 5.8.6 and Postfix of > > some > > flavour. Does anyone have any pre-installation validation tools or > > advice on > > what to expect? I know OSX is BSD under the hood, but the directory > > structure is seriously weird for someone coming from a "pure" Linux/ > > BSD/Unix > > background. > > > > BTW - where the hell does OSX keep it's cron jobs and services? > > I've got > > Apache+MySQL running on it but they both came with neato *.dmg > > packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's > > though I'm > > happy to work with Julian to get the bugs sorted and possibly > > create a OSX > > "port" complete with dmg package etc....now THAT interests me! > > > > Thanks in advance. > > > > James > > -- > > I've got a bad feeling about this. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/68ce0fd2/attachment.html From maillists at conactive.com Mon Apr 3 17:09:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 17:09:54 2006 Subject: Strange syslog message.... In-Reply-To: <8C320493-9173-418B-AE2B-491783D739B3@globeserver.com> References: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> <8C320493-9173-418B-AE2B-491783D739B3@globeserver.com> Message-ID: Sorry, no more speculation then. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Apr 3 17:09:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 17:09:57 2006 Subject: Bad Content Checks In-Reply-To: <44313333.3080603@nkpanama.com> References: <44313333.3080603@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote on Mon, 03 Apr 2006 09:37:39 -0500: > You can, if you put it before the double extension rule. Depending on > the clients' wishes, I either disable it altogether (the double > extension rule) or I add allow rules at the top for trusted filetypes > (my preferred choice). I think you can override it with another setting > introduced a couple of versions ago. Thanks for the answer. Some months ago Julian introduced simpler Allow Filenames = \.txt$ \.pdf$ stuff which can either be used directly in MailScanner or with a ruleset. That's what I did now for txt and pdf. I added them like "\.txt$ \.pdf$" to the file and may add more. Can I also put them line after line in that file? Additionally I also commented out this double extension rule. However, how am I supposed to release this stuff if necessary? If I release it it's immediately caught again by MS. The whitelist works only for spam. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jrudd at ucsc.edu Mon Apr 3 17:53:26 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon Apr 3 17:53:57 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <443133C3.1080007@nkpanama.com> References: <200604030740.21324.james@grayonline.id.au> <443133C3.1080007@nkpanama.com> Message-ID: <2bee8e24a3e8b75650b8ebc4d31e3068@ucsc.edu> Or you could run it with sendmail. Sendmail builds just fine on OS X. (I'm using mimedefang at home, where I'm using OSX as my mail server, though, so I don't have the mailscanner part of the puzzle available to help ... but I wouldn't expect it to be _any_ different than installing it on FreeBSD, except the startup scripting) On Apr 3, 2006, at 7:40 AM, Alex Neuman van der Hans wrote: > I once tried getting it to work on OS X Server, but gave up ;) - I > think it can be done, except I'm not very postfix-savvy. > > You *could*, however, run it using any Linux-for-Mac distro; I haven't > heard of any for the Intel Macs yet (if anybody knows, I'd appreciate > the heads-up), but if one's not available right now I suspect they > should be here RSN. > > > Julian Field wrote: >> >> On 2 Apr 2006, at 22:40, James Gray wrote: >> >>> Hi All, >>> >>> I'm hoping I'm not about to "break new ground" :) Has anyone got >>> any reports >>> on using MailScanner on Mac OSX (Intel)? I'm simplifying my network >>> at home >>> with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. >> >> There are a few people (and I mean _very_ few) doing this, after a >> guy at Sophos got it working on 10.3. >> >> It's one of the projects I want to get onto, and may be able to put >> in some time on it very soon. >> >> There are those 2 packaging systems (Fink and the other one I can't >> remember) which would provide an easy, though cumbersome, solution. >> >> Would that be good enough for now? >> >> What I really want is a system that uses launchd properly and at >> least has a system preference for starting and stopping it. >> Slimserver nearly does this, but in a pre-Tiger form, not using >> launchd. I would much rather "do it properly" than hack something >> together. >> >> If anyone can point me in the right direction, such as an example >> package that already does all this that I can plug into, that would >> be fantastic. >> >> But even working out how to program for launchd would be a start. The >> OSX way of booting appears to be very complicated, involving reams of >> XML. >> >> Sorry that doesn't really answer your question, but.... >> >>> >>> So far I've figured out that OSX is using Perl 5.8.6 and Postfix of >>> some >>> flavour. Does anyone have any pre-installation validation tools or >>> advice on >>> what to expect? I know OSX is BSD under the hood, but the directory >>> structure is seriously weird for someone coming from a "pure" >>> Linux/BSD/Unix >>> background. >>> >>> BTW - where the hell does OSX keep it's cron jobs and services? >>> I've got >>> Apache+MySQL running on it but they both came with neato *.dmg >>> packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's >>> though I'm >>> happy to work with Julian to get the bugs sorted and possibly create >>> a OSX >>> "port" complete with dmg package etc....now THAT interests me! >>> >>> Thanks in advance. >>> >>> James >>> --I've got a bad feeling about this. >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> --Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Paul.Haldane at newcastle.ac.uk Mon Apr 3 17:59:15 2006 From: Paul.Haldane at newcastle.ac.uk (Paul Haldane) Date: Mon Apr 3 17:59:12 2006 Subject: 4.51.6-1, linux file command mis-diagnosing bodies of messages Message-ID: <067001c6573f$f06b2e30$e2000c0a@ratte> We had a odd issue today - one of my colleagues sent a plain text message which was flagged as having a disallowed file type ... The original e-mail attachment "the entire message" is on the list of unacceptable attachments for this site and has been replaced by this warning message. After a fair amount of log trawling (which didn't help much) and experimentation we eventually worked out that it was provoked by the 5th to 8th characters of the body of the message being 'free'. This gets picked up by the Linux file command as Apple QuickTime movie file because of the following entry in /usr/share/file/magic (this is RH AS4) ... 4 string free Apple QuickTime movie file (free) It would have helped if somewhere (either in the logs or in the message sent to the sender) we could show what type of file we thought it was rather than just saying that it's something that's not on our allowed list (if this should be happening already we'll check our configs). I'm not sure what we plan to do to fix this here. Obvious kludges that occur to me are taking the entry out of the magic file (and recompiling the version magic uses), doing the same thing but having a separate version of the magic file for use by MailScanner or being less restrictive in the set of file types we let through. Paul -- Paul Haldane Unix Systems Team Information Systems and Services University of Newcastle upon Tyne From mikes at hartwellcorp.com Mon Apr 3 18:51:07 2006 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Mon Apr 3 18:52:15 2006 Subject: I/O Errors from sendmail Message-ID: <91A5926EFF44D3118B1200104B7276EB03D0849E@hart-exchange.hartwellcorp.com> I'm seeing a lot of I/O errors from sendmail on messages that have passed through the MailScanner/SpamAssassin combo here. Is this a known issue or am I experiencing something unusual here? My MailScanner version is 4.51.6 and SpamAssassin version is 2.63. Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: Authentication-Warning: guardian.hartwellcorp.com: mail set sender to using -f Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: from=, size=35586, class=0, nrcpts=3, msgid=<61197E3840D7124D99B8AE6AB0B075101F0F30@mckserver.mckechnie.local>, relay=mail@localhost Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: to=, delay=00:00:20, mailer=esmtp, pri=94833, stat=queued Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: to=, delay=00:00:20, mailer=esmtp, pri=94833, stat=queued Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: to=, delay=00:00:20, mailer=esmtp, pri=94833, stat=queued Mar 31 00:59:18 guardian sendmail[14195]: k2V8lW3W014185: to=,,, delay=00:11:46, xdelay=00:11:01, mailer=esmtp, pri=184833, relay=hart-exchange.hartwellcorp.com. [10.11.10.12], dsn=4.0.0, stat=I/O error -- Michael St. Laurent Hartwell Corporation "That which does not kill me, makes me stranger." -Llewellyn, Ozy and Millie From rcooper at dwford.com Mon Apr 3 19:03:14 2006 From: rcooper at dwford.com (Rick Cooper) Date: Mon Apr 3 19:03:48 2006 Subject: Microsoft Word and Excel documents with embedded harmfull objects Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Adri > Koppes > Sent: Monday, April 03, 2006 9:12 AM > To: mailscanner@lists.mailscanner.info > Subject: Microsoft Word and Excel documents with embedded harmfull > objects > > > Recently some users have discovered a new trick to send blocked and > potentially harmful file through the MailScanner gateway. > They create an email messages with a Microsoft Word or Excel document > attachment, which contains an embedded OLE object or package. > The embedded object can by ANY other file, including executables etc. > When scanned by MailScanner, the executable and other embedded objects > are not detected and the message is passed through to the users mailbox! > Obviously this is not what we would like to happen. > I have found a little program 'ripOLE' on > http://freshmeat.net/projects/ripole/, which will extract all embedded > objects from a Word Document. > Would it be easy to integrate 'ripOLE' or an equivalent program into > MailScanner to be called for attachments? If the embedded objects are > extracted into the normal temp directory, then MailScanner will subject > them to the same file-name/type restrictions as normal attachments. > Probably 'ripOLE' only need to be called when the /usr/bin/file command > has determined the attachment to be some kind of 'Microsoft Office Data' > file. > I looked at this program and it could be called from SafePipe on each attachment after exploding them, as it's quite fast and will return error code 102 when a file is not in OLE format and also returns the string "File 'filename' is not OLE2 format". If called on an OLE file without OLE attachments it returns error code 30 and the string "ripOLE: decoding of filename resulted in error 30". The bad thing I see is there is no way to control the output name of the object. ripole does basic sanitization (removes non-alphanumeric and low/high order chars but that is about that. There wouldn't be any way to tell the program a new name to output to as there may be many files embedded in a single input file. I suppose you could have it output to a safe subdir under the working dir and handle anything found there as non alphanumeric (such as "/" but not ".") is removed in the sanitize function and couldn't escape the MS supplied path name (like /path/../../filename). It would add another layer to the explode as you would have to explode, ripole, make safe names of files found in the ripole attachment dir, move them to the current working dir, explode anything new, etc before scanning. I do believe clamAV catches infected OLE streams but this could be a good way to send bad things. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Apr 3 19:28:04 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 3 19:28:45 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <2bee8e24a3e8b75650b8ebc4d31e3068@ucsc.edu> References: <200604030740.21324.james@grayonline.id.au> <443133C3.1080007@nkpanama.com> <2bee8e24a3e8b75650b8ebc4d31e3068@ucsc.edu> Message-ID: <44316934.3070606@nkpanama.com> I've never built sendmail from source, but it *shouldn't* be too hard. I think I'll give it a whack one of these days and maybe post my experiences to the Wiki. John Rudd wrote: > Or you could run it with sendmail. Sendmail builds just fine on OS > X. (I'm using mimedefang at home, where I'm using OSX as my mail > server, though, so I don't have the mailscanner part of the puzzle > available to help ... but I wouldn't expect it to be _any_ different > than installing it on FreeBSD, except the startup scripting) > > > On Apr 3, 2006, at 7:40 AM, Alex Neuman van der Hans wrote: > >> I once tried getting it to work on OS X Server, but gave up ;) - I >> think it can be done, except I'm not very postfix-savvy. >> >> You *could*, however, run it using any Linux-for-Mac distro; I >> haven't heard of any for the Intel Macs yet (if anybody knows, I'd >> appreciate the heads-up), but if one's not available right now I >> suspect they should be here RSN. >> >> >> Julian Field wrote: >>> >>> On 2 Apr 2006, at 22:40, James Gray wrote: >>> >>>> Hi All, >>>> >>>> I'm hoping I'm not about to "break new ground" :) Has anyone got >>>> any reports >>>> on using MailScanner on Mac OSX (Intel)? I'm simplifying my >>>> network at home >>>> with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. >>> >>> There are a few people (and I mean _very_ few) doing this, after a >>> guy at Sophos got it working on 10.3. >>> >>> It's one of the projects I want to get onto, and may be able to put >>> in some time on it very soon. >>> >>> There are those 2 packaging systems (Fink and the other one I can't >>> remember) which would provide an easy, though cumbersome, solution. >>> >>> Would that be good enough for now? >>> >>> What I really want is a system that uses launchd properly and at >>> least has a system preference for starting and stopping it. >>> Slimserver nearly does this, but in a pre-Tiger form, not using >>> launchd. I would much rather "do it properly" than hack something >>> together. >>> >>> If anyone can point me in the right direction, such as an example >>> package that already does all this that I can plug into, that would >>> be fantastic. >>> >>> But even working out how to program for launchd would be a start. >>> The OSX way of booting appears to be very complicated, involving >>> reams of XML. >>> >>> Sorry that doesn't really answer your question, but.... >>> >>>> >>>> So far I've figured out that OSX is using Perl 5.8.6 and Postfix of >>>> some >>>> flavour. Does anyone have any pre-installation validation tools or >>>> advice on >>>> what to expect? I know OSX is BSD under the hood, but the directory >>>> structure is seriously weird for someone coming from a "pure" >>>> Linux/BSD/Unix >>>> background. >>>> >>>> BTW - where the hell does OSX keep it's cron jobs and services? >>>> I've got >>>> Apache+MySQL running on it but they both came with neato *.dmg >>>> packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's >>>> though I'm >>>> happy to work with Julian to get the bugs sorted and possibly >>>> create a OSX >>>> "port" complete with dmg package etc....now THAT interests me! >>>> >>>> Thanks in advance. >>>> >>>> James >>>> --I've got a bad feeling about this. >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Mon Apr 3 19:28:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 3 19:29:08 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> Message-ID: <4431695E.5060507@nkpanama.com> Kai Schaetzl wrote: > However, how am I supposed to release this stuff if necessary? If I > release it it's immediately caught again by MS. The whitelist works only > for spam. > > How about whitelisting 127.0.0.1? > Kai > > From max at kipness.com Mon Apr 3 20:54:56 2006 From: max at kipness.com (Max Kipness) Date: Mon Apr 3 20:55:12 2006 Subject: Same email processed 268 times! Message-ID: Hello - I've been trying desperately to figure out why my MailScanner queues are so large and cpu is pegged at 100%. When looking through the log I finally figured out what part of the problem might be. Some messages are being processed hundreds of times. I grepped for one messagaes and was processed 268 times, so basically I see this (the repetitive part): Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message k33E61uc020656 actions are store Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found in SBL+XBL Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for message k33E61uc020656 Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from 218.144.251.15 (jonah.rivas_yx@mo en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, required 6, BAYES_99 3.50, DATE_IN_ FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_SORBS_DUL 2. 05) This has repeated 268 times with only an increment of a few seconds in the time. Other messages, including non-spam seem to function just fine and are processed once. I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build from a week ago, so something I guess could be configured wrong. Thanks, Max -- Thanks, Max From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:07:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:08:07 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: <1144066008.12412.41.camel@lea.nerc-wallingford.ac.uk> References: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> <1144066008.12412.41.camel@lea.nerc-wallingford.ac.uk> Message-ID: <44318098.1010401@ecs.soton.ac.uk> It would be better if you either did a "restart" instead of a "start" or else significantly increased the length of time between the stop and the start. It really can take MailScanner 20 or 30 seconds to properly shut down, due to all the cleanup that happens when you close it down. Greg Matthews wrote: > I often get "orphaned" data files lying around. ie those df files > without a corresponding qf envelope file. I use the following script to > clean them up: > > #!/bin/bash > # clean up orphaned df* files in mqueue.in > # no known cause for these files yet. > > /etc/init.d/MailScanner stop > > sleep 2 > dir="/var/spool/mqueue.in" > > file=`find $dir -mtime +1` > for i in ${file} > do m=`basename ${i}` > j=${m:2} > if [ ! -e "${dir}/qf${j}" ]; then > mv ${i} /var/tmp/ > fi > done > echo > df -hl > > /etc/init.d/MailScanner start > > exit 0 > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:13:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:13:25 2006 Subject: Microsoft Word and Excel documents with embedded harmfull objects In-Reply-To: References: Message-ID: <443181D8.1040403@ecs.soton.ac.uk> Wonderful! That sounds like a great idea, I hoped someone would have written something like that, but never found it before (though I haven't searched in a long time). Any ideas what it's written in or anything? It would be most useful to nick the technology inside it and incorporate it. As you say the file command can be used to spot likely candidates unless it's easy to spot files which aren't relevant. I will take a look at this next weekend, I'm away at the JANet Networkshop till Friday. Expect a posting about this next weekend, it's been one of my top hit features I want to implement for quite a long time. Thanks to Adri for finding this, let's hope it isn't a pile of old pony but is actually usable. Regards, Jules. Adri Koppes wrote: > Recently some users have discovered a new trick to send blocked and > potentially harmful file through the MailScanner gateway. > They create an email messages with a Microsoft Word or Excel document > attachment, which contains an embedded OLE object or package. > The embedded object can by ANY other file, including executables etc. > When scanned by MailScanner, the executable and other embedded objects > are not detected and the message is passed through to the users mailbox! > Obviously this is not what we would like to happen. > I have found a little program 'ripOLE' on > http://freshmeat.net/projects/ripole/, which will extract all embedded > objects from a Word Document. > Would it be easy to integrate 'ripOLE' or an equivalent program into > MailScanner to be called for attachments? If the embedded objects are > extracted into the normal temp directory, then MailScanner will subject > them to the same file-name/type restrictions as normal attachments. > Probably 'ripOLE' only need to be called when the /usr/bin/file command > has determined the attachment to be some kind of 'Microsoft Office Data' > file. > > Adri. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:14:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:14:55 2006 Subject: "reports and responses" problems In-Reply-To: <1144070011.12412.78.camel@lea.nerc-wallingford.ac.uk> References: <1144070011.12412.78.camel@lea.nerc-wallingford.ac.uk> Message-ID: <44318234.5000800@ecs.soton.ac.uk> Easy enough to implement in a Custom Function tied to the option that sets the report filename for this. But I will do your corrections to the sender.error.report.txt, thanks for that. Greg Matthews wrote: > If I quarantine messages above a certain size using: > > Maximum Message Size = 15000000 > > and then send a message larger than this, the recipient is sent the > report defined by: > > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > > I've rejigged our stored.virus.message.txt file to be more generic (less > virus orientated) but shouldnt this have its own report? > > also, a small cleanup required for sender.error.report.txt: > > The mail scanner said this about the message: > Report: $report > > should be: > > The mail scanner said this about the message: > $report > > optionally, you might also want to change "virus scanner" to "mail > scanner" or similar in these reports. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Apr 3 21:18:25 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 3 21:18:46 2006 Subject: 4.51.6-1, linux file command mis-diagnosing bodies of messages In-Reply-To: <067001c6573f$f06b2e30$e2000c0a@ratte> References: <067001c6573f$f06b2e30$e2000c0a@ratte> Message-ID: Paul Haldane spake the following on 4/3/2006 9:59 AM: > We had a odd issue today - one of my colleagues sent a plain text message which was flagged as having a disallowed file type ... > > The original e-mail attachment "the entire message" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > After a fair amount of log trawling (which didn't help much) and experimentation we eventually worked out that it was provoked by the 5th to 8th characters of the body of the message being 'free'. This gets picked up by the Linux file command as Apple QuickTime movie file because of the following entry in /usr/share/file/magic (this is RH AS4) ... > > 4 string free Apple QuickTime movie file (free) > > It would have helped if somewhere (either in the logs or in the message sent to the sender) we could show what type of file we thought it was rather than just saying that it's something that's not on our allowed list (if this should be happening already we'll check our configs). > > I'm not sure what we plan to do to fix this here. Obvious kludges that occur to me are taking the entry out of the magic file (and recompiling the version magic uses), doing the same thing but having a separate version of the magic file for use by MailScanner or being less restrictive in the set of file types we let through. > > Paul User sent a message that started with "free". If they don't start a message with the word "free", or even enter a space or a tab before the word "free", I don't think it hits on this. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:21:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:21:59 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <443133C3.1080007@nkpanama.com> References: <200604030740.21324.james@grayonline.id.au> <443133C3.1080007@nkpanama.com> Message-ID: <443183D8.2050201@ecs.soton.ac.uk> Hmmm..... I wouldn't want to run Linux on a Mac, it's quite good enough already. Alex Neuman van der Hans wrote: > I once tried getting it to work on OS X Server, but gave up ;) - I > think it can be done, except I'm not very postfix-savvy. > > You *could*, however, run it using any Linux-for-Mac distro; I haven't > heard of any for the Intel Macs yet (if anybody knows, I'd appreciate > the heads-up), but if one's not available right now I suspect they > should be here RSN. > > > Julian Field wrote: >> >> On 2 Apr 2006, at 22:40, James Gray wrote: >> >>> Hi All, >>> >>> I'm hoping I'm not about to "break new ground" :) Has anyone got >>> any reports >>> on using MailScanner on Mac OSX (Intel)? I'm simplifying my network >>> at home >>> with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. >> >> There are a few people (and I mean _very_ few) doing this, after a >> guy at Sophos got it working on 10.3. >> >> It's one of the projects I want to get onto, and may be able to put >> in some time on it very soon. >> >> There are those 2 packaging systems (Fink and the other one I can't >> remember) which would provide an easy, though cumbersome, solution. >> >> Would that be good enough for now? >> >> What I really want is a system that uses launchd properly and at >> least has a system preference for starting and stopping it. >> Slimserver nearly does this, but in a pre-Tiger form, not using >> launchd. I would much rather "do it properly" than hack something >> together. >> >> If anyone can point me in the right direction, such as an example >> package that already does all this that I can plug into, that would >> be fantastic. >> >> But even working out how to program for launchd would be a start. The >> OSX way of booting appears to be very complicated, involving reams of >> XML. >> >> Sorry that doesn't really answer your question, but.... >> >>> >>> So far I've figured out that OSX is using Perl 5.8.6 and Postfix of >>> some >>> flavour. Does anyone have any pre-installation validation tools or >>> advice on >>> what to expect? I know OSX is BSD under the hood, but the directory >>> structure is seriously weird for someone coming from a "pure" >>> Linux/BSD/Unix >>> background. >>> >>> BTW - where the hell does OSX keep it's cron jobs and services? >>> I've got >>> Apache+MySQL running on it but they both came with neato *.dmg >>> packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's >>> though I'm >>> happy to work with Julian to get the bugs sorted and possibly create >>> a OSX >>> "port" complete with dmg package etc....now THAT interests me! >>> >>> Thanks in advance. >>> >>> James >>> --I've got a bad feeling about this. >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> --Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Mon Apr 3 21:22:05 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 3 21:22:10 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> Message-ID: <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> On 4/3/06, Kai Schaetzl wrote: > However, how am I supposed to release this stuff if necessary? If I > release it it's immediately caught again by MS. The whitelist works only > for spam. Make a ruleset for Scan Messages where your mail server is a No. -- /peter From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:24:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:24:35 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> Message-ID: <4431846E.2030101@ecs.soton.ac.uk> Kai Schaetzl wrote: > Alex Neuman van der Hans wrote on Mon, 03 Apr 2006 09:37:39 -0500: > > >> You can, if you put it before the double extension rule. Depending on >> the clients' wishes, I either disable it altogether (the double >> extension rule) or I add allow rules at the top for trusted filetypes >> (my preferred choice). I think you can override it with another setting >> introduced a couple of versions ago. >> > > Thanks for the answer. > Some months ago Julian introduced simpler Allow Filenames = \.txt$ \.pdf$ > stuff which can either be used directly in MailScanner or with a ruleset. > That's what I did now for txt and pdf. I added them like "\.txt$ \.pdf$" > to the file and may add more. Can I also put them line after line in that > file? > No, sorry, you can't. > Additionally I also commented out this double extension rule. > > However, how am I supposed to release this stuff if necessary? If I > release it it's immediately caught again by MS. The whitelist works only > for spam. > You can put a ruleset on anything. If it passes "Allow Filenames" then it skips the filename.rules.conf file. You can put a whitelist on any configuration options you like, the whitelist for spam is just a trivial example to get you started. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:28:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:28:32 2006 Subject: 4.51.6-1, linux file command mis-diagnosing bodies of messages In-Reply-To: <067001c6573f$f06b2e30$e2000c0a@ratte> References: <067001c6573f$f06b2e30$e2000c0a@ratte> Message-ID: <44318565.4030207@ecs.soton.ac.uk> Paul Haldane wrote: > We had a odd issue today - one of my colleagues sent a plain text message which was flagged as having a disallowed file type ... > > The original e-mail attachment "the entire message" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > After a fair amount of log trawling (which didn't help much) and experimentation we eventually worked out that it was provoked by the 5th to 8th characters of the body of the message being 'free'. This gets picked up by the Linux file command as Apple QuickTime movie file because of the following entry in /usr/share/file/magic (this is RH AS4) ... > > 4 string free Apple QuickTime movie file (free) > You aren't the first person to suffer this problem. Please file a feature request to the maintainer of the magic file that lists all these checks. I hope it is possible to determine the QuickTime movie files using some other route. This is the main troublemaker in the "file" command at the moment. > It would have helped if somewhere (either in the logs or in the message sent to the sender) we could show what type of file we thought it was rather than just saying that it's something that's not on our allowed list (if this should be happening already we'll check our configs). > > I'm not sure what we plan to do to fix this here. Obvious kludges that occur to me are taking the entry out of the magic file (and recompiling the version magic uses), doing the same thing but having a separate version of the magic file for use by MailScanner or being less restrictive in the set of file types we let through. > To be honest, I would just allow them. Run a sensible max message size (I use 100Mbytes) and let them get on with it. They won't manage to send a whole TV programme very easily with a 100Mbyte max message size (implemented in sendmail and not MailScanner). > Paul > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at vesol.com Mon Apr 3 21:28:31 2006 From: mike at vesol.com (Mike Kercher) Date: Mon Apr 3 21:28:54 2006 Subject: Same email processed 268 times! Message-ID: I've seen the same thing before on ONE of many servers. My solution was to set my High Scoring Spam Action to forward to /dev/null. If I set the action to delete, some messages would get processed over and over again until the system came to it's knees. Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Max Kipness > Sent: Monday, April 03, 2006 2:55 PM > To: mailscanner@lists.mailscanner.info > Subject: Same email processed 268 times! > > > Hello - > > I've been trying desperately to figure out why my MailScanner > queues are so large and cpu is pegged at 100%. When looking > through the log I finally figured out what part of the > problem might be. Some messages are being processed hundreds > of times. I grepped for one messagaes and was processed 268 > times, so basically I see this (the repetitive part): > > Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message > k33E61uc020656 actions are store Apr 3 09:10:11 xxx > MailScanner[21099]: RBL checks: k33E61uc020656 found in > SBL+XBL > Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache > hit for message > k33E61uc020656 > Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from > 218.144.251.15 (jonah.rivas_yx@mo > en.com) to xxx.com is spam, SBL+XBL, SpamAssassin > (score=28.338, required 6, > BAYES_99 3.50, DATE_IN_ > FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, > FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , > MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID > 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 > 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL > 1.95, RCVD_IN_SORBS_DUL 2. > 05) > > This has repeated 268 times with only an increment of a few > seconds in the time. > > Other messages, including non-spam seem to function just fine > and are processed once. > > I'm using the latest MailScanner, SA, DCC, Pyzor. This is a > new build from a week ago, so something I guess could be > configured wrong. > > Thanks, > Max > -- > Thanks, > > Max > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:32:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:32:46 2006 Subject: I/O Errors from sendmail In-Reply-To: <91A5926EFF44D3118B1200104B7276EB03D0849E@hart-exchange.hartwellcorp.com> References: <91A5926EFF44D3118B1200104B7276EB03D0849E@hart-exchange.hartwellcorp.com> Message-ID: <4431865F.3010409@ecs.soton.ac.uk> This is a sendmail problem, and not a MailScanner problem. However I strongly advise you upgrade to the latest SpamAssassin, the version you have is very old. Considering you obviously keep reasonably up to date with MailScanner, why not SpamAssassin? On the MailScanner website downloads page, there is my easy-to-install ClamAV + SpamAssassin package. Download that and just run install.sh. At the end it tells you about a couple of things you need to do by hand (one of which will shortly be automated as the licence has changed). But other than that, it not only installs (along with all the pre-requisites, which aren't obvious) but also sets up ClamAV and SpamAssassin on your system, employing a few tricks which are very hard to accurately find in the documentation for either package. Michael St. Laurent wrote: > I'm seeing a lot of I/O errors from sendmail on messages that have passed > through the MailScanner/SpamAssassin combo here. Is this a known issue or > am I experiencing something unusual here? My MailScanner version is 4.51.6 > and SpamAssassin version is 2.63. > > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > Authentication-Warning: guardian.hartwellcorp.com: mail set sender to > using -f > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > from=, size=35586, class=0, nrcpts=3, > msgid=<61197E3840D7124D99B8AE6AB0B075101F0F30@mckserver.mckechnie.local>, > relay=mail@localhost > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > to=, delay=00:00:20, mailer=esmtp, pri=94833, > stat=queued > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > to=, delay=00:00:20, mailer=esmtp, pri=94833, > stat=queued > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > to=, delay=00:00:20, mailer=esmtp, pri=94833, > stat=queued > Mar 31 00:59:18 guardian sendmail[14195]: k2V8lW3W014185: > to=,, ellcorp.com>, delay=00:11:46, xdelay=00:11:01, mailer=esmtp, pri=184833, > relay=hart-exchange.hartwellcorp.com. [10.11.10.12], dsn=4.0.0, stat=I/O > error > > > -- > Michael St. Laurent > Hartwell Corporation > > "That which does not kill me, makes me stranger." -Llewellyn, Ozy and Millie > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:37:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:38:03 2006 Subject: Same email processed 268 times! In-Reply-To: References: Message-ID: <443187A2.1060402@ecs.soton.ac.uk> You need to upgrade, there was a bug in the version you are running (4.51.5?). Max Kipness wrote: > Hello - > > I've been trying desperately to figure out why my MailScanner queues are so > large and cpu is pegged at 100%. When looking through the log I finally figured > out what part of the problem might be. Some messages are being processed > hundreds of times. I grepped for one messagaes and was processed 268 times, so > basically I see this (the repetitive part): > > Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message k33E61uc020656 > actions are store > Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found in > SBL+XBL > Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for message > k33E61uc020656 > Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from > 218.144.251.15 (jonah.rivas_yx@mo > en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, required 6, > BAYES_99 3.50, DATE_IN_ > FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, > MIME_BASE64_NO_NAME 0.22 > , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, > RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ > RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL > 1.95, RCVD_IN_SORBS_DUL 2. > 05) > > This has repeated 268 times with only an increment of a few seconds in the > time. > > Other messages, including non-spam seem to function just fine and are processed > once. > > I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build from a > week ago, so something I guess could be configured wrong. > > Thanks, > Max > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From max at kipness.com Mon Apr 3 21:44:48 2006 From: max at kipness.com (Max Kipness) Date: Mon Apr 3 21:45:07 2006 Subject: Same email processed 268 times! In-Reply-To: References: Message-ID: <8f0832f0110db1e1e95941823f9326a8@localhost> Is this some kind of bug? I have my high-score set to store. As I last resort I guess I could send to /dev/null, but I'm hoping there is some other solution. Thanks, Max On Mon, 3 Apr 2006 15:28:31 -0500, "Mike Kercher" wrote: > I've seen the same thing before on ONE of many servers. My solution was > to set my High Scoring Spam Action to forward to /dev/null. If I set > the action to delete, some messages would get processed over and over > again until the system came to it's knees. > > Mike > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Max Kipness >> Sent: Monday, April 03, 2006 2:55 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Same email processed 268 times! >> >> >> Hello - >> >> I've been trying desperately to figure out why my MailScanner >> queues are so large and cpu is pegged at 100%. When looking >> through the log I finally figured out what part of the >> problem might be. Some messages are being processed hundreds >> of times. I grepped for one messagaes and was processed 268 >> times, so basically I see this (the repetitive part): >> >> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message >> k33E61uc020656 actions are store Apr 3 09:10:11 xxx >> MailScanner[21099]: RBL checks: k33E61uc020656 found in >> SBL+XBL >> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache >> hit for message >> k33E61uc020656 >> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >> 218.144.251.15 (jonah.rivas_yx@mo >> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin >> (score=28.338, required 6, >> BAYES_99 3.50, DATE_IN_ >> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, >> FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , >> MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID >> 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 >> 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL >> 1.95, RCVD_IN_SORBS_DUL 2. >> 05) >> >> This has repeated 268 times with only an increment of a few >> seconds in the time. >> >> Other messages, including non-spam seem to function just fine >> and are processed once. >> >> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a >> new build from a week ago, so something I guess could be >> configured wrong. >> >> Thanks, >> Max >> -- >> Thanks, >> >> Max >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Thanks, Max From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:53:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:53:53 2006 Subject: Same email processed 268 times! In-Reply-To: <8f0832f0110db1e1e95941823f9326a8@localhost> References: <8f0832f0110db1e1e95941823f9326a8@localhost> Message-ID: <44318B4E.8060407@ecs.soton.ac.uk> If anyone can narrow this down to a particular message, this would _really_ help. I can't reproduce the problem at the moment, so I can't fix it. Though 4.51.5 exhibited this quite badly which 4.51.6 fixed. Max Kipness wrote: > Is this some kind of bug? I have my high-score set to store. As I last resort I guess I could send to /dev/null, but I'm hoping there is some other solution. > > Thanks, > Max > > On Mon, 3 Apr 2006 15:28:31 -0500, "Mike Kercher" wrote: > >> I've seen the same thing before on ONE of many servers. My solution was >> to set my High Scoring Spam Action to forward to /dev/null. If I set >> the action to delete, some messages would get processed over and over >> again until the system came to it's knees. >> >> Mike >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Max Kipness >>> Sent: Monday, April 03, 2006 2:55 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: Same email processed 268 times! >>> >>> >>> Hello - >>> >>> I've been trying desperately to figure out why my MailScanner >>> queues are so large and cpu is pegged at 100%. When looking >>> through the log I finally figured out what part of the >>> problem might be. Some messages are being processed hundreds >>> of times. I grepped for one messagaes and was processed 268 >>> times, so basically I see this (the repetitive part): >>> >>> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message >>> k33E61uc020656 actions are store Apr 3 09:10:11 xxx >>> MailScanner[21099]: RBL checks: k33E61uc020656 found in >>> SBL+XBL >>> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache >>> hit for message >>> k33E61uc020656 >>> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >>> 218.144.251.15 (jonah.rivas_yx@mo >>> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin >>> (score=28.338, required 6, >>> BAYES_99 3.50, DATE_IN_ >>> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, >>> FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , >>> MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID >>> 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 >>> 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL >>> 1.95, RCVD_IN_SORBS_DUL 2. >>> 05) >>> >>> This has repeated 268 times with only an increment of a few >>> seconds in the time. >>> >>> Other messages, including non-spam seem to function just fine >>> and are processed once. >>> >>> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a >>> new build from a week ago, so something I guess could be >>> configured wrong. >>> >>> Thanks, >>> Max >>> -- >>> Thanks, >>> >>> Max >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From max at kipness.com Mon Apr 3 21:55:24 2006 From: max at kipness.com (Max Kipness) Date: Mon Apr 3 21:55:36 2006 Subject: Same email processed 268 times! Message-ID: Thanks for the response, will do. My version is indeed 4.51.5. Max On Mon, 03 Apr 2006 21:37:54 +0100, Julian Field wrote: > You need to upgrade, there was a bug in the version you are running > (4.51.5?). > > Max Kipness wrote: >> Hello - >> >> I've been trying desperately to figure out why my MailScanner queues are > so >> large and cpu is pegged at 100%. When looking through the log I finally > figured >> out what part of the problem might be. Some messages are being processed >> hundreds of times. I grepped for one messagaes and was processed 268 > times, so >> basically I see this (the repetitive part): >> >> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message > k33E61uc020656 >> actions are store >> Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found > in >> SBL+XBL >> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for > message >> k33E61uc020656 >> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >> 218.144.251.15 (jonah.rivas_yx@mo >> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, > required 6, >> BAYES_99 3.50, DATE_IN_ >> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, > FORGED_RCVD_HELO 0.14, >> MIME_BASE64_NO_NAME 0.22 >> , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, >> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ >> RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, > RCVD_IN_NJABL_DUL >> 1.95, RCVD_IN_SORBS_DUL 2. >> 05) >> >> This has repeated 268 times with only an increment of a few seconds in > the >> time. >> >> Other messages, including non-spam seem to function just fine and are > processed >> once. >> >> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build > from a >> week ago, so something I guess could be configured wrong. >> >> Thanks, >> Max >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Regards, Max Kipness AssureData, Inc. -- Thanks, Max From rcooper at dwford.com Mon Apr 3 22:27:13 2006 From: rcooper at dwford.com (Rick Cooper) Date: Mon Apr 3 22:27:37 2006 Subject: Microsoft Word and Excel documents with embedded harmfullobjects In-Reply-To: <443181D8.1040403@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Monday, April 03, 2006 4:13 PM > To: MailScanner discussion > Subject: Re: Microsoft Word and Excel documents with embedded > harmfullobjects > > > Wonderful! > That sounds like a great idea, I hoped someone would have written > something like that, but never found it before (though I haven't > searched in a long time). > > Any ideas what it's written in or anything? It would be most useful to > nick the technology inside it and incorporate it. As you say the file > command can be used to spot likely candidates unless it's easy to spot > files which aren't relevant. > > I will take a look at this next weekend, I'm away at the JANet > Networkshop till Friday. Expect a posting about this next weekend, it's > been one of my top hit features I want to implement for quite a long time. > > Thanks to Adri for finding this, let's hope it isn't a pile of old pony > but is actually usable. > [...] It's written in C, it's under active development and it has only been tested on x86 hardware. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Mon Apr 3 22:29:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 22:29:31 2006 Subject: Bad Content Checks In-Reply-To: <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> References: <44313333.3080603@nkpanama.com> <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> Message-ID: Shuttlebox wrote on Mon, 3 Apr 2006 22:22:05 +0200: > Make a ruleset for Scan Messages where your mail server is a No. Ah, yes, thanks. I remember now I used this quite a while back on another server instead of whitelisting external sources because whitelisting still spam-scans the messages, it just doesn't mark them as spam. Isn't it like that? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Apr 3 22:29:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 22:29:32 2006 Subject: Bad Content Checks In-Reply-To: <4431695E.5060507@nkpanama.com> References: <44313333.3080603@nkpanama.com> <4431695E.5060507@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote on Mon, 03 Apr 2006 13:28:46 -0500: > > However, how am I supposed to release this stuff if necessary? If I > > release it it's immediately caught again by MS. The whitelist works only > > for spam. > > > > > How about whitelisting 127.0.0.1? I was thinking about spam.whitelist.rules only and that doesn't whitelist bad content. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Apr 3 22:29:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 22:29:36 2006 Subject: Bad Content Checks In-Reply-To: <4431846E.2030101@ecs.soton.ac.uk> References: <44313333.3080603@nkpanama.com> <4431846E.2030101@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 03 Apr 2006 21:24:14 +0100: > You can put a ruleset on anything. If it passes "Allow Filenames" then > it skips the filename.rules.conf file. You can put a whitelist on any > configuration options you like, the whitelist for spam is just a trivial > example to get you started. Well, I like at the file and I obviously cannot put something like From: 127.0.0.1 no in it, or can I? I now do it as shuttlebox suggested. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From shuttlebox at gmail.com Mon Apr 3 23:10:46 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 3 23:10:49 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> Message-ID: <625385e30604031510j268311ffq2b6a5ad2d3066fc1@mail.gmail.com> On 4/3/06, Kai Schaetzl wrote: > Ah, yes, thanks. I remember now I used this quite a while back on another > server instead of whitelisting external sources because whitelisting still > spam-scans the messages, it just doesn't mark them as spam. Isn't it like > that? If you use Detailed Spam Report it has to call SA to produce it even if it will be whitelisted. -- /peter From maillists at conactive.com Tue Apr 4 11:45:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 11:45:09 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> <4431846E.2030101@ecs.soton.ac.uk> Message-ID: Kai Schaetzl wrote on Mon, 03 Apr 2006 23:29:21 +0200: > like looked Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Apr 4 13:11:36 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 13:11:48 2006 Subject: Bad Content Checks In-Reply-To: <625385e30604031510j268311ffq2b6a5ad2d3066fc1@mail.gmail.com> References: <44313333.3080603@nkpanama.com> <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> <625385e30604031510j268311ffq2b6a5ad2d3066fc1@mail.gmail.com> Message-ID: Shuttlebox wrote on Tue, 4 Apr 2006 00:10:46 +0200: > If you use Detailed Spam Report it has to call SA to produce it even > if it will be whitelisted. Yeah, I do. However, I don't get that report for whitelisted messages. So, scanning it is mute if I don't get that report. At least, there's nothing getting logged to the mailwatch db. Julian, can you clarify on this? I recall we had a conversation about this quite a while back and I remember that Julian said messages are scanned for spam even if whitelisted, just that the result gets discarded. So, if the reason is only that detailed report, it should either be possible to skip the detailed report and not scan or if we scan nevertheless then add this result to the mailwatch db as information. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From martinh at solid-state-logic.com Tue Apr 4 13:26:31 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 4 13:26:39 2006 Subject: Bad Content Checks In-Reply-To: Message-ID: <01b601c657e3$017efcd0$3004010a@martinhlaptop> Kai Depends where the whitelist is...if it's "Definitely Not Spam" I'm not sure it calls SA at all..if the whitelist is an SA whitelist then it will of course call SA. And if it?s the big "Scan Messages" switch then I guess its just pops around all the tests. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 04 April 2006 13:12 > To: mailscanner@lists.mailscanner.info > Subject: Re: Bad Content Checks > > Shuttlebox wrote on Tue, 4 Apr 2006 00:10:46 +0200: > > > If you use Detailed Spam Report it has to call SA to produce it even > > if it will be whitelisted. > > Yeah, I do. However, I don't get that report for whitelisted messages. So, > scanning it is mute if I don't get that report. At least, there's nothing > getting logged to the mailwatch db. Julian, can you clarify on this? I > recall we had a conversation about this quite a while back and I remember > that Julian said messages are scanned for spam even if whitelisted, just > that the result gets discarded. So, if the reason is only that detailed > report, it should either be possible to skip the detailed report and not > scan or if we scan nevertheless then add this result to the mailwatch db > as information. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jdsmith2816 at bellsouth.net Tue Apr 4 16:05:57 2006 From: jdsmith2816 at bellsouth.net (jdsmith2816@bellsouth.net) Date: Tue Apr 4 16:06:00 2006 Subject: Mail not being sent Message-ID: <20060404150557.MFMC26479.ibm64aec.bellsouth.net@mail.bellsouth.net> Greetings: I am using MailWatch, SpamAssassin, MailScanner, and Postfix all latest versions. I was having issues with mail not being released properly (the mail was being put back into quarantine when released from MailWatch) so I made some suggested rule changes from the mailwatch FAQ at http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq yesterday. After coming back into work today I notice there have been no mails actually going out since yesterday.. They are all stuck in the hold queue. Below is an excerpt from my log as of 10 mins ago or so.. The queue is building and building. Does anyone have any ideas? Stupid me forgot to backup the MailScanner.conf file prior to changing it so I don't recall what the defaults were BEFORE the changes that were made to the rules from that faq page. I'm kind of desperate, I'm sure people are eagerly awaiting those 12000 or so emails. Best regards, JD Smith ----------------------------------snip------------------------------------- Apr 4 14:44:51 stonecrab MailScanner[10928]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Apr 4 14:44:52 stonecrab MailScanner[10928]: Read 710 hostnames from the phishing whitelist Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init function SQLBlackList Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init function MailWatchLogging Apr 4 14:44:52 stonecrab MailScanner[10928]: Started SQL Logging child Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init function SQLWhiteList Apr 4 14:44:52 stonecrab MailScanner[10928]: Using SpamAssassin results cache Apr 4 14:44:52 stonecrab MailScanner[10928]: Connected to SpamAssassin cache database Apr 4 14:44:52 stonecrab MailScanner[10928]: Enabling SpamAssassin auto- whitelist functionality... Apr 4 14:44:52 stonecrab postfix/smtpd[8521]: disconnect from copux. meekermorgan.com[206.131.231.167] Apr 4 14:44:54 stonecrab MailScanner[10928]: Using locktype = flock Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Found 11838 messages waiting Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Scanning 30 messages, 150929 bytes Apr 4 14:44:54 stonecrab MailScanner[10928]: Spam Checks: Starting Apr 4 14:44:55 stonecrab postfix/smtpd[9330]: connect from 65-112-133-10.dia. static.qwest.net[65.112.133.10] Apr 4 14:44:55 stonecrab postfix/smtpd[9173]: connect from 65-112-133-10.dia. static.qwest.net[65.112.133.10] Apr 4 14:44:57 stonecrab postfix/smtpd[9275]: connect from 65-112-133-10.dia. static.qwest.net[65.112.133.10] Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: connect from nvc68.atasylrsi.com [87.253.225.68] Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: D2A2D3F7035: client=nvc68. atasylrsi.com[87.253.225.68] Apr 4 14:44:58 stonecrab postfix/smtpd[8521]: connect from yoho-common.wc09.net [63.214.0.244] Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: 0292F3F7036: client=yoho-common. wc09.net[63.214.0.244] Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header Received: from yoho-common.wc09.net (yoho-common.wc09.net [63.214.0.244])??by stonecrab.interbee.com Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header Received: from hammacher.whatcounts.com (192.168.0.179) by yoho-common.wc09.net (PowerMTA(TM) v3.0r29 Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: message- id=<20060404144459.0292F3F7036@stonecrab.interbee.com> Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: disconnect from yoho-common.wc09. net[63.214.0.244] Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: connect from host38. respond2mail6.com[69.30.233.38] Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: 9D0DA3F7037: client=host38. respond2mail6.com[69.30.233.38] Apr 4 14:45:01 stonecrab postfix/smtpd[9173]: C55BD3F7038: client=65-112-133- 10.dia.static.qwest.net[65.112.133.10] Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: connect from unknown [216.75.15.17] Apr 4 14:45:02 stonecrab postfix/smtpd[9330]: 4C8D13F7039: client=65-112-133- 10.dia.static.qwest.net[65.112.133.10] Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: 655D63F703A: client=unknown [216.75.15.17] Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header Received: from host38.respond2mail6.com (host38.respond2mail6.com [69.30.233.38])??by stonecrab.inter Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header Received: by host38.respond2mail6.com id h6a2o008hj85; Tue, 4 Apr 2006 06:59:38 -0700 (envelope-from Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: message- id=<20060404144501.9D0DA3F7037@stonecrab.interbee.com> Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header Received: from mail.atscafe.com (unknown [216.75.15.17])??by stonecrab.interbee. com (Postfix) with ES Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header Received: by mail.atscafe.com (PowerMTA(TM) v3.0c2) id h6a37o01g74j; Tue, 4 Apr 2006 10:44:18 -0400 ( Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: message- id= Apr 4 14:45:02 stonecrab postfix/smtpd[10943]: connect from unknown[60.52.0.64] Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: disconnect from unknown [216.75.15.17] Apr 4 14:45:02 stonecrab MailScanner[10944]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Apr 4 14:45:03 stonecrab MailScanner[10944]: Read 710 hostnames from the phishing whitelist Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init function SQLBlackList Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init function MailWatchLogging Apr 4 14:45:03 stonecrab MailScanner[10944]: Started SQL Logging child Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init function SQLWhiteList Apr 4 14:45:03 stonecrab MailScanner[10944]: Using SpamAssassin results cache Apr 4 14:45:03 stonecrab MailScanner[10944]: Connected to SpamAssassin cache database Apr 4 14:45:03 stonecrab MailScanner[10944]: Enabling SpamAssassin auto- whitelist functionality... ------------------------snip------------------------- From martinh at solid-state-logic.com Tue Apr 4 16:18:17 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 4 16:18:28 2006 Subject: Mail not being sent In-Reply-To: <20060404150557.MFMC26479.ibm64aec.bellsouth.net@mail.bellsouth.net> Message-ID: <002401c657fb$003d4120$3004010a@martinhlaptop> HI Do a "MailScanner -lint" and see if any of the config options are broken -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of jdsmith2816@bellsouth.net > Sent: 04 April 2006 16:06 > To: mailscanner@lists.mailscanner.info > Subject: Mail not being sent > > Greetings: > > I am using MailWatch, SpamAssassin, MailScanner, and Postfix all latest > versions. I was having issues with mail not being released properly (the > mail was being put back into quarantine when released from MailWatch) so I > made some suggested rule changes from the mailwatch FAQ at > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq yesterday. > After coming back into work today I notice there have been no mails > actually going out since yesterday.. They are all stuck in the hold queue. > Below is an excerpt from my log as of 10 mins ago or so.. The queue is > building and building. > > Does anyone have any ideas? Stupid me forgot to backup the > MailScanner.conf file prior to changing it so I don't recall what the > defaults were BEFORE the changes that were made to the rules from that faq > page. I'm kind of desperate, I'm sure people are eagerly awaiting those > 12000 or so emails. > > Best regards, > > JD Smith > > ----------------------------------snip------------------------------------ > - > Apr 4 14:44:51 stonecrab MailScanner[10928]: MailScanner E-Mail Virus > Scanner > version 4.51.5 starting... > Apr 4 14:44:52 stonecrab MailScanner[10928]: Read 710 hostnames from the > phishing whitelist > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > function SQLBlackList > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > function MailWatchLogging > Apr 4 14:44:52 stonecrab MailScanner[10928]: Started SQL Logging child > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > function SQLWhiteList > Apr 4 14:44:52 stonecrab MailScanner[10928]: Using SpamAssassin results > cache > Apr 4 14:44:52 stonecrab MailScanner[10928]: Connected to SpamAssassin > cache > database > Apr 4 14:44:52 stonecrab MailScanner[10928]: Enabling SpamAssassin auto- > whitelist functionality... > Apr 4 14:44:52 stonecrab postfix/smtpd[8521]: disconnect from copux. > meekermorgan.com[206.131.231.167] > Apr 4 14:44:54 stonecrab MailScanner[10928]: Using locktype = flock > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Found 11838 > messages > waiting > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Scanning 30 > messages, > 150929 bytes > Apr 4 14:44:54 stonecrab MailScanner[10928]: Spam Checks: Starting > Apr 4 14:44:55 stonecrab postfix/smtpd[9330]: connect from 65-112-133- > 10.dia. > static.qwest.net[65.112.133.10] > Apr 4 14:44:55 stonecrab postfix/smtpd[9173]: connect from 65-112-133- > 10.dia. > static.qwest.net[65.112.133.10] > Apr 4 14:44:57 stonecrab postfix/smtpd[9275]: connect from 65-112-133- > 10.dia. > static.qwest.net[65.112.133.10] > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: connect from > nvc68.atasylrsi.com > [87.253.225.68] > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: D2A2D3F7035: client=nvc68. > atasylrsi.com[87.253.225.68] > Apr 4 14:44:58 stonecrab postfix/smtpd[8521]: connect from yoho- > common.wc09.net > [63.214.0.244] > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: 0292F3F7036: client=yoho- > common. > wc09.net[63.214.0.244] > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header > Received: from yoho-common.wc09.net (yoho-common.wc09.net > [63.214.0.244])??by > stonecrab.interbee.com > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header > Received: from hammacher.whatcounts.com (192.168.0.179) by yoho- > common.wc09.net > (PowerMTA(TM) v3.0r29 > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: message- > id=<20060404144459.0292F3F7036@stonecrab.interbee.com> > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: disconnect from yoho- > common.wc09. > net[63.214.0.244] > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: connect from host38. > respond2mail6.com[69.30.233.38] > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: 9D0DA3F7037: client=host38. > respond2mail6.com[69.30.233.38] > Apr 4 14:45:01 stonecrab postfix/smtpd[9173]: C55BD3F7038: client=65-112- > 133- > 10.dia.static.qwest.net[65.112.133.10] > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: connect from unknown > [216.75.15.17] > Apr 4 14:45:02 stonecrab postfix/smtpd[9330]: 4C8D13F7039: client=65-112- > 133- > 10.dia.static.qwest.net[65.112.133.10] > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: 655D63F703A: client=unknown > [216.75.15.17] > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header > Received: from host38.respond2mail6.com (host38.respond2mail6.com > [69.30.233.38])??by stonecrab.inter > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header > Received: by host38.respond2mail6.com id h6a2o008hj85; Tue, 4 Apr 2006 > 06:59:38 > -0700 (envelope-from > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: message- > id=<20060404144501.9D0DA3F7037@stonecrab.interbee.com> > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header > Received: from mail.atscafe.com (unknown [216.75.15.17])??by > stonecrab.interbee. > com (Postfix) with ES > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header > Received: by mail.atscafe.com (PowerMTA(TM) v3.0c2) id h6a37o01g74j; Tue, > 4 Apr > 2006 10:44:18 -0400 ( > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: message- > id= > Apr 4 14:45:02 stonecrab postfix/smtpd[10943]: connect from > unknown[60.52.0.64] > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: disconnect from unknown > [216.75.15.17] > Apr 4 14:45:02 stonecrab MailScanner[10944]: MailScanner E-Mail Virus > Scanner > version 4.51.5 starting... > Apr 4 14:45:03 stonecrab MailScanner[10944]: Read 710 hostnames from the > phishing whitelist > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > function SQLBlackList > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > function MailWatchLogging > Apr 4 14:45:03 stonecrab MailScanner[10944]: Started SQL Logging child > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > function SQLWhiteList > Apr 4 14:45:03 stonecrab MailScanner[10944]: Using SpamAssassin results > cache > Apr 4 14:45:03 stonecrab MailScanner[10944]: Connected to SpamAssassin > cache > database > Apr 4 14:45:03 stonecrab MailScanner[10944]: Enabling SpamAssassin auto- > whitelist functionality... > ------------------------snip------------------------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Tue Apr 4 16:21:18 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 4 16:21:26 2006 Subject: MailScanner --lint Message-ID: <002501c657fb$6baac7c0$3004010a@martinhlaptop> Jules Hope the JANET bash is going well - program looks interesting. Anyway running 4.51.1 on FreeBSD 4.10 (the generic tar.gz installer NOT the ports version) and "MailScanner -lint" reports Can't exec "/bin/false": No such file or directory at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2882. Which is true....../bin/false should be /usr/bin/false in my case.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jdsmith2816 at bellsouth.net Tue Apr 4 16:22:12 2006 From: jdsmith2816 at bellsouth.net (jdsmith2816@bellsouth.net) Date: Tue Apr 4 16:22:21 2006 Subject: Mail not being sent Message-ID: <20060404152212.MSKS26479.ibm64aec.bellsouth.net@mail.bellsouth.net> Results are below: stonecrab:~/MailScanner-install-4.52.2/perl-tar/MailScanner-4.52.2/etc# MailScanner -lint Read 710 hostnames from the phishing whitelist Config: calling custom init function SQLBlackList Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhiteList MailScanner setting GID to (108) MailScanner setting UID to (106) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav bitdefender" Found these virus scanners installed: bitdefender, clamav stonecrab:~/MailScanner-install-4.52.2/perl-tar/MailScanner-4.52.2/etc# > > From: "Martin Hepworth" > Date: 2006/04/04 Tue AM 10:18:17 CDT > To: "'MailScanner discussion'" > Subject: RE: Mail not being sent > > HI > > Do a "MailScanner -lint" and see if any of the config options are broken > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of jdsmith2816@bellsouth.net > > Sent: 04 April 2006 16:06 > > To: mailscanner@lists.mailscanner.info > > Subject: Mail not being sent > > > > Greetings: > > > > I am using MailWatch, SpamAssassin, MailScanner, and Postfix all latest > > versions. I was having issues with mail not being released properly (the > > mail was being put back into quarantine when released from MailWatch) so I > > made some suggested rule changes from the mailwatch FAQ at > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq yesterday. > > After coming back into work today I notice there have been no mails > > actually going out since yesterday.. They are all stuck in the hold queue. > > Below is an excerpt from my log as of 10 mins ago or so.. The queue is > > building and building. > > > > Does anyone have any ideas? Stupid me forgot to backup the > > MailScanner.conf file prior to changing it so I don't recall what the > > defaults were BEFORE the changes that were made to the rules from that faq > > page. I'm kind of desperate, I'm sure people are eagerly awaiting those > > 12000 or so emails. > > > > Best regards, > > > > JD Smith > > > > ----------------------------------snip------------------------------------ > > - > > Apr 4 14:44:51 stonecrab MailScanner[10928]: MailScanner E-Mail Virus > > Scanner > > version 4.51.5 starting... > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Read 710 hostnames from the > > phishing whitelist > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > > function SQLBlackList > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > > function MailWatchLogging > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Started SQL Logging child > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > > function SQLWhiteList > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Using SpamAssassin results > > cache > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Connected to SpamAssassin > > cache > > database > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Enabling SpamAssassin auto- > > whitelist functionality... > > Apr 4 14:44:52 stonecrab postfix/smtpd[8521]: disconnect from copux. > > meekermorgan.com[206.131.231.167] > > Apr 4 14:44:54 stonecrab MailScanner[10928]: Using locktype = flock > > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Found 11838 > > messages > > waiting > > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Scanning 30 > > messages, > > 150929 bytes > > Apr 4 14:44:54 stonecrab MailScanner[10928]: Spam Checks: Starting > > Apr 4 14:44:55 stonecrab postfix/smtpd[9330]: connect from 65-112-133- > > 10.dia. > > static.qwest.net[65.112.133.10] > > Apr 4 14:44:55 stonecrab postfix/smtpd[9173]: connect from 65-112-133- > > 10.dia. > > static.qwest.net[65.112.133.10] > > Apr 4 14:44:57 stonecrab postfix/smtpd[9275]: connect from 65-112-133- > > 10.dia. > > static.qwest.net[65.112.133.10] > > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: connect from > > nvc68.atasylrsi.com > > [87.253.225.68] > > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: D2A2D3F7035: client=nvc68. > > atasylrsi.com[87.253.225.68] > > Apr 4 14:44:58 stonecrab postfix/smtpd[8521]: connect from yoho- > > common.wc09.net > > [63.214.0.244] > > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: 0292F3F7036: client=yoho- > > common. > > wc09.net[63.214.0.244] > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header > > Received: from yoho-common.wc09.net (yoho-common.wc09.net > > [63.214.0.244])??by > > stonecrab.interbee.com > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header > > Received: from hammacher.whatcounts.com (192.168.0.179) by yoho- > > common.wc09.net > > (PowerMTA(TM) v3.0r29 > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: message- > > id=<20060404144459.0292F3F7036@stonecrab.interbee.com> > > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: disconnect from yoho- > > common.wc09. > > net[63.214.0.244] > > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: connect from host38. > > respond2mail6.com[69.30.233.38] > > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: 9D0DA3F7037: client=host38. > > respond2mail6.com[69.30.233.38] > > Apr 4 14:45:01 stonecrab postfix/smtpd[9173]: C55BD3F7038: client=65-112- > > 133- > > 10.dia.static.qwest.net[65.112.133.10] > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: connect from unknown > > [216.75.15.17] > > Apr 4 14:45:02 stonecrab postfix/smtpd[9330]: 4C8D13F7039: client=65-112- > > 133- > > 10.dia.static.qwest.net[65.112.133.10] > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: 655D63F703A: client=unknown > > [216.75.15.17] > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header > > Received: from host38.respond2mail6.com (host38.respond2mail6.com > > [69.30.233.38])??by stonecrab.inter > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header > > Received: by host38.respond2mail6.com id h6a2o008hj85; Tue, 4 Apr 2006 > > 06:59:38 > > -0700 (envelope-from > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: message- > > id=<20060404144501.9D0DA3F7037@stonecrab.interbee.com> > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header > > Received: from mail.atscafe.com (unknown [216.75.15.17])??by > > stonecrab.interbee. > > com (Postfix) with ES > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header > > Received: by mail.atscafe.com (PowerMTA(TM) v3.0c2) id h6a37o01g74j; Tue, > > 4 Apr > > 2006 10:44:18 -0400 ( > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: message- > > id= > > Apr 4 14:45:02 stonecrab postfix/smtpd[10943]: connect from > > unknown[60.52.0.64] > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: disconnect from unknown > > [216.75.15.17] > > Apr 4 14:45:02 stonecrab MailScanner[10944]: MailScanner E-Mail Virus > > Scanner > > version 4.51.5 starting... > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Read 710 hostnames from the > > phishing whitelist > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > > function SQLBlackList > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > > function MailWatchLogging > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Started SQL Logging child > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > > function SQLWhiteList > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Using SpamAssassin results > > cache > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Connected to SpamAssassin > > cache > > database > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Enabling SpamAssassin auto- > > whitelist functionality... > > ------------------------snip------------------------- > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Tue Apr 4 16:27:08 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 16:27:20 2006 Subject: Bad Content Checks In-Reply-To: <4431846E.2030101@ecs.soton.ac.uk> References: <44313333.3080603@nkpanama.com> <4431846E.2030101@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 03 Apr 2006 21:24:14 +0100: > You can put a ruleset on anything. If it passes "Allow Filenames" then > it skips the filename.rules.conf file. Julian, it doesn't want to do that here. I have: Allow Filenames = %etc-dir%/allow.filename.conf Filename Rules = %etc-dir%/filename.rules.conf with \.txt$ \.pdf$ \.bmp$ in allow.filename.conf The file is found and read by MS. I did a service MailScanner reload after changing it about four hours ago. But still .bmp files are blocked because of this rule deny \.bmp$ Windows bitmap file security vulnerability Possible buffer overflow in Windows It looks like the Deny rule in Filename Rules still is read and takes precedence over Allow Filenames. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From martinh at solid-state-logic.com Tue Apr 4 16:37:52 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 4 16:38:00 2006 Subject: Mail not being sent In-Reply-To: <20060404152212.MSKS26479.ibm64aec.bellsouth.net@mail.bellsouth.net> Message-ID: <002601c657fd$bc52e750$3004010a@martinhlaptop> OK That looks good, now edit the MailScanner.conf and put BOTH debug statements to yes, stop MailScanner (make sure it's stopped with a ps) and run checkmailscanner. This should give debug to the screen and maillog file. Have a look at those and see if anything grabs you as to why things aren't moving out of the hold queue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of jdsmith2816@bellsouth.net > Sent: 04 April 2006 16:22 > To: MailScanner discussion > Subject: Re: RE: Mail not being sent > > Results are below: > > stonecrab:~/MailScanner-install-4.52.2/perl-tar/MailScanner-4.52.2/etc# > MailScanner -lint > Read 710 hostnames from the phishing whitelist > Config: calling custom init function SQLBlackList > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhiteList > MailScanner setting GID to (108) > MailScanner setting UID to (106) > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav bitdefender" > Found these virus scanners installed: bitdefender, clamav > stonecrab:~/MailScanner-install-4.52.2/perl-tar/MailScanner-4.52.2/etc# > > > > > From: "Martin Hepworth" > > Date: 2006/04/04 Tue AM 10:18:17 CDT > > To: "'MailScanner discussion'" > > Subject: RE: Mail not being sent > > > > HI > > > > Do a "MailScanner -lint" and see if any of the config options are broken > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of jdsmith2816@bellsouth.net > > > Sent: 04 April 2006 16:06 > > > To: mailscanner@lists.mailscanner.info > > > Subject: Mail not being sent > > > > > > Greetings: > > > > > > I am using MailWatch, SpamAssassin, MailScanner, and Postfix all > latest > > > versions. I was having issues with mail not being released properly > (the > > > mail was being put back into quarantine when released from MailWatch) > so I > > > made some suggested rule changes from the mailwatch FAQ at > > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq yesterday. > > > After coming back into work today I notice there have been no mails > > > actually going out since yesterday.. They are all stuck in the hold > queue. > > > Below is an excerpt from my log as of 10 mins ago or so.. The queue is > > > building and building. > > > > > > Does anyone have any ideas? Stupid me forgot to backup the > > > MailScanner.conf file prior to changing it so I don't recall what the > > > defaults were BEFORE the changes that were made to the rules from that > faq > > > page. I'm kind of desperate, I'm sure people are eagerly awaiting > those > > > 12000 or so emails. > > > > > > Best regards, > > > > > > JD Smith > > > > > > ----------------------------------snip-------------------------------- > ---- > > > - > > > Apr 4 14:44:51 stonecrab MailScanner[10928]: MailScanner E-Mail Virus > > > Scanner > > > version 4.51.5 starting... > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Read 710 hostnames from > the > > > phishing whitelist > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom > init > > > function SQLBlackList > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom > init > > > function MailWatchLogging > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Started SQL Logging child > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom > init > > > function SQLWhiteList > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Using SpamAssassin > results > > > cache > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Connected to SpamAssassin > > > cache > > > database > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Enabling SpamAssassin > auto- > > > whitelist functionality... > > > Apr 4 14:44:52 stonecrab postfix/smtpd[8521]: disconnect from copux. > > > meekermorgan.com[206.131.231.167] > > > Apr 4 14:44:54 stonecrab MailScanner[10928]: Using locktype = flock > > > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Found 11838 > > > messages > > > waiting > > > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Scanning 30 > > > messages, > > > 150929 bytes > > > Apr 4 14:44:54 stonecrab MailScanner[10928]: Spam Checks: Starting > > > Apr 4 14:44:55 stonecrab postfix/smtpd[9330]: connect from 65-112-133- > > > 10.dia. > > > static.qwest.net[65.112.133.10] > > > Apr 4 14:44:55 stonecrab postfix/smtpd[9173]: connect from 65-112-133- > > > 10.dia. > > > static.qwest.net[65.112.133.10] > > > Apr 4 14:44:57 stonecrab postfix/smtpd[9275]: connect from 65-112-133- > > > 10.dia. > > > static.qwest.net[65.112.133.10] > > > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: connect from > > > nvc68.atasylrsi.com > > > [87.253.225.68] > > > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: D2A2D3F7035: > client=nvc68. > > > atasylrsi.com[87.253.225.68] > > > Apr 4 14:44:58 stonecrab postfix/smtpd[8521]: connect from yoho- > > > common.wc09.net > > > [63.214.0.244] > > > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: 0292F3F7036: > client=yoho- > > > common. > > > wc09.net[63.214.0.244] > > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: > header > > > Received: from yoho-common.wc09.net (yoho-common.wc09.net > > > [63.214.0.244])??by > > > stonecrab.interbee.com > > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: > header > > > Received: from hammacher.whatcounts.com (192.168.0.179) by yoho- > > > common.wc09.net > > > (PowerMTA(TM) v3.0r29 > > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: message- > > > id=<20060404144459.0292F3F7036@stonecrab.interbee.com> > > > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: disconnect from yoho- > > > common.wc09. > > > net[63.214.0.244] > > > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: connect from host38. > > > respond2mail6.com[69.30.233.38] > > > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: 9D0DA3F7037: > client=host38. > > > respond2mail6.com[69.30.233.38] > > > Apr 4 14:45:01 stonecrab postfix/smtpd[9173]: C55BD3F7038: client=65- > 112- > > > 133- > > > 10.dia.static.qwest.net[65.112.133.10] > > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: connect from unknown > > > [216.75.15.17] > > > Apr 4 14:45:02 stonecrab postfix/smtpd[9330]: 4C8D13F7039: client=65- > 112- > > > 133- > > > 10.dia.static.qwest.net[65.112.133.10] > > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: 655D63F703A: > client=unknown > > > [216.75.15.17] > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: > header > > > Received: from host38.respond2mail6.com (host38.respond2mail6.com > > > [69.30.233.38])??by stonecrab.inter > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: > header > > > Received: by host38.respond2mail6.com id h6a2o008hj85; Tue, 4 Apr 2006 > > > 06:59:38 > > > -0700 (envelope-from > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: message- > > > id=<20060404144501.9D0DA3F7037@stonecrab.interbee.com> > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: > header > > > Received: from mail.atscafe.com (unknown [216.75.15.17])??by > > > stonecrab.interbee. > > > com (Postfix) with ES > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: > header > > > Received: by mail.atscafe.com (PowerMTA(TM) v3.0c2) id h6a37o01g74j; > Tue, > > > 4 Apr > > > 2006 10:44:18 -0400 ( > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: message- > > > id= > > > Apr 4 14:45:02 stonecrab postfix/smtpd[10943]: connect from > > > unknown[60.52.0.64] > > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: disconnect from unknown > > > [216.75.15.17] > > > Apr 4 14:45:02 stonecrab MailScanner[10944]: MailScanner E-Mail Virus > > > Scanner > > > version 4.51.5 starting... > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Read 710 hostnames from > the > > > phishing whitelist > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom > init > > > function SQLBlackList > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom > init > > > function MailWatchLogging > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Started SQL Logging child > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom > init > > > function SQLWhiteList > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Using SpamAssassin > results > > > cache > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Connected to SpamAssassin > > > cache > > > database > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Enabling SpamAssassin > auto- > > > whitelist functionality... > > > ------------------------snip------------------------- > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Tue Apr 4 18:31:25 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 18:31:37 2006 Subject: Bad Content Checks In-Reply-To: <01b601c657e3$017efcd0$3004010a@martinhlaptop> References: <01b601c657e3$017efcd0$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Tue, 4 Apr 2006 13:26:31 +0100: > Depends where the whitelist is...if it's "Definitely Not Spam" I'm not sure > it calls SA at all. That's what it is. I just remember from two years or so ago, that Julian then told me it scans nevertheless and then discards. Maybe that was only with "detailed report", don't know. But, anyway, I don't get this "detailed report" for whitelisted mail. if the whitelist is an SA whitelist then it will of > course call SA. Not whitelists in SA at all, other than the packaged ones. I think there's really no use for them if you use MailScanner. > > And if it?s the big "Scan Messages" switch then I guess its just pops around > all the tests. I hope so, yes. But this is only set for a very few hosts. I'm talking about the "green" W/L stuff in regard to the detailed report here. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Apr 4 18:31:25 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 18:31:39 2006 Subject: MailScanner and SA auto-learning Message-ID: Is it possible that MailScanner interferes in any way with Bayes auto-learning? I have "bayes_auto_learn_threshold_spam 8" on my new machine and nothing gets learned, not even spam over 20. It's possible that it's not learned because partial scores for header or body or so didn?t reach the required minimum, of course. But I first wanted to make sure that MailScanner doesn't tell SA this value when scanning. There's nothing in the MailScanner.conf that looks like that, so I think MailScanner settings don't matter here at all, correct? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Tue Apr 4 18:46:01 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 4 18:46:10 2006 Subject: MailScanner and SA auto-learning In-Reply-To: References: Message-ID: <4432B0D9.3030906@evi-inc.com> Kai Schaetzl wrote: > Is it possible that MailScanner interferes in any way with Bayes > auto-learning? I have "bayes_auto_learn_threshold_spam 8" on my new > machine and nothing gets learned, not even spam over 20. It's possible > that it's not learned because partial scores for header or body or so > didn?t reach the required minimum, of course. But I first wanted to make > sure that MailScanner doesn't tell SA this value when scanning. There's > nothing in the MailScanner.conf that looks like that, so I think > MailScanner settings don't matter here at all, correct? Bayes autolearning works fine in my system, and MailScanner even reports it in the spamcheck headers: X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=44.262, required 5, autolearn=spam, BAYES_99 3.50, DATE_IN_FUTURE_12_24 2.77, MailScanner 4.50.15, SpamAssassin 3.1.0. From maillists at conactive.com Tue Apr 4 19:19:05 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 19:19:16 2006 Subject: MailScanner and SA auto-learning In-Reply-To: <4432B0D9.3030906@evi-inc.com> References: <4432B0D9.3030906@evi-inc.com> Message-ID: Matt Kettler wrote on Tue, 04 Apr 2006 13:46:01 -0400: > Bayes autolearning works fine in my system, and MailScanner even reports it in > the spamcheck headers: Hi Matt, it works fine on my main system as well. However, on this new system it doesn't. I ran the message thru SA -D now, it's clearly SA that doesn't want to learn it. The problem are the header-points, there are always too less, although I have plenty of body-points (mostly from SURBLs). Is that required header score configurable in SA 3.1.1 by chance? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Tue Apr 4 19:34:46 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 4 19:35:57 2006 Subject: MailScanner and SA auto-learning In-Reply-To: References: <4432B0D9.3030906@evi-inc.com> Message-ID: <4432BC46.901@evi-inc.com> Kai Schaetzl wrote: > Matt Kettler wrote on Tue, 04 Apr 2006 13:46:01 -0400: > >> Bayes autolearning works fine in my system, and MailScanner even reports it in >> the spamcheck headers: > > Hi Matt, it works fine on my main system as well. However, on this new system it > doesn't. > > I ran the message thru SA -D now, it's clearly SA that doesn't want to learn it. > The problem are the header-points, there are always too less, although I have > plenty of body-points (mostly from SURBLs). Is that required header score > configurable in SA 3.1.1 by chance? No, it's hard-coded. This is entirely on-purpose, to prevent someone from screwing themselves over by making the autolearner to aggressive. The hard-coding is in AutoLearnThreshold.pm. --------- if ($isspam) { my $required_body_points = 3; my $required_head_points = 3; --------- If you need to pick up header points, usually the conventional RBL tests do a good job. However, since you're using SURBLs I'm assuming you're using those too. You really should be seeing at least some autolearning. Any chance ALL_TRUSTED is misfiring and dragging down the header score? From roger at rudnick.com.br Tue Apr 4 20:41:36 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 4 20:41:43 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk> Message-ID: <06d901c6581f$c9840220$0600a8c0@roger> Regarding to my problem (bellow) I found the following lines in my maillog srv MailScanner[9596]: Failed to link message body between queues (/var/spool/mqueue/dfi8R9KQqf010458 --> /var/spool/mqueue.in/dfi8R9KQqf010458) I think that is related to that problem... And my locktype in MailScanner.conf is set to Posix. Any other place to look for? ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, March 30, 2006 2:43 PM Subject: Re: Sendmail Upgrade, other problem > Can you do this and send the output: > > sendmail -d0.1 -d0.4 -bt > Roger Jochem wrote: >> But it is (and was already) configured as posix. I upgraded from 8.13.1 >> to 8.13.6, and then the problem started to appear. >> >> ----- Original Message ----- From: "Julian Field" >> To: "MailScanner discussion" >> Sent: Friday, March 24, 2006 7:33 AM >> Subject: Re: Sendmail Upgrade, other problem >> >> >>> If you are running on Linux and have upgraded from sendmail 8.12 or >>> earlier to 8.13 then you need to set >>> Lock Type = >>> or >>> Lock Type = posix >>> depending on your version of MailScanner. Setting it to "posix" >>> explicitly is clearer. >>> >>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>> >>>> After the sendmail upgrade to 8.13.6, some of my messages come with no >>>> body, and the text "<<< No Message Collected >>>" in the body... They >>>> appear twice in the users inbox, one with this body, and one ok >>>> message (with the original body). >>>> >>>> In Mailwatch this messages appear with two times the header info. Very >>>> strange... >>>> >>>> Anybody facing the same problem, or maybe could give some ideas of >>>> what's causing that? >>>> >>>> Regards >>>> >>>> Roger Jochem >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> Julian Field >>> jkf@ecs.soton.ac.uk >>> Teaching Systems Manager >>> Electronics & Computer Science >>> University of Southampton >>> SO17 1BJ, UK >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From roger at rudnick.com.br Tue Apr 4 20:47:35 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 4 20:47:39 2006 Subject: Sendmail Upgrade, other problem Message-ID: <070f01c65820$9f137c90$0600a8c0@roger> One more thing, is that correct when MailScanner starts? Apr 4 13:59:19 mail MailScanner[14190]: Using locktype = posix Apr 4 13:59:19 mail MailScanner[14190]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Apr 4 13:59:19 mail MailScanner[14190]: New Batch: Found 31 messages waiting Apr 4 13:59:19 mail MailScanner[14190]: New Batch: Scanning 1 messages, 3502 bytes It says that locktype is posix, and is creating some struct_flock subroutine? Is it correct? ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Tuesday, April 04, 2006 4:41 PM Subject: Re: Sendmail Upgrade, other problem > Regarding to my problem (bellow) I found the following lines in my maillog > > srv MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > > I think that is related to that problem... And my locktype in > MailScanner.conf is set to Posix. Any other place to look for? > > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Thursday, March 30, 2006 2:43 PM > Subject: Re: Sendmail Upgrade, other problem > > >> Can you do this and send the output: >> >> sendmail -d0.1 -d0.4 -bt > >> Roger Jochem wrote: >>> But it is (and was already) configured as posix. I upgraded from 8.13.1 >>> to 8.13.6, and then the problem started to appear. >>> >>> ----- Original Message ----- From: "Julian Field" >>> To: "MailScanner discussion" >>> Sent: Friday, March 24, 2006 7:33 AM >>> Subject: Re: Sendmail Upgrade, other problem >>> >>> >>>> If you are running on Linux and have upgraded from sendmail 8.12 or >>>> earlier to 8.13 then you need to set >>>> Lock Type = >>>> or >>>> Lock Type = posix >>>> depending on your version of MailScanner. Setting it to "posix" >>>> explicitly is clearer. >>>> >>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>> >>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>> They appear twice in the users inbox, one with this body, and one ok >>>>> message (with the original body). >>>>> >>>>> In Mailwatch this messages appear with two times the header info. >>>>> Very strange... >>>>> >>>>> Anybody facing the same problem, or maybe could give some ideas of >>>>> what's causing that? >>>>> >>>>> Regards >>>>> >>>>> Roger Jochem >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> Julian Field >>>> jkf@ecs.soton.ac.uk >>>> Teaching Systems Manager >>>> Electronics & Computer Science >>>> University of Southampton >>>> SO17 1BJ, UK >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > From shrek-m at gmx.de Tue Apr 4 21:09:26 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue Apr 4 21:09:34 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <06d901c6581f$c9840220$0600a8c0@roger> References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk> <06d901c6581f$c9840220$0600a8c0@roger> Message-ID: <4432D276.3060707@gmx.de> On 04.04.2006 21:41, Roger Jochem wrote: > Regarding to my problem (bellow) I found the following lines in my > maillog > srv MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > >>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>> >>>>> After the sendmail upgrade to 8.13.6, some of my messages come >>>>> with no body, and the text "<<< No Message Collected >>>" in the >>>>> body... They appear twice in the users inbox, one with this body, >>>>> and one ok message (with the original body). >>>> google http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.html *Author: *Ryan *Date: * 2004-10-25 06:21 +200 *To: *plug *Subject: *[plug] MailScanner children fighting Hi PLUG, I've just upgraded my MailScanner to v4.34.8. Before I knock on their door about this problem I was wondering if anyone has seen it? With the default 5 children running, it appear that sometimes two childen pick up the same message and then whichever finishes last reports an error about it. Below is the output, you can see that two MailScanner processes detect the email waiting, both scan it, then one delivers it and the other one wonders where it went. The leads to 2 messages being sent to the recipient, one with the full message, and the other empty saying "<<< No Message Collected >>>" If I reduce the max children to one, things obviously are a touch slower off the mark, but it stops the children fighting over the messages. -- shrek-m From jstork at pbco.ca Tue Apr 4 21:34:51 2006 From: jstork at pbco.ca (Johnny Stork) Date: Tue Apr 4 21:36:42 2006 Subject: SPF Rules? Message-ID: <4102180.1144182891614.JavaMail.root@pbco-server3.pbco.ca> I finally got around to upgrading our MailScanner setup running on RHES4, I first used the tarball for the clam/SA packages and then the MailScanner rpm upgrade tarball. All seems fine and I am now trying to go through and address various issues that I have not fully configured yet. For now I am trying to understand how the SPF rules work. I know very little about SPF or how it is implemented in mailscanner, but it seems that almost all messages trigger this rule below? Is this normal Score?? Rule? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? Description 2.08SPF_HELO_SOFTFAILSPF: HELO does not match SPF record (softfail) Also, when I go to the Bayes Database Info section on MailWatch, I see that the count for SPAM has been at 198 and even if I go to "Message Operations" locate a definite SPAM message, click the SPAM box and the "Learn" the SPAM count does not increase? But this is probably a question for the MailWatch list _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 l -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060404/0bc2bcbb/attachment.html From marlo at raidbr.com.br Tue Apr 4 21:45:23 2006 From: marlo at raidbr.com.br (marlo - raidbr) Date: Tue Apr 4 21:45:29 2006 Subject: SPAM USER Message-ID: <1144183523.14934.8.camel@localhost.localdomain> I want to know if there is any way to configure the mailscanner to blocking the spam by user. From Kevin_Miller at ci.juneau.ak.us Tue Apr 4 22:02:05 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Apr 4 22:02:11 2006 Subject: SPF Rules? Message-ID: There's two aspects of SPF. The first is your SPF records which are in your DNS. The specify which domains are permitted to send mail claiming to be from your domain. Essentially it's a list of computers authorized to send on your behalf. The other aspect is SPF records in other folks domains. For instance, I have specific servers listed in my dns with SPF records. If someone out in spam-land tries to send a message from bogus-server.ci.juneau.ak.us, your server will look at the address, do a lookup on my dns servers for the corresponding SPF record, note that the sending server isn't one of the authorized servers and it will fail. In my case it's a hard fail but many people set it to soft fail initially. What you're seeing is spammers pretending to send from a domain that isn't theirs. It appears to be working as advertised. Not sure about the spam count question... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Johnny Stork Sent: Tuesday, April 04, 2006 12:35 PM To: mailscanner@lists.mailscanner.info Subject: SPF Rules? I finally got around to upgrading our MailScanner setup running on RHES4, I first used the tarball for the clam/SA packages and then the MailScanner rpm upgrade tarball. All seems fine and I am now trying to go through and address various issues that I have not fully configured yet. For now I am trying to understand how the SPF rules work. I know very little about SPF or how it is implemented in mailscanner, but it seems that almost all messages trigger this rule below? Is this normal Score Rule Description 2.08 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) Also, when I go to the Bayes Database Info section on MailWatch, I see that the count for SPAM has been at 198 and even if I go to "Message Operations" locate a definite SPAM message, click the SPAM box and the "Learn" the SPAM count does not increase? But this is probably a question for the MailWatch list _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 l -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060404/747970f8/attachment-0001.html From mkettler at evi-inc.com Tue Apr 4 22:08:32 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 4 22:09:10 2006 Subject: SPF Rules? In-Reply-To: <4102180.1144182891614.JavaMail.root@pbco-server3.pbco.ca> References: <4102180.1144182891614.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <4432E050.3080002@evi-inc.com> Johnny Stork wrote: > I finally got around to upgrading our MailScanner setup running on > RHES4, I first used the tarball for the clam/SA packages and then the > MailScanner rpm upgrade tarball. All seems fine and I am now trying to > go through and address various issues that I have not fully configured > yet. For now I am trying to understand how the SPF rules work. I know > very little about SPF or how it is implemented in mailscanner, but it > seems that almost all messages trigger this rule below? Is this normal > > Score Rule Description > 2.08 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) > No, it's not normal. However, this is NOT a MailScanner issue. It's a SpamAssassin issue, as that's a SpamAssassin rule. My guess is that you've got a broken trust path, and SA is confused about which host is dropping off the mail to your network. http://wiki.apache.org/spamassassin/TrustPath From alex at nkpanama.com Tue Apr 4 22:21:11 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 4 22:21:38 2006 Subject: SPAM USER In-Reply-To: <1144183523.14934.8.camel@localhost.localdomain> References: <1144183523.14934.8.camel@localhost.localdomain> Message-ID: <4432E347.3080303@nkpanama.com> marlo - raidbr wrote: > I want to know if there is any way to configure the mailscanner to > blocking the spam by user. > > > > Yes, there is. From alex at nkpanama.com Tue Apr 4 22:21:58 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 4 22:22:50 2006 Subject: SPAM USER In-Reply-To: <1144183523.14934.8.camel@localhost.localdomain> References: <1144183523.14934.8.camel@localhost.localdomain> Message-ID: <4432E376.4030908@nkpanama.com> marlo - raidbr wrote: > I want to know if there is any way to configure the mailscanner to > blocking the spam by user. > > > > Seriously, look into rulesets. Read the config file. It's all there. Buy the book. :D From jstork at pbco.ca Tue Apr 4 22:32:56 2006 From: jstork at pbco.ca (Johnny Stork) Date: Tue Apr 4 22:34:47 2006 Subject: SPF Rules? In-Reply-To: <4432E050.3080002@evi-inc.com> Message-ID: <17577576.1144186376819.JavaMail.root@pbco-server3.pbco.ca> Should the suggestions below (from the SA wiki) go into the /etc/MailScanner/spam.assassin.prefs.conf file, or elsewhere? If you want to configure SpamAssassin with more information, you can: set 'internal_networks' to include the hosts that act as MX for your domains, or that may deliver mail internally in your organisation. set 'trusted_networks' to include the same hosts and networks as 'internal_networks', with the addition of some hosts that are external to your organisation which you trust to not be under the control of spammers. For example, very high-volume mail relays at other ISPs, or mailing list servers. _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Matt Kettler Sent: Tue, 4/4/2006 2:12pm To: MailScanner discussion Subject: Re: SPF Rules? Johnny Stork wrote: > I finally got around to upgrading our MailScanner setup running on > RHES4, I first used the tarball for the clam/SA packages and then the > MailScanner rpm upgrade tarball. All seems fine and I am now trying to > go through and address various issues that I have not fully configured > yet. For now I am trying to understand how the SPF rules work. I know > very little about SPF or how it is implemented in mailscanner, but it > seems that almost all messages trigger this rule below? Is this normal > > Score?? Rule?????????????????????????????????? Description > 2.08????SPF_HELO_SOFTFAIL????SPF: HELO does not match SPF record (softfail) > No, it's not normal. However, this is NOT a MailScanner issue. It's a SpamAssassin issue, as that's a SpamAssassin rule. My guess is that you've got a broken trust path, and SA is confused about which host is dropping off the mail to your network. http://wiki.apache.org/spamassassin/TrustPath -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jstork at pbco.ca Tue Apr 4 23:50:00 2006 From: jstork at pbco.ca (Johnny Stork) Date: Tue Apr 4 23:51:43 2006 Subject: SPF Rules? In-Reply-To: <17577576.1144186376819.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> Also, would adding a "trusted_networks" setting, address this message from the SA lint test? [18569] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks 0.00078 [18569] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Johnny Stork Sent: Tue, 4/4/2006 2:37pm To: MailScanner discussion Subject: RE: SPF Rules? Should the suggestions below (from the SA wiki) go into the /etc/MailScanner/spam.assassin.prefs.conf file, or elsewhere? If you want to configure SpamAssassin with more information, you can: set 'internal_networks' to include the hosts that act as MX for your domains, or that may deliver mail internally in your organisation. set 'trusted_networks' to include the same hosts and networks as 'internal_networks', with the addition of some hosts that are external to your organisation which you trust to not be under the control of spammers. For example, very high-volume mail relays at other ISPs, or mailing list servers. _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Matt Kettler Sent: Tue, 4/4/2006 2:12pm To: MailScanner discussion Subject: Re: SPF Rules? Johnny Stork wrote: > I finally got around to upgrading our MailScanner setup running on > RHES4, I first used the tarball for the clam/SA packages and then the > MailScanner rpm upgrade tarball. All seems fine and I am now trying to > go through and address various issues that I have not fully configured > yet. For now I am trying to understand how the SPF rules work. I know > very little about SPF or how it is implemented in mailscanner, but it > seems that almost all messages trigger this rule below? Is this normal > > Score?? Rule?????????????????????????????????? Description > 2.08????SPF_HELO_SOFTFAIL????SPF: HELO does not match SPF record (softfail) > No, it's not normal. However, this is NOT a MailScanner issue. It's a SpamAssassin issue, as that's a SpamAssassin rule. My guess is that you've got a broken trust path, and SA is confused about which host is dropping off the mail to your network. http://wiki.apache.org/spamassassin/TrustPath -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From KGoods at AIAInsurance.com Tue Apr 4 23:52:24 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Tue Apr 4 23:57:01 2006 Subject: OT: New MailScanner machine Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> I'm putting together a new machine to replace the one currently filtering our mail and delivering to an exchange server. The load increased back in December due to an update of MailScanner, Spamassassin, ClamAV, (and adding bitdefender). Spamassassin is timing out regularly and the machine is in heavy swap. (P233 with 196MB, processing ~8k emails per day). I have found another machine in the boneyard that has a little more horsepower (550 PIII with 384MB) and would like to build a new box running the same configuration, plus it gives me a chance to add some "legs" to the old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with everything else as it suits my comfort level. My question is this... I want to load the least services to support MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and Mailscanner-Mrtg. I noticed that there are three ISO's for Centos and another for Centos Server. Can I get away with just the Server ISO and use a minimal install or do I need to get all four and use a combination of them? Sorry if this is noob but I've looked around and can't find much information on the difference between the server ISO and the others and thought someone here may have some experience. Any help would be appreciated much. TIA Ken From michele at blacknight.ie Wed Apr 5 00:08:34 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Wed Apr 5 00:08:38 2006 Subject: OT: New MailScanner machine In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> Message-ID: <4432FC72.8000204@blacknight.ie> Ken Someone else will probably correct me... >From what I recall you can do a minimal server install with just the daemons that you need to run the software You may need to have all the discs, but you wouldn't need to load all their contents... -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From maillists at conactive.com Wed Apr 5 00:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 00:31:31 2006 Subject: MailScanner and SA auto-learning In-Reply-To: <4432BC46.901@evi-inc.com> References: <4432B0D9.3030906@evi-inc.com> <4432BC46.901@evi-inc.com> Message-ID: Matt Kettler wrote on Tue, 04 Apr 2006 14:34:46 -0400: > No, it's hard-coded. This is entirely on-purpose, to prevent someone from > screwing themselves over by making the autolearner to aggressive. Yeah, I know. They said the same thing about the normal autolearning score but then added local.cf options for it, anyway. > > The hard-coding is in AutoLearnThreshold.pm. > --------- > if ($isspam) { > my $required_body_points = 3; > my $required_head_points = 3; > --------- Yeah, I remember those. Most of my spam gets around 2 for header when the whole score is 10-20 and most of the rest is bayes_99, URIBL or some SARE rule and most of them hit on the body. Since most of the spam is caught before spamassassin only a small percentage makes it into SA, anyway. I would at least like to train on these. At the moment no training seems to take place. I suppose that minimal score system for header and body is meant to countermeasure very high scores put manually in the local.cf f.i. for whitelisting certain hosts. I don't do this stuff. It would be nice if SA could rethink it's decision based on the other score. So, if the header score is less than 3 than require a body score of 10 for autolearning or so. Well, maybe I suggest this on satalk. > > If you need to pick up header points, usually the conventional RBL tests do a > good job. However, since you're using SURBLs I'm assuming you're using those > too. You really should be seeing at least some autolearning. No, I use SURBLs because they work great, but I don't use any RBLs in MS or SA. My opinion is that I trust in one I can just use it on MTA level. I trust in three RBLs and results are very very good. > Any chance ALL_TRUSTED is misfiring and dragging down the header score? No, that's working actually very nicely. F.i. it detects the mail that gets submitted by clients directly to the machine for relaying and helps to make them "non-spammy". Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Apr 5 00:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 00:31:32 2006 Subject: SPF Rules? In-Reply-To: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> References: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> Message-ID: Johnny Stork wrote on Tue, 4 Apr 2006 15:50:00 -0700: > Also, would adding a "trusted_networks" setting, address this message > from the SA lint test? > > [18569] dbg: spf: no trusted relays found, > using first (untrusted) relay (if present) for SPF checks > 0.00078 It depends. This works only if there *are* trusted hosts in the Received chain. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Apr 5 00:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 00:31:33 2006 Subject: SPF Rules? In-Reply-To: <17577576.1144186376819.JavaMail.root@pbco-server3.pbco.ca> References: <17577576.1144186376819.JavaMail.root@pbco-server3.pbco.ca> Message-ID: Johnny Stork wrote on Tue, 4 Apr 2006 14:32:56 -0700: > set 'internal_networks' to include the hosts that act as MX for > your domains, or that may deliver mail internally in your organisation. Thanks, I missed that one. I'm going to change my trusted_networks to internal_networks now :-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From alex at nkpanama.com Wed Apr 5 01:14:23 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 5 01:15:16 2006 Subject: OT: New MailScanner machine In-Reply-To: <4432FC72.8000204@blacknight.ie> References: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> <4432FC72.8000204@blacknight.ie> Message-ID: <44330BDF.6090706@nkpanama.com> Michele Neylon:: Blacknight.ie wrote: > Ken > > Someone else will probably correct me... > > >From what I recall you can do a minimal server install with just the > daemons that you need to run the software > You may need to have all the discs, but you wouldn't need to load all > their contents... > > > > Actually all you will really need is the server CD if you're not interested in things like X, GNOME, KDE, etc. - and you can always "yum install" whatever else you need after you've finished. I've only had problems with bashphobic admins who insist everything must have a spiffy graphical interface; I usually calm them down by introducing them to Webmin. From dickenson at cfmc.com Wed Apr 5 03:34:54 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 5 03:35:03 2006 Subject: Question about from address Message-ID: In my mail log file I have these two lines related to an email message: sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> MailScanner[27857]: Message k34KuiHl012558 from 63.119.50.102 (frame< @ > scrappy.sampling.com) to cfmc.com is spam, SpamAssassin (score=5.56, required 5 Tow of the headers in the email show: MailScanner-SpamCheck: spam, SpamAssassin (score=5.56, required 5, MailScanner-From: frame< @ >scrappy.surveyspot.com I thought the email address in the MailScanner-From line was the email address that is to be white-listed. I have that address white-listed but it does not white-list this email. What is going on? It looks to me like the MailScanner-From line does not have the correct email address. I have change the @ in the email addresses to < @ > -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ From mauriciopcavalcanti at hotmail.com Wed Apr 5 08:52:41 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Wed Apr 5 08:53:19 2006 Subject: RES: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! In-Reply-To: <200602121446.k1CEkdsa002622@smtp30.hccnet.nl> Message-ID: Helo, I have the same warning: ?You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed!? It?s working well, but I had to disable the spamassassin cache results feature. MS 4.35 was upgraded to 4.52 in RH 8.0, but I saw that install.sh could not upgrade/install perl-DBI-1.50-2.noarch.rpm and perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm Problem with perl-DBI: perl(Net::Daemon) perl(RPC::PlClient) perl(Win32::ODBC) I?ve downloaded and installed perl-Net-Daemon and perl-PlRPC (with no problem), but I could not find package for perl(Win32::ODBC). Problem with perl-ExtUtils-MakeMaker: Many files conflicts with files from package perl-5.8.0-88.3 Anyone can help to solve this? Thanks in advance, Mauricio _____ De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Herman Swensson Enviada em: domingo, 12 de fevereiro de 2006 12:47 Para: mailscanner@lists.mailscanner.info Assunto: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! Hi, I have upgraded MailScanner to version 4.50.15 and I am getting the next new Messages: MailScanner: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed MailScanner setting GID to postfix (89) MailScanner setting UID to postfix (89) What does this mean cpan> install DBI CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Mon, 16 Jan 2006 10:10:45 GMT DBI is up to date (1.50). cpan> install DBD::SQLite CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Mon, 16 Jan 2006 10:10:45 GMT DBD::SQLite is up to date (1.11). Linux version is 2.6.9-19 Greetings Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10-2-2006 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060405/5140968b/attachment.html From res at ausics.net Wed Apr 5 08:54:55 2006 From: res at ausics.net (Res) Date: Wed Apr 5 08:55:03 2006 Subject: No SYSLOG No Mail Scanned Message-ID: Is it correct that should syslog die that MS ceases to process mail???? should it not continue on, on such a trivial error state? Current version MS, all MS process defunct, I know it was working two nights ago... Anyway after scratching my head for 10 mins i threw it into debug mode and the problem was instantly evident, cant connect to syslog. OK so it brought to my notice syslog died on our secondary MX :) but none the less I think it's bad that it just queues the mail and dies off this way. -- Cheers Res From martinh at solid-state-logic.com Wed Apr 5 09:00:44 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 09:00:52 2006 Subject: New MailScanner machine In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> Message-ID: <004a01c65887$0aba7960$3004010a@martinhlaptop> Ken One other small point unrelated to your question but I'd get more RAM for the new system. Julian recommends 1GB per CPU and I gotta say I agree with him, even for you small amount of emails per day (which BTW is about the same as me..).. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ken Goods > Sent: 04 April 2006 23:52 > To: MailScanner Mailing List (E-mail) > Subject: OT: New MailScanner machine > > I'm putting together a new machine to replace the one currently filtering > our mail and delivering to an exchange server. The load increased back in > December due to an update of MailScanner, Spamassassin, ClamAV, (and > adding > bitdefender). Spamassassin is timing out regularly and the machine is in > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > I have found another machine in the boneyard that has a little more > horsepower (550 PIII with 384MB) and would like to build a new box running > the same configuration, plus it gives me a chance to add some "legs" to > the > old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with > everything else as it suits my comfort level. > > My question is this... I want to load the least services to support > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and Mailscanner- > Mrtg. > I noticed that there are three ISO's for Centos and another for Centos > Server. Can I get away with just the Server ISO and use a minimal install > or > do I need to get all four and use a combination of them? Sorry if this is > noob but I've looked around and can't find much information on the > difference between the server ISO and the others and thought someone here > may have some experience. > > Any help would be appreciated much. > > TIA > Ken > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Apr 5 09:02:09 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 09:02:16 2006 Subject: MailScanner and SA auto-learning In-Reply-To: Message-ID: <004b01c65887$3cf20100$3004010a@martinhlaptop> Kai Has your bayes DB got the required 200 ham AND spam messages? I'm not sure the bayes functions work at all without the required 400 seed emails.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 04 April 2006 18:31 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner and SA auto-learning > > Is it possible that MailScanner interferes in any way with Bayes > auto-learning? I have "bayes_auto_learn_threshold_spam 8" on my new > machine and nothing gets learned, not even spam over 20. It's possible > that it's not learned because partial scores for header or body or so > didn?t reach the required minimum, of course. But I first wanted to make > sure that MailScanner doesn't tell SA this value when scanning. There's > nothing in the MailScanner.conf that looks like that, so I think > MailScanner settings don't matter here at all, correct? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From prandal at herefordshire.gov.uk Wed Apr 5 10:19:49 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Apr 5 10:20:06 2006 Subject: New MailScanner machine Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C074F5F@isabella.herefordshire.gov.uk> Installing MailScanner on Centos 4.2 (my notes are old so some versioning is incorrect) 1: Install Centos 4.2 Download the CentOS server CD from one of www.centos.org's mirrors and burn to a CD. Boot from that CD press enter at the first text prompt perform the media check welcome: click next language selection: select English (English) keyboard: United Kingdom mouse: choose it automatic partition: accept remove all partitions say yes when warned Partitioning: accept default scheme Boot Loader: accept default network config: Unselect "Configure using DHCP" and enter appropriate values Firewall: no firewall Additional Languages: English GB (set as default) Time Zone - select Europe/London root password: do not lose this and make it non-trivial Package Defaults: Customize Package Group selection: Conf Tools accept defaults Web Server add php-mysql add php-pgsql remove squid remove webalyzer Mail Server add sendmail-cf remove dovecot remove spamassassin (we'll install it ourselves later) Windows File Server do not select DNS accept defaults FTP do not select PostgreSQL accept defaults add postgresql add postgresql-server MySQL defaults add mysql-server add php-mysql Admin Tools defaults System Tools do not select Printing do not select install that lot, then reboot (ejecting CD during reboot) and log in as root reinsert Centos Server CD in CDROM drive rpm --import /media/cdrom/RPM-GPG-KEY-centos4 then "yum install" the following (I'm not sure ALL are necessary but most are for MailScanner/MailWatch/Mailscanner-mrtg) bzip2-devel db4-devel compat-libstdc++* curl-devel elinks emacs gcc-c++-3.4.4 gmp-devel lynx mrtg net-snmp-utils openldap-devel php-gd python-devel rpm-build sendmail-devel then do a "yum update" to get everything up to date. chkconfig --level 2345 cups off chkconfig --level 2345 httpd on chkconfig --level 2345 mysqld on chkconfig --level 2345 named on chkconfig --level 2345 snmpd on edit /etc/resolv.conf adding at front nameserver 127.0.0.1 reboot (again ejecting CD so we don't boot from it by mistake) login as root (well, as you and su where appropriate) Install Unrar Unrar is an archive unpacker available from freshrpms.net. It is used to unpack .rar archives so we can virus scan them. We'll use the package from Dag Wieers' RPM repository for RHEL 4 create the file /etc/yum.repos.d/dag.repo -------- [dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag gpgcheck=1 gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt enabled=1 includepkgs=unrar ------- yum install unrar Install clamav 0.88 and spamassassin 3.11 from Julian's tarball cd /usr/src wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.g z tar zxvf install-Clam-SA.tar.gz cd install-Clam-SA ./install.sh edit /usr/local/etc/freshclam.conf to set "uk" database location. freshclam this should retrieve the current virus patterns without giving any warnings. If you get warnings about digital signatures not being supported you've failed to install gmp-devel earlier. edit /etc/mail/spamassassin/v310.pre to make sure dcc and razor2 plugins are enabled Then install MailScanner cd /usr/src wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.51. 5-1.rpm.tar.gz tar zxvf MailScanner-4.51.5-1.rpm.tar.gz cd MailScanner-4.50.10-1 ./install.sh follow the instructions given at end of install to the letter service sendmail stop chkconfig --level 2345 sendmail off chkconfig --level 2345 MailScanner on Performance tuning MailScanner add the following line to /etc/fstab none /var/spool/MailScanner/incoming tmpfs defaults 0 0 service MailScanner stop mount /var/spool/MailScanner/incoming etc... My notes are in a state of flux, so I'll stop there for the moment. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ken Goods > Sent: 04 April 2006 23:52 > To: MailScanner Mailing List (E-mail) > Subject: OT: New MailScanner machine > > I'm putting together a new machine to replace the one > currently filtering > our mail and delivering to an exchange server. The load > increased back in > December due to an update of MailScanner, Spamassassin, > ClamAV, (and adding > bitdefender). Spamassassin is timing out regularly and the > machine is in > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > I have found another machine in the boneyard that has a little more > horsepower (550 PIII with 384MB) and would like to build a > new box running > the same configuration, plus it gives me a chance to add some > "legs" to the > old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with > everything else as it suits my comfort level. > > My question is this... I want to load the least services to support > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and > Mailscanner-Mrtg. > I noticed that there are three ISO's for Centos and another for Centos > Server. Can I get away with just the Server ISO and use a > minimal install or > do I need to get all four and use a combination of them? > Sorry if this is > noob but I've looked around and can't find much information on the > difference between the server ISO and the others and thought > someone here > may have some experience. > > Any help would be appreciated much. > > TIA > Ken > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Wed Apr 5 10:32:32 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 10:32:39 2006 Subject: New MailScanner machine In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580C074F5F@isabella.herefordshire.gov.uk> Message-ID: <006601c65893$dd851100$3004010a@martinhlaptop> Phil Ooo shiney Have you got some time to add this to the wiki...?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: 05 April 2006 10:20 > To: MailScanner discussion > Subject: RE: New MailScanner machine > > Installing MailScanner on Centos 4.2 (my notes are old so some > versioning is incorrect) > > 1: Install Centos 4.2 > > Download the CentOS server CD from one of www.centos.org's mirrors > and burn to a CD. > > Boot from that CD > press enter at the first text prompt > perform the media check > welcome: click next > language selection: select English (English) > keyboard: United Kingdom > mouse: choose it > automatic partition: accept > remove all partitions > say yes when warned > Partitioning: accept default scheme > Boot Loader: accept default > network config: Unselect "Configure using DHCP" and enter > appropriate values > Firewall: no firewall > Additional Languages: English GB (set as default) > Time Zone - select Europe/London > root password: do not lose this and make it non-trivial > Package Defaults: Customize > Package Group selection: > Conf Tools > accept defaults > Web Server > add php-mysql > add php-pgsql > remove squid > remove webalyzer > Mail Server > add sendmail-cf > remove dovecot > remove spamassassin (we'll install it ourselves > later) > Windows File Server > do not select > DNS > accept defaults > FTP > do not select > PostgreSQL > accept defaults > add postgresql > add postgresql-server > MySQL > defaults > add mysql-server > add php-mysql > Admin Tools > defaults > System Tools > do not select > Printing > do not select > > install that lot, then reboot (ejecting CD during reboot) and > log in as root > > reinsert Centos Server CD in CDROM drive > rpm --import /media/cdrom/RPM-GPG-KEY-centos4 > > then "yum install" the following (I'm not sure ALL are necessary > but most > are for MailScanner/MailWatch/Mailscanner-mrtg) > > bzip2-devel > db4-devel > compat-libstdc++* > curl-devel > elinks > emacs > gcc-c++-3.4.4 > gmp-devel > lynx > mrtg > net-snmp-utils > openldap-devel > php-gd > python-devel > rpm-build > sendmail-devel > > then do a "yum update" to get everything up to date. > > chkconfig --level 2345 cups off > chkconfig --level 2345 httpd on > chkconfig --level 2345 mysqld on > chkconfig --level 2345 named on > chkconfig --level 2345 snmpd on > > edit /etc/resolv.conf adding at front > nameserver 127.0.0.1 > > reboot (again ejecting CD so we don't boot from it by mistake) > > login as root (well, as you and su where appropriate) > > Install Unrar > > Unrar is an archive unpacker available from freshrpms.net. > It is used to unpack .rar archives so we can virus scan them. > > We'll use the package from Dag Wieers' RPM repository for RHEL 4 > > create the file /etc/yum.repos.d/dag.repo > -------- > [dag] > name=Dag RPM Repository for Red Hat Enterprise Linux > baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag > gpgcheck=1 > gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt > enabled=1 > includepkgs=unrar > ------- > > yum install unrar > > > Install clamav 0.88 and spamassassin 3.11 from Julian's tarball > > cd /usr/src > wget > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.g > z > tar zxvf install-Clam-SA.tar.gz > cd install-Clam-SA > ./install.sh > > edit /usr/local/etc/freshclam.conf > > to set "uk" database location. > > freshclam > > this should retrieve the current virus patterns without > giving any > warnings. If you get warnings about digital signatures > not being > supported you've failed to install gmp-devel earlier. > > edit /etc/mail/spamassassin/v310.pre to make sure dcc and razor2 > plugins are enabled > > Then install MailScanner > > cd /usr/src > wget > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.51. > 5-1.rpm.tar.gz > tar zxvf MailScanner-4.51.5-1.rpm.tar.gz > cd MailScanner-4.50.10-1 > ./install.sh > > follow the instructions given at end of install to the letter > > service sendmail stop > chkconfig --level 2345 sendmail off > chkconfig --level 2345 MailScanner on > > Performance tuning MailScanner > > add the following line to /etc/fstab > none /var/spool/MailScanner/incoming tmpfs defaults 0 0 > service MailScanner stop > mount /var/spool/MailScanner/incoming > > etc... > > My notes are in a state of flux, so I'll stop there for the moment. > > Cheers, > > Phil > > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Ken Goods > > Sent: 04 April 2006 23:52 > > To: MailScanner Mailing List (E-mail) > > Subject: OT: New MailScanner machine > > > > I'm putting together a new machine to replace the one > > currently filtering > > our mail and delivering to an exchange server. The load > > increased back in > > December due to an update of MailScanner, Spamassassin, > > ClamAV, (and adding > > bitdefender). Spamassassin is timing out regularly and the > > machine is in > > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > > > I have found another machine in the boneyard that has a little more > > horsepower (550 PIII with 384MB) and would like to build a > > new box running > > the same configuration, plus it gives me a chance to add some > > "legs" to the > > old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with > > everything else as it suits my comfort level. > > > > My question is this... I want to load the least services to support > > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and > > Mailscanner-Mrtg. > > I noticed that there are three ISO's for Centos and another for Centos > > Server. Can I get away with just the Server ISO and use a > > minimal install or > > do I need to get all four and use a combination of them? > > Sorry if this is > > noob but I've looked around and can't find much information on the > > difference between the server ISO and the others and thought > > someone here > > may have some experience. > > > > Any help would be appreciated much. > > > > TIA > > Ken > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From roger at rudnick.com.br Wed Apr 5 10:52:32 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Apr 5 10:52:34 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk><06d901c6581f$c9840220$0600a8c0@roger> <4432D276.3060707@gmx.de> Message-ID: <00d901c65896$a8e35fd0$0600a8c0@roger> Thanks! I really could do that, but I think this would make thinks too slow here... Normaly there are 4 or 5 childrens running, some times even more. But if there is no other solution to that case, I will give that a try. Regards Roger Jochem ----- Original Message ----- From: To: "MailScanner discussion" Sent: Tuesday, April 04, 2006 5:09 PM Subject: Re: Sendmail Upgrade, other problem > On 04.04.2006 21:41, Roger Jochem wrote: > >> Regarding to my problem (bellow) I found the following lines in my >> maillog >> srv MailScanner[9596]: Failed to link message body between queues >> (/var/spool/mqueue/dfi8R9KQqf010458 --> >> /var/spool/mqueue.in/dfi8R9KQqf010458) >> >>>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>>> >>>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>>> They appear twice in the users inbox, one with this body, and one ok >>>>>> message (with the original body). >>>>> > > google > > http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.html > > *Author: *Ryan > *Date: * 2004-10-25 06:21 +200 > *To: *plug > *Subject: *[plug] MailScanner children fighting > > Hi PLUG, > > I've just upgraded my MailScanner to v4.34.8. Before I knock on their > door about this problem I was wondering if anyone has seen it? > > With the default 5 children running, it appear that sometimes two > childen pick up the same message and then whichever finishes last > reports an error about it. Below is the output, you can see that two > MailScanner processes detect the email waiting, both scan it, then one > delivers it and the other one wonders where it went. The leads to 2 > messages being sent to the recipient, one with the full message, and the > other empty saying "<<< No Message Collected >>>" > > If I reduce the max children to one, things obviously are a touch slower > off the mark, but it stops the children fighting over the messages. > > > -- > shrek-m > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Wed Apr 5 11:00:32 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Apr 5 11:01:39 2006 Subject: New MailScanner machine Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C074F73@isabella.herefordshire.gov.uk> No time at all, alas, and it will doubtless be rewritten when I build my next MailScanner box in a week or two. Half my notes say to copy a whole host of my own pre-prepared config files here and there, so they need massaging. One day I'll get it sorted. At the moment I'm busy trialling server virtualisation. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: 05 April 2006 10:33 > To: 'MailScanner discussion' > Subject: RE: New MailScanner machine > > Phil > > Ooo shiney > > Have you got some time to add this to the wiki...?? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > > Sent: 05 April 2006 10:20 > > To: MailScanner discussion > > Subject: RE: New MailScanner machine > > > > Installing MailScanner on Centos 4.2 (my notes are old so some > > versioning is incorrect) > > > > 1: Install Centos 4.2 > > > > Download the CentOS server CD from one of > www.centos.org's mirrors > > and burn to a CD. > > > > Boot from that CD > > press enter at the first text prompt > > perform the media check > > welcome: click next > > language selection: select English (English) > > keyboard: United Kingdom > > mouse: choose it > > automatic partition: accept > > remove all partitions > > say yes when warned > > Partitioning: accept default scheme > > Boot Loader: accept default > > network config: Unselect "Configure using DHCP" and enter > > appropriate values > > Firewall: no firewall > > Additional Languages: English GB (set as default) > > Time Zone - select Europe/London > > root password: do not lose this and make it non-trivial > > Package Defaults: Customize > > Package Group selection: > > Conf Tools > > accept defaults > > Web Server > > add php-mysql > > add php-pgsql > > remove squid > > remove webalyzer > > Mail Server > > add sendmail-cf > > remove dovecot > > remove spamassassin (we'll install it ourselves > > later) > > Windows File Server > > do not select > > DNS > > accept defaults > > FTP > > do not select > > PostgreSQL > > accept defaults > > add postgresql > > add postgresql-server > > MySQL > > defaults > > add mysql-server > > add php-mysql > > Admin Tools > > defaults > > System Tools > > do not select > > Printing > > do not select > > > > install that lot, then reboot (ejecting CD during reboot) and > > log in as root > > > > reinsert Centos Server CD in CDROM drive > > rpm --import /media/cdrom/RPM-GPG-KEY-centos4 > > > > then "yum install" the following (I'm not sure ALL are necessary > > but most > > are for MailScanner/MailWatch/Mailscanner-mrtg) > > > > bzip2-devel > > db4-devel > > compat-libstdc++* > > curl-devel > > elinks > > emacs > > gcc-c++-3.4.4 > > gmp-devel > > lynx > > mrtg > > net-snmp-utils > > openldap-devel > > php-gd > > python-devel > > rpm-build > > sendmail-devel > > > > then do a "yum update" to get everything up to date. > > > > chkconfig --level 2345 cups off > > chkconfig --level 2345 httpd on > > chkconfig --level 2345 mysqld on > > chkconfig --level 2345 named on > > chkconfig --level 2345 snmpd on > > > > edit /etc/resolv.conf adding at front > > nameserver 127.0.0.1 > > > > reboot (again ejecting CD so we don't boot from it by mistake) > > > > login as root (well, as you and su where appropriate) > > > > Install Unrar > > > > Unrar is an archive unpacker available from freshrpms.net. > > It is used to unpack .rar archives so we can virus scan them. > > > > We'll use the package from Dag Wieers' RPM repository for RHEL 4 > > > > create the file /etc/yum.repos.d/dag.repo > > -------- > > [dag] > > name=Dag RPM Repository for Red Hat Enterprise Linux > > baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag > > gpgcheck=1 > > gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt > > enabled=1 > > includepkgs=unrar > > ------- > > > > yum install unrar > > > > > > Install clamav 0.88 and spamassassin 3.11 from Julian's tarball > > > > cd /usr/src > > wget > > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Cla > m-SA.tar.g > > z > > tar zxvf install-Clam-SA.tar.gz > > cd install-Clam-SA > > ./install.sh > > > > edit /usr/local/etc/freshclam.conf > > > > to set "uk" database location. > > > > freshclam > > > > this should retrieve the current virus patterns without > > giving any > > warnings. If you get warnings about digital signatures > > not being > > supported you've failed to install gmp-devel earlier. > > > > edit /etc/mail/spamassassin/v310.pre to make sure dcc and razor2 > > plugins are enabled > > > > Then install MailScanner > > > > cd /usr/src > > wget > > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailSca > nner-4.51. > > 5-1.rpm.tar.gz > > tar zxvf MailScanner-4.51.5-1.rpm.tar.gz > > cd MailScanner-4.50.10-1 > > ./install.sh > > > > follow the instructions given at end of install to the letter > > > > service sendmail stop > > chkconfig --level 2345 sendmail off > > chkconfig --level 2345 MailScanner on > > > > Performance tuning MailScanner > > > > add the following line to /etc/fstab > > none /var/spool/MailScanner/incoming tmpfs defaults 0 0 > > service MailScanner stop > > mount /var/spool/MailScanner/incoming > > > > etc... > > > > My notes are in a state of flux, so I'll stop there for the moment. > > > > Cheers, > > > > Phil > > > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > Of Ken Goods > > > Sent: 04 April 2006 23:52 > > > To: MailScanner Mailing List (E-mail) > > > Subject: OT: New MailScanner machine > > > > > > I'm putting together a new machine to replace the one > > > currently filtering > > > our mail and delivering to an exchange server. The load > > > increased back in > > > December due to an update of MailScanner, Spamassassin, > > > ClamAV, (and adding > > > bitdefender). Spamassassin is timing out regularly and the > > > machine is in > > > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > > > > > I have found another machine in the boneyard that has a > little more > > > horsepower (550 PIII with 384MB) and would like to build a > > > new box running > > > the same configuration, plus it gives me a chance to add some > > > "legs" to the > > > old OS (Redhat 9). My plan is Centos 4.0 for the OS and > sticking with > > > everything else as it suits my comfort level. > > > > > > My question is this... I want to load the least services > to support > > > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and > > > Mailscanner-Mrtg. > > > I noticed that there are three ISO's for Centos and > another for Centos > > > Server. Can I get away with just the Server ISO and use a > > > minimal install or > > > do I need to get all four and use a combination of them? > > > Sorry if this is > > > noob but I've looked around and can't find much information on the > > > difference between the server ISO and the others and thought > > > someone here > > > may have some experience. > > > > > > Any help would be appreciated much. > > > > > > TIA > > > Ken > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dean.plant at roke.co.uk Wed Apr 5 11:43:37 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Wed Apr 5 11:43:55 2006 Subject: New MailScanner machine Message-ID: <2181C5F19DD0254692452BFF3EAF1D6801527B66@rsys005a.comm.ad.roke.co.uk> If it helps anyone, this is the package list from my minimal MailScanner Kickstart. Inspired from http://www.owlriver.com/tips/tiny-centos/ with packages added for MailScanner/MailWatch/Mailscanner-mrtg. %packages sudo kernel grub openssh-server openssh openssh-clients yum # Added for MailScanner sendmail-cf sendmail-devel compat-libstdc++-33 mysql mrtg perl-DBD-MySQL mysql-server sysstat apr apr-util httpd httpd-suexec php php-mysql php-gd php-pear bind bind-chroot caching-nameserver lm_sensors net-snmp net-snmp-utils ntp @ development-tools # -anacron -apmd -autofs -bluez-libs -bluez-bluefw -bluez-hcidump -bluez-utils -comps -cups -cups-libs -desktop-file-utils -dhcpv6_client -diskdumputils -dmraid -eject -finger -lftp -logwatch -rpmdb-CentOS -fbset -freetype -fontconfig -htmlview -ipsec-tools -iptables -irda-utils -isdn4k-utils -lockdev -mailcap -mdadm -mgetty -minicom -mt-st -nano -nc -netdump -nfs-utils -quota -pcmcia-cs -pinfo -portmap -rdist -rmt -rp-pppoe -rsh -statserial -setserial -slocate -specspo -stunnel -sysreport -system-config-securitylevel-tui -system-config-network-tui -talk -tcpdump -vconfig -wvdial -wireless-tools -ypbind -yp-tools -redhat-lsb -xorg-x11-Mesa-libGL -xorg-x11-libs system-config-mouse -pyxf86config -rhpl -libwvstreams -ppp -utemper -wireless-tools -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 05 April 2006 10:20 To: MailScanner discussion Subject: RE: New MailScanner machine Installing MailScanner on Centos 4.2 (my notes are old so some versioning is incorrect) 1: Install Centos 4.2 Download the CentOS server CD from one of www.centos.org's mirrors and burn to a CD. Boot from that CD press enter at the first text prompt perform the media check welcome: click next language selection: select English (English) keyboard: United Kingdom mouse: choose it automatic partition: accept remove all partitions say yes when warned Partitioning: accept default scheme Boot Loader: accept default network config: Unselect "Configure using DHCP" and enter appropriate values Firewall: no firewall Additional Languages: English GB (set as default) Time Zone - select Europe/London root password: do not lose this and make it non-trivial Package Defaults: Customize Package Group selection: Conf Tools accept defaults Web Server add php-mysql add php-pgsql remove squid remove webalyzer Mail Server add sendmail-cf remove dovecot remove spamassassin (we'll install it ourselves later) Windows File Server do not select DNS accept defaults FTP do not select PostgreSQL accept defaults add postgresql add postgresql-server MySQL defaults add mysql-server add php-mysql Admin Tools defaults System Tools do not select Printing do not select install that lot, then reboot (ejecting CD during reboot) and log in as root reinsert Centos Server CD in CDROM drive rpm --import /media/cdrom/RPM-GPG-KEY-centos4 then "yum install" the following (I'm not sure ALL are necessary but most are for MailScanner/MailWatch/Mailscanner-mrtg) bzip2-devel db4-devel compat-libstdc++* curl-devel elinks emacs gcc-c++-3.4.4 gmp-devel lynx mrtg net-snmp-utils openldap-devel php-gd python-devel rpm-build sendmail-devel then do a "yum update" to get everything up to date. chkconfig --level 2345 cups off chkconfig --level 2345 httpd on chkconfig --level 2345 mysqld on chkconfig --level 2345 named on chkconfig --level 2345 snmpd on edit /etc/resolv.conf adding at front nameserver 127.0.0.1 reboot (again ejecting CD so we don't boot from it by mistake) login as root (well, as you and su where appropriate) Install Unrar Unrar is an archive unpacker available from freshrpms.net. It is used to unpack .rar archives so we can virus scan them. We'll use the package from Dag Wieers' RPM repository for RHEL 4 create the file /etc/yum.repos.d/dag.repo -------- [dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag gpgcheck=1 gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt enabled=1 includepkgs=unrar ------- yum install unrar Install clamav 0.88 and spamassassin 3.11 from Julian's tarball cd /usr/src wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.g z tar zxvf install-Clam-SA.tar.gz cd install-Clam-SA ./install.sh edit /usr/local/etc/freshclam.conf to set "uk" database location. freshclam this should retrieve the current virus patterns without giving any warnings. If you get warnings about digital signatures not being supported you've failed to install gmp-devel earlier. edit /etc/mail/spamassassin/v310.pre to make sure dcc and razor2 plugins are enabled Then install MailScanner cd /usr/src wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.51. 5-1.rpm.tar.gz tar zxvf MailScanner-4.51.5-1.rpm.tar.gz cd MailScanner-4.50.10-1 ./install.sh follow the instructions given at end of install to the letter service sendmail stop chkconfig --level 2345 sendmail off chkconfig --level 2345 MailScanner on Performance tuning MailScanner add the following line to /etc/fstab none /var/spool/MailScanner/incoming tmpfs defaults 0 0 service MailScanner stop mount /var/spool/MailScanner/incoming etc... My notes are in a state of flux, so I'll stop there for the moment. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ken Goods > Sent: 04 April 2006 23:52 > To: MailScanner Mailing List (E-mail) > Subject: OT: New MailScanner machine > > I'm putting together a new machine to replace the one > currently filtering > our mail and delivering to an exchange server. The load > increased back in > December due to an update of MailScanner, Spamassassin, > ClamAV, (and adding > bitdefender). Spamassassin is timing out regularly and the > machine is in > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > I have found another machine in the boneyard that has a little more > horsepower (550 PIII with 384MB) and would like to build a > new box running > the same configuration, plus it gives me a chance to add some > "legs" to the > old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with > everything else as it suits my comfort level. > > My question is this... I want to load the least services to support > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and > Mailscanner-Mrtg. > I noticed that there are three ISO's for Centos and another for Centos > Server. Can I get away with just the Server ISO and use a > minimal install or > do I need to get all four and use a combination of them? > Sorry if this is > noob but I've looked around and can't find much information on the > difference between the server ISO and the others and thought > someone here > may have some experience. > > Any help would be appreciated much. > > TIA > Ken > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Apr 5 11:47:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 5 11:48:04 2006 Subject: MailScanner --lint In-Reply-To: <002501c657fb$6baac7c0$3004010a@martinhlaptop> References: <002501c657fb$6baac7c0$3004010a@martinhlaptop> Message-ID: <4433A04B.2050101@ecs.soton.ac.uk> Martin Hepworth wrote: > Jules > > Hope the JANET bash is going well - program looks interesting. > Yes it is thanks. Very very good talk from the professor of security engineering at Cambridge University's computer lab. I would really like to go and work for him :-) Also a good talk from the head of security at SLAC (Stanford Linear Accelerator Centre) who gave a very good overview of computer security in different contexts, and how poor a lot of security systems are. > Anyway running 4.51.1 on FreeBSD 4.10 (the generic tar.gz installer NOT the > ports version) and "MailScanner -lint" reports > > Can't exec "/bin/false": No such file or directory at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2882. > > > Which is true....../bin/false should be /usr/bin/false in my case.... > On 99% of systems it's in /bin, so that's where I put it by default. Don't forget that you area allowed to edit these .conf files, and occasionally you will need to do so for your systems. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Apr 5 11:56:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 5 11:57:02 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: References: Message-ID: <4433A275.3050907@ecs.soton.ac.uk> Run MailScanner --lint and MailScanner --debug and see if they produce any error messages. Res wrote: > Is it correct that should syslog die that MS ceases to process mail???? > should it not continue on, on such a trivial error state? > > Current version MS, all MS process defunct, I know it was working two > nights ago... Anyway after scratching my head for 10 mins i threw it into > debug mode and the problem was instantly evident, cant connect to syslog. > > OK so it brought to my notice syslog died on our secondary MX :) but > none the less I think it's bad that it just queues the mail and dies > off this way. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Apr 5 12:00:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 5 12:00:28 2006 Subject: RES: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! In-Reply-To: References: Message-ID: <4433A33E.2020200@ecs.soton.ac.uk> Mauricio wrote: > > Helo, > > I have the same warning: ?You are trying to use the SpamAssassin cache > but your DBI and/or DBD::SQLite Perl modules are not properly > installed!? . It?s working well, but I had to disable the spamassassin > cache results feature. > Look for the word "Cache" in MailScanner.conf and you will easily find it. > > MS 4.35 was upgraded to 4.52 in RH 8.0, but I saw that install.sh > could not upgrade/install perl-DBI-1.50-2.noarch.rpm and > perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > > Problem with perl-DBI: > > **perl(Net::Daemon)**** > > **perl(RPC::PlClient)**** > > perl(Win32::ODBC) > As the output from the build of perl-DBI says, these are not critical (and it is right, you don't need to install them for perl-DBI to install). > > I?ve downloaded and installed perl-Net-Daemon and perl-PlRPC (with no > problem), but I could not find package for perl(Win32::ODBC). > You don't need it. > > Problem with perl-ExtUtils-MakeMaker: > > Many files conflicts with files from package perl-5.8.0-88.3 > That's because you already have a modern ExtUtils::MakeMaker installed, you can ignore this too. Hope that helps a bit. > > Anyone can help to solve this? > > Thanks in advance, > > Mauricio > > ------------------------------------------------------------------------ > > *De:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *Em nome de > *Herman Swensson > *Enviada em:* domingo, 12 de fevereiro de 2006 12:47 > *Para**:* mailscanner@lists.mailscanner.info > *Assunto:* MailScanner: WARNING: You are trying to use the > SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not > properlyinstalled! > > Hi, > > I have upgraded MailScanner to version 4.50.15 and I am getting the > next new > > Messages: > > MailScanner: WARNING: You are trying to use the SpamAssassin cache but > your DBI and/or DBD::SQLite Perl modules are not properly installed > > MailScanner setting GID to postfix (89) > > MailScanner setting UID to postfix (89) > > What does this mean > > cpan> install DBI > > CPAN: Storable loaded ok > > Going to read /root/.cpan/Metadata > > Database was generated on Mon, 16 Jan 2006 10:10:45 GMT > > DBI is up to date (1.50). > > cpan> install DBD::SQLite > > CPAN: Storable loaded ok > > Going to read /root/.cpan/Metadata > > Database was generated on Mon, 16 Jan 2006 10:10:45 GMT > > DBD::SQLite is up to date (1.11). > > Linux version is 2.6.9-19 > > Greetings > > Herman > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10-2-2006 > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Wed Apr 5 12:01:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 12:01:26 2006 Subject: MailScanner --lint In-Reply-To: <4433A04B.2050101@ecs.soton.ac.uk> Message-ID: <007c01c658a0$456052b0$3004010a@martinhlaptop> Jules Ah yes Ross Anderson is indeed a very good speaker (amongst other things!). As to the .conf file you mention I presume you mean the virus.scanners.conf in this case. I guess I could just sym link /bin/false to /usr/bin/false so I have to meddle with when I upgrade.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 05 April 2006 11:48 > To: MailScanner discussion > Subject: Re: MailScanner --lint > > > > Martin Hepworth wrote: > > Jules > > > > Hope the JANET bash is going well - program looks interesting. > > > Yes it is thanks. Very very good talk from the professor of security > engineering at Cambridge University's computer lab. I would really like > to go and work for him :-) > > Also a good talk from the head of security at SLAC (Stanford Linear > Accelerator Centre) who gave a very good overview of computer security > in different contexts, and how poor a lot of security systems are. > > Anyway running 4.51.1 on FreeBSD 4.10 (the generic tar.gz installer NOT > the > > ports version) and "MailScanner -lint" reports > > > > Can't exec "/bin/false": No such file or directory at > > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2882. > > > > > > Which is true....../bin/false should be /usr/bin/false in my case.... > > > On 99% of systems it's in /bin, so that's where I put it by default. > Don't forget that you area allowed to edit these .conf files, and > occasionally you will need to do so for your systems. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Wed Apr 5 12:03:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 5 12:03:39 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: References: Message-ID: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> On 05/04/06, Res wrote: > Is it correct that should syslog die that MS ceases to process mail???? > should it not continue on, on such a trivial error state? > > Current version MS, all MS process defunct, I know it was working two > nights ago... Anyway after scratching my head for 10 mins i threw it into > debug mode and the problem was instantly evident, cant connect to syslog. > > OK so it brought to my notice syslog died on our secondary MX :) but none > the less I think it's bad that it just queues the mail and dies off this > way. > > > -- > Cheers > Res That's one of the classics.... What to do when logging dies on you: Create another log entry to that effect? An system/program I used to work with c:a 15 years ago had this "nifty" feature of logging a trace continually, and going into "verbose mode" once a problem was detected... Imagine the idiocy by which one of the "programmers" made the logging be extra verbose on a full disk condition (for the hdd/partition the log file resided on, no less). That was obviously the wrong thing to do:-). So what do you expect MS to do? Just blithely move on? I'm not sure that's a good idea... As it is, you a) notice that mail has "stopped flowing", and b) can rather trivially discover why. What made syslog die? There are a fair amount of things depending on syslog being there, apart from MS:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Wed Apr 5 12:23:34 2006 From: res at ausics.net (Res) Date: Wed Apr 5 12:23:44 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> Message-ID: On Wed, 5 Apr 2006, Glenn Steen wrote: > That's one of the classics.... What to do when logging dies on you: > Create another log entry to that effect? That is silly, i dont give a toss about syslog running or not, at 100 megs a day I sure as hell have better things to do then look at logs lol, but coz syslog dies, why the hell should mail cease to be processed because of it. > So what do you expect MS to do? Just blithely move on? I'm not sure keep processing mail > that's a good idea... As it is, you a) notice that mail has "stopped > flowing", and b) can rather trivially discover why. This creates problems, maybe on a MS box that processes 2-300 emails a day thats fine, but when you do that much every minute thats just not acceptable. > What made syslog die? There are a fair amount of things depending on unknown at this time > syslog being there, apart from MS:-). dedicated mail server (sendmail, MS and clamav) , nothing else died :) -- Cheers Res From maillists at conactive.com Wed Apr 5 12:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 12:31:36 2006 Subject: MailScanner and SA auto-learning In-Reply-To: <004b01c65887$3cf20100$3004010a@martinhlaptop> References: <004b01c65887$3cf20100$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Wed, 5 Apr 2006 09:02:09 +0100: > Has your bayes DB got the required 200 ham AND spam messages? I'm not sure > the bayes functions work at all without the required 400 seed emails.. Bayes works, autolearning doesn't. See my last posting. All the high scoring spam has too few header hits. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From res at ausics.net Wed Apr 5 12:32:01 2006 From: res at ausics.net (Res) Date: Wed Apr 5 12:32:10 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: <4433A275.3050907@ecs.soton.ac.uk> References: <4433A275.3050907@ecs.soton.ac.uk> Message-ID: Julian, As it is running now (syslog) there are no real issues. > Run > MailScanner --lint Only 1 error: config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc SpamAssassin reported an error. > and > MailScanner --debug In Debugging mode, not forking... Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 322, line 442. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 323, line 442. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 322, line 442. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 323, line 442. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 225, line 442. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 227, line 442. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 228, line 442. Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at ./MailScanner line 780 format error: can't find EOCD signature at ./MailScanner line 780 format error: can't find EOCD signature at ./MailScanner line 780 Stopping now as you are debugging me. > -- Cheers Res From martinh at solid-state-logic.com Wed Apr 5 12:41:05 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 12:41:26 2006 Subject: MailScanner and SA auto-learning In-Reply-To: Message-ID: <008601c658a5$d2b6c7c0$3004010a@martinhlaptop> Kai Hmm is MailScanner running as a non-root user and can that user write to all bayes files/directory? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 05 April 2006 12:31 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner and SA auto-learning > > Martin Hepworth wrote on Wed, 5 Apr 2006 09:02:09 +0100: > > > Has your bayes DB got the required 200 ham AND spam messages? I'm not > sure > > the bayes functions work at all without the required 400 seed emails.. > > Bayes works, autolearning doesn't. See my last posting. All the high > scoring > spam has too few header hits. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Wed Apr 5 14:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 14:31:34 2006 Subject: MailScanner and SA auto-learning In-Reply-To: <008601c658a5$d2b6c7c0$3004010a@martinhlaptop> References: <008601c658a5$d2b6c7c0$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Wed, 5 Apr 2006 12:41:05 +0100: > Hmm is MailScanner running as a non-root user and can that user write to all > bayes files/directory? Martin, thanks for your help, but you are really following the wrong course ;-) I get too few header hits. So, SA is working by design. It's not many spam that gets thru to SA and most of those are caught my numerous SURBL, SARE hits and Bayes, but too few header hits. Lets see if I can find an example. Ok, that one just arrived, these are the hits. As you see there's only 0.53 for header hits. There's nothing I can do to change this unless I change the SA code. Learning it would actually be quite nice and I do it manually for this one now. As you see BAYES wasn't clear about it. 0.53 ADDRESS_IN_SUBJECT To: address appears in Subject 0.00 BAYES_50 Bayesian spam probability is 40 to 60% 1.16 HTML_IMAGE_ONLY_20 HTML: images with 1600-2000 bytes of words 0.46 HTML_IMAGE_RATIO_02 HTML has a low ratio of text to image area 0.00 HTML_MESSAGE HTML included in message 0.88 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image 0.12 HTML_TEXT_AFTER_BODY HTML contains text after BODY close tag 0.38 MAILTO_TO_REMOVE Includes a 'remove' email address 0.00 MIME_HTML_ONLY Message only has text/html MIME parts -0.00 SPF_HELO_PASS SPF: HELO matches SPF record -0.00 SPF_PASS SPF: sender matches SPF record 3.00 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 3.21 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 1.50 URIBL_SBL Contains an URL listed in the SBL blocklist 4.00 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist 2.00 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From heath at agdog.com Wed Apr 5 15:03:55 2006 From: heath at agdog.com (Heath Carson) Date: Wed Apr 5 15:04:10 2006 Subject: Inline attachment not inline In-Reply-To: <200604011100.k31B0MoZ010828@bkserver.blacknight.ie> References: <200604011100.k31B0MoZ010828@bkserver.blacknight.ie> Message-ID: On Fri, 31 Mar 2006, Heath writes: >I set "Warning Is Attachment = no", but MailScanner will only put the >warning inline if the original message body is empty. If there is any text >in the original message body, the warning is always made an attachment >rather than being inserted inline at the top of the message body. > >Is this normal behavior? I can't find anything saying it is or isn't. Does anyone know if this is normal behavior or a bug? Thanks. -Heath From glenn.steen at gmail.com Wed Apr 5 15:07:51 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 5 15:07:55 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> Message-ID: <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> On 05/04/06, Res wrote: > On Wed, 5 Apr 2006, Glenn Steen wrote: > > > That's one of the classics.... What to do when logging dies on you: > > Create another log entry to that effect? > > That is silly, i dont give a toss about syslog running or not, at 100 Exactly. > megs a day I sure as hell have better things to do then look at logs lol, > but coz syslog dies, why the hell should mail cease to be processed because > of it. Why not? It got your attention;-):-). > > So what do you expect MS to do? Just blithely move on? I'm not sure > > keep processing mail > > > that's a good idea... As it is, you a) notice that mail has "stopped > > flowing", and b) can rather trivially discover why. > > This creates problems, maybe on a MS box that processes 2-300 emails a > day thats fine, but when you do that much every minute thats just not > acceptable. Syslog is pretty stable usually, so something making it die would (in my experience) be an indication that you have a "serious" problem. I'm sure it's acceptable to you to not keep very good track of individual messages, nor of errors etc... But to some (like me) it really matters... No matter if the throughput is 200 messages per day, hour or minute. But that's just me, I guess:-) > > What made syslog die? There are a fair amount of things depending on > > unknown at this time > > > syslog being there, apart from MS:-). > > dedicated mail server (sendmail, MS and clamav) , nothing else died :) > > > -- > Cheers > Res > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rpoe at plattesheriff.org Wed Apr 5 15:28:03 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Apr 5 15:28:31 2006 Subject: OT: New MailScanner machine In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> Message-ID: <44338DA3.65ED.00A2.0@plattesheriff.org> When I install CentOS I generally end up using discs 1 and 2, and usually #3 too. Never got into disc 4. But I don't install the X, OOo, graphics packages, etc... >>> KGoods@AIAInsurance.com 4/4/2006 5:52:24 PM >>> I'm putting together a new machine to replace the one currently filtering our mail and delivering to an exchange server. The load increased back in December due to an update of MailScanner, Spamassassin, ClamAV, (and adding bitdefender). Spamassassin is timing out regularly and the machine is in heavy swap. (P233 with 196MB, processing ~8k emails per day). I have found another machine in the boneyard that has a little more horsepower (550 PIII with 384MB) and would like to build a new box running the same configuration, plus it gives me a chance to add some "legs" to the old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with everything else as it suits my comfort level. My question is this... I want to load the least services to support MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and Mailscanner-Mrtg. I noticed that there are three ISO's for Centos and another for Centos Server. Can I get away with just the Server ISO and use a minimal install or do I need to get all four and use a combination of them? Sorry if this is noob but I've looked around and can't find much information on the difference between the server ISO and the others and thought someone here may have some experience. Any help would be appreciated much. TIA Ken -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From matt at coders.co.uk Wed Apr 5 16:18:25 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed Apr 5 16:18:36 2006 Subject: OT: New MailScanner machine In-Reply-To: <44338DA3.65ED.00A2.0@plattesheriff.org> References: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> <44338DA3.65ED.00A2.0@plattesheriff.org> Message-ID: <4433DFC1.8030107@coders.co.uk> > I noticed that there are three ISO's for Centos and another for Centos > Server. Can I get away with just the Server ISO and use a minimal > install or > do I need to get all four and use a combination of them? Sorry if this > is > noob but I've looked around and can't find much information on the > difference between the server ISO and the others and thought someone > here > may have some experience. I tend to use the Server CD and then install anything else via yum. matt From KGoods at AIAInsurance.com Wed Apr 5 16:20:16 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Apr 5 16:24:54 2006 Subject: OT: New MailScanner machine Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8810@aiainsurance.com> Alex Neuman van der Hans wrote: > Michele Neylon:: Blacknight.ie wrote: >> Ken >> >> Someone else will probably correct me... >> >>> From what I recall you can do a minimal server install with just the >> daemons that you need to run the software >> You may need to have all the discs, but you wouldn't need to load >> all their contents... >> >> >> >> > Actually all you will really need is the server CD if you're not > interested in things like X, GNOME, KDE, etc. - and you can always > "yum install" whatever else you need after you've finished. I've only > had problems with bashphobic admins who insist everything must have a > spiffy graphical interface; I usually calm them down by introducing > them to Webmin. Thanks to all who responded, and a special thanks to Alex, that's the answer I was looking for. I never use graphical interfaces on *nix boxes... webmin is only for my PHB (who doesn't use it anyway but feels warm and fuzzy that it's there) :) Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From Rob at thehostmasters.com Wed Apr 5 16:29:39 2006 From: Rob at thehostmasters.com (Rob Morin) Date: Wed Apr 5 16:29:42 2006 Subject: Email rejected, what reason to give client?? Message-ID: <4433E263.6060906@thehostmasters.com> Hello all.... I have a few clients that receive email from Asia quite a bit, and they are legitimate emails with no spam, just business talk in them... but they get tagged as spam.... now i know it gives the reason in the logs, but how do i actually tell what the reason was to the user? Here is a sample mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to thedomainname.com is spam, SpamAssassin (score=7.208, required 4, BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) So ok, there the info, so do i look up each rule to see what it means? Is ther ean table or an easy way to let a client know why?? Also i have a friend of mine that has his own mail server and he says he does a white list by adding to the white list any email address that the server sends email to... IE any of his clients that send email via that server to a person, that email is put itn the white list automatically... is this safe? is it possible? Thanks and have a great day! -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From maillists at conactive.com Wed Apr 5 16:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 16:31:37 2006 Subject: Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Tue, 04 Apr 2006 19:34:54 -0700: > from=scrappy.surveysampling.com> this is not a valid email address Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From martinh at solid-state-logic.com Wed Apr 5 16:41:12 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 16:41:27 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E263.6060906@thehostmasters.com> Message-ID: <011e01c658c7$5fada6f0$3004010a@martinhlaptop> Rob I'd put the all SA rules the fired in the email headers themselves for spam, as well as being in the log files.. Here's what I use in my MailScanner.conf... Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Spam Score = yes Spam Score Number Format = %5.2f SpamScore Number Instead Of Stars = yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 05 April 2006 16:30 > To: mailscanner@lists.mailscanner.info > Subject: Email rejected, what reason to give client?? > > Hello all.... > > I have a few clients that receive email from Asia quite a bit, and they > are legitimate emails with no spam, just business talk in them... but > they get tagged as spam.... now i know it gives the reason in the logs, > but how do i actually tell what the reason was to the user? > Here is a sample > > mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > > So ok, there the info, so do i look up each rule to see what it means? > Is ther ean table or an easy way to let a client know why?? > > Also i have a friend of mine that has his own mail server and he says he > does a white list by adding to the white list any email address that the > server sends email to... IE any of his clients that send email via that > server to a person, that email is put itn the white list > automatically... is this safe? is it possible? > > > > Thanks and have a great day! > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dickenson at cfmc.com Wed Apr 5 16:44:50 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 5 16:44:59 2006 Subject: *CfMC-Spam= 5.53* Re: Question about from address In-Reply-To: Message-ID: As I mentioned in the original email I changed the @ to < @ > so the email address could not be harvested. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Kai Schaetzl > Reply-To: MailScanner discussion > Date: Wed, 05 Apr 2006 17:31:23 +0200 > To: > Subject: *CfMC-Spam= 5.53* Re: Question about from address > > Jim Dickenson wrote on Tue, 04 Apr 2006 19:34:54 -0700: > >> from=scrappy.surveysampling.com> > > this is not a valid email address > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Apr 5 16:47:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Apr 5 16:47:34 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E263.6060906@thehostmasters.com> Message-ID: <0ae601c658c8$3f49ea30$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: Wednesday, April 05, 2006 11:30 AM > To: mailscanner@lists.mailscanner.info > Subject: Email rejected, what reason to give client?? > > Hello all.... > > I have a few clients that receive email from Asia quite a bit, and they > are legitimate emails with no spam, just business talk in them... but > they get tagged as spam.... now i know it gives the reason in the logs, > but how do i actually tell what the reason was to the user? > Here is a sample > > mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > > So ok, there the info, so do i look up each rule to see what it means? > Is ther ean table or an easy way to let a client know why?? > > Also i have a friend of mine that has his own mail server and he says he > does a white list by adding to the white list any email address that the > server sends email to... IE any of his clients that send email via that > server to a person, that email is put itn the white list > automatically... is this safe? is it possible? > > > > Thanks and have a great day! > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > The translation from the short names listed in the logs, i.e. DNS_FROM_RFC_ABUSE, and the scores assigned to the rule hit can be found at: http://spamassassin.apache.org/tests_3_1_x.html There are another pages listed in the Wiki if you're using an older version of SA. Searching the page for DNS_FROM_RFC_ABUSE finds: Envelope sender in abuse.rfc-ignorant.org Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From KGoods at AIAInsurance.com Wed Apr 5 16:48:52 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Apr 5 16:53:34 2006 Subject: New MailScanner machine Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8811@aiainsurance.com> Randal, Phil wrote: > Installing MailScanner on Centos 4.2 (my notes are old so some > versioning is incorrect) > > 1: Install Centos 4.2 > > Download the CentOS server CD from one of www.centos.org's mirrors > and burn to a CD. > > Boot from that CD > press enter at the first text prompt > perform the media check Wow! Thanks Phil! I have similar notes for RH 9.0 but they don't really do me much good for Centos. Much appreciated! Kind regards, ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From Rob at thehostmasters.com Wed Apr 5 16:59:32 2006 From: Rob at thehostmasters.com (Rob Morin) Date: Wed Apr 5 16:59:40 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <011e01c658c7$5fada6f0$3004010a@martinhlaptop> References: <011e01c658c7$5fada6f0$3004010a@martinhlaptop> Message-ID: <4433E964.7000001@thehostmasters.com> But if the email gets deleted how do i look in the headers? :) Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Martin Hepworth wrote: > Rob > > I'd put the all SA rules the fired in the email headers themselves for spam, > as well as being in the log files.. > > Here's what I use in my MailScanner.conf... > > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Spam Score = yes > Spam Score Number Format = %5.2f > SpamScore Number Instead Of Stars = yes > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >> Sent: 05 April 2006 16:30 >> To: mailscanner@lists.mailscanner.info >> Subject: Email rejected, what reason to give client?? >> >> Hello all.... >> >> I have a few clients that receive email from Asia quite a bit, and they >> are legitimate emails with no spam, just business talk in them... but >> they get tagged as spam.... now i know it gives the reason in the logs, >> but how do i actually tell what the reason was to the user? >> Here is a sample >> >> mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message >> 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to >> thedomainname.com is spam, SpamAssassin (score=7.208, required 4, >> BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, >> FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, >> NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) >> >> So ok, there the info, so do i look up each rule to see what it means? >> Is ther ean table or an easy way to let a client know why?? >> >> Also i have a friend of mine that has his own mail server and he says he >> does a white list by adding to the white list any email address that the >> server sends email to... IE any of his clients that send email via that >> server to a person, that email is put itn the white list >> automatically... is this safe? is it possible? >> >> >> >> Thanks and have a great day! >> >> -- >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From KGoods at AIAInsurance.com Wed Apr 5 16:55:11 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Apr 5 16:59:51 2006 Subject: New MailScanner machine Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8812@aiainsurance.com> Plant, Dean wrote: > If it helps anyone, this is the package list from my minimal > MailScanner Kickstart. Inspired from > http://www.owlriver.com/tips/tiny-centos/ with packages added for > MailScanner/MailWatch/Mailscanner-mrtg. > > %packages > sudo > kernel > grub > openssh-server > openssh > openssh-clients > yum > # Added for MailScanner This is also a great help Dean. Great way to double check my packages. Thanks so much.... Ken From martinh at solid-state-logic.com Wed Apr 5 17:05:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 17:05:28 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E964.7000001@thehostmasters.com> Message-ID: <013301c658ca$bd45e3b0$3004010a@martinhlaptop> Archive all the emails using something lovely like MailWatch.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 05 April 2006 17:00 > To: MailScanner discussion > Subject: Re: Email rejected, what reason to give client?? > > But if the email gets deleted how do i look in the headers? > > :) > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Martin Hepworth wrote: > > Rob > > > > I'd put the all SA rules the fired in the email headers themselves for > spam, > > as well as being in the log files.. > > > > Here's what I use in my MailScanner.conf... > > > > Detailed Spam Report = yes > > Include Scores In SpamAssassin Report = yes > > Spam Score = yes > > Spam Score Number Format = %5.2f > > SpamScore Number Instead Of Stars = yes > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin > >> Sent: 05 April 2006 16:30 > >> To: mailscanner@lists.mailscanner.info > >> Subject: Email rejected, what reason to give client?? > >> > >> Hello all.... > >> > >> I have a few clients that receive email from Asia quite a bit, and they > >> are legitimate emails with no spam, just business talk in them... but > >> they get tagged as spam.... now i know it gives the reason in the logs, > >> but how do i actually tell what the reason was to the user? > >> Here is a sample > >> > >> mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > >> 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > >> thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > >> BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > >> FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > >> NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > >> > >> So ok, there the info, so do i look up each rule to see what it means? > >> Is ther ean table or an easy way to let a client know why?? > >> > >> Also i have a friend of mine that has his own mail server and he says > he > >> does a white list by adding to the white list any email address that > the > >> server sends email to... IE any of his clients that send email via > that > >> server to a person, that email is put itn the white list > >> automatically... is this safe? is it possible? > >> > >> > >> > >> Thanks and have a great day! > >> > >> -- > >> > >> Rob Morin > >> Dido InterNet Inc. > >> Montreal, Canada > >> Http://www.dido.ca > >> 514-990-4444 > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Wed Apr 5 17:31:26 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 17:31:41 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E263.6060906@thehostmasters.com> References: <4433E263.6060906@thehostmasters.com> Message-ID: Rob Morin wrote on Wed, 05 Apr 2006 11:29:39 -0400: > mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > > So ok, there the info, so do i look up each rule to see what it means? > Is ther ean table or an easy way to let a client know why?? First, your score is too low. It's mute to complain about non-spam getting caught by deliberately lowered score. Set it back to 5. Yes, I see that it scored above 5. Nevertheless, sorry, and please don't take it as an offense; lowering score from default is very stupid, especially if mail from clients goes over it. If you have a problem with too much spam getting thru then get better rulesets from SARE. On the problem about description etc. Use Mailwatch, that shows descriptions for all rules and much more and your clients have plenty to play around and will be happy. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Wed Apr 5 17:36:37 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Apr 5 17:36:45 2006 Subject: SPF Rules? In-Reply-To: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> References: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <4433F215.5050901@evi-inc.com> Johnny Stork wrote: > Also, would adding a "trusted_networks" setting, address this message from the SA lint test? > > [18569] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks > 0.00078 Yes. From Rob at thehostmasters.com Wed Apr 5 18:00:39 2006 From: Rob at thehostmasters.com (Rob Morin) Date: Wed Apr 5 18:00:46 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: References: <4433E263.6060906@thehostmasters.com> Message-ID: <4433F7B7.6060900@thehostmasters.com> OK, cool thanks for the info i appreciate it, and do not take offense.... i just do not have the time i would like to have to get to know MS and SA... so i do things to help me out that might not be kosher, so to speak.... I will up it to 5 right away and get Mailwatch and see what i come up with.... Thanks... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Kai Schaetzl wrote: > Rob Morin wrote on Wed, 05 Apr 2006 11:29:39 -0400: > > >> mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message >> 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to >> thedomainname.com is spam, SpamAssassin (score=7.208, required 4, >> BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, >> FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, >> NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) >> >> So ok, there the info, so do i look up each rule to see what it means? >> Is ther ean table or an easy way to let a client know why?? >> > > First, your score is too low. It's mute to complain about non-spam getting > caught by deliberately lowered score. Set it back to 5. Yes, I see that it > scored above 5. Nevertheless, sorry, and please don't take it as an > offense; lowering score from default is very stupid, especially if mail > from clients goes over it. If you have a problem with too much spam > getting thru then get better rulesets from SARE. On the problem about > description etc. Use Mailwatch, that shows descriptions for all rules and > much more and your clients have plenty to play around and will be happy. > > Kai > > From bob.jones at usg.edu Wed Apr 5 18:48:39 2006 From: bob.jones at usg.edu (Bob Jones) Date: Wed Apr 5 18:48:55 2006 Subject: Location of perl in #! of Mailscanner scripts Message-ID: <443402F7.6020907@usg.edu> Hey all, So, a little issue here with the install.sh script of the distribution for Solaris/BSD/Other Linux/Other Unix. We have installed a new distribution of perl in a nonstandard location (let's say /opt/perl for this discussion). So, when I go to install Mailscanner with the install.sh script I give it the flag --perl=/opt/perl and everything installs fine. Next I go to run Mailscanner and it goes kablooey. I get to looking around and I see why. Even though I specified an alternate location of perl in the install script, all the Mailscanner perl scripts (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. Shouldn't the install script change these headings to the specified perl or am I missing something? I can't just put a link in /usr/bin as the legacy perl is needed for other things. Thanks! -- Bob Jones bob.jones@usg.edu OIIT, The Board of Regents The University System of Georgia From alex at nkpanama.com Wed Apr 5 19:41:57 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 5 19:42:30 2006 Subject: OT: New MailScanner machine In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D8810@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D8810@aiainsurance.com> Message-ID: <44340F75.8010204@nkpanama.com> Ken Goods wrote: > Thanks to all who responded, and a special thanks to Alex, that's the answer > I was looking for. I never use graphical interfaces on *nix boxes... webmin > is only for my PHB (who doesn't use it anyway but feels warm and fuzzy that > it's there) :) > > You're welcome. It makes *me* warm and fuzzy when people take the time to say thanks. I'm a regular on a few radio/tv shows here in my country (sorta like the San Diego Zoo guy on the tonight show), and I write for a few local magazines from time to time, solving people's tech problems. Even though I usually don't make a dime out of it the phonecalls/emails/shows of gratitude are what makes all the effort worthwhile. From alex at nkpanama.com Wed Apr 5 19:51:51 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 5 19:53:52 2006 Subject: SEMI-OT: Book Translation Message-ID: <443411C7.5020009@nkpanama.com> I'd like to translate "the book" into Spanish, or write "el libro" from scratch. I don't want to step on anybody's toes (or patents, or copyrights), so I thought I'd ask here about what I could use (or not) from "the book" to write "el libro". Any recommendations on what to use to create/edit it (short of a tetex-latex-vi-emacs-edlin-wordstar flame war) would also be appreciated. Any info on reporting typos (for example, "Thankyou" on p.375 should read "Thank you") would also be appreciated. Thanks in advance, Alex From maillists at conactive.com Wed Apr 5 20:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 20:31:38 2006 Subject: *CfMC-Spam= 5.53* Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Wed, 05 Apr 2006 08:44:50 -0700: > As I mentioned in the original email I changed the @ to < @ > so the email > address could not be harvested. I read this, but it wasn't clear at all what you meant. Adresses are mute, if you want to present an example, just change the original to something which resembles the original. Where did you whitelist this address and how? Did you reload MailScanner? I also notice that all quotes of that mail address (3) you make show a slightly different domain name. Frankly, your mail is confusing as to what is what etc. Yes, the envelope-from is the one that MailScanner's whitelist acts on, that is the one shown in the sendmail log. Are you sure that those extra headers were added by *your* MailScanner? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Apr 5 20:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 20:31:39 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433F7B7.6060900@thehostmasters.com> References: <4433E263.6060906@thehostmasters.com> <4433F7B7.6060900@thehostmasters.com> Message-ID: Rob Morin wrote on Wed, 05 Apr 2006 13:00:39 -0400: > so i do things to help me out that might not be > kosher, so to speak.... > > I will up it to 5 right away Go to www.rulesemporium.org, it's a very good resource. Grab a few rulesets, not *all* of them! If you are satisfied, get rulesdujour and they will autoupdate from then on. You have to invest an hour of work into this or maybe two, but then you get forget for a year. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From alex at nkpanama.com Wed Apr 5 20:40:55 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 5 20:41:35 2006 Subject: *CfMC-Spam= 5.53* Question about from address In-Reply-To: References: Message-ID: <44341D47.20006@nkpanama.com> Kai Schaetzl wrote: > ...Adresses are mute, if > Kai > > It's "moot". Moot means pointless or meaningless, mute means silent. Sorry to be a vocabulary nazi, but it's been like the third time this week ;) IIRC in an episode of "Friends" I remember Joey Tribbiani got it wrong and said something about a "moo point". When Chandler tried to correct him (moot point), he said it means "like a cow's opinion, it doesn't matter" - from the "moo" part :D Regards, Alex From benjsh at ofir.dk Wed Apr 5 21:47:32 2006 From: benjsh at ofir.dk (=?iso-8859-1?B?QmVuIGpzaA==?=) Date: Wed Apr 5 21:47:35 2006 Subject: Mail Scanner Crashing when receiving special spam mails Message-ID: <1144270052_1085495@mailout.ofir.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060405/a0223939/attachment.html From mauriciopcavalcanti at hotmail.com Wed Apr 5 22:48:12 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Wed Apr 5 22:48:30 2006 Subject: RES: RES: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! In-Reply-To: <4433A33E.2020200@ecs.soton.ac.uk> Message-ID: So, I don?t have install problems... I can uninstall perl-Net-Daemon and perl-PlRPC packages and stay using perl-DBI-1.30-1. What about my maillog boring me with ?You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed!? if I enable spamassassin cache results feature? What can I do to use this new feature? Thanks in advance, Mauricio -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Julian Field Enviada em: quarta-feira, 5 de abril de 2006 08:00 Para: MailScanner discussion Assunto: Re: RES: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! Mauricio wrote: > > Helo, > > I have the same warning: ?You are trying to use the SpamAssassin cache > but your DBI and/or DBD::SQLite Perl modules are not properly > installed!? . It?s working well, but I had to disable the spamassassin > cache results feature. > Look for the word "Cache" in MailScanner.conf and you will easily find it. > > MS 4.35 was upgraded to 4.52 in RH 8.0, but I saw that install.sh > could not upgrade/install perl-DBI-1.50-2.noarch.rpm and > perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > > Problem with perl-DBI: > > **perl(Net::Daemon)**** > > **perl(RPC::PlClient)**** > > perl(Win32::ODBC) > As the output from the build of perl-DBI says, these are not critical (and it is right, you don't need to install them for perl-DBI to install). > > I?ve downloaded and installed perl-Net-Daemon and perl-PlRPC (with no > problem), but I could not find package for perl(Win32::ODBC). > You don't need it. > > Problem with perl-ExtUtils-MakeMaker: > > Many files conflicts with files from package perl-5.8.0-88.3 > That's because you already have a modern ExtUtils::MakeMaker installed, you can ignore this too. Hope that helps a bit. > > Anyone can help to solve this? > > Thanks in advance, > > Mauricio > > ------------------------------------------------------------------------ > > *De:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *Em nome de > *Herman Swensson > *Enviada em:* domingo, 12 de fevereiro de 2006 12:47 > *Para**:* mailscanner@lists.mailscanner.info > *Assunto:* MailScanner: WARNING: You are trying to use the > SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not > properlyinstalled! > > Hi, > > I have upgraded MailScanner to version 4.50.15 and I am getting the > next new > > Messages: > > MailScanner: WARNING: You are trying to use the SpamAssassin cache but > your DBI and/or DBD::SQLite Perl modules are not properly installed > > MailScanner setting GID to postfix (89) > > MailScanner setting UID to postfix (89) > > What does this mean > > cpan> install DBI > > CPAN: Storable loaded ok > > Going to read /root/.cpan/Metadata > > Database was generated on Mon, 16 Jan 2006 10:10:45 GMT > > DBI is up to date (1.50). > > cpan> install DBD::SQLite > > CPAN: Storable loaded ok > > Going to read /root/.cpan/Metadata > > Database was generated on Mon, 16 Jan 2006 10:10:45 GMT > > DBD::SQLite is up to date (1.11). > > Linux version is 2.6.9-19 > > Greetings > > Herman > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10-2-2006 > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dickenson at cfmc.com Wed Apr 5 23:37:31 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 5 23:37:45 2006 Subject: *CfMC-Spam= 5.73* Re: *CfMC-Spam= 5.53* Question about from address In-Reply-To: Message-ID: Sorry that my first email was not clear. The address shown in the sendmail log: sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> Does not match the address shown on the MailScanner-From header: MailScanner-From: frame< @ >scrappy.surveyspot.com This is what looks wrong to me. I thought both of these should be the envelope email address. I did not want to change the email addresses too much because that does not accurately show the problem I am try to show. I use a MS rule to do the white-listing. That is not the real problem. The problem is that the MailScanner-From header does not have the envelope email address. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Kai Schaetzl > Reply-To: MailScanner discussion > Date: Wed, 05 Apr 2006 21:31:23 +0200 > To: > Subject: *CfMC-Spam= 5.73* Re: *CfMC-Spam= 5.53* Question about from address > > Jim Dickenson wrote on Wed, 05 Apr 2006 08:44:50 -0700: > >> As I mentioned in the original email I changed the @ to < @ > so the email >> address could not be harvested. > > I read this, but it wasn't clear at all what you meant. Adresses are mute, if > you want to present an example, just change the original to something which > resembles the original. > > Where did you whitelist this address and how? Did you reload MailScanner? > I also notice that all quotes of that mail address (3) you make show a > slightly different domain name. Frankly, your mail is confusing as to what is > what etc. Yes, the envelope-from is the one that MailScanner's whitelist acts > on, that is the one shown in the sendmail log. Are you sure that those extra > headers were added by *your* MailScanner? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From devonharding at gmail.com Thu Apr 6 00:18:22 2006 From: devonharding at gmail.com (Devon Harding) Date: Thu Apr 6 00:18:25 2006 Subject: SURBL Working? Message-ID: <2baac6140604051618i5d5b4114y29ab2f9d8d18a978@mail.gmail.com> How can I tell if I have SURBL working or not? I'm using SA 3.11. Any tests? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060405/cdabcb52/attachment.html From mkettler at evi-inc.com Thu Apr 6 00:27:04 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Apr 6 00:27:23 2006 Subject: SURBL Working? In-Reply-To: <2baac6140604051618i5d5b4114y29ab2f9d8d18a978@mail.gmail.com> References: <2baac6140604051618i5d5b4114y29ab2f9d8d18a978@mail.gmail.com> Message-ID: <44345248.8080807@evi-inc.com> Devon Harding wrote: > How can I tell if I have SURBL working or not? I'm using SA 3.11. Any > tests? http://www.surbl.org/faq.html#test-uris From maillists at conactive.com Thu Apr 6 02:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 02:31:36 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: References: <4433E263.6060906@thehostmasters.com> <4433F7B7.6060900@thehostmasters.com> Message-ID: Kai Schaetzl wrote on Wed, 05 Apr 2006 21:31:23 +0200: > www.rulesemporium.org com at the end, sorry. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 6 02:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 02:31:37 2006 Subject: *CfMC-Spam= 5.53* Question about from address In-Reply-To: <44341D47.20006@nkpanama.com> References: <44341D47.20006@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote on Wed, 05 Apr 2006 14:40:55 -0500: > It's "moot". Moot means pointless or meaningless, mute means silent. Ah, yeah, thanks! I was pronouncing it in mind like "moot", but didn't write it that way. When I write English I think in English. However, sometimes when I reread what I just wrote I find that a German word got smuggled in (either the German equivalent or a word which sounds similar) without me even realizing I typed it. In this case I just replaced one English word against another one. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 6 02:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 02:31:39 2006 Subject: *CfMC-Spam= 5.73* *CfMC-Spam= 5.53* Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Wed, 05 Apr 2006 15:37:31 -0700: > This is what looks wrong to me. I thought both of these should be the > envelope email address. Sorry, I haven't enabled logging that much, so I don't know what MailScanner will show there. Do you let MailScanner add an Envelope-From? If so, what do you get there? > I use a MS rule to do the white-listing. That is not the real problem. The > problem is that the MailScanner-From header does not have the envelope email > address. And that is the From from the header of the message or where does it come from? As I said I don't know if it should match the Envelope-From since it's only informational. Do your other whitelists work? I mean you could just have an error in your whitelist entry? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Thu Apr 6 08:09:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 6 08:09:24 2006 Subject: SEMI-OT: Book Translation In-Reply-To: <443411C7.5020009@nkpanama.com> References: <443411C7.5020009@nkpanama.com> Message-ID: <4434BE94.9060704@ecs.soton.ac.uk> Alex Neuman van der Hans wrote: > I'd like to translate "the book" into Spanish, or write "el libro" > from scratch. That would be great! > > I don't want to step on anybody's toes (or patents, or copyrights), so > I thought I'd ask here about what I could use (or not) from "the book" > to write "el libro". > > Any recommendations on what to use to create/edit it (short of a > tetex-latex-vi-emacs-edlin-wordstar flame war) would also be appreciated. I just used Word, though I hate to say it. It's currently a 250Mbyte Word document, and Word handles it absolutely fine. > > Any info on reporting typos (for example, "Thankyou" on p.375 should > read "Thank you") would also be appreciated. > > Thanks in advance, > > Alex Let me know how you get on, and if there's anything I can to do help you. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shuttlebox at gmail.com Thu Apr 6 08:32:06 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Apr 6 08:32:09 2006 Subject: Location of perl in #! of Mailscanner scripts In-Reply-To: <443402F7.6020907@usg.edu> References: <443402F7.6020907@usg.edu> Message-ID: <625385e30604060032j40edfeaepe762542156215e3f@mail.gmail.com> On 4/5/06, Bob Jones wrote: > Next I go to run Mailscanner and it goes kablooey. I get to > looking around and I see why. Even though I specified an alternate > location of perl in the install script, all the Mailscanner perl scripts > (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. > Shouldn't the install script change these headings to the specified perl > or am I missing something? I can't just put a link in /usr/bin as the > legacy perl is needed for other things. I use a symbolic link on my Solaris systems, the legacy stuff uses hard coded paths so it doesn't depend on /usr/bin/perl. -- /peter From res at ausics.net Thu Apr 6 08:48:17 2006 From: res at ausics.net (Res) Date: Thu Apr 6 08:48:29 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> Message-ID: On Wed, 5 Apr 2006, Glenn Steen wrote: >> >> That is silly, i dont give a toss about syslog running or not, at 100 > > Exactly. > >> megs a day I sure as hell have better things to do then look at logs lol, >> but coz syslog dies, why the hell should mail cease to be processed because >> of it. > > Why not? It got your attention;-):-). No, it got my customers attention :P yahoo have facination of sending to sec MX only around here and a lot of whingers|crybabies were not getting their yahoo groups spam, thats how we originally found it, somethign amiss with 300 sendmail copies running and a number of mailscanner :) > Syslog is pretty stable usually, so something making it die would (in > my experience) be an indication that you have a "serious" problem. yeah, it did it a few times since this post as well, the problem appeared that our scsi drive mounted for swap was flakey, swap was non existent, then it was there, I thought id had a few too many bourbons, no out ofordinary messages anywhere, replaced it and it hasnt died yet (almost 18 hours) I think thats whats caused it, there seems to be no other issues > I'm sure it's acceptable to you to not keep very good track of > individual messages, nor of errors etc... But to some (like me) it bloody oath, not at the rate it turns over, and thats not counting the fact sendmail rejects 80% more mail for RBL/no dns records etc :) It also pleased me to see it clear out all the 2 days of mail it kept in a small time frame with no real killing of the machine load wise, in fact procesing new mail and doing the stored stuff as well and the load was still less than our primary servers which can not run mailscanner because they are all qmail (and qmailscan), and before you ask, no we cant change, as a wholesaler to over a hundred VISPs and thousands and thousands of hosting domains, qmail/vpopmail combo is far superior to anything for this tyupe of operation (and thats from a staunch sendmail supporter :P ) Kinda why al lthe stand alones run sendmail :) > -- Cheers Res From adrik at salesmanager.nl Thu Apr 6 09:02:32 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 09:02:35 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: I am running the MailScanner port on FreeBSD 5.4 with sendmail as my MTA and SpamAssassin 3.1.1. I recently ran the 'sa-update' program included in SpamAssassin to pick up newly added and changed rules. The sa-update program correctly downloads the updated rules to the default location of '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when running spamassassin -D --lint, I can see the new rules being used. However the new rules are NOT being used by SpamAssassin when called from inside MailScanner. I believe this is due to an omission in SA.pm when creating a new instance of Mail::SpamAssassin. The LOCAL_STATE_DIR config option, which is normally '/var/lib' is not included in the $settings. Adri. From martinh at solid-state-logic.com Thu Apr 6 09:34:46 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 09:35:04 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <008101c65954$f810e6e0$3004010a@martinhlaptop> Adri Have a look in MailScanner.conf and the Advanced SpamAssassin Settings section. You can put extra things into the SA rules path there, Also I presume you're restarting MS after the update and not just waiting for the children to die? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 09:03 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner 4.50.15 not picking up new rules from sa-update > > I am running the MailScanner port on FreeBSD 5.4 with sendmail as my MTA > and SpamAssassin 3.1.1. > I recently ran the 'sa-update' program included in SpamAssassin to pick > up newly added and changed rules. > The sa-update program correctly downloads the updated rules to the > default location of > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > running spamassassin -D --lint, I can see the new rules being used. > However the new rules are NOT being used by SpamAssassin when called > from inside MailScanner. > I believe this is due to an omission in SA.pm when creating a new > instance of Mail::SpamAssassin. > The LOCAL_STATE_DIR config option, which is normally '/var/lib' is not > included in the $settings. > > Adri. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Thu Apr 6 10:22:09 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 10:22:15 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> Message-ID: <223f97700604060222j1e999010k8a4fa4aaceebe553@mail.gmail.com> On 06/04/06, Res wrote: > On Wed, 5 Apr 2006, Glenn Steen wrote: > >> > >> That is silly, i dont give a toss about syslog running or not, at 100 > > > > Exactly. > > > >> megs a day I sure as hell have better things to do then look at logs lol, > >> but coz syslog dies, why the hell should mail cease to be processed because > >> of it. > > > > Why not? It got your attention;-):-). > > No, it got my customers attention :P yahoo have facination of sending to > sec MX only around here and a lot of whingers|crybabies were not getting > their yahoo groups spam, thats how we originally found it, somethign amiss > with 300 sendmail copies running and a number of mailscanner :) > See your point... Might be nasty:-). > > Syslog is pretty stable usually, so something making it die would (in > > my experience) be an indication that you have a "serious" problem. > > yeah, it did it a few times since this post as well, the problem appeared > that our scsi drive mounted for swap was flakey, swap was non existent, > then it was there, I thought id had a few too many bourbons, no out > ofordinary messages anywhere, replaced it and it hasnt died yet (almost 18 > hours) I think thats whats caused it, there seems to be no other issues .... Ah. Never seen that exact behaviour (with or without whiskey:), but then a flakey HDD would (in my case) be killing filesystems too, so that would probably get my attention:-). And all the while dmesg was silent? Spooky... > > I'm sure it's acceptable to you to not keep very good track of > > individual messages, nor of errors etc... But to some (like me) it > > bloody oath, not at the rate it turns over, and thats not counting the > fact sendmail rejects 80% more mail for RBL/no dns records etc :) > I definitely see your point... I'm at a .gov-ish site here, and have regulations in place that make logging almost as paramount as the actual messages ("availability to the public" type of thing), So I don't have the "luxury" of not logging everything. Sigh. > > It also pleased me to see it clear out all the 2 days of mail it kept in a > small time frame with no real killing of the machine load wise, in fact > procesing new mail and doing the stored stuff as well and the load was > still less than our primary servers which can not run mailscanner because > they are all qmail (and qmailscan), and before you ask, no we cant change, > as a wholesaler to over a hundred VISPs and thousands and thousands > of hosting domains, qmail/vpopmail combo is far superior to anything for > this tyupe of operation (and thats from a staunch sendmail supporter :P ) > Kinda why al lthe stand alones run sendmail :) > > Ah yes, don't we just love MailScanner for it! (I suppose mentioning postfix here is tantamount to swearing, so...:-) Anyway, glad to hear you have it sorted. Sounds like you've earned yourself some more bourbon;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 6 10:36:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 10:36:30 2006 Subject: Mail Scanner Crashing when receiving special spam mails In-Reply-To: <1144270052_1085495@mailout.ofir.com> References: <1144270052_1085495@mailout.ofir.com> Message-ID: <223f97700604060236n2f965ca6w75817a0afc6612f3@mail.gmail.com> On 05/04/06, Ben jsh wrote: > Hi All, > I am running SpamAssassin 3.1.1 Sendmail 8.13.6 MailScanner 4.52.2 and it > crashes when I receive emails with no sender address to invalid users at my > domain. And there is suddenly coming tons of those emails in crashing > everything. > > Please help > Logs: > http://pastebin.com/642842 > http://pastebin.com/642730 > > Ben Do I read that right as an error in MailWatch? Database OK? Anyway, why are you accepting (at MTA level) non-existant recipients? Fix that and this particular problem will likely go away:). IANASG, but I suppose there has been a lot of mention on this list on how to do this with sendmail (access file or milter-ahead or ... wasn't there a "more free" reimplementation of milter-ahead mentioned just this week... RALM setting in here, someone with better memory will know...:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From adrik at salesmanager.nl Thu Apr 6 10:52:21 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 10:52:24 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, The Advanced SpamAssassin Section does not have an option for the SpamAssassin LOCAL_STATE_DIR option. Also in SA.pm, there is no place where this option is read or passed on to SpamAssassin. I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to work with sa-update. I am restarting MailScanner after making config changes, before checking if they function properly. I think Julian probably has to add the option to SA.pm and the Advanced SpamAssassin Section in MailScanner.conf. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 10:35 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > Have a look in MailScanner.conf and the Advanced SpamAssassin > Settings section. You can put extra things into the SA rules > path there, > > Also I presume you're restarting MS after the update and not > just waiting for the children to die? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 09:03 > > To: mailscanner@lists.mailscanner.info > > Subject: MailScanner 4.50.15 not picking up new rules from sa-update > > > > I am running the MailScanner port on FreeBSD 5.4 with > sendmail as my > > MTA and SpamAssassin 3.1.1. > > I recently ran the 'sa-update' program included in SpamAssassin to > > pick up newly added and changed rules. > > The sa-update program correctly downloads the updated rules to the > > default location of > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > running spamassassin -D --lint, I can see the new rules being used. > > However the new rules are NOT being used by SpamAssassin > when called > > from inside MailScanner. > > I believe this is due to an omission in SA.pm when creating a new > > instance of Mail::SpamAssassin. > > The LOCAL_STATE_DIR config option, which is normally > '/var/lib' is not > > included in the $settings. > > > > Adri. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Thu Apr 6 10:57:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 10:57:06 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E263.6060906@thehostmasters.com> References: <4433E263.6060906@thehostmasters.com> Message-ID: <223f97700604060257l175e2d61kc32fd1b43583ec96@mail.gmail.com> On 05/04/06, Rob Morin wrote: > Hello all.... > (snip, since others covered this nicely) > Also i have a friend of mine that has his own mail server and he says he > does a white list by adding to the white list any email address that the > server sends email to... IE any of his clients that send email via that > server to a person, that email is put itn the white list > automatically... is this safe? is it possible? If he is whitelisting the email addresses, then he's opening himself to badness, yes. This means that all those "autowhitelists" are open to address-forgery. Not good. It's safer to whitelist IP addresses, but then, the receiving MTA of an organization is not necessarily the sending MTA, and there is no mandate (in RFC or otherwise) that the sending MTA even has a DNS record, so... Not easy to go that route. My PHB forced me to WL all "business associates" by address when we started out with MS, but after a few forgeries slipping through he has "seen the light", so now we aim at having a well-tuned SA/MS instead of massive whitelists... So far (couple of years) this has been a much better approach. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Thu Apr 6 10:59:47 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 10:59:55 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00ad01c65960$d6759380$3004010a@martinhlaptop> Adri Hmm what version of MS is this???? "mailscanner -v" Freshports shows the latest is 4.50.1 which should have these settings. You may have to upgrade your ports tree.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 10:52 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > The Advanced SpamAssassin Section does not have an option for the > SpamAssassin LOCAL_STATE_DIR option. > Also in SA.pm, there is no place where this option is read or passed on > to SpamAssassin. > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to work with > sa-update. > > I am restarting MailScanner after making config changes, before checking > if they function properly. > I think Julian probably has to add the option to SA.pm and the Advanced > SpamAssassin Section in MailScanner.conf. > > Adri. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 10:35 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > Settings section. You can put extra things into the SA rules > > path there, > > > > Also I presume you're restarting MS after the update and not > > just waiting for the children to die? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 09:03 > > > To: mailscanner@lists.mailscanner.info > > > Subject: MailScanner 4.50.15 not picking up new rules from sa-update > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > sendmail as my > > > MTA and SpamAssassin 3.1.1. > > > I recently ran the 'sa-update' program included in SpamAssassin to > > > pick up newly added and changed rules. > > > The sa-update program correctly downloads the updated rules to the > > > default location of > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > running spamassassin -D --lint, I can see the new rules being used. > > > However the new rules are NOT being used by SpamAssassin > > when called > > > from inside MailScanner. > > > I believe this is due to an omission in SA.pm when creating a new > > > instance of Mail::SpamAssassin. > > > The LOCAL_STATE_DIR config option, which is normally > > '/var/lib' is not > > > included in the $settings. > > > > > > Adri. > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From adrik at salesmanager.nl Thu Apr 6 11:11:11 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 11:11:17 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, Using MailScanner 4.50.15 from www.freebsd.ord/ports. SpamAssassin 3.1.1 from www.freebsd.org/ports. Which setting should I look for in MailScanner.conf or SA.pm for setting the SpamAssassin LOCAL_STATE_DIR? Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 12:00 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > Hmm what version of MS is this???? "mailscanner -v" > > Freshports shows the latest is 4.50.1 which should have these > settings. > > You may have to upgrade your ports tree.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 10:52 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > The Advanced SpamAssassin Section does not have an option for the > > SpamAssassin LOCAL_STATE_DIR option. > > Also in SA.pm, there is no place where this option is read > or passed > > on to SpamAssassin. > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > work with > > sa-update. > > > > I am restarting MailScanner after making config changes, before > > checking if they function properly. > > I think Julian probably has to add the option to SA.pm and the > > Advanced SpamAssassin Section in MailScanner.conf. > > > > Adri. > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin Hepworth > > > Sent: donderdag 6 april 2006 10:35 > > > To: 'MailScanner discussion' > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Adri > > > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > > Settings section. You can put extra things into the SA rules path > > > there, > > > > > > Also I presume you're restarting MS after the update and not just > > > waiting for the children to die? > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > Sent: 06 April 2006 09:03 > > > > To: mailscanner@lists.mailscanner.info > > > > Subject: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > sendmail as my > > > > MTA and SpamAssassin 3.1.1. > > > > I recently ran the 'sa-update' program included in > SpamAssassin to > > > > pick up newly added and changed rules. > > > > The sa-update program correctly downloads the updated > rules to the > > > > default location of > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > > running spamassassin -D --lint, I can see the new rules > being used. > > > > However the new rules are NOT being used by SpamAssassin > > > when called > > > > from inside MailScanner. > > > > I believe this is due to an omission in SA.pm when > creating a new > > > > instance of Mail::SpamAssassin. > > > > The LOCAL_STATE_DIR config option, which is normally > > > '/var/lib' is not > > > > included in the $settings. > > > > > > > > Adri. > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ******************************************************************** > > > ** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error please > > > notify the system manager. > > > > > > This footnote confirms that this email message has been swept for > > > the presence of computer viruses and is believed to be clean. > > > > > > > ******************************************************************** > > > ** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Thu Apr 6 11:18:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 11:18:17 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00b101c65963$67af3d90$3004010a@martinhlaptop> Adri Should be in MailScanner.conf in the Advanced SpamAssassin section - its around line 1850 in my setup. Was this a fresh install of 4.50.15 or did you upgrade from an earlier version??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 11:11 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > Using MailScanner 4.50.15 from www.freebsd.ord/ports. > SpamAssassin 3.1.1 from www.freebsd.org/ports. > > Which setting should I look for in MailScanner.conf or SA.pm for setting > the SpamAssassin LOCAL_STATE_DIR? > > Adri. > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 12:00 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > Hmm what version of MS is this???? "mailscanner -v" > > > > Freshports shows the latest is 4.50.1 which should have these > > settings. > > > > You may have to upgrade your ports tree.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 10:52 > > > To: MailScanner discussion > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Martin, > > > > > > The Advanced SpamAssassin Section does not have an option for the > > > SpamAssassin LOCAL_STATE_DIR option. > > > Also in SA.pm, there is no place where this option is read > > or passed > > > on to SpamAssassin. > > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > > work with > > > sa-update. > > > > > > I am restarting MailScanner after making config changes, before > > > checking if they function properly. > > > I think Julian probably has to add the option to SA.pm and the > > > Advanced SpamAssassin Section in MailScanner.conf. > > > > > > Adri. > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > > Martin Hepworth > > > > Sent: donderdag 6 april 2006 10:35 > > > > To: 'MailScanner discussion' > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Adri > > > > > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > > > Settings section. You can put extra things into the SA rules path > > > > there, > > > > > > > > Also I presume you're restarting MS after the update and not just > > > > waiting for the children to die? > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > Sent: 06 April 2006 09:03 > > > > > To: mailscanner@lists.mailscanner.info > > > > > Subject: MailScanner 4.50.15 not picking up new rules from > > > > > sa-update > > > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > > sendmail as my > > > > > MTA and SpamAssassin 3.1.1. > > > > > I recently ran the 'sa-update' program included in > > SpamAssassin to > > > > > pick up newly added and changed rules. > > > > > The sa-update program correctly downloads the updated > > rules to the > > > > > default location of > > > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > > > running spamassassin -D --lint, I can see the new rules > > being used. > > > > > However the new rules are NOT being used by SpamAssassin > > > > when called > > > > > from inside MailScanner. > > > > > I believe this is due to an omission in SA.pm when > > creating a new > > > > > instance of Mail::SpamAssassin. > > > > > The LOCAL_STATE_DIR config option, which is normally > > > > '/var/lib' is not > > > > > included in the $settings. > > > > > > > > > > Adri. > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity > > to whom they > > > > are addressed. If you have received this email in error please > > > > notify the system manager. > > > > > > > > This footnote confirms that this email message has been swept for > > > > the presence of computer viruses and is believed to be clean. > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From adrik at salesmanager.nl Thu Apr 6 11:31:20 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 11:31:22 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, This was an upgrade from 4.49, but the MailScanner.conf has been updated also. My MailScanner.conf has the following entries: MailScanner Version Number = 4.50.15 SpamAssassin User State Dir = /usr/local/etc/mail/spamassassin SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /usr/local/etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = I do NOT see anything for the LOCAL_STATE_DIR in either MailScanner.conf or SA.pm! Since the option is not in SA.pm, it won't matter if I add it to MailScanner.conf! I have manually set the option in SA.pm and now the updated rules are recognised and used. Here's a context diff: *** SA.pm Thu Apr 6 12:29:42 2006 --- SA.pm.orig Thu Apr 6 12:30:12 2006 *************** *** 106,112 **** $settings{LOCAL_RULES_DIR} = $val if $val ne ""; $val = MailScanner::Config::Value('spamassassindefaultrulesdir'); $settings{DEF_RULES_DIR} = $val if $val ne ""; - $settings{LOCAL_STATE_DIR} = "/var/lib"; $val = MailScanner::Config::Value('spamassassininstallprefix'); # For version 3 onwards, shouldn't cause problems with earlier code --- 106,111 ---- Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 12:18 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > Should be in MailScanner.conf in the Advanced SpamAssassin > section - its around line 1850 in my setup. > > > Was this a fresh install of 4.50.15 or did you upgrade from > an earlier version??? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 11:11 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > Using MailScanner 4.50.15 from www.freebsd.ord/ports. > > SpamAssassin 3.1.1 from www.freebsd.org/ports. > > > > Which setting should I look for in MailScanner.conf or SA.pm for > > setting the SpamAssassin LOCAL_STATE_DIR? > > > > Adri. > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin Hepworth > > > Sent: donderdag 6 april 2006 12:00 > > > To: 'MailScanner discussion' > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Adri > > > > > > Hmm what version of MS is this???? "mailscanner -v" > > > > > > Freshports shows the latest is 4.50.1 which should have these > > > settings. > > > > > > You may have to upgrade your ports tree.. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > Sent: 06 April 2006 10:52 > > > > To: MailScanner discussion > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Martin, > > > > > > > > The Advanced SpamAssassin Section does not have an > option for the > > > > SpamAssassin LOCAL_STATE_DIR option. > > > > Also in SA.pm, there is no place where this option is read > > > or passed > > > > on to SpamAssassin. > > > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > > > work with > > > > sa-update. > > > > > > > > I am restarting MailScanner after making config changes, before > > > > checking if they function properly. > > > > I think Julian probably has to add the option to SA.pm and the > > > > Advanced SpamAssassin Section in MailScanner.conf. > > > > > > > > Adri. > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > On Behalf Of > > > > > Martin Hepworth > > > > > Sent: donderdag 6 april 2006 10:35 > > > > > To: 'MailScanner discussion' > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > rules from > > > > > sa-update > > > > > > > > > > Adri > > > > > > > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > > > > Settings section. You can put extra things into the SA rules > > > > > path there, > > > > > > > > > > Also I presume you're restarting MS after the update and not > > > > > just waiting for the children to die? > > > > > > > > > > -- > > > > > Martin Hepworth > > > > > Snr Systems Administrator > > > > > Solid State Logic > > > > > Tel: +44 (0)1865 842300 > > > > > > > > > > > -----Original Message----- > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner- > > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > > Sent: 06 April 2006 09:03 > > > > > > To: mailscanner@lists.mailscanner.info > > > > > > Subject: MailScanner 4.50.15 not picking up new rules from > > > > > > sa-update > > > > > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > > > sendmail as my > > > > > > MTA and SpamAssassin 3.1.1. > > > > > > I recently ran the 'sa-update' program included in > > > SpamAssassin to > > > > > > pick up newly added and changed rules. > > > > > > The sa-update program correctly downloads the updated > > > rules to the > > > > > > default location of > > > > > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > > > > running spamassassin -D --lint, I can see the new rules > > > being used. > > > > > > However the new rules are NOT being used by SpamAssassin > > > > > when called > > > > > > from inside MailScanner. > > > > > > I believe this is due to an omission in SA.pm when > > > creating a new > > > > > > instance of Mail::SpamAssassin. > > > > > > The LOCAL_STATE_DIR config option, which is normally > > > > > '/var/lib' is not > > > > > > included in the $settings. > > > > > > > > > > > > Adri. > > > > > > -- > > > > > > MailScanner mailing list > > > > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > ** > > > > > > > > > > This email and any files transmitted with it are confidential > > > > > and intended solely for the use of the individual or entity > > > to whom they > > > > > are addressed. If you have received this email in > error please > > > > > notify the system manager. > > > > > > > > > > This footnote confirms that this email message has been swept > > > > > for the presence of computer viruses and is believed > to be clean. > > > > > > > > > > > > > > ******************************************************************** > > > > > ** > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ******************************************************************** > > > ** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error please > > > notify the system manager. > > > > > > This footnote confirms that this email message has been swept for > > > the presence of computer viruses and is believed to be clean. > > > > > > > ******************************************************************** > > > ** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gmatt at nerc.ac.uk Thu Apr 6 11:31:23 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Apr 6 11:31:32 2006 Subject: Sophos v5 Message-ID: <1144319483.27368.6.camel@lea.nerc-wallingford.ac.uk> Just a data point following someones question about sophos v5... this will not even install on CentOS v4. the sophos provided install.sh script dies very quickly with: # ./install.sh -v -d /usr/local/Sophos/ 'import site' failed; use -v for traceback Traceback (most recent call last): File "", line 1, in ? zipimport.ZipImportError: can't decompress data; zlib not available even tho # rpm -qa | grep zlib zlib-devel-1.2.1.2-1.2 zlib-1.2.1.2-1.2 In fact Sophos will not even support RHELv4. The product is supported on ancient versions of redhat up to rhel3. But they do appear to support its installation on suse with a 2.6 kernel... This seems like a pretty poor show given how long RHEL4 has been out, and that v5 is due out this year. less surprisingly, they still dont support 64bit architectures. Not sure how they expect to be taken seriously as a server based solution with such poor support for server architectures. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From martinh at solid-state-logic.com Thu Apr 6 11:46:48 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 11:46:56 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00bb01c65967$68096eb0$3004010a@martinhlaptop> Adri >From my MailScanner.conf... # Advanced SpamAssassin Settings # ------------------------------ # # If you are using Postfix you may well need to use some of the settings # below, as the home directory for the "postfix" user cannot be written # to by the "postfix" user. # You may also need to use these if you have installed SpamAssassin # somewhere other than the default location. # # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. # If this is unset then no extra places are searched for. # If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do # mkdir /var/spool/MailScanner/spamassassin # chown postfix.postfix /var/spool/MailScanner/spamassassin # NOTE: SpamAssassin is always called from MailScanner as the same user, # and that is the "Run As" user specified above. So you can only # have 1 set of "per-user" files, it's just that you might possibly # need to modify this location. # You should not normally need to set this at all. #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin User State Dir = /var/spool/spamassassin # This setting is useful if SpamAssassin is installed in an unusual place, # e.g. /opt/MailScanner. The install prefix is used to find some fallback # directories if neither of the following two settings work. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin Install Prefix = /opt/MailScanner # The site rules are searched for here. # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. # If this is unset then no extra places are searched for. # If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do # mkdir /var/spool/MailScanner/spamassassin # chown postfix.postfix /var/spool/MailScanner/spamassassin # NOTE: SpamAssassin is always called from MailScanner as the same user, # and that is the "Run As" user specified above. So you can only # have 1 set of "per-user" files, it's just that you might possibly # need to modify this location. # You should not normally need to set this at all. #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin User State Dir = /var/spool/spamassassin # This setting is useful if SpamAssassin is installed in an unusual place, # e.g. /opt/MailScanner. The install prefix is used to find some fallback # directories if neither of the following two settings work. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin Install Prefix = /opt/MailScanner # The site rules are searched for here. # Normal location on most systems is /etc/mail/spamassassin. SpamAssassin Site Rules Dir = /etc/mail/spamassassin # The site-local rules are searched for here, and in prefix/etc/spamassassin, # prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, # /etc/mail/spamassassin, and maybe others. # Be careful of setting this: it may mean the spam.assassin.prefs.conf file # is missed out, you will need to insert a soft-link with "ln -s" to link # the file into mailscanner.cf in the new directory. # If this is set then it replaces the list of places that are searched; # otherwise it has no effect. #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin SpamAssassin Local Rules Dir = # The default rules are searched for here, and in prefix/share/spamassassin, # /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin SpamAssassin Default Rules Dir = -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 11:31 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > This was an upgrade from 4.49, but the MailScanner.conf has been updated > also. > My MailScanner.conf has the following entries: > > MailScanner Version Number = 4.50.15 > SpamAssassin User State Dir = /usr/local/etc/mail/spamassassin > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /usr/local/etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > > I do NOT see anything for the LOCAL_STATE_DIR in either MailScanner.conf > or SA.pm! > Since the option is not in SA.pm, it won't matter if I add it to > MailScanner.conf! > > I have manually set the option in SA.pm and now the updated rules are > recognised and used. > Here's a context diff: > > *** SA.pm Thu Apr 6 12:29:42 2006 > --- SA.pm.orig Thu Apr 6 12:30:12 2006 > *************** > *** 106,112 **** > $settings{LOCAL_RULES_DIR} = $val if $val ne ""; > $val = MailScanner::Config::Value('spamassassindefaultrulesdir'); > $settings{DEF_RULES_DIR} = $val if $val ne ""; > - $settings{LOCAL_STATE_DIR} = "/var/lib"; > $val = MailScanner::Config::Value('spamassassininstallprefix'); > > # For version 3 onwards, shouldn't cause problems with earlier > code > --- 106,111 ---- > > Adri. > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 12:18 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > Should be in MailScanner.conf in the Advanced SpamAssassin > > section - its around line 1850 in my setup. > > > > > > Was this a fresh install of 4.50.15 or did you upgrade from > > an earlier version??? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 11:11 > > > To: MailScanner discussion > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Martin, > > > > > > Using MailScanner 4.50.15 from www.freebsd.ord/ports. > > > SpamAssassin 3.1.1 from www.freebsd.org/ports. > > > > > > Which setting should I look for in MailScanner.conf or SA.pm for > > > setting the SpamAssassin LOCAL_STATE_DIR? > > > > > > Adri. > > > > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > > Martin Hepworth > > > > Sent: donderdag 6 april 2006 12:00 > > > > To: 'MailScanner discussion' > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Adri > > > > > > > > Hmm what version of MS is this???? "mailscanner -v" > > > > > > > > Freshports shows the latest is 4.50.1 which should have these > > > > settings. > > > > > > > > You may have to upgrade your ports tree.. > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > Sent: 06 April 2006 10:52 > > > > > To: MailScanner discussion > > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > > sa-update > > > > > > > > > > Martin, > > > > > > > > > > The Advanced SpamAssassin Section does not have an > > option for the > > > > > SpamAssassin LOCAL_STATE_DIR option. > > > > > Also in SA.pm, there is no place where this option is read > > > > or passed > > > > > on to SpamAssassin. > > > > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > > > > work with > > > > > sa-update. > > > > > > > > > > I am restarting MailScanner after making config changes, before > > > > > checking if they function properly. > > > > > I think Julian probably has to add the option to SA.pm and the > > > > > Advanced SpamAssassin Section in MailScanner.conf. > > > > > > > > > > Adri. > > > > > > > > > > > -----Original Message----- > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > > On Behalf Of > > > > > > Martin Hepworth > > > > > > Sent: donderdag 6 april 2006 10:35 > > > > > > To: 'MailScanner discussion' > > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > > rules from > > > > > > sa-update > > > > > > > > > > > > Adri > > > > > > > > > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > > > > > Settings section. You can put extra things into the SA rules > > > > > > path there, > > > > > > > > > > > > Also I presume you're restarting MS after the update and not > > > > > > just waiting for the children to die? > > > > > > > > > > > > -- > > > > > > Martin Hepworth > > > > > > Snr Systems Administrator > > > > > > Solid State Logic > > > > > > Tel: +44 (0)1865 842300 > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > > [mailto:mailscanner- > > > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > > > Sent: 06 April 2006 09:03 > > > > > > > To: mailscanner@lists.mailscanner.info > > > > > > > Subject: MailScanner 4.50.15 not picking up new rules from > > > > > > > sa-update > > > > > > > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > > > > sendmail as my > > > > > > > MTA and SpamAssassin 3.1.1. > > > > > > > I recently ran the 'sa-update' program included in > > > > SpamAssassin to > > > > > > > pick up newly added and changed rules. > > > > > > > The sa-update program correctly downloads the updated > > > > rules to the > > > > > > > default location of > > > > > > > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > > > > > running spamassassin -D --lint, I can see the new rules > > > > being used. > > > > > > > However the new rules are NOT being used by SpamAssassin > > > > > > when called > > > > > > > from inside MailScanner. > > > > > > > I believe this is due to an omission in SA.pm when > > > > creating a new > > > > > > > instance of Mail::SpamAssassin. > > > > > > > The LOCAL_STATE_DIR config option, which is normally > > > > > > '/var/lib' is not > > > > > > > included in the $settings. > > > > > > > > > > > > > > Adri. > > > > > > > -- > > > > > > > MailScanner mailing list > > > > > > > mailscanner@lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > > ** > > > > > > > > > > > > This email and any files transmitted with it are confidential > > > > > > and intended solely for the use of the individual or entity > > > > to whom they > > > > > > are addressed. If you have received this email in > > error please > > > > > > notify the system manager. > > > > > > > > > > > > This footnote confirms that this email message has been swept > > > > > > for the presence of computer viruses and is believed > > to be clean. > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > > ** > > > > > > > > > > > > -- > > > > > > MailScanner mailing list > > > > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity > > to whom they > > > > are addressed. If you have received this email in error please > > > > notify the system manager. > > > > > > > > This footnote confirms that this email message has been swept for > > > > the presence of computer viruses and is believed to be clean. > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From adrik at salesmanager.nl Thu Apr 6 11:53:08 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 11:53:15 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, Your MailScanner.conf Advanced SpamAssassin Settings looks the same as mine. No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a default of '/var/lib'. Adding options to MailScanner.conf alone isn't going to work, since they also need to be read and passed on to SpamAssassin in SA.pm. I reported this to the list, since I think Julian has to add it to the next version of MailScanner. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 12:47 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > >From my MailScanner.conf... > > # Advanced SpamAssassin Settings > # ------------------------------ > # > # If you are using Postfix you may well need to use some of > the settings # below, as the home directory for the "postfix" > user cannot be written # to by the "postfix" user. > # You may also need to use these if you have installed > SpamAssassin # somewhere other than the default location. > # > > # The per-user files (bayes, auto-whitelist, user_prefs) are > looked # for here and in ~/.spamassassin/. Note the files are mutable. > # If this is unset then no extra places are searched for. > # If using Postfix, you probably want to set this as shown in > the example # line at the end of this comment, and do > # mkdir /var/spool/MailScanner/spamassassin > # chown postfix.postfix /var/spool/MailScanner/spamassassin > # NOTE: SpamAssassin is always called from MailScanner as the > same user, > # and that is the "Run As" user specified above. So you can only > # have 1 set of "per-user" files, it's just that you > might possibly > # need to modify this location. > # You should not normally need to set this at all. > #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > SpamAssassin User State Dir = /var/spool/spamassassin > > # This setting is useful if SpamAssassin is installed in an > unusual place, # e.g. /opt/MailScanner. The install prefix is > used to find some fallback # directories if neither of the > following two settings work. > # If this is set then it adds to the list of places that are > searched; # otherwise it has no effect. > #SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin > Install Prefix = /opt/MailScanner > > # The site rules are searched for here. > # The per-user files (bayes, auto-whitelist, user_prefs) are > looked # for here and in ~/.spamassassin/. Note the files are mutable. > # If this is unset then no extra places are searched for. > # If using Postfix, you probably want to set this as shown in > the example # line at the end of this comment, and do > # mkdir /var/spool/MailScanner/spamassassin > # chown postfix.postfix /var/spool/MailScanner/spamassassin > # NOTE: SpamAssassin is always called from MailScanner as the > same user, > # and that is the "Run As" user specified above. So you can only > # have 1 set of "per-user" files, it's just that you > might possibly > # need to modify this location. > # You should not normally need to set this at all. > #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > SpamAssassin User State Dir = /var/spool/spamassassin > > # This setting is useful if SpamAssassin is installed in an > unusual place, # e.g. /opt/MailScanner. The install prefix is > used to find some fallback # directories if neither of the > following two settings work. > # If this is set then it adds to the list of places that are > searched; # otherwise it has no effect. > #SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin > Install Prefix = /opt/MailScanner > > # The site rules are searched for here. > # Normal location on most systems is /etc/mail/spamassassin. > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > # The site-local rules are searched for here, and in > prefix/etc/spamassassin, # prefix/etc/mail/spamassassin, > /usr/local/etc/spamassassin, /etc/spamassassin, # > /etc/mail/spamassassin, and maybe others. > # Be careful of setting this: it may mean the > spam.assassin.prefs.conf file # is missed out, you will need > to insert a soft-link with "ln -s" to link # the file into > mailscanner.cf in the new directory. > # If this is set then it replaces the list of places that are > searched; # otherwise it has no effect. > #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin > SpamAssassin Local Rules Dir = > > # The default rules are searched for here, and in > prefix/share/spamassassin, # /usr/local/share/spamassassin, > /usr/share/spamassassin, and maybe others. > # If this is set then it adds to the list of places that are > searched; # otherwise it has no effect. > #SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin > SpamAssassin Default Rules Dir = > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 11:31 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > This was an upgrade from 4.49, but the MailScanner.conf has been > > updated also. > > My MailScanner.conf has the following entries: > > > > MailScanner Version Number = 4.50.15 > > SpamAssassin User State Dir = /usr/local/etc/mail/spamassassin > > SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = > > /usr/local/etc/mail/spamassassin SpamAssassin Local Rules Dir = > > SpamAssassin Default Rules Dir = > > > > I do NOT see anything for the LOCAL_STATE_DIR in either > > MailScanner.conf or SA.pm! > > Since the option is not in SA.pm, it won't matter if I add it to > > MailScanner.conf! > > > > I have manually set the option in SA.pm and now the updated > rules are > > recognised and used. > > Here's a context diff: > > > > *** SA.pm Thu Apr 6 12:29:42 2006 > > --- SA.pm.orig Thu Apr 6 12:30:12 2006 > > *************** > > *** 106,112 **** > > $settings{LOCAL_RULES_DIR} = $val if $val ne ""; > > $val = > MailScanner::Config::Value('spamassassindefaultrulesdir'); > > $settings{DEF_RULES_DIR} = $val if $val ne ""; > > - $settings{LOCAL_STATE_DIR} = "/var/lib"; > > $val = > MailScanner::Config::Value('spamassassininstallprefix'); > > > > # For version 3 onwards, shouldn't cause problems > with earlier > > code > > --- 106,111 ---- > > > > Adri. > > > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin Hepworth > > > Sent: donderdag 6 april 2006 12:18 > > > To: 'MailScanner discussion' > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Adri > > > > > > Should be in MailScanner.conf in the Advanced > SpamAssassin section - > > > its around line 1850 in my setup. > > > > > > > > > Was this a fresh install of 4.50.15 or did you upgrade from an > > > earlier version??? > > > > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > Sent: 06 April 2006 11:11 > > > > To: MailScanner discussion > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Martin, > > > > > > > > Using MailScanner 4.50.15 from www.freebsd.ord/ports. > > > > SpamAssassin 3.1.1 from www.freebsd.org/ports. > > > > > > > > Which setting should I look for in MailScanner.conf or > SA.pm for > > > > setting the SpamAssassin LOCAL_STATE_DIR? > > > > > > > > Adri. > > > > > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > On Behalf Of > > > > > Martin Hepworth > > > > > Sent: donderdag 6 april 2006 12:00 > > > > > To: 'MailScanner discussion' > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > rules from > > > > > sa-update > > > > > > > > > > Adri > > > > > > > > > > Hmm what version of MS is this???? "mailscanner -v" > > > > > > > > > > Freshports shows the latest is 4.50.1 which should have these > > > > > settings. > > > > > > > > > > You may have to upgrade your ports tree.. > > > > > > > > > > -- > > > > > Martin Hepworth > > > > > Snr Systems Administrator > > > > > Solid State Logic > > > > > Tel: +44 (0)1865 842300 > > > > > > > > > > > -----Original Message----- > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner- > > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > > Sent: 06 April 2006 10:52 > > > > > > To: MailScanner discussion > > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > rules from > > > > > > sa-update > > > > > > > > > > > > Martin, > > > > > > > > > > > > The Advanced SpamAssassin Section does not have an > > > option for the > > > > > > SpamAssassin LOCAL_STATE_DIR option. > > > > > > Also in SA.pm, there is no place where this option is read > > > > > or passed > > > > > > on to SpamAssassin. > > > > > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > > > > > work with > > > > > > sa-update. > > > > > > > > > > > > I am restarting MailScanner after making config changes, > > > > > > before checking if they function properly. > > > > > > I think Julian probably has to add the option to > SA.pm and the > > > > > > Advanced SpamAssassin Section in MailScanner.conf. > > > > > > > > > > > > Adri. > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > > > On Behalf Of > > > > > > > Martin Hepworth > > > > > > > Sent: donderdag 6 april 2006 10:35 > > > > > > > To: 'MailScanner discussion' > > > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > > > rules from > > > > > > > sa-update > > > > > > > > > > > > > > Adri > > > > > > > > > > > > > > Have a look in MailScanner.conf and the Advanced > > > > > > > SpamAssassin Settings section. You can put extra > things into > > > > > > > the SA rules path there, > > > > > > > > > > > > > > Also I presume you're restarting MS after the > update and not > > > > > > > just waiting for the children to die? > > > > > > > > > > > > > > -- > > > > > > > Martin Hepworth > > > > > > > Snr Systems Administrator > > > > > > > Solid State Logic > > > > > > > Tel: +44 (0)1865 842300 > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > > > [mailto:mailscanner- > > > > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > > > > Sent: 06 April 2006 09:03 > > > > > > > > To: mailscanner@lists.mailscanner.info > > > > > > > > Subject: MailScanner 4.50.15 not picking up new > rules from > > > > > > > > sa-update > > > > > > > > > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > > > > > sendmail as my > > > > > > > > MTA and SpamAssassin 3.1.1. > > > > > > > > I recently ran the 'sa-update' program included in > > > > > SpamAssassin to > > > > > > > > pick up newly added and changed rules. > > > > > > > > The sa-update program correctly downloads the updated > > > > > rules to the > > > > > > > > default location of > > > > > > > > > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and > > > > > when > > > > > > > > running spamassassin -D --lint, I can see the new rules > > > > > being used. > > > > > > > > However the new rules are NOT being used by SpamAssassin > > > > > > > when called > > > > > > > > from inside MailScanner. > > > > > > > > I believe this is due to an omission in SA.pm when > > > > > creating a new > > > > > > > > instance of Mail::SpamAssassin. > > > > > > > > The LOCAL_STATE_DIR config option, which is normally > > > > > > > '/var/lib' is not > > > > > > > > included in the $settings. > > > > > > > > > > > > > > > > Adri. > > > > > > > > -- > > > > > > > > MailScanner mailing list > > > > > > > > mailscanner@lists.mailscanner.info > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > > > > > > > > > > > > > Support MailScanner development - buy the book off > > > the website! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > > > ** > > > > > > > > > > > > > > This email and any files transmitted with it are > > > > > > > confidential and intended solely for the use of the > > > > > > > individual or entity > > > > > to whom they > > > > > > > are addressed. If you have received this email in > > > error please > > > > > > > notify the system manager. > > > > > > > > > > > > > > This footnote confirms that this email message has been > > > > > > > swept for the presence of computer viruses and is believed > > > to be clean. > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > > > ** > > > > > > > > > > > > > > -- > > > > > > > MailScanner mailing list > > > > > > > mailscanner@lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > > > Support MailScanner development - buy the book off > > > the website! > > > > > > > > > > > > > -- > > > > > > MailScanner mailing list > > > > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > ** > > > > > > > > > > This email and any files transmitted with it are confidential > > > > > and intended solely for the use of the individual or entity > > > to whom they > > > > > are addressed. If you have received this email in > error please > > > > > notify the system manager. > > > > > > > > > > This footnote confirms that this email message has been swept > > > > > for the presence of computer viruses and is believed > to be clean. > > > > > > > > > > > > > > ******************************************************************** > > > > > ** > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ******************************************************************** > > > ** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error please > > > notify the system manager. > > > > > > This footnote confirms that this email message has been swept for > > > the presence of computer viruses and is believed to be clean. > > > > > > > ******************************************************************** > > > ** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Thu Apr 6 12:00:58 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 12:01:08 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00bc01c65969$62c4f170$3004010a@martinhlaptop> Adri Ah I get you ---- put this into your spam.assassin.prefs.conf. Appologies for the confusion -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 11:53 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > Your MailScanner.conf Advanced SpamAssassin Settings looks the same as > mine. > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a default > of '/var/lib'. > Adding options to MailScanner.conf alone isn't going to work, since they > also need to be read and passed on to SpamAssassin in SA.pm. > I reported this to the list, since I think Julian has to add it to the > next version of MailScanner. > > Adri. > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From roger at rudnick.com.br Thu Apr 6 12:07:08 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 12:09:29 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk><06d901c6581f$c9840220$0600a8c0@roger><4432D276.3060707@gmx.de> <00d901c65896$a8e35fd0$0600a8c0@roger> Message-ID: <01f001c6596a$3f0fbfc0$0600a8c0@roger> Just for the record, I changed the Max Children configuration to 1 (one) yesterday, and now all is working fine. I don't know why that happened, but started with Sendmail 8.13.6. Really strange... Thanks for all the help! Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Wednesday, April 05, 2006 6:52 AM Subject: Re: Sendmail Upgrade, other problem > Thanks! > > I really could do that, but I think this would make thinks too slow > here... Normaly there are 4 or 5 childrens running, some times even more. > But if there is no other solution to that case, I will give that a try. > > Regards > > Roger Jochem > > ----- Original Message ----- > From: > To: "MailScanner discussion" > Sent: Tuesday, April 04, 2006 5:09 PM > Subject: Re: Sendmail Upgrade, other problem > > >> On 04.04.2006 21:41, Roger Jochem wrote: >> >>> Regarding to my problem (bellow) I found the following lines in my >>> maillog >>> srv MailScanner[9596]: Failed to link message body between queues >>> (/var/spool/mqueue/dfi8R9KQqf010458 --> >>> /var/spool/mqueue.in/dfi8R9KQqf010458) >>> >>>>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>>>> >>>>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>>>> They appear twice in the users inbox, one with this body, and one >>>>>>> ok message (with the original body). >>>>>> >> >> google >> >> http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.html >> >> *Author: *Ryan >> *Date: * 2004-10-25 06:21 +200 >> *To: *plug >> *Subject: *[plug] MailScanner children fighting >> >> Hi PLUG, >> >> I've just upgraded my MailScanner to v4.34.8. Before I knock on their >> door about this problem I was wondering if anyone has seen it? >> >> With the default 5 children running, it appear that sometimes two >> childen pick up the same message and then whichever finishes last >> reports an error about it. Below is the output, you can see that two >> MailScanner processes detect the email waiting, both scan it, then one >> delivers it and the other one wonders where it went. The leads to 2 >> messages being sent to the recipient, one with the full message, and the >> other empty saying "<<< No Message Collected >>>" >> >> If I reduce the max children to one, things obviously are a touch slower >> off the mark, but it stops the children fighting over the messages. >> >> >> -- >> shrek-m >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From res at ausics.net Thu Apr 6 12:18:33 2006 From: res at ausics.net (Res) Date: Thu Apr 6 12:18:45 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: <223f97700604060222j1e999010k8a4fa4aaceebe553@mail.gmail.com> References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> <223f97700604060222j1e999010k8a4fa4aaceebe553@mail.gmail.com> Message-ID: On Thu, 6 Apr 2006, Glenn Steen wrote: > .... Ah. Never seen that exact behaviour (with or without whiskey:), > but then a flakey HDD would (in my case) be killing filesystems too, > so that would probably get my attention:-). > And all the while dmesg was silent? Spooky... Yeah, I would have thought syslog would still run for a few mins after swap went away, but it must be die at the same time, else i'd expect to see some sort of hint. > I definitely see your point... I'm at a .gov-ish site here, and have > regulations in place that make logging almost as paramount as the > actual messages ("availability to the public" type of thing), So I > don't have the "luxury" of not logging everything. Sigh. Heh its so bad that I actually comment out several of the MS log statements that I find are not needed Apr 6 21:08:36 sprint MailScanner[5707]: New Batch: Found 1489 messages waiting Apr 6 21:08:36 sprint MailScanner[5707]: New Batch: Scanning 100 messages, 3647604 bytes Apr 6 21:09:09 sprint MailScanner[5507]: Uninfected: Delivered 93 messages note the lines missing :) i deem them as duplicating info, like what was it ummmm..... virus content scanning starting or somthing? thats kind of moot since it already logs "scanning 100 messages" might not seem much to those who have low traffic, but on high traffic machines its overkill, also as we all know on high loaded machines every bit of logging adds to the resource hogging. Oh and before you ask.... yes I did pop back in Julians default messagebatch.pm to see if I screwed up my hacking, but nope, still broken. > Ah yes, don't we just love MailScanner for it! (I suppose mentioning > postfix here is tantamount to swearing, so...:-) Thats blasphemy! ;) -- Cheers Res From max at kipness.com Thu Apr 6 12:48:29 2006 From: max at kipness.com (Max Kipness) Date: Thu Apr 6 12:48:45 2006 Subject: Still stuck in queue, version 4.52.2 Message-ID: <80fb9c4e63217eef83a3e739939225c8@localhost> I've since upgraded to version 4.52.2, and I'm getting better performance (probably less getting stuck in the queue), yet yesterday there was one message that got processed over 6000 times! Here is a sample of one that is stuck right now. It's been processed 512 times. Any clue to what else I can do to remedy this issue? Apr 6 06:42:03 xxx MailScanner[12537]: SpamAssassin cache hit for message k36BOeGt011418 Apr 6 06:42:03 xxx MailScanner[12537]: Message k36BOeGt011418 from 86.202.15.121 (sdouhbhj@yahoo.com) to xxx.com is spam, SpamAssassin (score=26.748, required 6, autolearn=spam, BAYES_99 3.50, FORGED_YAHOO_RCVD 1.85, HELO_DYNAMIC_IPADDR 4.20, HTML_FONT_LOW_CONTRAST 0.19, HTML_IMAGE_ONLY_20 1.16, HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_3 0.88, LONGWORDS 3.79, MIME_BOUND_DIGITS_15 2.95, MIME_HTML_ONLY 0.00, MSGID_FROM_MTA_HEADER 0.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, UNPARSEABLE_RELAY 0.00, URIBL_JP_SURBL 4.09, URIBL_SBL 1.64) Apr 6 06:42:04 xxx MailScanner[12537]: Spam Actions: message k36BOeGt011418 actions are store Apr 6 06:42:07 sxxx MailScanner[12537]: Filename Checks: Very long filename, possible OE attack (k36BOeGt011418 dinah deprave annoyance tribesmen five stepson convince barnstorm assistant given forsaken rhetoric jugate carabao meteor abelian sophia frisky vulnerable debug pottery capetown hollyhock tor crusty .gif) Apr 6 06:42:07 xxx MailScanner[12537]: Saved entire message to /var/spool/MailScanner/quarantine/20060406/k36BOeGt011418 Apr 6 06:42:07 xxx MailScanner[12537]: Saved infected "dinah deprave .gif" to /var/spool/MailScanner/quarantine/20060406/k36BOeGt011418 -- Thanks, Max From adrik at salesmanager.nl Thu Apr 6 13:12:51 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 13:12:53 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, Thanks, but which option do I have to put in spam.assassin.prefs.conf? I have not found an configurable option for this in the SA docs. Normally the LOCAL_STATE_DIR option is hardcoded in /usr/local/bin/spammassassin (dynamically determined by make at compile/installation time) and there does not seem to be an option to overrride. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 13:01 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > Ah I get you ---- put this into your spam.assassin.prefs.conf. > > > Appologies for the confusion > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 11:53 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > Your MailScanner.conf Advanced SpamAssassin Settings looks > the same as > > mine. > > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a > > default of '/var/lib'. > > Adding options to MailScanner.conf alone isn't going to work, since > > they also need to be read and passed on to SpamAssassin in SA.pm. > > I reported this to the list, since I think Julian has to > add it to the > > next version of MailScanner. > > > > Adri. > > > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From steve.swaney at fsl.com Thu Apr 6 13:18:34 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Apr 6 13:18:39 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.88.1 Message-ID: <0ef401c65974$3a0b8630$2901010a@office.fsl> FYI. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -----Original Message----- From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli Sent: Tuesday, April 04, 2006 11:12 AM To: ClamAV Announce Subject: [Clamav-announce] announcing ClamAV 0.88.1 Dear ClamAV users, this version fixes a number of minor bugs and provides code updates to improve virus detection. Here is the full ChangeLog: Tue Apr 4 12:04:07 CEST 2006 ----------------------------- V 0.88.1 * Bugfixes: - libclamav/matcher.c: properly handle partial reads in cli_scandesc() - libclamav/mbox.c: sync with CVS, fixes detection of Worm.Bagle.CT - freshclam: fix support for LocalIPAddress Patch by Anton Yuzhaninov - docs/man: multiple manpage typo fixes Patch by A. Costa ) - shared/output.c: properly handle return value of vsnprintf Thanks to Anton Yuzhaninov - libclamav/htmlnorm.c: fix typo spotted by Gianluigi Tiesi - sigtool/sigtool.c: fix possible crash in build(), thanks to Sven - clamd/session.c: remove static timeout (5s) for SESSION Pointed out by Joseph Benden - libclamav/pe.c: fix possible integer overflow reported by Damian Put Note: only exploitable if file size limit (ArchiveMaxFileSize) disabled - libclamav/scanners.c: properly report archive unpacking errors Problem spotted by David F. Skoll - libclamav/others.c: fix possible crash in cli_bitset_test() Reported by David Luyer - libclamav/zziplib: fix possible crash on FreeBSD Reported by Robert Rebbun - clamav-milter: fall back if sendfile() fails -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce From martinh at solid-state-logic.com Thu Apr 6 13:37:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 13:37:18 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00c301c65976$d072df40$3004010a@martinhlaptop> Adri This a normal SA config/rules file so any rule/config that's valid you can place in there.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 13:13 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > Thanks, but which option do I have to put in spam.assassin.prefs.conf? > I have not found an configurable option for this in the SA docs. > Normally the LOCAL_STATE_DIR option is hardcoded in > /usr/local/bin/spammassassin (dynamically determined by make at > compile/installation time) and there does not seem to be an option to > overrride. > > Adri. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 13:01 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > Ah I get you ---- put this into your spam.assassin.prefs.conf. > > > > > > Appologies for the confusion > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 11:53 > > > To: MailScanner discussion > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Martin, > > > > > > Your MailScanner.conf Advanced SpamAssassin Settings looks > > the same as > > > mine. > > > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a > > > default of '/var/lib'. > > > Adding options to MailScanner.conf alone isn't going to work, since > > > they also need to be read and passed on to SpamAssassin in SA.pm. > > > I reported this to the list, since I think Julian has to > > add it to the > > > next version of MailScanner. > > > > > > Adri. > > > > > > > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Apr 6 13:37:32 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 13:37:40 2006 Subject: [Clamav-announce] announcing ClamAV 0.88.1 In-Reply-To: <0ef401c65974$3a0b8630$2901010a@office.fsl> Message-ID: <00c401c65976$e040e480$3004010a@martinhlaptop> Been running for last couple of hours no problems noted far. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: 06 April 2006 13:19 > To: 'MailScanner discussion' > Subject: FW: [Clamav-announce] announcing ClamAV 0.88.1 > > FYI. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca > Gibelli > Sent: Tuesday, April 04, 2006 11:12 AM > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.88.1 > > Dear ClamAV users, > > this version fixes a number of minor bugs and provides code updates > to improve virus detection. > > Here is the full ChangeLog: > > Tue Apr 4 12:04:07 CEST 2006 > ----------------------------- > V 0.88.1 > * Bugfixes: > - libclamav/matcher.c: properly handle partial reads in cli_scandesc() > - libclamav/mbox.c: sync with CVS, fixes detection of Worm.Bagle.CT > - freshclam: fix support for LocalIPAddress > Patch by Anton Yuzhaninov > - docs/man: multiple manpage typo fixes > Patch by A. Costa ) > - shared/output.c: properly handle return value of vsnprintf > Thanks to Anton Yuzhaninov > - libclamav/htmlnorm.c: fix typo spotted by Gianluigi Tiesi > > - sigtool/sigtool.c: fix possible crash in build(), thanks to Sven > - clamd/session.c: remove static timeout (5s) for SESSION > Pointed out by Joseph Benden > - libclamav/pe.c: fix possible integer overflow reported by Damian Put > Note: only exploitable if file size limit (ArchiveMaxFileSize) > disabled > - libclamav/scanners.c: properly report archive unpacking errors > Problem spotted by David F. Skoll > - libclamav/others.c: fix possible crash in cli_bitset_test() > Reported by David Luyer > - libclamav/zziplib: fix possible crash on FreeBSD > Reported by Robert Rebbun > - clamav-milter: fall back if sendfile() fails > > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL anti-virus toolkit > [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it > PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From adrik at salesmanager.nl Thu Apr 6 13:45:40 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 13:45:41 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, And if there is NO config option for it in SA? I can't find any documented SA rule/config to set the LOCAL_STATE_DIR. It's supposed to be passed from the Perl code, creating a new Mail::SpamAssassin instance. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 14:37 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > This a normal SA config/rules file so any rule/config that's > valid you can place in there.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 13:13 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > Thanks, but which option do I have to put in > spam.assassin.prefs.conf? > > I have not found an configurable option for this in the SA docs. > > Normally the LOCAL_STATE_DIR option is hardcoded in > > /usr/local/bin/spammassassin (dynamically determined by make at > > compile/installation time) and there does not seem to be an > option to > > overrride. > > > > Adri. > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin Hepworth > > > Sent: donderdag 6 april 2006 13:01 > > > To: 'MailScanner discussion' > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Adri > > > > > > Ah I get you ---- put this into your spam.assassin.prefs.conf. > > > > > > > > > Appologies for the confusion > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > Sent: 06 April 2006 11:53 > > > > To: MailScanner discussion > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Martin, > > > > > > > > Your MailScanner.conf Advanced SpamAssassin Settings looks > > > the same as > > > > mine. > > > > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a > > > > default of '/var/lib'. > > > > Adding options to MailScanner.conf alone isn't going to work, > > > > since they also need to be read and passed on to > SpamAssassin in SA.pm. > > > > I reported this to the list, since I think Julian has to > > > add it to the > > > > next version of MailScanner. > > > > > > > > Adri. > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > ** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error please > > > notify the system manager. > > > > > > This footnote confirms that this email message has been swept for > > > the presence of computer viruses and is believed to be clean. > > > > > > > ******************************************************************** > > > ** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From roger at rudnick.com.br Thu Apr 6 13:51:12 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 13:57:56 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk><06d901c6581f$c9840220$0600a8c0@roger><4432D276.3060707@gmx.de> <00d901c65896$a8e35fd0$0600a8c0@roger> Message-ID: <02e901c65978$c8d270a0$0600a8c0@roger> Unfortunately now MailScanner is VERY slow, when someone sends a large e-mail. If somebody can give me a better solution, I would appreciate... Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Wednesday, April 05, 2006 6:52 AM Subject: Re: Sendmail Upgrade, other problem > Thanks! > > I really could do that, but I think this would make thinks too slow > here... Normaly there are 4 or 5 childrens running, some times even more. > But if there is no other solution to that case, I will give that a try. > > Regards > > Roger Jochem > > ----- Original Message ----- > From: > To: "MailScanner discussion" > Sent: Tuesday, April 04, 2006 5:09 PM > Subject: Re: Sendmail Upgrade, other problem > > >> On 04.04.2006 21:41, Roger Jochem wrote: >> >>> Regarding to my problem (bellow) I found the following lines in my >>> maillog >>> srv MailScanner[9596]: Failed to link message body between queues >>> (/var/spool/mqueue/dfi8R9KQqf010458 --> >>> /var/spool/mqueue.in/dfi8R9KQqf010458) >>> >>>>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>>>> >>>>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>>>> They appear twice in the users inbox, one with this body, and one >>>>>>> ok message (with the original body). >>>>>> >> >> google >> >> http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.html >> >> *Author: *Ryan >> *Date: * 2004-10-25 06:21 +200 >> *To: *plug >> *Subject: *[plug] MailScanner children fighting >> >> Hi PLUG, >> >> I've just upgraded my MailScanner to v4.34.8. Before I knock on their >> door about this problem I was wondering if anyone has seen it? >> >> With the default 5 children running, it appear that sometimes two >> childen pick up the same message and then whichever finishes last >> reports an error about it. Below is the output, you can see that two >> MailScanner processes detect the email waiting, both scan it, then one >> delivers it and the other one wonders where it went. The leads to 2 >> messages being sent to the recipient, one with the full message, and the >> other empty saying "<<< No Message Collected >>>" >> >> If I reduce the max children to one, things obviously are a touch slower >> off the mark, but it stops the children fighting over the messages. >> >> >> -- >> shrek-m >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Thu Apr 6 13:59:04 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 13:59:26 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00c501c65979$e27c2720$3004010a@martinhlaptop> Hmm One for Jules then.... Can't see any documentation for this, but then the SA documentation is interesting to use sometimes..even tried the wiki..... Perhaps Matt or someone closer to the SA team can comment? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 13:46 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > And if there is NO config option for it in SA? I can't find any > documented SA rule/config to set the LOCAL_STATE_DIR. > It's supposed to be passed from the Perl code, creating a new > Mail::SpamAssassin instance. > > Adri. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 14:37 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > This a normal SA config/rules file so any rule/config that's > > valid you can place in there.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 13:13 > > > To: MailScanner discussion > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Martin, > > > > > > Thanks, but which option do I have to put in > > spam.assassin.prefs.conf? > > > I have not found an configurable option for this in the SA docs. > > > Normally the LOCAL_STATE_DIR option is hardcoded in > > > /usr/local/bin/spammassassin (dynamically determined by make at > > > compile/installation time) and there does not seem to be an > > option to > > > overrride. > > > > > > Adri. > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > > Martin Hepworth > > > > Sent: donderdag 6 april 2006 13:01 > > > > To: 'MailScanner discussion' > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Adri > > > > > > > > Ah I get you ---- put this into your spam.assassin.prefs.conf. > > > > > > > > > > > > Appologies for the confusion > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > Sent: 06 April 2006 11:53 > > > > > To: MailScanner discussion > > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > > sa-update > > > > > > > > > > Martin, > > > > > > > > > > Your MailScanner.conf Advanced SpamAssassin Settings looks > > > > the same as > > > > > mine. > > > > > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a > > > > > default of '/var/lib'. > > > > > Adding options to MailScanner.conf alone isn't going to work, > > > > > since they also need to be read and passed on to > > SpamAssassin in SA.pm. > > > > > I reported this to the list, since I think Julian has to > > > > add it to the > > > > > next version of MailScanner. > > > > > > > > > > Adri. > > > > > > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity > > to whom they > > > > are addressed. If you have received this email in error please > > > > notify the system manager. > > > > > > > > This footnote confirms that this email message has been swept for > > > > the presence of computer viruses and is believed to be clean. > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Apr 6 14:03:38 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 14:03:48 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <02e901c65978$c8d270a0$0600a8c0@roger> Message-ID: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> Roger Not sure on this thread, seems to be quite old.... Can you start a new thread with the problem, version numbers of software etc. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Roger Jochem > Sent: 06 April 2006 13:51 > To: MailScanner discussion > Subject: Re: Sendmail Upgrade, other problem > > Unfortunately now MailScanner is VERY slow, when someone sends a large > e-mail. > > If somebody can give me a better solution, I would appreciate... > > Regards > > Roger Jochem > > ----- Original Message ----- > From: "Roger Jochem" > To: "MailScanner discussion" > Sent: Wednesday, April 05, 2006 6:52 AM > Subject: Re: Sendmail Upgrade, other problem > > > > Thanks! > > > > I really could do that, but I think this would make thinks too slow > > here... Normaly there are 4 or 5 childrens running, some times even > more. > > But if there is no other solution to that case, I will give that a try. > > > > Regards > > > > Roger Jochem > > > > ----- Original Message ----- > > From: > > To: "MailScanner discussion" > > Sent: Tuesday, April 04, 2006 5:09 PM > > Subject: Re: Sendmail Upgrade, other problem > > > > > >> On 04.04.2006 21:41, Roger Jochem wrote: > >> > >>> Regarding to my problem (bellow) I found the following lines in my > >>> maillog > >>> srv MailScanner[9596]: Failed to link message body between queues > >>> (/var/spool/mqueue/dfi8R9KQqf010458 --> > >>> /var/spool/mqueue.in/dfi8R9KQqf010458) > >>> > >>>>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: > >>>>>> > >>>>>>> After the sendmail upgrade to 8.13.6, some of my messages come > with > >>>>>>> no body, and the text "<<< No Message Collected >>>" in the > body... > >>>>>>> They appear twice in the users inbox, one with this body, and one > >>>>>>> ok message (with the original body). > >>>>>> > >> > >> google > >> > >> > http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.htm > l > >> > >> *Author: *Ryan > >> *Date: * 2004-10-25 06:21 +200 > >> *To: *plug > >> *Subject: *[plug] MailScanner children fighting > >> > >> Hi PLUG, > >> > >> I've just upgraded my MailScanner to v4.34.8. Before I knock on their > >> door about this problem I was wondering if anyone has seen it? > >> > >> With the default 5 children running, it appear that sometimes two > >> childen pick up the same message and then whichever finishes last > >> reports an error about it. Below is the output, you can see that two > >> MailScanner processes detect the email waiting, both scan it, then one > >> delivers it and the other one wonders where it went. The leads to 2 > >> messages being sent to the recipient, one with the full message, and > the > >> other empty saying "<<< No Message Collected >>>" > >> > >> If I reduce the max children to one, things obviously are a touch > slower > >> off the mark, but it stops the children fighting over the messages. > >> > >> > >> -- > >> shrek-m > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From roger at rudnick.com.br Thu Apr 6 14:58:23 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 14:59:18 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> Message-ID: <03a801c65982$2db2a220$0600a8c0@roger> I'm rellating my problem again like Martin asked, to see if anybody could help. I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, I'm receiving some mails twice, one with no body (outlook shows <<< No Message Collected >>>) and one complete mail (with the original body). Looktype in MailScanner is (and already was before the upgrade) "posix". My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. When this error occurs, I can se in my maillog messages like: MailScanner[9596]: Failed to link message body between queues (/var/spool/mqueue/dfi8R9KQqf010458 --> /var/spool/mqueue.in/dfi8R9KQqf010458) Shrek-m googled (I'm was told this is acepptable now : "googled") my problem and found a similar one, and the solution was to decrease the max children in MailScanner.conf to a single one. I did that, but the obvious problem that this created is that when lots of mails come in, MailScanner became extremly slow, and users wait 20 minutes or more to receive a single message. So, today I turned that back, to my usual number of childrens. And, obviuosly, my problem returned, some messages are received twice. Other info, Julian asked me for the info returned by sendmail -d0.1 -d0.4 -bt < /dev/null That returned: Version 8.13.6 Compiled with: DNSMAP LDAPMAP FSTATMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB USE_LDAP_INIT Canonical name: mail.rudnick.com.br UUCP nodename: mail.rudnick.com.br a.k.a.: mail a.k.a.: [172.16.0.1] Another info I think may be usefull, is that before sendmail 8.13.6, postfix was installed on my machine, but I wasn't using it. Trying to upgrade sendmail to 8.13.6, it told me that sendmail conflicts with postfix. So I removed it. I don't know if that has something to do with my problem... Any help would be really appreciated. Regards Roger Jochem From brett at wrl.org Thu Apr 6 15:25:21 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu Apr 6 15:26:33 2006 Subject: A way to give local mail priority? Message-ID: I'd be grateful for any suggestions anyone can offer! SPECIFICS: Debian 3.1, kernel 2.6.8, Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb packages) Majordomo 1.94.5 Greetings, I have MailScanner installed on a P4 3.2 GHz machine with 2 GB of RAM. With MailScanner running SpamAssassin rules *and* RBL checks my Majordomo mail (generated and delivered locally) takes as long as an hour to end up in users' inboxes. It appears that my local mail gets stuck in the queue with the SPAM and the machine just has to chew through it all FIFO and my staff need to have departmental mail make it through in 10 minutes or less if at all possible. When I switch off SpamAssassin and just do RBL checks things work reasonably quick, but obviously a lot more SPAM gets through. I have From: *@wrl.org yes in my "Is Definitely Not Spam" file, but again, with SA rules switched on and lots of email piling in, the queue processing drops to a crawl. I know I need to expand my RAM (I *am* seeing a lot of swapping with SA turned on) but even once I get 8 GB or so, I suspect these delays in Majordomo mail this will continue. Is there a way to give "priority" to local mail so that MailScanner not only keeps its hands off but Sendmail is told to deliver immediately? Or should I run Sendmail with two queues? -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From martinh at solid-state-logic.com Thu Apr 6 15:36:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 15:36:08 2006 Subject: A way to give local mail priority? In-Reply-To: Message-ID: <00fd01c65987$6ceebc80$3004010a@martinhlaptop> Looks likes a problem with performance...have gone through the MailScanner tuning exercise...an hour to process email shouldn't be happening - people here would noticed after a minute! http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:per formance also the latest and greatest release (yours is about 1 year old) has some really nice performance tweaks in it that you may find usefull. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brett Charbeneau > Sent: 06 April 2006 15:25 > To: mailscanner@lists.mailscanner.info > Subject: A way to give local mail priority? > > I'd be grateful for any suggestions anyone can offer! > > > SPECIFICS: > Debian 3.1, kernel 2.6.8, > Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb packages) > Majordomo 1.94.5 > > Greetings, > > I have MailScanner installed on a P4 3.2 GHz machine with 2 GB of > RAM. > With MailScanner running SpamAssassin rules *and* RBL checks my > Majordomo mail (generated and delivered locally) takes as long as an hour > to > end up in users' inboxes. > It appears that my local mail gets stuck in the queue with the SPAM > and > the machine just has to chew through it all FIFO and my staff need to have > departmental mail make it through in 10 minutes or less if at all > possible. > When I switch off SpamAssassin and just do RBL checks things work > reasonably quick, but obviously a lot more SPAM gets through. > I have > > From: *@wrl.org yes > > in my "Is Definitely Not Spam" file, but again, with SA rules > switched on > and lots of email piling in, the queue processing drops to a crawl. > I know I need to expand my RAM (I *am* seeing a lot of swapping with > SA > turned on) but even once I get 8 GB or so, I suspect these delays in > Majordomo > mail this will continue. > Is there a way to give "priority" to local mail so that MailScanner > not > only keeps its hands off but Sendmail is told to deliver immediately? Or > should > I run Sendmail with two queues? > > -- > ******************************************************************** > Brett Charbeneau > Network Administrator > Williamsburg Regional Library > 7770 Croaker Road > Williamsburg, VA 23188-7064 > (757)259-4044 www.wrl.org > (757)259-4079 (fax) brett@wrl.org > ******************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From alex at nkpanama.com Thu Apr 6 15:41:30 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Apr 6 15:41:56 2006 Subject: A way to give local mail priority? In-Reply-To: <00fd01c65987$6ceebc80$3004010a@martinhlaptop> References: <00fd01c65987$6ceebc80$3004010a@martinhlaptop> Message-ID: <4435289A.1080205@nkpanama.com> Martin Hepworth wrote: > also the latest and greatest release (yours is about 1 year old) has some > really nice performance tweaks in it that you may find usefull. > >> I have >> >> From: *@wrl.org yes >> There's that and there's also the easily spoofable *@me.org whitelist. He should probably change it to From: 127.0.0.1 and From: *.wrl.org yes Or he could go as far as: Scan Messages = %rules-dir%/scanmessages.rules [scanmessages.rules] From: 127.0.0.1 and From: *@wrl.org no FromOrTo: default yes Right? From alex at nkpanama.com Thu Apr 6 15:51:13 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Apr 6 15:52:09 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <03a801c65982$2db2a220$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> Message-ID: <44352AE1.9000505@nkpanama.com> Roger Jochem wrote: > When this error occurs, I can se in my maillog messages like: > > MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > I've had the exact same problem before, and since then I rarely leave "max children =" set to more than 1 unless the server is quite busy. Call me crazy but since MailScanner is so darn fast I would ask myself if the slowness is related to lack of RAM or some other factor. There's that, and there's also the fact that you can tell MailScanner not to use SpamAssassin for messages larger than a certain size. After googling around myself I found a guy having the same problem because he was running a separate sendmail service which was getting confused. Try stopping MailScanner, waiting a few seconds, and using "ps -ax | grep sendmail" to see if there are any more instances running. If there are, kill them and start MailScanner again. From G.Pentland at soton.ac.uk Thu Apr 6 15:59:34 2006 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Thu Apr 6 15:59:39 2006 Subject: A way to give local mail priority? Message-ID: <71437982F5B13A4D9A5B2669BDB89EE403A84CC4@ISS-CL-EX-V1.soton.ac.uk> The rules will work but if the majordomo server is a separate box from the MailScanner machine then you can use a bit of thought in the flow of mail to tidy things up. 1. Set the majordomo box to only receive mail from the Mailscanner. 2. Set up the majordomo box to deliever mail to filestore Now mail generated by majordmo will have been scanned before the list gets expanded and then delivered directly to disk without scanning it again. This obviously depends on if your site is big enough to require multiple machines etc. but I thought it was worth posting as thinking about routing and mail flow in a larger site generally helps with many issues. Just my 2c Gary Alex Neuman van der Hans wrote: > Martin Hepworth wrote: >> also the latest and greatest release (yours is about 1 year old) has >> some really nice performance tweaks in it that you may find usefull. >> >>> I have >>> >>> From: *@wrl.org yes >>> > There's that and there's also the easily spoofable *@me.org whitelist. > He should probably change it to > > From: 127.0.0.1 and From: *.wrl.org yes > > Or he could go as far as: > > Scan Messages = %rules-dir%/scanmessages.rules > > [scanmessages.rules] > > From: 127.0.0.1 and From: *@wrl.org no > FromOrTo: default yes > > > Right? From cconn at abacom.com Thu Apr 6 16:00:12 2006 From: cconn at abacom.com (Chris Conn) Date: Thu Apr 6 16:00:19 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: <008101c65954$f810e6e0$3004010a@martinhlaptop> References: <008101c65954$f810e6e0$3004010a@martinhlaptop> Message-ID: <44352CFC.6090903@abacom.com> Martin Hepworth wrote: > Adri > > Have a look in MailScanner.conf and the Advanced SpamAssassin Settings > section. You can put extra things into the SA rules path there, > > Also I presume you're restarting MS after the update and not just waiting > for the children to die? > > -- Hello, This thread has confused the heck out of me. Is the conclusion that you can add a variable to spam.assassin.prefs.conf, MailScanner.conf or is there no configurable solution at this time? Thanks, Chris From dickenson at cfmc.com Thu Apr 6 16:08:31 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Thu Apr 6 16:08:39 2006 Subject: Question about from address In-Reply-To: Message-ID: I have this option specified: Add Envelope From Header = yes That is what adds this header: MailScanner-From: frame< @ >scrappy.surveyspot.com And I still do not understand why it shows this address and not the address that is shown in my sendmail list as being the sender: sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Kai Schaetzl > Reply-To: MailScanner discussion > Date: Thu, 06 Apr 2006 03:31:21 +0200 > To: > Subject: *CfMC-Spam= 5.73* Re: *CfMC-Spam= 5.73* *CfMC-Spam= 5.53* Question > about from address > > Jim Dickenson wrote on Wed, 05 Apr 2006 15:37:31 -0700: > >> This is what looks wrong to me. I thought both of these should be the >> envelope email address. > > Sorry, I haven't enabled logging that much, so I don't know what MailScanner > will show there. Do you let MailScanner add an Envelope-From? If so, what do > you get there? > >> I use a MS rule to do the white-listing. That is not the real problem. The >> problem is that the MailScanner-From header does not have the envelope email >> address. > > And that is the From from the header of the message or where does it come > from? > As I said I don't know if it should match the Envelope-From since it's only > informational. Do your other whitelists work? I mean you could just have an > error in your whitelist entry? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Thu Apr 6 16:13:33 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 16:13:48 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: References: Message-ID: Adri Koppes wrote on Thu, 6 Apr 2006 10:02:32 +0200: > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > running spamassassin -D --lint, I can see the new rules being used. Are you 100% sure? I mean these lines are long and can easily mistaken with the original ones on first glance. Is /var/lib/spamassassin/3.001001/updates_spamassassin_org where your local.cf normally resides? sa uses /etc/mail/spamassassin as the local rules dir when compiled with default options on Linux and sa-update downloads by default to /etc/mail/spamassassin/updates_spamassassin_org, but it won't use it since sa doesn't scan subdirectories for config files. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 6 16:13:33 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 16:13:55 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: References: Message-ID: Adri Koppes wrote on Thu, 6 Apr 2006 10:02:32 +0200: > I am running the MailScanner port on FreeBSD 5.4 with sendmail as my MTA > and SpamAssassin 3.1.1. > I recently ran the 'sa-update' program included in SpamAssassin to pick > up newly added and changed rules. On first time use I got: error: can't verify SHA1 signature channel: SHA1 verification failed, channel failed but now it works. But rules get actually placed in a subdirectory of the specified path. They won't be used there, won't they? Also, shouldn't it replace the original files in /usr/share/spamassassin instead of going to /etc/mail/spamassassin/updates_spamassassin_org by default? It's also not clear at all, if any of the rules changed, (unless I do a diff) it seems to have downloaded the whole bunch. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ljosnet at gmail.com Thu Apr 6 16:42:25 2006 From: ljosnet at gmail.com (emm1) Date: Thu Apr 6 16:42:27 2006 Subject: Good Postfix guide on FreeBSD Message-ID: <910ee2ac0604060842m772867cdq6dd9409f3350115f@mail.gmail.com> Hello, I'm looking into setting up Postfix on my FreeBSD mail-relay server. It will scan and clean messages for about 300 domains and forward it to another server. I've been trying to find a good step-by-step information about this but no luck yet. Can anyone point me in the right direction? Thanks! From drew at themarshalls.co.uk Thu Apr 6 17:07:55 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Apr 6 17:08:04 2006 Subject: Good Postfix guide on FreeBSD In-Reply-To: <910ee2ac0604060842m772867cdq6dd9409f3350115f@mail.gmail.com> References: <910ee2ac0604060842m772867cdq6dd9409f3350115f@mail.gmail.com> Message-ID: <48175.194.70.180.170.1144339675.squirrel@webmail.r-bit.net> On Thu, April 6, 2006 16:42, emm1 wrote: > Hello, I'm looking into setting up Postfix on my FreeBSD mail-relay > server. It will scan and clean messages for about 300 domains and > forward it to another server. I've been trying to find a good > step-by-step information about this but no luck yet. Can anyone point > me in the right direction? Well I would start with just a basic FreeBSD setup, add Postfix from the ports tree then have a read of the wiki (http://wiki.mailscanner.info) there is loads of information regarding setting up Postfix like this in there. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From smf at f2s.com Thu Apr 6 17:34:24 2006 From: smf at f2s.com (Steve Freegard) Date: Thu Apr 6 17:34:10 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <03a801c65982$2db2a220$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> Message-ID: <1144341264.8435.69.camel@localhost.localdomain> Hi Roger, On Thu, 2006-04-06 at 10:58 -0300, Roger Jochem wrote: > I'm rellating my problem again like Martin asked, to see if anybody could > help. > > I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, I'm > receiving some mails twice, one with no body (outlook shows <<< No Message > Collected >>>) and one complete mail (with the original body). Looktype in > MailScanner is (and already was before the upgrade) "posix". > > My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. > > When this error occurs, I can se in my maillog messages like: > > MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > Are /var/spool/mqueue and /var/spool/mqueue.in on the same partition? Kind regards, Steve. From brett at wrl.org Thu Apr 6 17:43:21 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu Apr 6 17:44:20 2006 Subject: A way to give local mail priority? In-Reply-To: References: Message-ID: Thanks to Martin Hepworth and Alex Neuman van der Hans - I appreciate the replies! It seems that I need to do some serious tuning on the server. I spent some good time with the kind folks in the MailScanner IRC room as well and got some additional tips about turning SA rules on one at a time and such. Bottom line: my P4 server should be able to keep up with the 7000+ emails we get daily without sweat. So it's a config deal that I'll concentrate on. Thank you again for your help! ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** On Thu, 6 Apr 2006, Brett Charbeneau wrote: BC> I'd be grateful for any suggestions anyone can offer! BC> BC> BC> SPECIFICS: BC> Debian 3.1, kernel 2.6.8, BC> Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb packages) BC> Majordomo 1.94.5 BC> BC> Greetings, BC> BC> I have MailScanner installed on a P4 3.2 GHz machine with 2 GB of BC> RAM. BC> With MailScanner running SpamAssassin rules *and* RBL checks my BC> Majordomo mail (generated and delivered locally) takes as long as an hour to BC> end up in users' inboxes. BC> It appears that my local mail gets stuck in the queue with the SPAM BC> and the machine just has to chew through it all FIFO and my staff need to BC> have departmental mail make it through in 10 minutes or less if at all BC> possible. BC> When I switch off SpamAssassin and just do RBL checks things work BC> reasonably quick, but obviously a lot more SPAM gets through. BC> I have BC> BC> From: *@wrl.org yes BC> BC> in my "Is Definitely Not Spam" file, but again, with SA rules BC> switched on BC> and lots of email piling in, the queue processing drops to a crawl. BC> I know I need to expand my RAM (I *am* seeing a lot of swapping with BC> SA turned on) but even once I get 8 GB or so, I suspect these delays in BC> Majordomo mail this will continue. BC> Is there a way to give "priority" to local mail so that MailScanner BC> not only keeps its hands off but Sendmail is told to deliver immediately? Or BC> should I run Sendmail with two queues? BC> BC> -- From glenn.steen at gmail.com Thu Apr 6 17:46:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 17:46:29 2006 Subject: Question about from address In-Reply-To: References: Message-ID: <223f97700604060946l5966273et79ddaf3b1843496@mail.gmail.com> On 06/04/06, Jim Dickenson wrote: > I have this option specified: > > Add Envelope From Header = yes > > > > That is what adds this header: > > MailScanner-From: frame< @ >scrappy.surveyspot.com > > And I still do not understand why it shows this address and not the address > that is shown in my sendmail list as being the sender: > > sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> > > Stupid question perhaps, but are you quite certain you are looking at the right message for that log entry? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 6 17:51:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 17:51:28 2006 Subject: Question about from address In-Reply-To: <223f97700604060946l5966273et79ddaf3b1843496@mail.gmail.com> References: <223f97700604060946l5966273et79ddaf3b1843496@mail.gmail.com> Message-ID: <223f97700604060951xe2cc1a0r57628a027c2e0486@mail.gmail.com> On 06/04/06, Glenn Steen wrote: > On 06/04/06, Jim Dickenson wrote: > > I have this option specified: > > > > Add Envelope From Header = yes > > > > > > > > That is what adds this header: > > > > MailScanner-From: frame< @ >scrappy.surveyspot.com > > > > And I still do not understand why it shows this address and not the address > > that is shown in my sendmail list as being the sender: > > > > sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> > > > > > Stupid question perhaps, but are you quite certain you are looking at > the right message for that log entry? If you "simulate" the mail via telnet, specifying different senders in the envelope and the headers, what do you see then? (Easily extrapolated from http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion if you need help with using telnet for this) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From a.peacock at chime.ucl.ac.uk Thu Apr 6 17:58:30 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Apr 6 17:58:42 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <1144341264.8435.69.camel@localhost.localdomain> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> <1144341264.8435.69.camel@localhost.localdomain> Message-ID: <443548B6.9040308@chime.ucl.ac.uk> Hi, Steve Freegard wrote: > Hi Roger, > > On Thu, 2006-04-06 at 10:58 -0300, Roger Jochem wrote: >> I'm rellating my problem again like Martin asked, to see if anybody could >> help. >> >> I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, I'm >> receiving some mails twice, one with no body (outlook shows <<< No Message >> Collected >>>) and one complete mail (with the original body). Looktype in >> MailScanner is (and already was before the upgrade) "posix". >> >> My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. >> >> When this error occurs, I can se in my maillog messages like: >> >> MailScanner[9596]: Failed to link message body between queues >> (/var/spool/mqueue/dfi8R9KQqf010458 --> >> /var/spool/mqueue.in/dfi8R9KQqf010458) >> > > Are /var/spool/mqueue and /var/spool/mqueue.in on the same partition? Use the source Luke! Although I don't know the definitive answer to this, I have been following this thread with interest. My interest became so piqued that I decided to track down the error message. MailScanner/SMDiskStore.pm in the LinkData subroutine. The comment states: # If the link fails for some reason (usually caused by sendmail calling # 2 messages the same thing in a very short time), then just skip this # message and move on to the next one. This one will get delivered when # the previous one with the same name has been delivered. This uses the Perl link function, which works in the same way as the UNIX hard link. This does have known problems across file systems. The other obvious cause could be a problem with locking. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From bob.jones at usg.edu Thu Apr 6 18:05:40 2006 From: bob.jones at usg.edu (Bob Jones) Date: Thu Apr 6 18:05:48 2006 Subject: Location of perl in #! of Mailscanner scripts In-Reply-To: <625385e30604060032j40edfeaepe762542156215e3f@mail.gmail.com> References: <443402F7.6020907@usg.edu> <625385e30604060032j40edfeaepe762542156215e3f@mail.gmail.com> Message-ID: <44354A64.2060606@usg.edu> shuttlebox wrote: > On 4/5/06, Bob Jones wrote: >> Next I go to run Mailscanner and it goes kablooey. I get to >> looking around and I see why. Even though I specified an alternate >> location of perl in the install script, all the Mailscanner perl scripts >> (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. >> Shouldn't the install script change these headings to the specified perl >> or am I missing something? I can't just put a link in /usr/bin as the >> legacy perl is needed for other things. > > I use a symbolic link on my Solaris systems, the legacy stuff uses > hard coded paths so it doesn't depend on /usr/bin/perl. While this is true, a symbolic link does fix it if you can replace the perl that's there. It just seems to me conceptually that you have an install script that allows you to tell it where your perl lives, that script should make the nescessary corrections to the perl scripts in the distribution so that they point to the location you give it. -- Bob Jones bob.jones@usg.edu OIIT, The Board of Regents The University System of Georgia From dickenson at cfmc.com Thu Apr 6 18:06:51 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Thu Apr 6 18:07:04 2006 Subject: Question about from address In-Reply-To: <223f97700604060951xe2cc1a0r57628a027c2e0486@mail.gmail.com> Message-ID: As best as I can tell this is the same email. I have had problems with just this email address for some time. What I do is have my clients send me just the MailScanner-From address when they want to have something white-listed. This has worked except for this particular email address. I looked at this a bit and that is when I noticed that the email address in the sendmail log file did not match the MailScanner-From email address. I do not have the original email message so I can not look at all the headers but I do see this: From: Survey Sampling International scrappy.surveyspot.com> I will try doing a telnet test when I have some time in the next day or so and let you all know. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Glenn Steen > Reply-To: MailScanner discussion > Date: Thu, 6 Apr 2006 18:51:27 +0200 > To: MailScanner discussion > Subject: *CfMC-Spam=12.68* Re: Question about from address > > On 06/04/06, Glenn Steen wrote: >> On 06/04/06, Jim Dickenson wrote: >>> I have this option specified: >>> >>> Add Envelope From Header = yes >>> >>> >>> >>> That is what adds this header: >>> >>> MailScanner-From: frame< @ >scrappy.surveyspot.com >>> >>> And I still do not understand why it shows this address and not the address >>> that is shown in my sendmail list as being the sender: >>> >>> sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> >>> >>> >> Stupid question perhaps, but are you quite certain you are looking at >> the right message for that log entry? > > If you "simulate" the mail via telnet, specifying different senders in > the envelope and the headers, what do you see then? (Easily > extrapolated from > http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:c > onnexion > if you need help with using telnet for this) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From roger at rudnick.com.br Thu Apr 6 18:17:10 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 18:17:31 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger> <1144341264.8435.69.camel@localhost.localdomain> Message-ID: <04b001c6599d$f0cc3490$0600a8c0@roger> Yes. They are in the "/" partition (/dev/hda3). ----- Original Message ----- From: "Steve Freegard" To: "MailScanner discussion" Sent: Thursday, April 06, 2006 1:34 PM Subject: Re: Sendmail Upgrade, new thread > Hi Roger, > > On Thu, 2006-04-06 at 10:58 -0300, Roger Jochem wrote: >> I'm rellating my problem again like Martin asked, to see if anybody could >> help. >> >> I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, >> I'm >> receiving some mails twice, one with no body (outlook shows <<< No >> Message >> Collected >>>) and one complete mail (with the original body). Looktype >> in >> MailScanner is (and already was before the upgrade) "posix". >> >> My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. >> >> When this error occurs, I can se in my maillog messages like: >> >> MailScanner[9596]: Failed to link message body between queues >> (/var/spool/mqueue/dfi8R9KQqf010458 --> >> /var/spool/mqueue.in/dfi8R9KQqf010458) >> > > Are /var/spool/mqueue and /var/spool/mqueue.in on the same partition? > > Kind regards, > Steve. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From roger at rudnick.com.br Thu Apr 6 18:19:08 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 18:19:31 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger><1144341264.8435.69.camel@localhost.localdomain> <443548B6.9040308@chime.ucl.ac.uk> Message-ID: <04bb01c6599e$36fb6df0$0600a8c0@roger> Really strange, I guess... In Google there are lots of problems like mine but no one has a good solution.... ----- Original Message ----- From: "Anthony Peacock" To: "MailScanner discussion" Sent: Thursday, April 06, 2006 1:58 PM Subject: Re: Sendmail Upgrade, new thread > Hi, > > Steve Freegard wrote: >> Hi Roger, >> >> On Thu, 2006-04-06 at 10:58 -0300, Roger Jochem wrote: >>> I'm rellating my problem again like Martin asked, to see if anybody >>> could help. >>> >>> I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, >>> I'm receiving some mails twice, one with no body (outlook shows <<< No >>> Message Collected >>>) and one complete mail (with the original body). >>> Looktype in MailScanner is (and already was before the upgrade) "posix". >>> >>> My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. >>> >>> When this error occurs, I can se in my maillog messages like: >>> >>> MailScanner[9596]: Failed to link message body between queues >>> (/var/spool/mqueue/dfi8R9KQqf010458 --> >>> /var/spool/mqueue.in/dfi8R9KQqf010458) >>> >> >> Are /var/spool/mqueue and /var/spool/mqueue.in on the same partition? > > Use the source Luke! > > Although I don't know the definitive answer to this, I have been following > this thread with interest. My interest became so piqued that I decided to > track down the error message. > > MailScanner/SMDiskStore.pm in the LinkData subroutine. > > The comment states: > > # If the link fails for some reason (usually caused by sendmail calling > # 2 messages the same thing in a very short time), then just skip this > # message and move on to the next one. This one will get delivered when > # the previous one with the same name has been delivered. > > This uses the Perl link function, which works in the same way as the UNIX > hard link. This does have known problems across file systems. > > The other obvious cause could be a problem with locking. > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Thu Apr 6 18:31:24 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 18:31:40 2006 Subject: Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Thu, 06 Apr 2006 08:08:31 -0700: > And I still do not understand why it shows this address and not the address > that is shown in my sendmail list as being the sender: I don't either. Can you post the header of the message? Is it for sure that what sendmail shows in the log *is* the envelope-from? I mean it usually is, but maybe your sendmail or sendmail.cf is "special"? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Thu Apr 6 18:40:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 18:40:54 2006 Subject: Question about from address In-Reply-To: References: Message-ID: <223f97700604061040w6dcd2b0awba33a49a3af7bcb9@mail.gmail.com> On 06/04/06, Kai Schaetzl wrote: > Jim Dickenson wrote on Thu, 06 Apr 2006 08:08:31 -0700: > > > And I still do not understand why it shows this address and not the address > > that is shown in my sendmail list as being the sender: > > I don't either. Can you post the header of the message? Is it for sure that > what sendmail shows in the log *is* the envelope-from? I mean it usually is, > but maybe your sendmail or sendmail.cf is "special"? > > Kai > I think Jims telnet experiments will tell us this... One other possibility, albeit remote (since I do beleive that Jules "sanitizes" the headers, so that there can only be one X-MailScanner-From: ...), would be if there is more than one MailScanner involved, thoroughly confusing matters. Or perhaps the customer is too lazy to actually get at the headers, and just "invent" them from what they "think they should be".....:-) Jim, you should really demand that the customer provide at least one "problem message" _as verbatim as possible_. Would be a shame to waste time on something that turns out to be a red herrirng:-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From smf at f2s.com Thu Apr 6 19:10:43 2006 From: smf at f2s.com (Steve Freegard) Date: Thu Apr 6 19:10:28 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <04b001c6599d$f0cc3490$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> <1144341264.8435.69.camel@localhost.localdomain> <04b001c6599d$f0cc3490$0600a8c0@roger> Message-ID: <1144347043.8435.71.camel@localhost.localdomain> Hi Roger, On Thu, 2006-04-06 at 14:17 -0300, Roger Jochem wrote: > Yes. They are in the "/" partition (/dev/hda3). Good - what is your setting for 'Lock Type' in MailScanner.conf? Cheers, Steve. From roger at rudnick.com.br Thu Apr 6 19:17:04 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 19:17:23 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger><1144341264.8435.69.camel@localhost.localdomain><04b001c6599d$f0cc3490$0600a8c0@roger> <1144347043.8435.71.camel@localhost.localdomain> Message-ID: <05e001c659a6$4ea5a6c0$0600a8c0@roger> Hi Steve It's Posix ----- Original Message ----- From: "Steve Freegard" To: "MailScanner discussion" Sent: Thursday, April 06, 2006 3:10 PM Subject: Re: Sendmail Upgrade, new thread > Hi Roger, > > On Thu, 2006-04-06 at 14:17 -0300, Roger Jochem wrote: >> Yes. They are in the "/" partition (/dev/hda3). > > Good - what is your setting for 'Lock Type' in MailScanner.conf? > > Cheers, > Steve. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From max at kipness.com Thu Apr 6 19:56:24 2006 From: max at kipness.com (Max Kipness) Date: Thu Apr 6 19:56:36 2006 Subject: Still stuck in queue, version 4.52.2 Message-ID: <51ffbdaa09c1df9f08e1c94ba9f0e9fe@localhost> I've since upgraded to version 4.52.2, and I'm getting better performance (probably less getting stuck in the queue), yet yesterday there was one message that got processed over 6000 times! Here is a sample of one that got stuck today. It's been processed 512 times. Any clue to what else I can do to remedy this issue? Apr 6 06:42:03 xxx MailScanner[12537]: SpamAssassin cache hit for message k36BOeGt011418 Apr 6 06:42:03 xxx MailScanner[12537]: Message k36BOeGt011418 from 86.202.15.121 (sdouhbhj@yahoo.com) to xxx.com is spam, SpamAssassin (score=26.748, required 6, autolearn=spam, BAYES_99 3.50, FORGED_YAHOO_RCVD 1.85, HELO_DYNAMIC_IPADDR 4.20, HTML_FONT_LOW_CONTRAST 0.19, HTML_IMAGE_ONLY_20 1.16, HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_3 0.88, LONGWORDS 3.79, MIME_BOUND_DIGITS_15 2.95, MIME_HTML_ONLY 0.00, MSGID_FROM_MTA_HEADER 0.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, UNPARSEABLE_RELAY 0.00, URIBL_JP_SURBL 4.09, URIBL_SBL 1.64) Apr 6 06:42:04 xxx MailScanner[12537]: Spam Actions: message k36BOeGt011418 actions are store Apr 6 06:42:07 sxxx MailScanner[12537]: Filename Checks: Very long filename, possible OE attack (k36BOeGt011418 dinah deprave annoyance tribesmen five stepson convince barnstorm assistant given forsaken rhetoric jugate carabao meteor abelian sophia frisky vulnerable debug pottery capetown hollyhock tor crusty .gif) Apr 6 06:42:07 xxx MailScanner[12537]: Saved entire message to /var/spool/MailScanner/quarantine/20060406/k36BOeGt011418 Apr 6 06:42:07 xxx MailScanner[12537]: Saved infected "dinah deprave .gif" to /var/spool/MailScanner/quarantine/20060406/k36BOeGt011418 -- Thanks, Max From derek at csolve.net Thu Apr 6 21:00:56 2006 From: derek at csolve.net (Derek Buttineau | Compu-SOLVE) Date: Thu Apr 6 21:01:08 2006 Subject: SA Cache Check Patch Message-ID: <44357378.8020602@csolve.net> Hello All, I've included a patch that addresses a small issue with the SpamAssassin caching and differing Required Spam Scores. All it does is take the cached results and adjusts the $SAResult, $SAHitList and $HighScoring variables to correctly represent the scoring for the recipients on the particular instance of the message. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies Inc. 705.725.1212 x255 -------------- next part -------------- A non-text attachment was scrubbed... Name: SA.pm.patch Type: text/x-patch Size: 1606 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060406/4f3180e1/SA.pm.bin From derek at csolve.net Thu Apr 6 21:08:47 2006 From: derek at csolve.net (Derek Buttineau | Compu-SOLVE) Date: Thu Apr 6 21:08:56 2006 Subject: SA Cache Check Patch In-Reply-To: <44357378.8020602@csolve.net> References: <44357378.8020602@csolve.net> Message-ID: <4435754F.2080806@csolve.net> Oh, almost forgot, the patch is on the 4.50.15_1 release. Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies Inc. 705.725.1212 x255 Derek Buttineau | Compu-SOLVE wrote: > Hello All, > > I've included a patch that addresses a small issue with the SpamAssassin > caching and differing Required Spam Scores. All it does is take the cached > results and adjusts the $SAResult, $SAHitList and $HighScoring variables > to correctly represent the scoring for the recipients on the particular > instance of the message. From Denis.Beauchemin at USherbrooke.ca Thu Apr 6 21:15:00 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Apr 6 21:15:33 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4435589B.1000905@ecs.soton.ac.uk> References: <4435589B.1000905@ecs.soton.ac.uk> Message-ID: <443576C4.9030200@USherbrooke.ca> Julian Field a ?crit : > I have just upgraded my easy-to-install package of ClamAV and > SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. > > It can be downloaded from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Julian, Works pretty well, except that it always add the following lines at the end of init.pre, even if they are already present: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL I also end up with two almost identical files: init.pre and v310.pre . Is this normal? Last comment: it modifies SA's init.pre and v310.pre even if it didn't upgrade SA... Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060406/f1f157d9/smime.bin From jstork at pbco.ca Thu Apr 6 22:27:33 2006 From: jstork at pbco.ca (Johnny Stork) Date: Thu Apr 6 22:29:27 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443576C4.9030200@USherbrooke.ca> Message-ID: <20153784.1144358853203.JavaMail.root@pbco-server3.pbco.ca> On a related question, are both init.pre and v310.pre needed? _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Denis Beauchemin Sent: Thu, 4/6/2006 1:18pm To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 Julian Field a ?crit : > I have just upgraded my easy-to-install package of ClamAV and > SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. > > It can be downloaded from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Julian, Works pretty well, except that it always add the following lines at the end of init.pre, even if they are already present: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL I also end up with two almost identical files: init.pre and v310.pre .?? Is this normal? Last comment: it modifies SA's init.pre and v310.pre even if it didn't upgrade SA... Thanks! Denis -- ?? _ ???v??? Denis Beauchemin, analyste /(_)\??Universit? de Sherbrooke, S.T.I. ??^ ^?? T: 819.821.8000x2252 F: 819.821.8045 From maillists at conactive.com Thu Apr 6 22:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 22:31:37 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443576C4.9030200@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> Message-ID: Denis Beauchemin wrote on Thu, 06 Apr 2006 16:15:00 -0400: > I also end up with two almost identical files: init.pre and v310.pre . > Is this normal? Yes, 310.pre is special for 3.1 and adds stuff that init.pre (came with 3.0) doesn't have. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 6 22:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 22:31:40 2006 Subject: Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Thu, 06 Apr 2006 10:06:51 -0700: > I do not have the original email message so I can not look at all the > headers We/you will need a look at it otherwise we can't be sure that the client sends the right stuff. As Glenn says, it might be another MailScanner or even faked line. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Thu Apr 6 22:38:48 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Apr 6 22:39:00 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443576C4.9030200@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> Message-ID: <44358A68.1010308@evi-inc.com> Denis Beauchemin wrote: > Julian Field a ?crit : >> I have just upgraded my easy-to-install package of ClamAV and >> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >> >> It can be downloaded from >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >> > Julian, > > Works pretty well, except that it always add the following lines at the > end of init.pre, even if they are already present: > loadplugin Mail::SpamAssassin::Plugin::RelayCountry > loadplugin Mail::SpamAssassin::Plugin::SPF > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > I also end up with two almost identical files: init.pre and v310.pre . > Is this normal? Yes, but they should NOT have the same content. Both should be a series of loadplugins commands, but each file should have completely different plugins listed. init.pre has loadplugin statements for plugins present in 3.0.x. v310.pre has loadplugin statements for NEW plugins only present in 3.1.x. This way a SA upgrade won't wipe out your old plugin preferences, or leave you without important new plugins loaded. You should carefully review both files and see if there's any plugins you wish to change the load status of from the defaults. In particular, be aware that SA 3.1.x does not load Razor or DCC support by default. From alex at nkpanama.com Fri Apr 7 02:28:04 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Apr 7 02:29:10 2006 Subject: A way to give local mail priority? In-Reply-To: References: Message-ID: <4435C024.2020903@nkpanama.com> Brett Charbeneau wrote: > > Thanks to Martin Hepworth and Alex Neuman van der Hans - I appreciate > the replies! > It seems that I need to do some serious tuning on the server. I spent > some good time with the kind folks in the MailScanner IRC room as well and got > some additional tips about turning SA rules on one at a time and such. > There's an IRC room? :D Sounds like a nice place to "hang out". I'll look into it... And you're very welcome, indeed. Any chance to help out is welcome - specially when requests are well tought out and include all relevant information ;) From adrik at salesmanager.nl Fri Apr 7 08:30:46 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Fri Apr 7 08:30:47 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Kai, It seems to be sa-update downloads the rules into a separate directory. Have you tried running spamassassin -D after running sa-update? SpamAssassin should find the updated rules from the subdirectory and use them. Next try running MailScanner with 'Debug SpamAssassin = yes' in your MailScanner.conf. Did MailScanner use the new rules? Sa-update seems to download all rules, but there are a few differences. 25_uribl.cf has uribl.com added and there is a new 80_additional.cf, which contains some rules to catch spam with attached gifs. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kai Schaetzl > Sent: donderdag 6 april 2006 17:14 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri Koppes wrote on Thu, 6 Apr 2006 10:02:32 +0200: > > > I am running the MailScanner port on FreeBSD 5.4 with > sendmail as my > > MTA and SpamAssassin 3.1.1. > > I recently ran the 'sa-update' program included in SpamAssassin to > > pick up newly added and changed rules. > > On first time use I got: > > error: can't verify SHA1 signature > channel: SHA1 verification failed, channel failed > > but now it works. But rules get actually placed in a > subdirectory of the specified path. They won't be used there, > won't they? Also, shouldn't it replace the original files in > /usr/share/spamassassin instead of going to > /etc/mail/spamassassin/updates_spamassassin_org by default? > It's also not clear at all, if any of the rules changed, > (unless I do a diff) it seems to have downloaded the whole bunch. > > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Fri Apr 7 08:39:30 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 7 08:39:39 2006 Subject: A way to give local mail priority? In-Reply-To: <4435C024.2020903@nkpanama.com> Message-ID: <008201c65a16$681206b0$3004010a@martinhlaptop> >From the main web site..and the support page.. Community Live Support For immediate help, you can contact other MailScanner users via IRC, using the server irc.freenode.net on the channel #mailscanner. If you are using IPv6, the server is irc.ipv6.freenode.net. You can connect immediately without having to install any IRC software on your computer. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: 07 April 2006 02:28 > To: MailScanner discussion > Subject: Re: A way to give local mail priority? > > Brett Charbeneau wrote: > > > > Thanks to Martin Hepworth and Alex Neuman van der Hans - I > appreciate > > the replies! > > It seems that I need to do some serious tuning on the server. I > spent > > some good time with the kind folks in the MailScanner IRC room as well > and got > > some additional tips about turning SA rules on one at a time and such. > > > > There's an IRC room? :D Sounds like a nice place to "hang out". I'll > look into it... > > And you're very welcome, indeed. Any chance to help out is welcome - > specially when requests are well tought out and include all relevant > information ;) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Fri Apr 7 08:41:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 7 08:41:11 2006 Subject: SA Cache Check Patch In-Reply-To: <44357378.8020602@csolve.net> Message-ID: <008301c65a16$9e9bd170$3004010a@martinhlaptop> Derek Of course for this to work properly you'll have to split the emails into individual recipients - ie be using sendmail or exim. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Derek Buttineau|Compu-SOLVE > Sent: 06 April 2006 21:01 > To: mailscanner@lists.mailscanner.info > Subject: SA Cache Check Patch > > Hello All, > > I've included a patch that addresses a small issue with the SpamAssassin > caching and differing Required Spam Scores. All it does is take the > cached > results and adjusts the $SAResult, $SAHitList and $HighScoring variables > to correctly represent the scoring for the recipients on the particular > instance of the message. > > > -- > Regards, > > Derek Buttineau > Internet Systems Developer > Compu-SOLVE Internet Services > Compu-SOLVE Technologies Inc. > > 705.725.1212 x255 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From grover1711 at gmail.com Fri Apr 7 08:46:57 2006 From: grover1711 at gmail.com (ankush grover) Date: Fri Apr 7 08:47:00 2006 Subject: few questions on mailscanner Message-ID: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> hey friends, I am using MailScanner version 4.4 on Fedora Core 3 with Postfix 2.15. I am very much satisfied with the MailScanner now I want to make few changes in MailScanner like a) Adding Disclaimer for outgoing messages. b) I want to forward all the messages marked as spam to a user and at the same time don't want to send the copy to the recipient(The forward does send a copy to the recipient). c) There are few ex employees of our company on whose ids we keep on getting spam , I want to ban or reject the mails send to their mail ids. d) Is there any way I can reject the mails based on subject header for example if a mail contains subject line as "sex" , I don't want to deliver mails containing such messages. I know most of these questions are very simple to answer or they might be mentioned in the documentation but as my mail server is on production server I don't want to take any chances . I am using Spam Assassin with Clamav. Please let me know if you need any further inputs. Thanks & Regards Ankush Grover -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/6f6c89e3/attachment.html From michele at blacknight.ie Fri Apr 7 08:50:19 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Fri Apr 7 08:50:24 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> Message-ID: <443619BB.9030001@blacknight.ie> ankush grover wrote: > > a) Adding Disclaimer for outgoing messages. So you are scanning outbound mail? If so check the list archives, as this has been done before. It's basically a ruleset > b) I want to forward all the messages marked as spam to a user and at > the same time don't want to send the copy to the recipient(The forward > does send a copy to the recipient). > c) There are few ex employees of our company on whose ids we keep on > getting spam , I want to ban or reject the mails send to their mail ids. Why don't you just remove their mailboxes? Or use milter-ahead if you have already removed them > d) Is there any way I can reject the mails based on subject header for > example if a mail contains subject line as "sex" , I don't want to > deliver mails containing such messages. Have a look at MCP -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From grover1711 at gmail.com Fri Apr 7 09:09:25 2006 From: grover1711 at gmail.com (ankush grover) Date: Fri Apr 7 09:09:30 2006 Subject: few questions on mailscanner In-Reply-To: <443619BB.9030001@blacknight.ie> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> Message-ID: <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> On 4/7/06, Michele Neylon:: Blacknight.ie wrote: > > ankush grover wrote: > > > > > a) Adding Disclaimer for outgoing messages. > > So you are scanning outbound mail? > If so check the list archives, as this has been done before. It's > basically a ruleset I am scanning both outgoing and incoming mails but I want to add the disclaimer if somebody from my domain sends the mail to outside world. Is it possible to add the disclaimer to the outgoing messages something like this The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. > b) I want to forward all the messages marked as spam to a user and at > > the same time don't want to send the copy to the recipient(The forward > > does send a copy to the recipient). > > c) There are few ex employees of our company on whose ids we keep on > > getting spam , I want to ban or reject the mails send to their mail ids. > > Why don't you just remove their mailboxes? Or use milter-ahead if you > have already removed them My scenario is little differnt.I am using catchall mailbox to download the mails and then distribute the mails to the user that is all the mails for my domain goes to a catchall mailbox and then I download all the mails through fetchmail and distribute it. The users who has left their ids have already been deleted but as we are using catchall mailbox we still receive the mails based on their email ids. > d) Is there any way I can reject the mails based on subject header for > > example if a mail contains subject line as "sex" , I don't want to > > deliver mails containing such messages. > > Have a look at MCP I will look at this . Thanks & Regards Ankush Grover -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/73bd63d0/attachment-0001.html From shrek-m at gmx.de Fri Apr 7 09:52:05 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Apr 7 09:52:09 2006 Subject: Sophos v5 In-Reply-To: <1144319483.27368.6.camel@lea.nerc-wallingford.ac.uk> References: <1144319483.27368.6.camel@lea.nerc-wallingford.ac.uk> Message-ID: <44362835.6080104@gmx.de> On 06.04.2006 12:31, Greg Matthews wrote: >Just a data point following someones question about sophos v5... this >will not even install on CentOS v4. the sophos provided install.sh >script dies very quickly with: > > # ./install.sh -v -d /usr/local/Sophos/ > 'import site' failed; use -v for traceback > Traceback (most recent call last): > File "", line 1, in ? > zipimport.ZipImportError: can't decompress data; zlib not > available > > is this really the sav-linux-5-i386 install.sh ?? i doubt because "-v -d" are invalid command-line options. [sophos-av]# ll ../sav-linux-5-i386.tgz -rw-r--r-- 1 root root 48591563 31. M?r 17:19 ../sav-linux-5-i386.tgz [sophos-av]# ./install.sh -v -d /usr/local/Sophos-test/ Invalid command-line option: -v Invalid command-line option: -d install.sh: Install Sophos Anti-Virus Usage: ./install.sh [INSTALL-DIRECTORY] [OPTION] ... [.... --help ...] iirc "/usr/local/Sophos/" is created from MS Sophos.install and i would not install sav in this directory. ---- MS 4.50.15-1 Sophos.install errors in sav 5 install folder ---- [sophos-av]# Sophos.install Clearing out old default Sophos installation libraries Installing Sophos for MailScanner Invalid command-line option: -v Invalid command-line option: -d Invalid command-line option: -s Invalid command-line option: -ni install.sh: Install Sophos Anti-Virus Usage: ./install.sh [INSTALL-DIRECTORY] [OPTION] ... OPTION: [... --help ...] Creating links so Perl-SAVI module compiles Fetching latest IDE virus identities from www.sophos.com Could not calculate Sophos version number, at /usr/lib/MailScanner/sophos-autoupdate line 101. Done. --------- >even tho > # rpm -qa | grep zlib > zlib-devel-1.2.1.2-1.2 > zlib-1.2.1.2-1.2 > > sav5 under fc3(athlon32) 2.6.10 on-demand, on-access, auto-updates, ... = all is ok # uname -a ; rpm -qa zlib* Linux xp1800 2.6.10-1.770_FC3 #1 Thu Feb 24 14:00:06 EST 2005 i686 athlon i386 GNU/Linux zlib-1.2.2.2-1 zlib-devel-1.2.2.2-1 sav5 under fc5(athlon64) 2.6.16 on-demand, auto-updates, ... = ok on-access does not work, the talpa modules are the problem. # tail -5 /opt/sophos-av/talpa/build/talpa-0.9.32/build.log make[4]: *** [/opt/sophos-av/talpa/build/talpa-0.9.32/src/platforms/linux/glue.o] Fehler 1 make[3]: *** [_module_/opt/sophos-av/talpa/build/talpa-0.9.32] Fehler 2 make[2]: *** [talpa_core.ko] Fehler 2 make[1]: *** [all-recursive] Fehler 1 make: *** [all] Fehler 2 # uname -a ; rpm -qa zlib* Linux localhost.localdomain 2.6.16-1.2080_FC5 #1 SMP Tue Mar 28 03:38:47 EST 2006 x86_64 x86_64 x86_64 GNU/Linux zlib-1.2.3-1.2.1 zlib-1.2.3-1.2.1 >In fact Sophos will not even support RHELv4. The product is supported on >ancient versions of redhat up to rhel3. But they do appear to support >its installation on suse with a 2.6 kernel... This seems like a pretty >poor show given how long RHEL4 has been out, and that v5 is due out this >year. > > on-demand is supported on-access is a different thing. http://www.sophos.com/products/es/endpoint-server/sav-linux.html * *Distributions supported for on-access and on-demand scanning* Red Hat Linux 7.2/8.0/9.0 Red Hat Enterprise Linux 2.1/3 - ES/AS/WS SUSE 7.2/8/9.0/9.1/9.2/9.3/Enterprise Server 8/9 TurboLinux 8/10 Server, 8 Enterprise Edition *(For more distributions supported with on-demand scanning only, see the Linux system requirements on the Sophos Anti-Virus for non-Windows platforms page. )* --> http://www.sophos.com/products/es/endpoint-server/sav-non-windows.html * *Linux* on Intel Red Hat 5.1/5.2/6.0/6.1/7.2/8/9 RHEL 2.1/3/4 <== SUSE 6/7/8/9.0/9.1/9.2/9.3/10.0 Enterprise Server 8/9 TurboLinux 6/7/8/10 *(For more distributions supported with both on-access and on-demand scanning, see the Linux system requirements on the Sophos Anti-Virus for Linux page. )* >less surprisingly, they still dont support 64bit architectures. > surprisingly sav 5 on-demand, autoupdate, sav-web, sav-protect(without on-access) is ok under fc5 x86_64 athlon64 2.6.16 >[...snip...] > > -- shrek-m From dyioulos at firstbhph.com Fri Apr 7 12:35:36 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Apr 7 12:35:44 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> Message-ID: <200604070735.37536.dyioulos@firstbhph.com> On Friday April 07 2006 4:09 am, ankush grover wrote: > On 4/7/06, Michele Neylon:: Blacknight.ie wrote: > > ankush grover wrote: > > > a) Adding Disclaimer for outgoing messages. > > > > So you are scanning outbound mail? > > If so check the list archives, as this has been done before. It's > > basically a ruleset > > I am scanning both outgoing and incoming mails but I want to add the > disclaimer if somebody from my domain sends the mail to outside world. > > Is it possible to add the disclaimer to the outgoing messages something > like this > > The information contained in this electronic message and any attachments to > this message are intended for the exclusive use of the addressee(s) and may > contain proprietary, confidential or privileged information. If you are not > the intended recipient, you should not disseminate, distribute or copy this > e-mail. Please notify > the sender immediately and destroy all copies of this message and any > attachments. > > WARNING: Computer viruses can be transmitted via email. The recipient > should check > this email and any attachments for the presence of viruses. The > company accepts no > liability for any damage caused by any virus transmitted by this email. > > > b) I want to forward all the messages marked as spam to a user and at > > > > > the same time don't want to send the copy to the recipient(The forward > > > does send a copy to the recipient). > > > c) There are few ex employees of our company on whose ids we keep on > > > getting spam , I want to ban or reject the mails send to their mail > > > ids. > > > > Why don't you just remove their mailboxes? Or use milter-ahead if you > > have already removed them > > My scenario is little differnt.I am using catchall mailbox to download the > mails and then distribute the mails to the user that is all the mails for > my domain goes to a catchall mailbox and then I download all the mails > through fetchmail and distribute it. > > The users who has left their ids have already been deleted but as we are > using catchall mailbox we still receive the mails based on their email ids. > > > d) Is there any way I can reject the mails based on subject header for > > > > > example if a mail contains subject line as "sex" , I don't want to > > > deliver mails containing such messages. > > > > Have a look at MCP > > I will look at this . > > > Thanks & Regards > > > Ankush Grover I think that you'd edit "inline.sig.txt" and "inline.sig.html" in the MS report directory, then make sure that "Inline HTML Signature = %report-dir%/inline.warning.html" and "Inline HTML Signature = %report-dir%/inline.warning.txt" are uncommented in MailScanner.conf. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From grover1711 at gmail.com Fri Apr 7 13:39:50 2006 From: grover1711 at gmail.com (ankush grover) Date: Fri Apr 7 13:40:00 2006 Subject: few questions on mailscanner In-Reply-To: <200604070735.37536.dyioulos@firstbhph.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> <200604070735.37536.dyioulos@firstbhph.com> Message-ID: <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> > > > > I think that you'd edit "inline.sig.txt" and "inline.sig.html" in the MS > report directory, then make sure that "Inline HTML Signature = > %report-dir%/inline.warning.html" and "Inline HTML Signature = > %report-dir%/inline.warning.txt" are uncommented in MailScanner.conf . > > Dimitri > > hey, both are uncommented in MailScanner.conf but still I am not getting the proper text like what you are getting below This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- inline.warning.txt Warning: This message has had one or more attachments removed Warning: ($filename). Warning: Please read the "$viruswarningname" attachment(s) for more information. inline.sig.txt This message has been scanned for viruses and dangerous content by and is believed to be clean. inline.sig.html This message has been scanned for viruses and dangerous content by NextGen MailScanner, and is believed to be clean. But still I am not able to get the footer message. Thanks & Regards Ankush Grover -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/9b358ca1/attachment.html From dyioulos at firstbhph.com Fri Apr 7 13:59:36 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Apr 7 13:59:45 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <200604070735.37536.dyioulos@firstbhph.com> <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> Message-ID: <200604070859.37091.dyioulos@firstbhph.com> On Friday April 07 2006 8:39 am, ankush grover wrote: > > I think that you'd edit "inline.sig.txt" and "inline.sig.html" in the MS > > report directory, then make sure that "Inline HTML Signature = > > %report-dir%/inline.warning.html" and "Inline HTML Signature = > > %report-dir%/inline.warning.txt" are uncommented in MailScanner.conf . > > > > Dimitri > > > > hey, > > both are uncommented in MailScanner.conf but still I am not getting the > proper text like what you are getting below > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > inline.warning.txt > > Warning: This message has had one or more attachments removed > Warning: ($filename). > Warning: Please read the "$viruswarningname" attachment(s) for more > information. > > inline.sig.txt > This message has been scanned for viruses and > dangerous content by and is believed to be clean. > > inline.sig.html > This message has been scanned for viruses and > dangerous content by NextGen MailScanner, and is > believed to be clean. > > > But still I am not able to get the footer message. > > > Thanks & Regards > > Ankush Grover Sorry. Is "Sign Clean Messages" enabled and set to "= yes" in MailScanner.conf? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Fri Apr 7 14:19:07 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 7 14:19:29 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <44358A68.1010308@evi-inc.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> Message-ID: <443666CB.3080009@USherbrooke.ca> Matt Kettler a ?crit : > Denis Beauchemin wrote: > >> Julian Field a ?crit : >> >>> I have just upgraded my easy-to-install package of ClamAV and >>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>> >>> It can be downloaded from >>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>> >>> >> Julian, >> >> Works pretty well, except that it always add the following lines at the >> end of init.pre, even if they are already present: >> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >> loadplugin Mail::SpamAssassin::Plugin::SPF >> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >> >> I also end up with two almost identical files: init.pre and v310.pre . >> Is this normal? >> > > Yes, but they should NOT have the same content. Both should be a series of > loadplugins commands, but each file should have completely different plugins listed. > > init.pre has loadplugin statements for plugins present in 3.0.x. > v310.pre has loadplugin statements for NEW plugins only present in 3.1.x. > > This way a SA upgrade won't wipe out your old plugin preferences, or leave you > without important new plugins loaded. > > You should carefully review both files and see if there's any plugins you wish > to change the load status of from the defaults. > > In particular, be aware that SA 3.1.x does not load Razor or DCC support by default. > > > Matt, Which file should contain my plugin choice? In other words, which file will not be overwritten by an SA upgrade? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/fb78eab8/smime.bin From gmatt at nerc.ac.uk Fri Apr 7 17:00:26 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Apr 7 17:00:41 2006 Subject: Sophos v5 In-Reply-To: <44362835.6080104@gmx.de> References: <1144319483.27368.6.camel@lea.nerc-wallingford.ac.uk> <44362835.6080104@gmx.de> Message-ID: <1144425626.19279.41.camel@lea.nerc-wallingford.ac.uk> On Fri, 2006-04-07 at 10:52 +0200, shrek-m@gmx.de wrote: > On 06.04.2006 12:31, Greg Matthews wrote: > > >Just a data point following someones question about sophos v5... this > >will not even install on CentOS v4. the sophos provided install.sh > >script dies very quickly with: > > > > # ./install.sh -v -d /usr/local/Sophos/ > > 'import site' failed; use -v for traceback > > Traceback (most recent call last): > > File "", line 1, in ? > > zipimport.ZipImportError: can't decompress data; zlib not > > available > > > > > > is this really the sav-linux-5-i386 install.sh ?? > i doubt because "-v -d" are invalid command-line options. yes it is. I realised that the -v and -d were at least undocumented but I tried them anyway as Sophos *may* have included some backwards compatibility for installation (probably not tho). > [sophos-av]# ll ../sav-linux-5-i386.tgz > -rw-r--r-- 1 root root 48591563 31. M?r 17:19 ../sav-linux-5-i386.tgz [root@myhost build]# pwd /local/software/build [root@myhost build]# ls -l ../sav-linux-5-i386.tgz -rw-r--r-- 1 root root 48591563 Apr 6 11:05 ../sav-linux-5-i386.tgz [root@myhost build]# ls -l sophos-av/ total 68 drwxr-xr-x 2 root root 4096 Mar 20 22:00 doc -rwxr-xr-x 1 root root 3427 Mar 20 21:21 install.sh drwxr-xr-x 4 root root 4096 Mar 20 22:00 savi drwxr-xr-x 5 root root 4096 Mar 20 22:00 sav-linux -rw-r--r-- 1 root root 41610 Mar 20 21:43 supported_kernels.txt drwxr-xr-x 5 root root 4096 Mar 20 22:01 talpa -rw-r--r-- 1 root root 8 Mar 20 21:21 version [root@myhost build]# cd sophos-av [root@myhost sophos-av]# ./install.sh -v -d /usr/local/Sophos 'import site' failed; use -v for traceback Traceback (most recent call last): File "", line 1, in ? zipimport.ZipImportError: can't decompress data; zlib not available > [sophos-av]# ./install.sh -v -d /usr/local/Sophos-test/ > Invalid command-line option: -v > Invalid command-line option: -d > install.sh: Install Sophos Anti-Virus > Usage: ./install.sh [INSTALL-DIRECTORY] [OPTION] ... > [.... --help ...] > > > iirc "/usr/local/Sophos/" is created from MS Sophos.install and i > would not install sav in this directory. well thats up to you, I was trying to see if MS and sophos 5 were compatible. MS expects to find it in /usr/local/Sophos at present. > sav5 under fc5(athlon64) 2.6.16 > on-demand, auto-updates, ... = ok > on-access does not work, the talpa modules are the problem. > # tail -5 /opt/sophos-av/talpa/build/talpa-0.9.32/build.log > make[4]: *** > [/opt/sophos-av/talpa/build/talpa-0.9.32/src/platforms/linux/glue.o] > Fehler 1 > make[3]: *** [_module_/opt/sophos-av/talpa/build/talpa-0.9.32] Fehler 2 > make[2]: *** [talpa_core.ko] Fehler 2 > make[1]: *** [all-recursive] Fehler 1 > make: *** [all] Fehler 2 > > # uname -a ; rpm -qa zlib* > Linux localhost.localdomain 2.6.16-1.2080_FC5 #1 SMP Tue Mar 28 03:38:47 > EST 2006 x86_64 x86_64 x86_64 GNU/Linux > zlib-1.2.3-1.2.1 > zlib-1.2.3-1.2.1 > > >In fact Sophos will not even support RHELv4. The product is supported on > >ancient versions of redhat up to rhel3. But they do appear to support > >its installation on suse with a 2.6 kernel... This seems li ke a pretty > >poor show given how long RHEL4 has been out, and that v5 is due out this > >year. > > > > > > on-demand is supported > on-access is a different thing. what I mean is that even if you get it to work on rhel4 it is unsupported. > http://www.sophos.com/products/es/endpoint-server/sav-linux.html > > * *Distributions supported for on-access and on-demand scanning* > Red Hat Linux 7.2/8.0/9.0 > Red Hat Enterprise Linux 2.1/3 - ES/AS/WS > SUSE 7.2/8/9.0/9.1/9.2/9.3/Enterprise Server 8/9 > TurboLinux 8/10 Server, 8 Enterprise Edition > *(For more distributions supported with on-demand scanning only, > see the Linux system requirements on the Sophos Anti-Virus for > non-Windows platforms page. > )* > > --> > http://www.sophos.com/products/es/endpoint-server/sav-non-windows.html > > * *Linux* on Intel > Red Hat 5.1/5.2/6.0/6.1/7.2/8/9 > RHEL 2.1/3/4 <== > SUSE 6/7/8/9.0/9.1/9.2/9.3/10.0 > Enterprise Server 8/9 > TurboLinux 6/7/8/10 > *(For more distributions supported with both on-access and > on-demand scanning, see the Linux system requirements on the > Sophos Anti-Virus for Linux page. > )* sounds great doesnt it... I've not managed to find this product for linux. I can find it for solaris and macos8/9 and lots of other *nix variants but not linux. For linux binaries you are directed to the linux pages which require you to have redhat v3 or older. And besides, this is version 4. > >less surprisingly, they still dont support 64bit architectures. > > > > surprisingly > sav 5 on-demand, autoupdate, sav-web, sav-protect(without on-access) is > ok under fc5 x86_64 athlon64 2.6.16 reading install_en.txt: "1.3 64-bit computers Sophos Anti-Virus does not support 64-bit hardware (including computers running 32-bit emulation)." yes, I can run sophos v4.x fine on my 64 bit dual/dual athlon, but its a 32 bit binary and this config is unsupported by Sophos. Not sure how to explain the different behaviour we see with the install script but from here the whole thing is completely broken on RHEL4. It also appears to have more than quadrupled in size to almost 50MB. For a supposedly "enterprise class" product, its pretty embarassing to not support RHEL4 especially when you claim support for v3. G > > >[...snip...] > > > > > > -- > shrek-m -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From derek at csolve.net Fri Apr 7 17:11:20 2006 From: derek at csolve.net (Derek Buttineau | Compu-SOLVE) Date: Fri Apr 7 17:11:29 2006 Subject: SA Cache Check Patch In-Reply-To: <008301c65a16$9e9bd170$3004010a@martinhlaptop> References: <008301c65a16$9e9bd170$3004010a@martinhlaptop> Message-ID: <44368F28.4080803@csolve.net> Not necessarily, though that is my situation and it is much more apparent in that situation. We split the message recipients into groups based upon scanner preferences using a 3 queue system. Exim drops the inbound messages into the incoming queue, then our splitter daemon reads that queue and splits the messages based upon preferences, dropping the new queue files into either the mailscanner queue or directly to the delivery queue (if the recipient is bypassing scanning). Anyway though, MailScanner does allow you to tie a custom function to the scoring both the Required and High SpamAssassin score, so it would be possible for the cache to produce unexpected results even without splitting recipients, however much less likely. I figured I'd supply the patch in case anyone else found it useful. :) Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies Inc. 705.725.1212 x255 Martin Hepworth wrote: > Derek > > Of course for this to work properly you'll have to split the emails into > individual recipients - ie be using sendmail or exim. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 From mkettler at evi-inc.com Fri Apr 7 17:24:32 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 7 17:24:45 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443666CB.3080009@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> Message-ID: <44369240.4000900@evi-inc.com> Denis Beauchemin wrote: > Matt Kettler a ?crit : >> Denis Beauchemin wrote: >> >>> Julian Field a ?crit : >>> >>>> I have just upgraded my easy-to-install package of ClamAV and >>>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>>> >>>> It can be downloaded from >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>>> >>>> >>>> >>> Julian, >>> >>> Works pretty well, except that it always add the following lines at the >>> end of init.pre, even if they are already present: >>> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >>> loadplugin Mail::SpamAssassin::Plugin::SPF >>> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >>> >>> I also end up with two almost identical files: init.pre and v310.pre >>> . Is this normal? >>> >> >> Yes, but they should NOT have the same content. Both should be a >> series of >> loadplugins commands, but each file should have completely different >> plugins listed. >> >> init.pre has loadplugin statements for plugins present in 3.0.x. >> v310.pre has loadplugin statements for NEW plugins only present in 3.1.x. >> >> This way a SA upgrade won't wipe out your old plugin preferences, or >> leave you >> without important new plugins loaded. >> >> You should carefully review both files and see if there's any plugins >> you wish >> to change the load status of from the defaults. >> >> In particular, be aware that SA 3.1.x does not load Razor or DCC >> support by default. >> >> >> > Matt, > > Which file should contain my plugin choice? In other words, which file > will not be overwritten by an SA upgrade? Neither will be over-written by any SA upgrade. Just edit each file and comment out the plugins you don't want, and uncomment those you do want. Nothing more to be done. The whole reason the second file was created was so they could add more plugins without over-writing the old file. If they ever make more plugins, they'll just add another .pre file with the appropriate version number. From alex at nkpanama.com Fri Apr 7 17:34:51 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Apr 7 17:35:48 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> Message-ID: <443694AB.7010208@nkpanama.com> ankush grover wrote: > hey friends, > > I am using MailScanner version 4.4 on Fedora Core 3 with Postfix 2.15. > I am very much satisfied with the MailScanner now I want to make few > changes in MailScanner like > > a) Adding Disclaimer for outgoing messages. Look in the documentation for "sign clean messages" and edit the corresponding files. You should check to see if you can update your MailScanner version or Perl modules since I believe there's a problem in some cases when signing clean messages regarding PDF files becoming unreadable as a result. > b) I want to forward all the messages marked as spam to a user and at > the same time don't want to send the copy to the recipient(The forward > does send a copy to the recipient). It doesn't. If you don't put the word "deliver", forward will forward, not copy. You probably have "deliver forward" instead of "forward". > c) There are few ex employees of our company on whose ids we keep on > getting spam , I want to ban or reject the mails send to their mail ids. Tell Postfix to do it. > d) Is there any way I can reject the mails based on subject header for > example if a mail contains subject line as "sex" , I don't want to > deliver mails containing such messages. Use MCP or set spamassassin rules. Find out more at the spamassassin site. > > I know most of these questions are very simple to answer or they might > be mentioned in the documentation but as my mail server is on > production server I don't want to take any chances . You don't have to. Just set up MailScanner on another computer (you can use Microsoft's Virtual Server and create a virtual computer) and do your testing from there. > > I am using Spam Assassin with Clamav. > I wonder how that's done. > Please let me know if you need any further inputs. > > > Thanks & Regards > > Ankush Grover > From alex at nkpanama.com Fri Apr 7 17:43:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Apr 7 17:43:48 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> Message-ID: <443696AA.3040508@nkpanama.com> ankush grover wrote: > > The information contained in this electronic message and any attachments to this > message are intended for the exclusive use of the addressee(s) and may contain > proprietary, confidential or privileged information. If you are not the intended > > recipient, you should not disseminate, distribute or copy this e-mail. Please notify > the sender immediately and destroy all copies of this message and any attachments. > > WARNING: Computer viruses can be transmitted via email. The recipient should check > > this email and any attachments for the presence of viruses. The company accepts no > liability for any damage caused by any virus transmitted by this email. > > Warning: This disclamer (and any other disclaimers) may have no legal validity whatsoever in your neighborhood, county, province, state, country, planet, solar system, local star cluster, spiral arm, galaxy or group of galaxies. If you are the recipient of such a disclaimer, you may, at your discretion, do any or all of the following: a) read it and follow it to the letter like a good corporate drone; b) disregard it completely, basking in the knowledge that it's highly unlikely that it has any legal or technical validity whatsoever; c) forward copies to the legal department at /dev/null; d) laugh out loud; e) feed it to your pets; f) post it on the local IT bulletin board to share; g) turn it in as an RFC; h) patent it; i); get first post at Slashdot; or j) actually check with a really technically inclined lawyer (most just *think* they are) so you can put a good disclaimer on *your* outgoing e-mail that reflects the truth and not just what you'd like it to be in la-la land. For more info visit http://www.goldmark.org/jeff/stupid-disclaimers/ From alex at nkpanama.com Fri Apr 7 18:21:40 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Apr 7 18:23:01 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> <200604070735.37536.dyioulos@firstbhph.com> <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> Message-ID: <44369FA4.2020403@nkpanama.com> ankush grover wrote: > > > > > But still I am not able to get the footer message. > > > Thanks & Regards > > Ankush Grover Did you restart MailScanner? From Denis.Beauchemin at USherbrooke.ca Fri Apr 7 19:08:46 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 7 19:09:06 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <44369240.4000900@evi-inc.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> <44369240.4000900@evi-inc.com> Message-ID: <4436AAAE.1070007@USherbrooke.ca> Matt Kettler a ?crit : > Denis Beauchemin wrote: > >> Matt Kettler a ?crit : >> >>> Denis Beauchemin wrote: >>> >>> >>>> Julian Field a ?crit : >>>> >>>> >>>>> I have just upgraded my easy-to-install package of ClamAV and >>>>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>>>> >>>>> It can be downloaded from >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>>>> >>>>> >>>>> >>>>> >>>> Julian, >>>> >>>> Works pretty well, except that it always add the following lines at the >>>> end of init.pre, even if they are already present: >>>> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >>>> loadplugin Mail::SpamAssassin::Plugin::SPF >>>> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >>>> >>>> I also end up with two almost identical files: init.pre and v310.pre >>>> . Is this normal? >>>> >>>> >>> Yes, but they should NOT have the same content. Both should be a >>> series of >>> loadplugins commands, but each file should have completely different >>> plugins listed. >>> >>> init.pre has loadplugin statements for plugins present in 3.0.x. >>> v310.pre has loadplugin statements for NEW plugins only present in 3.1.x. >>> >>> This way a SA upgrade won't wipe out your old plugin preferences, or >>> leave you >>> without important new plugins loaded. >>> >>> You should carefully review both files and see if there's any plugins >>> you wish >>> to change the load status of from the defaults. >>> >>> In particular, be aware that SA 3.1.x does not load Razor or DCC >>> support by default. >>> >>> >>> >>> >> Matt, >> >> Which file should contain my plugin choice? In other words, which file >> will not be overwritten by an SA upgrade? >> > > Neither will be over-written by any SA upgrade. > > Just edit each file and comment out the plugins you don't want, and uncomment > those you do want. Nothing more to be done. > > The whole reason the second file was created was so they could add more plugins > without over-writing the old file. > > If they ever make more plugins, they'll just add another .pre file with the > appropriate version number. > > > Matt, Then I could merge the contents of the 2 files into one without breaking anything? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/eb55b9ee/smime.bin From mkettler at evi-inc.com Fri Apr 7 19:18:54 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 7 19:19:02 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4436AAAE.1070007@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> <44369240.4000900@evi-inc.com> <4436AAAE.1070007@USherbrooke.ca> Message-ID: <4436AD0E.1050706@evi-inc.com> Denis Beauchemin wrote: >>> >> >> Neither will be over-written by any SA upgrade. >> >> Just edit each file and comment out the plugins you don't want, and >> uncomment >> those you do want. Nothing more to be done. >> >> The whole reason the second file was created was so they could add >> more plugins >> without over-writing the old file. >> >> If they ever make more plugins, they'll just add another .pre file >> with the >> appropriate version number. >> >> >> > Matt, > > Then I could merge the contents of the 2 files into one without breaking > anything? Yes, you could. But why would you want to? Keep in mind that every time you post problems that may be related to plugins, the SA community will tell you to check for a particular entry in the default .pre files, and if you forget to mention the merge/rename you may end up confusing them. From Denis.Beauchemin at USherbrooke.ca Fri Apr 7 19:51:54 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 7 19:52:22 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4436AD0E.1050706@evi-inc.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> <44369240.4000900@evi-inc.com> <4436AAAE.1070007@USherbrooke.ca> <4436AD0E.1050706@evi-inc.com> Message-ID: <4436B4CA.80900@USherbrooke.ca> Matt Kettler a ?crit : > Denis Beauchemin wrote: > >>>> >>>> >>> Neither will be over-written by any SA upgrade. >>> >>> Just edit each file and comment out the plugins you don't want, and >>> uncomment >>> those you do want. Nothing more to be done. >>> >>> The whole reason the second file was created was so they could add >>> more plugins >>> without over-writing the old file. >>> >>> If they ever make more plugins, they'll just add another .pre file >>> with the >>> appropriate version number. >>> >>> >>> >>> >> Matt, >> >> Then I could merge the contents of the 2 files into one without breaking >> anything? >> > > Yes, you could. But why would you want to? > > Keep in mind that every time you post problems that may be related to plugins, > the SA community will tell you to check for a particular entry in the default > .pre files, and if you forget to mention the merge/rename you may end up > confusing them. > > > Understood. Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/1187e816/smime.bin From mkettler at evi-inc.com Fri Apr 7 21:08:25 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 7 21:08:36 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4436B4CA.80900@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> <44369240.4000900@evi-inc.com> <4436AAAE.1070007@USherbrooke.ca> <4436AD0E.1050706@evi-inc.com> <4436B4CA.80900@USherbrooke.ca> Message-ID: <4436C6B9.6010503@evi-inc.com> Denis Beauchemin wrote: > Matt Kettler a ?crit : >> Denis Beauchemin wrote: >>> Matt, >>> >>> Then I could merge the contents of the 2 files into one without breaking >>> anything? >>> >> >> Yes, you could. But why would you want to? >> >> Keep in mind that every time you post problems that may be related to >> plugins, >> the SA community will tell you to check for a particular entry in the >> default >> .pre files, and if you forget to mention the merge/rename you may end up >> confusing them. >> >> >> > Understood. One qualification: the merged file MUST be a .pre file. It cannot be a .cf file, otherwise you'll screw up the rule loading due to the parse order. (pre files are read from the site_rules_dir before the default rules are loaded. cf files are read from site_rules_dir after the default rules are loaded.) From ugob at camo-route.com Sat Apr 8 04:18:25 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Sat Apr 8 04:18:36 2006 Subject: SEMI-OT: Book Translation In-Reply-To: <443411C7.5020009@nkpanama.com> References: <443411C7.5020009@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote: > I'd like to translate "the book" into Spanish, or write "el libro" from > scratch. Makes me wonder, would it be worth it to translate it in french? > > I don't want to step on anybody's toes (or patents, or copyrights), so I > thought I'd ask here about what I could use (or not) from "the book" to > write "el libro". > > Any recommendations on what to use to create/edit it (short of a > tetex-latex-vi-emacs-edlin-wordstar flame war) would also be appreciated. > > Any info on reporting typos (for example, "Thankyou" on p.375 should > read "Thank you") would also be appreciated. > > Thanks in advance, > > Alex From grover1711 at gmail.com Sat Apr 8 09:22:57 2006 From: grover1711 at gmail.com (ankush grover) Date: Sat Apr 8 09:23:07 2006 Subject: few questions on mailscanner In-Reply-To: <443694AB.7010208@nkpanama.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443694AB.7010208@nkpanama.com> Message-ID: <5f638b360604080122p78964f33le5369372a3c5f2c2@mail.gmail.com> On 4/7/06, Alex Neuman van der Hans wrote: > > ankush grover wrote: > > hey friends, > > > > I am using MailScanner version 4.4 on Fedora Core 3 with Postfix 2.15. > > I am very much satisfied with the MailScanner now I want to make few > > changes in MailScanner like > > > > a) Adding Disclaimer for outgoing messages. > Look in the documentation for "sign clean messages" and edit the > corresponding files. You should check to see if you can update your > MailScanner version or Perl modules since I believe there's a problem in > some cases when signing clean messages regarding PDF files becoming > unreadable as a result. I will see if the problem occurs with pdf i will make sign clean messages as no. > b) I want to forward all the messages marked as spam to a user and at > > the same time don't want to send the copy to the recipient(The forward > > does send a copy to the recipient). > It doesn't. If you don't put the word "deliver", forward will forward, > not copy. You probably have "deliver forward" instead of "forward". thanks, it was deliver( as default) i change it to forward > c) There are few ex employees of our company on whose ids we keep on > > getting spam , I want to ban or reject the mails send to their mail ids. > > Tell Postfix to do it. Okay that i will do it in postfix > d) Is there any way I can reject the mails based on subject header for > > example if a mail contains subject line as "sex" , I don't want to > > deliver mails containing such messages. > Use MCP or set spamassassin rules. Find out more at the spamassassin site. > > > > I know most of these questions are very simple to answer or they might > > be mentioned in the documentation but as my mail server is on > > production server I don't want to take any chances . > You don't have to. Just set up MailScanner on another computer (you can > use Microsoft's Virtual Server and create a virtual computer) and do > your testing from there. > > > > I am using Spam Assassin with Clamav. > Sorry my point here was that I am using clamav for virus protection and spam assassin is also there on my system. Did you restart MailScanner? Yes I restarted the MailScanner or other option reload. Thanks & Regards Ankush Grover -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060408/0f6651c9/attachment.html From dhawal at netmagicsolutions.com Sat Apr 8 09:51:53 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Apr 8 09:51:48 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4435589B.1000905@ecs.soton.ac.uk> References: <4435589B.1000905@ecs.soton.ac.uk> Message-ID: <443779A9.7010102@netmagicsolutions.com> Julian Field wrote: > I have just upgraded my easy-to-install package of ClamAV and > SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. > > It can be downloaded from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz Julian, While i received replies from everyone on this thread, i never received your original mail, fortunately i user both the email-based list and gmane (nntp). I also don't see it quarantined (for whatever reason) on my servers either. Is anyone else observing the same problem? else i need to start investigating locally. thanks, - dhawal From drew at themarshalls.co.uk Sat Apr 8 12:59:29 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Apr 8 12:59:38 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443779A9.7010102@netmagicsolutions.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443779A9.7010102@netmagicsolutions.com> Message-ID: On 8 Apr 2006, at 09:51, Dhawal Doshy wrote: > Julian Field wrote: >> I have just upgraded my easy-to-install package of ClamAV and >> SpamAssassin so that it contains the latest version of ClamAV, >> 0.88.1. >> It can be downloaded from >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- >> SA.tar.gz > > Julian, > > While i received replies from everyone on this thread, i never > received your original mail, fortunately i user both the email- > based list and gmane (nntp). I also don't see it quarantined (for > whatever reason) on my servers either. > > Is anyone else observing the same problem? else i need to start > investigating locally. Dhawal Apart from Julian being a bit quiet (I think he is/ was away at the JANET conference) I am not aware of missing any of his posts. Certainly I got this one so it looks like it's over to you :-( Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dhawal at netmagicsolutions.com Sat Apr 8 13:55:30 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Apr 8 13:55:28 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: References: <4435589B.1000905@ecs.soton.ac.uk> <443779A9.7010102@netmagicsolutions.com> Message-ID: <4437B2C2.7020703@netmagicsolutions.com> Drew Marshall wrote: > On 8 Apr 2006, at 09:51, Dhawal Doshy wrote: > >> Julian Field wrote: >>> I have just upgraded my easy-to-install package of ClamAV and >>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>> It can be downloaded from >>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>> >> >> Julian, >> >> While i received replies from everyone on this thread, i never >> received your original mail, fortunately i user both the email-based >> list and gmane (nntp). I also don't see it quarantined (for whatever >> reason) on my servers either. >> >> Is anyone else observing the same problem? else i need to start >> investigating locally. > > Dhawal > > Apart from Julian being a bit quiet (I think he is/ was away at the > JANET conference) I am not aware of missing any of his posts. Certainly > I got this one so it looks like it's over to you :-( > > Drew I could neither find the message-id 4435589B.1000905@ecs.soton.ac.uk in my logs (syslog) nor any mail from Julian (actually mailscanner-bounces@lists.mailscanner.info) in mailwatch (for this thread), though i did receive his other mails.. hence the concern. I'll continue some more investigation before i give up. i'll also wait for some more responses before giving up. thanks, - dhawal From devonharding at gmail.com Sat Apr 8 14:09:15 2006 From: devonharding at gmail.com (Devon Harding) Date: Sat Apr 8 14:09:19 2006 Subject: MailScanner doesn't start on bootup Message-ID: <2baac6140604080609p23cd3b17lc39282994cda1341@mail.gmail.com> Whenever I bootup my FC4 system & query MailScanner status, I get this: [root@mars ~]# service MailScanner status Checking MailScanner daemons: MailScanner: [FAILED] incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for reading: No such file or directory [FAILED] outgoing sendmail: head: cannot open `/var/run/sendmail.out.pid' for reading: No such file or directory ^[[A[FAILED] I have to do a 'service MailScanner restart' every time after bootup. What causes this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060408/eddb4af9/attachment.html From glenn.steen at gmail.com Sat Apr 8 14:51:05 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 8 14:51:07 2006 Subject: MailScanner doesn't start on bootup In-Reply-To: <2baac6140604080609p23cd3b17lc39282994cda1341@mail.gmail.com> References: <2baac6140604080609p23cd3b17lc39282994cda1341@mail.gmail.com> Message-ID: <223f97700604080651w67096ef6sa2c9e6a0f52e8e62@mail.gmail.com> On 08/04/06, Devon Harding wrote: > Whenever I bootup my FC4 system & query MailScanner status, I get this: > > [root@mars ~]# service MailScanner status > Checking MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for > reading: No such file or directory > [FAILED] > outgoing sendmail: head: cannot open `/var/run/sendmail.out.pid' > for reading: No such file or directory > ^[[A[FAILED] > > I have to do a 'service MailScanner restart' every time after bootup. What > causes this? > > -Devon > chkconfig --list | grep MailScanner runlevel ... Is it on for your default runlevel? If not, do the appropriate "chkconfig on" ting:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From michele at blacknight.ie Sat Apr 8 15:04:47 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sat Apr 8 15:05:30 2006 Subject: SEMI-OT: Book Translation In-Reply-To: References: <443411C7.5020009@nkpanama.com> Message-ID: <4437C2FF.7000801@blacknight.ie> Ugo Bellavance wrote: > Alex Neuman van der Hans wrote: >> I'd like to translate "the book" into Spanish, or write "el libro" >> from scratch. > > Makes me wonder, would it be worth it to translate it in french? I'd say - yes -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From max at assuredata.com Mon Apr 3 19:02:01 2006 From: max at assuredata.com (Max Kipness) Date: Sat Apr 8 15:11:36 2006 Subject: Same email processes 268 times! Message-ID: <48dbe547f93db62bd1bd8db0b72a3005@localhost> Hello - I've been trying desperately to figure out why my MailScanner queues are so large and cpu is pegged at 100%. When looking through the log I finally figured out what part of the problem might be. Some messages are being processed hundreds of times. I grepped for one messagaes and was processed 268 times, so basically I see this (the repetitive part): Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message k33E61uc020656 actions are store Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found in SBL+XBL Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for message k33E61uc020656 Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from 218.144.251.15 (jonah.rivas_yx@mo en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, required 6, BAYES_99 3.50, DATE_IN_ FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_SORBS_DUL 2. 05) This has repeated 268 times with only an increment of a few seconds in the time. Other messages, including non-spam seem to function just fine and are processed once. I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build from a week ago, so something I guess could be configured wrong. Thanks, Max From max at assuredata.com Mon Apr 3 21:46:53 2006 From: max at assuredata.com (Max Kipness) Date: Sat Apr 8 15:11:39 2006 Subject: Same email processed 268 times! In-Reply-To: <443187A2.1060402@ecs.soton.ac.uk> References: <443187A2.1060402@ecs.soton.ac.uk> Message-ID: Thanks for the response, will do. My version is indeed 4.51.5. Max On Mon, 03 Apr 2006 21:37:54 +0100, Julian Field wrote: > You need to upgrade, there was a bug in the version you are running > (4.51.5?). > > Max Kipness wrote: >> Hello - >> >> I've been trying desperately to figure out why my MailScanner queues are > so >> large and cpu is pegged at 100%. When looking through the log I finally > figured >> out what part of the problem might be. Some messages are being processed >> hundreds of times. I grepped for one messagaes and was processed 268 > times, so >> basically I see this (the repetitive part): >> >> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message > k33E61uc020656 >> actions are store >> Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found > in >> SBL+XBL >> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for > message >> k33E61uc020656 >> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >> 218.144.251.15 (jonah.rivas_yx@mo >> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, > required 6, >> BAYES_99 3.50, DATE_IN_ >> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, > FORGED_RCVD_HELO 0.14, >> MIME_BASE64_NO_NAME 0.22 >> , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, >> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ >> RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, > RCVD_IN_NJABL_DUL >> 1.95, RCVD_IN_SORBS_DUL 2. >> 05) >> >> This has repeated 268 times with only an increment of a few seconds in > the >> time. >> >> Other messages, including non-spam seem to function just fine and are > processed >> once. >> >> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build > from a >> week ago, so something I guess could be configured wrong. >> >> Thanks, >> Max >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Regards, Max Kipness AssureData, Inc. From Rob at dido.ca Wed Apr 5 16:24:15 2006 From: Rob at dido.ca (Rob Morin) Date: Sat Apr 8 15:11:41 2006 Subject: Why an email was rejected excuse for client... Message-ID: <4433E11F.60103@dido.ca> Hello all.... I have a few clients that receive email from Asia quite a bit, and they are legitimate emails with no spam, just business talk in them... but they get tagged as spam.... now i know it gives the reason in the logs, but how do i actually tell what the reason was to the user? Here is a sample mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to thedomainname.com is spam, SpamAssassin (score=7.208, required 4, BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) So ok, there the info, so do i look up each rule to see what it means? Is ther ean table or an easy way to let a client know why?? Also i have a friend of mine that has his own mail server and he says he does a white list by adding to the white list any email address that the server sends email to... IE any of his clients that send email via that server to a person, that email is put itn the white list automatically... is this safe? is it possible? Thanks and have a great day! -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From grant at grunta.com Thu Apr 6 01:44:40 2006 From: grant at grunta.com (grant beattie) Date: Sat Apr 8 15:11:42 2006 Subject: Location of perl in #! of Mailscanner scripts In-Reply-To: <443402F7.6020907@usg.edu> References: <443402F7.6020907@usg.edu> Message-ID: <20060406004440.GF28368@fang> On Wed, Apr 05, 2006 at 01:48:39PM -0400, Bob Jones wrote: > Hey all, > > So, a little issue here with the install.sh script of the > distribution for Solaris/BSD/Other Linux/Other Unix. We have installed > a new distribution of perl in a nonstandard location (let's say > /opt/perl for this discussion). So, when I go to install Mailscanner > with the install.sh script I give it the flag --perl=/opt/perl and > everything installs fine. > > Next I go to run Mailscanner and it goes kablooey. I get to > looking around and I see why. Even though I specified an alternate > location of perl in the install script, all the Mailscanner perl scripts > (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. > Shouldn't the install script change these headings to the specified perl > or am I missing something? I can't just put a link in /usr/bin as the > legacy perl is needed for other things. the generally accepted ``#!/usr/bin/env perl'' would be better here so it would Just Work even if you don't do --perl=blah... grant. From MailScanner at ecs.soton.ac.uk Sat Apr 8 15:45:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 8 15:45:38 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4437B2C2.7020703@netmagicsolutions.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443779A9.7010102@netmagicsolutions.com> <4437B2C2.7020703@netmagicsolutions.com> Message-ID: <4437CC81.4050202@ecs.soton.ac.uk> Dhawal Doshy wrote: > Drew Marshall wrote: >> On 8 Apr 2006, at 09:51, Dhawal Doshy wrote: >> >>> Julian Field wrote: >>>> I have just upgraded my easy-to-install package of ClamAV and >>>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>>> It can be downloaded from >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>>> >>> >>> Julian, >>> >>> While i received replies from everyone on this thread, i never >>> received your original mail, fortunately i user both the email-based >>> list and gmane (nntp). I also don't see it quarantined (for whatever >>> reason) on my servers either. >>> >>> Is anyone else observing the same problem? else i need to start >>> investigating locally. >> >> Dhawal >> >> Apart from Julian being a bit quiet (I think he is/ was away at the >> JANET conference) I am not aware of missing any of his posts. >> Certainly I got this one so it looks like it's over to you :-( >> >> Drew > > I could neither find the message-id 4435589B.1000905@ecs.soton.ac.uk > in my logs (syslog) nor any mail from Julian (actually > mailscanner-bounces@lists.mailscanner.info) in mailwatch (for this > thread), though i did receive his other mails.. hence the concern. > > I'll continue some more investigation before i give up. i'll also wait > for some more responses before giving up. Look in the bogus-anti-virus-warnings SA ruleset and you will find a rule that by default nobbles all email from me. So kind of them... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Sat Apr 8 16:03:01 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Apr 8 16:02:55 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4437CC81.4050202@ecs.soton.ac.uk> References: <4435589B.1000905@ecs.soton.ac.uk> <443779A9.7010102@netmagicsolutions.com> <4437B2C2.7020703@netmagicsolutions.com> <4437CC81.4050202@ecs.soton.ac.uk> Message-ID: <4437D0A5.80709@netmagicsolutions.com> Julian Field wrote: > Dhawal Doshy wrote: >> Drew Marshall wrote: >>> On 8 Apr 2006, at 09:51, Dhawal Doshy wrote: >>> >>>> Julian Field wrote: >>>>> I have just upgraded my easy-to-install package of ClamAV and >>>>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>>>> It can be downloaded from >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>>>> >>>> >>>> Julian, >>>> >>>> While i received replies from everyone on this thread, i never >>>> received your original mail, fortunately i user both the email-based >>>> list and gmane (nntp). I also don't see it quarantined (for whatever >>>> reason) on my servers either. >>>> >>>> Is anyone else observing the same problem? else i need to start >>>> investigating locally. >>> >>> Dhawal >>> >>> Apart from Julian being a bit quiet (I think he is/ was away at the >>> JANET conference) I am not aware of missing any of his posts. >>> Certainly I got this one so it looks like it's over to you :-( >>> >>> Drew >> >> I could neither find the message-id 4435589B.1000905@ecs.soton.ac.uk >> in my logs (syslog) nor any mail from Julian (actually >> mailscanner-bounces@lists.mailscanner.info) in mailwatch (for this >> thread), though i did receive his other mails.. hence the concern. >> >> I'll continue some more investigation before i give up. i'll also wait >> for some more responses before giving up. > Look in the bogus-anti-virus-warnings SA ruleset and you will find a > rule that by default nobbles all email from me. So kind of them... I do use those rules and a part of them concerning mailscanner have been scored to '0'. Also the postfix logs indicate that the mail never hit my servers.. Thanks for your reply anyways, i'll continue troubleshooting for some more time.. - dhawal From jrudd at ucsc.edu Sat Apr 8 16:37:12 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sat Apr 8 16:37:36 2006 Subject: Location of perl in #! of Mailscanner scripts In-Reply-To: <20060406004440.GF28368@fang> References: <443402F7.6020907@usg.edu> <20060406004440.GF28368@fang> Message-ID: <3a703d948b44328204fe755f6ae60fa5@ucsc.edu> On Apr 5, 2006, at 5:44 PM, grant beattie wrote: > On Wed, Apr 05, 2006 at 01:48:39PM -0400, Bob Jones wrote: > >> Hey all, >> >> So, a little issue here with the install.sh script of the >> distribution for Solaris/BSD/Other Linux/Other Unix. We have >> installed >> a new distribution of perl in a nonstandard location (let's say >> /opt/perl for this discussion). So, when I go to install Mailscanner >> with the install.sh script I give it the flag --perl=/opt/perl and >> everything installs fine. >> >> Next I go to run Mailscanner and it goes kablooey. I get to >> looking around and I see why. Even though I specified an alternate >> location of perl in the install script, all the Mailscanner perl >> scripts >> (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. >> Shouldn't the install script change these headings to the specified >> perl >> or am I missing something? I can't just put a link in /usr/bin as the >> legacy perl is needed for other things. > > the generally accepted ``#!/usr/bin/env perl'' would be better here > so it would Just Work even if you don't do --perl=blah... > > grant. > I don't think that helps much when you've got multiple copies of perl installed, and you need a specific one to be invoked for mailscanner. (which is what I inferred from the original poster (OP)). A symlink doesn't help (as one person suggested) because that's _effectively_ the same as saying "de-install the other copy of perl" -- if you need your legacy perl sitting around, you can't really do that. You need /usr/bin/perl to be the old perl, and /opt/perl/bin/perl to be the new perl (hopefully gleaning the right paths from the OP). And you need /opt/perl/bin/perl to be what mailscanner uses for all of its routines. Using "/usr/bin/env perl" doesn't tell the system _anything_ about which perl to use, so you're going to (seemingly) randomly end up with one perl ... hopefully the same one every time, and hopefully the one you need it to be. No, the right thing is exactly what the OP requested: if you specify a perl binary to the install routine, then everything in the mailscanner dist. that has a #! invocation line should have that in its invocation line. No exceptions. From ljosnet at gmail.com Sat Apr 8 17:48:47 2006 From: ljosnet at gmail.com (emm1) Date: Sat Apr 8 17:48:54 2006 Subject: 4.52 on FreeBSD? Message-ID: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> Hello, does anyone know when they will update the ports in FreeBSD 6 for MailScanner 4.52? It's still at 4.50 :/ From mikej at rogers.com Sat Apr 8 18:13:02 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat Apr 8 18:12:54 2006 Subject: 4.52 on FreeBSD? In-Reply-To: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> References: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> Message-ID: <4437EF1E.600@rogers.com> emm1 wrote: > Hello, does anyone know when they will update the ports in FreeBSD 6 > for MailScanner 4.52? It's still at 4.50 :/ > Who is "they" ? You are free to submit patches. From ljosnet at gmail.com Sat Apr 8 18:33:46 2006 From: ljosnet at gmail.com (emm1) Date: Sat Apr 8 18:33:48 2006 Subject: 4.52 on FreeBSD? In-Reply-To: <4437EF1E.600@rogers.com> References: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> <4437EF1E.600@rogers.com> Message-ID: <910ee2ac0604081033m45fc34d2kbbff8467938fb295@mail.gmail.com> I don't know howto do this. And as of "they" I assume there is someone who is committed to update this specific port or do they just wait for someone to do it? On 4/8/06, Mike Jakubik wrote: > emm1 wrote: > > Hello, does anyone know when they will update the ports in FreeBSD 6 > > for MailScanner 4.52? It's still at 4.50 :/ > > > > Who is "they" ? You are free to submit patches. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From devonharding at gmail.com Sat Apr 8 19:42:06 2006 From: devonharding at gmail.com (Devon Harding) Date: Sat Apr 8 19:42:09 2006 Subject: MailScanner doesn't start on bootup In-Reply-To: <223f97700604080651w67096ef6sa2c9e6a0f52e8e62@mail.gmail.com> References: <2baac6140604080609p23cd3b17lc39282994cda1341@mail.gmail.com> <223f97700604080651w67096ef6sa2c9e6a0f52e8e62@mail.gmail.com> Message-ID: <2baac6140604081142n458e0730qe3c720535aea8495@mail.gmail.com> It was set to this... [root@mars ~]# chkconfig --list | grep MailScanner MailScanner 0:off 1:off 2:off 3:off 4:off 5:off 6:off Good to go. On 4/8/06, Glenn Steen wrote: > > On 08/04/06, Devon Harding wrote: > > Whenever I bootup my FC4 system & query MailScanner status, I get this: > > > > [root@mars ~]# service MailScanner status > > Checking MailScanner daemons: > > MailScanner: [FAILED] > > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' > for > > reading: No such file or directory > > [FAILED] > > outgoing sendmail: head: cannot open > `/var/run/sendmail.out.pid' > > for reading: No such file or directory > > ^[[A[FAILED] > > > > I have to do a 'service MailScanner restart' every time after > bootup. What > > causes this? > > > > -Devon > > > chkconfig --list | grep MailScanner > runlevel > ... Is it on for your default runlevel? > If not, do the appropriate "chkconfig on" ting:-) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060408/032195fa/attachment.html From ljosnet at gmail.com Sat Apr 8 20:27:21 2006 From: ljosnet at gmail.com (emm1) Date: Sat Apr 8 20:27:23 2006 Subject: Stopping messages containing Chinese and Korean characters? Message-ID: <910ee2ac0604081227v188b00e2k8f113090bf9965c9@mail.gmail.com> How would I do this in FreeBSD 6 sendmail? In Linux the following worked perfectly: LOCAL_CONFIG dnl # dnl regex map for character sets (not case-sensitive) KCharsetKorean regex -a@MATCH charset=.*(euc-kr|korean|ks.*c) KCharsetChinese regex -a@MATCH charset=.*(big5|Chinese|cn|gb) dnl # LOCAL_RULESETS dnl # ################################################################## # Local ruleset - Check Content-Type: # ################################################################## dnl Reject based on Content-Type header HContent-Type: $>CheckContentType D{NoKoreanMsg}Korean not spoken here. D{NoChineseMsg}Chinese not spoken here. SCheckContentType R$* $: $(CharsetKorean $&{currHeader} $) R@MATCH $#error $: 550 5.7.0 ${NoKoreanMsg} R$* $: $(CharsetChinese $&{currHeader} $) R@MATCH $#error $: 550 5.7.0 ${NoChineseMsg} When I insert the same code in my FreeBSD sendmail I get this error: stat=rewrite: map CharsetChinese not found Thanks! From mailscanner at mango.zw Sat Apr 8 17:57:32 2006 From: mailscanner at mango.zw (Jim Holland) Date: Sat Apr 8 21:24:11 2006 Subject: Still stuck in queue, version 4.52.2 In-Reply-To: <80fb9c4e63217eef83a3e739939225c8@localhost> Message-ID: Hi On Thu, 6 Apr 2006, Max Kipness wrote: > I've since upgraded to version 4.52.2, and I'm getting better > performance (probably less getting stuck in the queue), yet yesterday > there was one message that got processed over 6000 times! > > Here is a sample of one that is stuck right now. It's been processed 512 > times. Any clue to what else I can do to remedy this issue? I wish I knew the cause of this problem. I regularly come across this issue, but fortunately at long intervals (a couple of months or more between each occurrence) with all the versions of MailScanner that I have used (currently 4.50.10-1 - just about to install 4.52.2). When I come across stuck mail I generally find that the whole of the associated batch of up to 30 messages tend to have the same problem of being endlessly reprocessed. My fix is to remove the first message of the batch from mqueue.in and then try to process the rest of the batch. If that fails then I remove the next one, and so on until I have identified the problem message. I then return the remaining messages to the queue and finally convert the d and q files of the problem message to a standard RFC822 message file, scan it with clamscan, and if it OK I then move the d and q files to mqueue to bypass MailScanner. It works, but I would like to get to the bottom of the problem. In several such cases I noticed that the message contained a zip file together with another file. In almost all cases the message was over 500 KB in size (but as we regularly handle messages of up to 1.5 MB that is not in itself a particular problem). On other occasions it was just a large pps file. I never see any specific error message in the maillog file (I was using sendmail 8.13.1 before the upgrade to 8.13.6) - it reports that a message has been processed by MailScanner but there is no corresponding delivery notice. All the problem mail has been incoming to our users. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From michele at blacknight.ie Sun Apr 9 12:51:18 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sun Apr 9 12:51:22 2006 Subject: Whitelisting Problem Message-ID: <4438F536.4080803@blacknight.ie> Hi If this has been discussed previously I couldn't find it :) In any case the problem / issue is as follows For very good reason we are allowing all mail to abuse@ and support@ to bypass our spam filters, however if the email is CCed or BCCed to other addresses it gets through to them, which we don't want Put another way... We want mail to abuse@ and support@ to get through BUT we don't want anyotheraddress@ to receive the junk MTA is sendmail Any thoughts / suggestions would be appreciated TIA Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From glenn.steen at gmail.com Sun Apr 9 13:33:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 9 13:33:14 2006 Subject: Whitelisting Problem In-Reply-To: <4438F536.4080803@blacknight.ie> References: <4438F536.4080803@blacknight.ie> Message-ID: <223f97700604090533n1335c11av313fd3c843dff519@mail.gmail.com> On 09/04/06, Michele Neylon:: Blacknight.ie wrote: > Hi > > If this has been discussed previously I couldn't find it :) > > In any case the problem / issue is as follows > > For very good reason we are allowing all mail to abuse@ and support@ to > bypass our spam filters, however if the email is CCed or BCCed to other > addresses it gets through to them, which we don't want > > Put another way... > We want mail to abuse@ and support@ to get through BUT we don't want > anyotheraddress@ to receive the junk > > MTA is sendmail > > Any thoughts / suggestions would be appreciated > > TIA > > Michele I think you know the std answer to this one:-)... Since WLing is probably a case of applying a ruleset, and you want this to take effect/recipient, you need to split the message/recipient... And _that_ has been covered several rimes in the not-too-distant past;-). Might not be that palatable in a high-volume setup, but ... there it is. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Apr 9 13:36:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 9 13:36:10 2006 Subject: Whitelisting Problem In-Reply-To: <223f97700604090533n1335c11av313fd3c843dff519@mail.gmail.com> References: <4438F536.4080803@blacknight.ie> <223f97700604090533n1335c11av313fd3c843dff519@mail.gmail.com> Message-ID: <223f97700604090536i36556699j3a28903d0fb4d24c@mail.gmail.com> On 09/04/06, Glenn Steen wrote: (snip) > _that_ has been covered several rimes in the not-too-distant past;-). (snip) ... "rimes" rhymes with "times".... sigh. -- -- Glenn (Le Grand Typo) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at themarshalls.co.uk Sun Apr 9 14:12:39 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sun Apr 9 14:12:49 2006 Subject: 4.52 on FreeBSD? In-Reply-To: <910ee2ac0604081033m45fc34d2kbbff8467938fb295@mail.gmail.com> References: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> <4437EF1E.600@rogers.com> <910ee2ac0604081033m45fc34d2kbbff8467938fb295@mail.gmail.com> Message-ID: <96DF2619-1834-4A3C-91B2-809ABB4A98D4@themarshalls.co.uk> On 8 Apr 2006, at 18:33, emm1 wrote: > I don't know howto do this. And as of "they" I assume there is someone > who is committed to update this specific port or do they just wait for > someone to do it? 'They' is Jan-Peter Koopmann who does participate on this list and who's e-mail address is listed in the Makefile of the port. You could always e-mail him and either; 1) Volunteer to help him 2) Rant about his inefficiency at not having updated the port yet Or take the third option 3) Be patient and wait I'll leave you to decide what is the best course of action ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From maillists at conactive.com Sun Apr 9 16:09:27 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 9 16:09:47 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: References: Message-ID: Adri Koppes wrote on Fri, 7 Apr 2006 09:30:46 +0200: > It seems to be sa-update downloads the rules into a separate directory. yes, either beneath /etc/mail/spamassassin when I don't specify the path and if I specify the path then down there. I can't see a reason why SA should use it there, it doesn't know of the path. sa-update doesn't add this path to the SA configuration. > Have you tried running spamassassin -D after running sa-update? As I said, it won't use that path nor will it use any subdirectory off /etc/mail/spamassassin - in that case it would just gulp all my rulesdujour a second time. > SpamAssassin should find the updated rules from the subdirectory and use them. >From my experience: no. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun Apr 9 16:09:27 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 9 16:09:48 2006 Subject: Stopping messages containing Chinese and Korean characters? In-Reply-To: <910ee2ac0604081227v188b00e2k8f113090bf9965c9@mail.gmail.com> References: <910ee2ac0604081227v188b00e2k8f113090bf9965c9@mail.gmail.com> Message-ID: Emm1 wrote on Sat, 8 Apr 2006 19:27:21 +0000: > stat=rewrite: map CharsetChinese not found I assume you have to provide these maps. gettext-related? I'd ask on a list for FreeBSD. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sun Apr 9 22:21:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 9 22:21:39 2006 Subject: Still stuck in queue, version 4.52.2 In-Reply-To: References: Message-ID: <44397AD5.9040708@ecs.soton.ac.uk> Jim Holland wrote: > Hi > > On Thu, 6 Apr 2006, Max Kipness wrote: > > >> I've since upgraded to version 4.52.2, and I'm getting better >> performance (probably less getting stuck in the queue), yet yesterday >> there was one message that got processed over 6000 times! >> >> Here is a sample of one that is stuck right now. It's been processed 512 >> times. Any clue to what else I can do to remedy this issue? >> > > I wish I knew the cause of this problem. I regularly come across this > issue, but fortunately at long intervals (a couple of months or more > between each occurrence) with all the versions of MailScanner that I have > used (currently 4.50.10-1 - just about to install 4.52.2). When I come > across stuck mail I generally find that the whole of the associated batch > of up to 30 messages tend to have the same problem of being endlessly > reprocessed. My fix is to remove the first message of the batch from > mqueue.in and then try to process the rest of the batch. If that fails > then I remove the next one, and so on until I have identified the problem > message. I then return the remaining messages to the queue and finally > convert the d and q files of the problem message to a standard RFC822 > message file, scan it with clamscan, and if it OK I then move the d and q > files to mqueue to bypass MailScanner. It works, but I would like to get > to the bottom of the problem. > > In several such cases I noticed that the message contained a zip file > together with another file. In almost all cases the message was over 500 > KB in size (but as we regularly handle messages of up to 1.5 MB that is > not in itself a particular problem). On other occasions it was just a > large pps file. > > I never see any specific error message in the maillog file (I was using > sendmail 8.13.1 before the upgrade to 8.13.6) - it reports that a > message has been processed by MailScanner but there is no corresponding > delivery notice. All the problem mail has been incoming to our users. > I haven't been around for a while, so haven't seen this one. Please can you send me (off-list) the df and qf files (in a zip file) along with a copy of your MailScanner.conf file (preferably without the comments) so I can see your setup. I hope I can reproduce the problem. The snag often is that I can't reproduce the problem. What I would also like you to do is, when you are tracking down the errant message, shutdown MailScanner and then do MailScanner --debug and note down any error messages that appear (except the EOCD signature warnings). This may well help me locate the problem for you. If I can't reproduce the problem on my system, but you have got a message that reliably makes the problem appear, then remote access to your system would enable me to track it down and get it fixed once and for all. Thanks, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Apr 9 22:24:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 9 22:24:15 2006 Subject: Same email processed 268 times! In-Reply-To: References: <443187A2.1060402@ecs.soton.ac.uk> Message-ID: <44397B72.5030207@ecs.soton.ac.uk> If that doesn't fix it, send me the qf+df files of the message along with your MailScanner.conf (without the comments) and I will try to see if I can reproduce the problem myself. Max Kipness wrote: > Thanks for the response, will do. My version is indeed 4.51.5. > > Max > > On Mon, 03 Apr 2006 21:37:54 +0100, Julian Field wrote: > >> You need to upgrade, there was a bug in the version you are running >> (4.51.5?). >> >> Max Kipness wrote: >> >>> Hello - >>> >>> I've been trying desperately to figure out why my MailScanner queues are >>> >> so >> >>> large and cpu is pegged at 100%. When looking through the log I finally >>> >> figured >> >>> out what part of the problem might be. Some messages are being processed >>> hundreds of times. I grepped for one messagaes and was processed 268 >>> >> times, so >> >>> basically I see this (the repetitive part): >>> >>> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message >>> >> k33E61uc020656 >> >>> actions are store >>> Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found >>> >> in >> >>> SBL+XBL >>> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for >>> >> message >> >>> k33E61uc020656 >>> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >>> 218.144.251.15 (jonah.rivas_yx@mo >>> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, >>> >> required 6, >> >>> BAYES_99 3.50, DATE_IN_ >>> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, >>> >> FORGED_RCVD_HELO 0.14, >> >>> MIME_BASE64_NO_NAME 0.22 >>> , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, >>> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ >>> RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, >>> >> RCVD_IN_NJABL_DUL >> >>> 1.95, RCVD_IN_SORBS_DUL 2. >>> 05) >>> >>> This has repeated 268 times with only an increment of a few seconds in >>> >> the >> >>> time. >>> >>> Other messages, including non-spam seem to function just fine and are >>> >> processed >> >>> once. >>> >>> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build >>> >> from a >> >>> week ago, so something I guess could be configured wrong. >>> >>> Thanks, >>> Max >>> >>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Apr 9 22:27:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 9 22:27:22 2006 Subject: Why an email was rejected excuse for client... In-Reply-To: <4433E11F.60103@dido.ca> References: <4433E11F.60103@dido.ca> Message-ID: <44397C2F.4080507@ecs.soton.ac.uk> If you send the spam as an attachment (read the comments about the Spam Actions settings), you can include a $longreport which will give them a nice table including the description of each rule that hit. I might have got the name wrong, so check the relevant report file which will include an example of use of every variable name that can be used in the report file. Rob Morin wrote: > Hello all.... > > I have a few clients that receive email from Asia quite a bit, and > they are legitimate emails with no spam, just business talk in them... > but they get tagged as spam.... now i know it gives the reason in the > logs, but how do i actually tell what the reason was to the user? > Here is a sample > > mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > > So ok, there the info, so do i look up each rule to see what it means? > Is ther ean table or an easy way to let a client know why?? > > Also i have a friend of mine that has his own mail server and he says > he does a white list by adding to the white list any email address > that the server sends email to... IE any of his clients that send > email via that server to a person, that email is put itn the white > list automatically... is this safe? is it possible? > > > > Thanks and have a great day! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Sun Apr 9 23:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 9 23:31:38 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: <44352CFC.6090903@abacom.com> References: <008101c65954$f810e6e0$3004010a@martinhlaptop> <44352CFC.6090903@abacom.com> Message-ID: Chris Conn wrote on Thu, 06 Apr 2006 11:00:12 -0400: > This thread has confused the heck out of me. And your question does that to me. *What* do you mean? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at grayonline.id.au Sun Apr 9 23:22:21 2006 From: james at grayonline.id.au (James Gray) Date: Mon Apr 10 00:28:30 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: References: <4433E263.6060906@thehostmasters.com> <4433F7B7.6060900@thehostmasters.com> Message-ID: <200604100822.23331.james@grayonline.id.au> On Thu, 6 Apr 2006 05:31 am, Kai Schaetzl wrote: > Rob Morin wrote on Wed, 05 Apr 2006 13:00:39 -0400: > > so i do things to help me out that might not be > > kosher, so to speak.... > > > > I will up it to 5 right away > > Go to www.rulesemporium.org, it's a very good resource. Grab a few > rulesets, not *all* of them! If you are satisfied, get rulesdujour and > they will autoupdate from then on. You have to invest an hour of work into > this or maybe two, but then you get forget for a year. ...unless you're one of the poor saps maintaining the rules grokked by rulesdujour! ;) James -- Never worry about theory as long as the machinery does what it's supposed to do. -- R. A. Heinlein -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060410/beca2a9c/attachment.bin From adrik at salesmanager.nl Mon Apr 10 09:03:58 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Mon Apr 10 09:04:01 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kai Schaetzl > Sent: zondag 9 april 2006 17:09 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri Koppes wrote on Fri, 7 Apr 2006 09:30:46 +0200: > > > It seems to be sa-update downloads the rules into a > separate directory. > > yes, either beneath /etc/mail/spamassassin when I don't > specify the path and if I specify the path then down there. I > can't see a reason why SA should use it there, it doesn't > know of the path. sa-update doesn't add this path to the SA > configuration. What is your LOCAL_STATE_DIR set to in /usr/local/bin/spamassassin? If sa-update puts the updates in the directory pointed to by LOCAL_STATE_DIR, spamassassin will automatically pick them up, replacing the rules from the system rules. > > Have you tried running spamassassin -D after running sa-update? > > As I said, it won't use that path nor will it use any > subdirectory off /etc/mail/spamassassin - in that case it > would just gulp all my rulesdujour a second time. > > > SpamAssassin should find the updated rules from the > subdirectory and use them. > > >From my experience: no. Try putting the updates in LOCAL_STATE_DIR and try again. Adri. From adrik at salesmanager.nl Mon Apr 10 09:06:06 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Mon Apr 10 09:06:08 2006 Subject: 4.52 on FreeBSD? Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Drew Marshall > Sent: zondag 9 april 2006 15:13 > To: MailScanner discussion > Subject: Re: 4.52 on FreeBSD? > > On 8 Apr 2006, at 18:33, emm1 wrote: > > > I don't know howto do this. And as of "they" I assume there > is someone > > who is committed to update this specific port or do they > just wait for > > someone to do it? > > 'They' is Jan-Peter Koopmann who does participate on this > list and who's e-mail address is listed in the Makefile of > the port. You could always e-mail him and either; > > 1) Volunteer to help him > 2) Rant about his inefficiency at not having updated the port yet > > Or take the third option > > 3) Be patient and wait > > I'll leave you to decide what is the best course of action ;-) > Jan Peter is sometimes busy with his normal job too! He does update the port regulary, but sometimes skip 1 or 2 versions if he's busy and there is not a lot of new functionality. As Drew said, just be patient of volunteer to help and/or maintain the port yourself. Adri. From jscheepers at fbsd.za.net Mon Apr 10 09:31:07 2006 From: jscheepers at fbsd.za.net (Johann Scheepers) Date: Mon Apr 10 09:31:35 2006 Subject: Nod32 Message-ID: <443A17CB.4010602@fbsd.za.net> Hello, Does anyone have a working setup that includes Nod32 + Mailscanner? For the life of me I can't get nod32 to pickup viruses in emails. If I scan a .exe or .com with nod32 it picks up the virus but never in emails. Using bitdefender and clamav works on the same email, though. I have also tried all the possible command line switches with nod32. If anyone has a working setup can you please contact me off list or reply here, whichever you feel like doing. Thanks, Johann From dhawal at netmagicsolutions.com Mon Apr 10 09:57:25 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 10 09:57:59 2006 Subject: Whitelisting Problem In-Reply-To: <4438F536.4080803@blacknight.ie> References: <4438F536.4080803@blacknight.ie> Message-ID: <443A1DF5.3040101@netmagicsolutions.com> Michele Neylon:: Blacknight.ie wrote: > Hi > > If this has been discussed previously I couldn't find it :) > > In any case the problem / issue is as follows > > For very good reason we are allowing all mail to abuse@ and support@ to > bypass our spam filters, however if the email is CCed or BCCed to other > addresses it gets through to them, which we don't want > > Put another way... > We want mail to abuse@ and support@ to get through BUT we don't want > anyotheraddress@ to receive the junk > > MTA is sendmail > > Any thoughts / suggestions would be appreciated Why not have a spamassassin header check.. something like header ABUSE_RULE To =~ /\babuse\@*$/i header POSTMASTER_RULE To =~ /\bpostmaster\@*$/i and give it a negative score.. This way if i am correct, 'Cc' and 'Bcc' get ignored. Also check the syntax once again, rule writing is not one of my strong points. > TIA > > Michele - dhawal From Jan-Peter.Koopmann at seceidos.de Mon Apr 10 10:49:35 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Apr 10 10:49:44 2006 Subject: 4.52 on FreeBSD? Message-ID: On Monday, April 10, 2006 10:06 AM Adri Koppes wrote: >> 3) Be patient and wait Which is what I would prefer.. :-) > Jan Peter is sometimes busy with his normal job too! Put it the other way around: Sometimes I have time outside my job. :-) > He does update the port regulary, but sometimes skip 1 or 2 versions > if he's busy and there is not a lot of new functionality. Actually 4.51 was submitted as far as I can remember but was never committed due to a ports freeze. Now 4.52 is out and therefore the people will not commit 4.51 but rather wait for 4.52. I am currently out of this office until Wednesday. Maybe I can hack together the newest version earlier. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060410/73fc3438/smime.bin From alan at essex.ac.uk Mon Apr 10 11:26:23 2006 From: alan at essex.ac.uk (Stanier, Alan M) Date: Mon Apr 10 11:26:27 2006 Subject: Warning Is Attachment = no Message-ID: <773A7B88FE13D6119C7B009027D3A56A0693F685@sernt13.essex.ac.uk> Hi We are running MailScanner version 4.51.5 When an executable file is mailed to us, it is replaced with stored.filename.message.txt as an attachment. I'd like that to be in the body of the message. The comments in MailScanner.conf, the book, and the wiki all suggest that setting "Warning Is Attachment = no" is what I want. But I've done that, and the file is still appearing as an attachment. What else do I need to do, or have I just misunderstand the instructions? Alan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060410/0ab8c919/attachment.html From martin.lyberg at gmail.com Mon Apr 10 12:21:10 2006 From: martin.lyberg at gmail.com (Martin) Date: Mon Apr 10 13:55:12 2006 Subject: Forward virus, not quarantine? Message-ID: Hi, I'm using Mailscanner together with Postfix, SA and clamav. I wan't to forward all virus-mail to a special mailbox. Is this possible? Thanks / Martin From dhawal at netmagicsolutions.com Mon Apr 10 17:39:53 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 10 17:39:44 2006 Subject: bdc replacement Message-ID: <443A8A59.9050709@netmagicsolutions.com> Hello List, BDC has lately become a cpu hog (or maybe i discovered recently). Am wondering if there are any other alternatives in the command line virus scanning world that are free (as in beer) OR relatively cheap and consume much less resources. I've been using clamav and uvscan for quite some time (qmail-scanner days) and am more / less happy with their performance.. so any other suggestions would be welcome. Also a couple of questions for Julian: 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to something like /var/spool/MailScanner/incoming/log.bdc.$$ and take advantage of the tmpfs partition? 2. Also i don't see any options being used in the bitdefender-wrapper script (similar to ExtraOptions in clamav-wrapper). Any particular reason why? Is it because MailScanner handles all the unpacking of attachments? thanks, - dhawal From ugob at camo-route.com Mon Apr 10 19:21:24 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Apr 10 19:21:51 2006 Subject: SEMI-OT: Book Translation In-Reply-To: <4437C2FF.7000801@blacknight.ie> References: <443411C7.5020009@nkpanama.com> <4437C2FF.7000801@blacknight.ie> Message-ID: Michele Neylon:: Blacknight.ie wrote: > Ugo Bellavance wrote: >> Alex Neuman van der Hans wrote: >>> I'd like to translate "the book" into Spanish, or write "el libro" >>> from scratch. >> Makes me wonder, would it be worth it to translate it in french? > > I'd say - yes > SVP s'il y a des gens qui aimeraient voir une version du livre de MailScanner en francais, vous manifester. Merci, Ugo From glenn.steen at gmail.com Mon Apr 10 19:43:59 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 10 19:44:02 2006 Subject: bdc replacement In-Reply-To: <443A8A59.9050709@netmagicsolutions.com> References: <443A8A59.9050709@netmagicsolutions.com> Message-ID: <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> On 10/04/06, Dhawal Doshy wrote: > Hello List, > > BDC has lately become a cpu hog (or maybe i discovered recently). Am Really? How bad is it? Could you perhaps describe your setup a bit, and perhaps some volume figures....? > wondering if there are any other alternatives in the command line virus > scanning world that are free (as in beer) OR relatively cheap and > consume much less resources. > > I've been using clamav and uvscan for quite some time (qmail-scanner > days) and am more / less happy with their performance.. so any other > suggestions would be welcome. > > Also a couple of questions for Julian: > > 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to > something like /var/spool/MailScanner/incoming/log.bdc.$$ and take > advantage of the tmpfs partition? > > 2. Also i don't see any options being used in the bitdefender-wrapper > script (similar to ExtraOptions in clamav-wrapper). Any particular > reason why? Is it because MailScanner handles all the unpacking of > attachments? > > thanks, > - dhawal Well, there are some that are free for private/home/non-commercial use .... like Antivir (or avira or whatever they like to be called.... http://www.free-av.com), AVG etc... (Avast is too, if you'd like to try your hand at writing a wrapper (I don't think it is included in the "supported set":-)). Panda isn't free, even though they say so, since you need to pay for updates, and besides.... It's not that well come together (although Ricks "new" wrapper makes it somewhat less of a hog), so I wouldn't recommend that one ... But it is cheap, one has to give it that... If one were a bit sarcastic, one might say it is cheap in every sense of the word;). If I'd look at anything new, it'd probably be ine if the four: AVG, Sophos, F-secure or F-prot.... with possibly nod32 as a remote outsider:-). Anyway, I've been happy with the same setup you've got (clam, bdc and mcafee), so would realy be interrested to hear what numbers you can present. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Mon Apr 10 20:07:47 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 10 20:08:19 2006 Subject: bdc replacement In-Reply-To: <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> References: <443A8A59.9050709@netmagicsolutions.com> <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> Message-ID: Glenn Steen spake the following on 4/10/2006 11:43 AM: > On 10/04/06, Dhawal Doshy wrote: >> Hello List, >> >> BDC has lately become a cpu hog (or maybe i discovered recently). Am > > Really? How bad is it? Could you perhaps describe your setup a bit, > and perhaps some volume figures....? > >> wondering if there are any other alternatives in the command line virus >> scanning world that are free (as in beer) OR relatively cheap and >> consume much less resources. >> >> I've been using clamav and uvscan for quite some time (qmail-scanner >> days) and am more / less happy with their performance.. so any other >> suggestions would be welcome. >> >> Also a couple of questions for Julian: >> >> 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to >> something like /var/spool/MailScanner/incoming/log.bdc.$$ and take >> advantage of the tmpfs partition? >> >> 2. Also i don't see any options being used in the bitdefender-wrapper >> script (similar to ExtraOptions in clamav-wrapper). Any particular >> reason why? Is it because MailScanner handles all the unpacking of >> attachments? >> >> thanks, >> - dhawal > > Well, there are some that are free for private/home/non-commercial use > .... like Antivir (or avira or whatever they like to be called.... > http://www.free-av.com), AVG etc... (Avast is too, if you'd like to > try your hand at writing a wrapper (I don't think it is included in > the "supported set":-)). Panda isn't free, even though they say so, > since you need to pay for updates, and besides.... It's not that well > come together (although Ricks "new" wrapper makes it somewhat less of > a hog), so I wouldn't recommend that one ... But it is cheap, one has > to give it that... If one were a bit sarcastic, one might say it is > cheap in every sense of the word;). > > If I'd look at anything new, it'd probably be ine if the four: AVG, > Sophos, F-secure or F-prot.... with possibly nod32 as a remote > outsider:-). > > Anyway, I've been happy with the same setup you've got (clam, bdc and > mcafee), so would realy be interrested to hear what numbers you can > present. > Cheers I run the same 3 and haven't seen any performance problems. Are you running the gcc3x version, or do you still have the older (i think gcc29x) version? The older one isn't even offered on their website, although I have them somewhere. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dhawal at netmagicsolutions.com Mon Apr 10 21:25:57 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 10 21:26:01 2006 Subject: bdc replacement In-Reply-To: References: <443A8A59.9050709@netmagicsolutions.com> <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> Message-ID: <20060410202557.23401.qmail@mymail.netmagicians.com> Scott Silva writes: > Glenn Steen spake the following on 4/10/2006 11:43 AM: >> On 10/04/06, Dhawal Doshy wrote: >>> Hello List, >>> >>> BDC has lately become a cpu hog (or maybe i discovered recently). Am >> >> Really? How bad is it? Could you perhaps describe your setup a bit, >> and perhaps some volume figures....? >> >>> wondering if there are any other alternatives in the command line virus >>> scanning world that are free (as in beer) OR relatively cheap and >>> consume much less resources. >>> >>> I've been using clamav and uvscan for quite some time (qmail-scanner >>> days) and am more / less happy with their performance.. so any other >>> suggestions would be welcome. >>> >>> Also a couple of questions for Julian: >>> >>> 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to >>> something like /var/spool/MailScanner/incoming/log.bdc.$$ and take >>> advantage of the tmpfs partition? >>> >>> 2. Also i don't see any options being used in the bitdefender-wrapper >>> script (similar to ExtraOptions in clamav-wrapper). Any particular >>> reason why? Is it because MailScanner handles all the unpacking of >>> attachments? >>> >>> thanks, >>> - dhawal >> >> Well, there are some that are free for private/home/non-commercial use >> .... like Antivir (or avira or whatever they like to be called.... >> http://www.free-av.com), AVG etc... (Avast is too, if you'd like to >> try your hand at writing a wrapper (I don't think it is included in >> the "supported set":-)). Panda isn't free, even though they say so, >> since you need to pay for updates, and besides.... It's not that well >> come together (although Ricks "new" wrapper makes it somewhat less of >> a hog), so I wouldn't recommend that one ... But it is cheap, one has >> to give it that... If one were a bit sarcastic, one might say it is >> cheap in every sense of the word;). >> >> If I'd look at anything new, it'd probably be ine if the four: AVG, >> Sophos, F-secure or F-prot.... with possibly nod32 as a remote >> outsider:-). >> >> Anyway, I've been happy with the same setup you've got (clam, bdc and >> mcafee), so would realy be interrested to hear what numbers you can >> present. >> Cheers > I run the same 3 and haven't seen any performance problems. Are you running > the gcc3x version, or do you still have the older (i think gcc29x) version? > The older one isn't even offered on their website, although I have them somewhere. Hey guys.. thanks for your replies.. it really isn't as bad as i've projected but then the average cpu usage is 40% and bdc is responsible for most of it. What i am worried about is the constant/consistent 35-40% usage. All systems are: Dell PE1850, Dual Xeons 2.8 Ghz (with HT enabled), 3GB RAM, 10K RPM SCSI Disks Running 32bit centos 4.3 with the following: MS 4.50.10/postfix 2.2.5 SA 3.11/pyzor/razor/dcc uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 The servers process about 70-80K mails each + lot more rejections at the mta level. - dhawal > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From glenn.steen at gmail.com Mon Apr 10 22:08:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 10 22:08:23 2006 Subject: bdc replacement In-Reply-To: <20060410202557.23401.qmail@mymail.netmagicians.com> References: <443A8A59.9050709@netmagicsolutions.com> <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> <20060410202557.23401.qmail@mymail.netmagicians.com> Message-ID: <223f97700604101408i6ca8c5dfnde84b15f4107d2cd@mail.gmail.com> On 10/04/06, Dhawal Doshy wrote: > Scott Silva writes: > > > Glenn Steen spake the following on 4/10/2006 11:43 AM: > >> On 10/04/06, Dhawal Doshy wrote: > >>> Hello List, > >>> > >>> BDC has lately become a cpu hog (or maybe i discovered recently). Am > >> > >> Really? How bad is it? Could you perhaps describe your setup a bit, > >> and perhaps some volume figures....? > >> > >>> wondering if there are any other alternatives in the command line virus > >>> scanning world that are free (as in beer) OR relatively cheap and > >>> consume much less resources. > >>> > >>> I've been using clamav and uvscan for quite some time (qmail-scanner > >>> days) and am more / less happy with their performance.. so any other > >>> suggestions would be welcome. > >>> > >>> Also a couple of questions for Julian: > >>> > >>> 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to > >>> something like /var/spool/MailScanner/incoming/log.bdc.$$ and take > >>> advantage of the tmpfs partition? > >>> > >>> 2. Also i don't see any options being used in the bitdefender-wrapper > >>> script (similar to ExtraOptions in clamav-wrapper). Any particular > >>> reason why? Is it because MailScanner handles all the unpacking of > >>> attachments? > >>> > >>> thanks, > >>> - dhawal > >> > >> Well, there are some that are free for private/home/non-commercial use > >> .... like Antivir (or avira or whatever they like to be called.... > >> http://www.free-av.com), AVG etc... (Avast is too, if you'd like to > >> try your hand at writing a wrapper (I don't think it is included in > >> the "supported set":-)). Panda isn't free, even though they say so, > >> since you need to pay for updates, and besides.... It's not that well > >> come together (although Ricks "new" wrapper makes it somewhat less of > >> a hog), so I wouldn't recommend that one ... But it is cheap, one has > >> to give it that... If one were a bit sarcastic, one might say it is > >> cheap in every sense of the word;). > >> > >> If I'd look at anything new, it'd probably be ine if the four: AVG, > >> Sophos, F-secure or F-prot.... with possibly nod32 as a remote > >> outsider:-). > >> > >> Anyway, I've been happy with the same setup you've got (clam, bdc and > >> mcafee), so would realy be interrested to hear what numbers you can > >> present. > >> Cheers > > I run the same 3 and haven't seen any performance problems. Are you running > > the gcc3x version, or do you still have the older (i think gcc29x) version? > > The older one isn't even offered on their website, although I have them somewhere. > > Hey guys.. thanks for your replies.. it really isn't as bad as i've > projected but then the average cpu usage is 40% and bdc is responsible for > most of it. What i am worried about is the constant/consistent 35-40% usage. > > All systems are: > Dell PE1850, Dual Xeons 2.8 Ghz (with HT enabled), 3GB RAM, 10K RPM SCSI > Disks Running 32bit centos 4.3 with the following: > > MS 4.50.10/postfix 2.2.5 > SA 3.11/pyzor/razor/dcc > uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 > > The servers process about 70-80K mails each + lot more rejections at the mta > level. > > - dhawal Well, doesn't sound like anything to get desparately anxious about:-). After all, *some* use of the cpus are OK:):) (Joking aside) Do you see any other "danger signs"? Or is it "just" cpu? Any particular reason why you have HT on? Does it really give you any real (measurable) benefit? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Mon Apr 10 22:34:39 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 10 22:34:42 2006 Subject: bdc replacement In-Reply-To: <223f97700604101408i6ca8c5dfnde84b15f4107d2cd@mail.gmail.com> References: <443A8A59.9050709@netmagicsolutions.com> <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> <20060410202557.23401.qmail@mymail.netmagicians.com> <223f97700604101408i6ca8c5dfnde84b15f4107d2cd@mail.gmail.com> Message-ID: <20060410213439.27424.qmail@mymail.netmagicians.com> Glenn Steen writes: > On 10/04/06, Dhawal Doshy wrote: >> Scott Silva writes: >> >> > Glenn Steen spake the following on 4/10/2006 11:43 AM: >> >> On 10/04/06, Dhawal Doshy wrote: >> >>> Hello List, >> >>> >> >>> BDC has lately become a cpu hog (or maybe i discovered recently). Am >> >> >> >> Really? How bad is it? Could you perhaps describe your setup a bit, >> >> and perhaps some volume figures....? >> >> >> >>> wondering if there are any other alternatives in the command line virus >> >>> scanning world that are free (as in beer) OR relatively cheap and >> >>> consume much less resources. >> >>> >> >>> I've been using clamav and uvscan for quite some time (qmail-scanner >> >>> days) and am more / less happy with their performance.. so any other >> >>> suggestions would be welcome. >> >>> >> >>> Also a couple of questions for Julian: >> >>> >> >>> 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to >> >>> something like /var/spool/MailScanner/incoming/log.bdc.$$ and take >> >>> advantage of the tmpfs partition? >> >>> >> >>> 2. Also i don't see any options being used in the bitdefender-wrapper >> >>> script (similar to ExtraOptions in clamav-wrapper). Any particular >> >>> reason why? Is it because MailScanner handles all the unpacking of >> >>> attachments? >> >>> >> >>> thanks, >> >>> - dhawal >> >> >> >> Well, there are some that are free for private/home/non-commercial use >> >> .... like Antivir (or avira or whatever they like to be called.... >> >> http://www.free-av.com), AVG etc... (Avast is too, if you'd like to >> >> try your hand at writing a wrapper (I don't think it is included in >> >> the "supported set":-)). Panda isn't free, even though they say so, >> >> since you need to pay for updates, and besides.... It's not that well >> >> come together (although Ricks "new" wrapper makes it somewhat less of >> >> a hog), so I wouldn't recommend that one ... But it is cheap, one has >> >> to give it that... If one were a bit sarcastic, one might say it is >> >> cheap in every sense of the word;). >> >> >> >> If I'd look at anything new, it'd probably be ine if the four: AVG, >> >> Sophos, F-secure or F-prot.... with possibly nod32 as a remote >> >> outsider:-). >> >> >> >> Anyway, I've been happy with the same setup you've got (clam, bdc and >> >> mcafee), so would realy be interrested to hear what numbers you can >> >> present. >> >> Cheers >> > I run the same 3 and haven't seen any performance problems. Are you running >> > the gcc3x version, or do you still have the older (i think gcc29x) version? >> > The older one isn't even offered on their website, although I have them somewhere. >> >> Hey guys.. thanks for your replies.. it really isn't as bad as i've >> projected but then the average cpu usage is 40% and bdc is responsible for >> most of it. What i am worried about is the constant/consistent 35-40% usage. >> >> All systems are: >> Dell PE1850, Dual Xeons 2.8 Ghz (with HT enabled), 3GB RAM, 10K RPM SCSI >> Disks Running 32bit centos 4.3 with the following: >> >> MS 4.50.10/postfix 2.2.5 >> SA 3.11/pyzor/razor/dcc >> uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 >> >> The servers process about 70-80K mails each + lot more rejections at the mta >> level. >> >> - dhawal > > Well, doesn't sound like anything to get desparately anxious about:-). > After all, *some* use of the cpus are OK:):) well i am not really deperate/anxious.. i've run mission critical communication stuff on underpowered machines for too long to get jittery.. and for this project i've convinced management that 60% resource usage (sustained peak usage) warrants for an additional server. > (Joking aside) Do you see any other "danger signs"? Or is it "just" > cpu? Any particular reason why you have HT on? Does it really give you > any real (measurable) benefit? Actually it's just cpu, i have enough free memory. With some more load each server can take 120000+ mails a day but i doubt bdc will let me do so, hence the concern. As for HT, it was enabled by default and back then i didn't see a reason to turn it off (but lately, i think otherwise) thanks, - dhawal > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From james at grayonline.id.au Tue Apr 11 06:22:31 2006 From: james at grayonline.id.au (James Gray) Date: Tue Apr 11 06:23:28 2006 Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! Message-ID: <200604111522.35660.james@grayonline.id.au> Hi All, Just thought I'd post my results after tinkering for the last few days. MailScanner 4.52-2 (With Julian's install-clam-sa "package"). MailWatch 1.0.3 ClamAV 0.88 (from Fink) + a few odd's and sods from source/CPAN. It works! Surprisingly, considering this is my first MailScanner+Postfix setup and this is the first Mac I've owned (ever). - The Time::Hires module doesn't pass the tests, but seems to run fine. So I just did a "make+install" without the tests. - The Net::DNS module from CPAN doesn't seem to like Mac OSX...I'm still working on that. - Once MySQL was up and running, integrating Mailwatch was as simple as FreeBSD/Linux. It's mostly manual anyway, so no big differences there. - Still haven't figured out OSX's launchd stuff to get it to fire up MailScanner automagically. (Anyone?) TO DO: - Pyzor and Razor2 clients. - Install postfix-mysql and switch to virtual users etc. - Install courier POP3+IMAP. - Implement SASL/TLS for remote SMTP users. Oddities: - "\n" literal added to the end of log lines (Julian?), eg: Apr 11 15:11:54 emily MailScanner[6840]: Spam Checks: Starting\n Apr 11 15:11:54 emily MailScanner[6840]: Message 8D65DC67E5.09643 from 10.0.0.1 (me@mydomain) is whitelisted\n Apr 11 15:11:55 emily MailScanner[6840]: Message 8D65DC67E5.09643 from 10.0.0.1 (me@mydomain) to mydomain is not spam (whitelisted), SpamAssassin (score=0.496, required 5, ALL_TRUSTED -1.80, BAYES_50 0.00, DRUGS_ERECTILE 0.49, NO_REAL_NAME 0.96, UNDISC_RECIPS 0.84)\n .... etc. Other than that, no major dramas :) Cheers James -- BOFH excuse #382: Someone was smoking in the computer room and set off the halon systems. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060411/b3f92496/attachment.bin From prandal at herefordshire.gov.uk Tue Apr 11 10:31:46 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Apr 11 10:33:14 2006 Subject: bdc replacement Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C591C29@isabella.herefordshire.gov.uk> Is bdc 7.1 any better? # bdc -version BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) (from http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html ) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Dhawal Doshy > Sent: 10 April 2006 21:26 > To: MailScanner discussion > Subject: Re: bdc replacement > uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 From tac.forums at gmail.com Tue Apr 11 13:06:17 2006 From: tac.forums at gmail.com (TAC Forums) Date: Tue Apr 11 13:06:20 2006 Subject: Denial of Service attack in message! Message-ID: Hi A word documented sent as an attachment got quarantined by MailScanner version 4.29 but goes through fine on version 4.31 This is the error it gives. ================================================= From: MailScanner [mailto:postmaster@......] Sent: Thursday, April 06, 2006 6:16 PM To: ......................... Subject: Warning: E-mail viruses detected The following e-mail messages were found to have viruses in them: Sender: .......................... IP Address: 127.0.0.1 Recipient: ............... Subject: ......................... MessageID: k36CMaet006826 Report: Denial of Service attack in message! Denial of Service attack in message! ================================================= I've replaced email addresses with dots as it's not relavent. Is this something I need to worry about? Or can I forward this attachment to the recepient? Regards -- TAC Support Team From alex at nkpanama.com Tue Apr 11 14:09:54 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 11 14:10:25 2006 Subject: SEMI-OT: Book Translation In-Reply-To: References: <443411C7.5020009@nkpanama.com> <4437C2FF.7000801@blacknight.ie> Message-ID: <443BAAA2.1070700@nkpanama.com> Ugo Bellavance wrote: > > SVP s'il y a des gens qui aimeraient voir une version du livre de > MailScanner en francais, vous manifester. > > Merci, > > Ugo > Je crois que une version fran?aise du livre serait bonne, m?me si mon Fran?ais est tr?s pauvre. S'il y a quelque chose je peux faire pour aider, me contacte. From alex at nkpanama.com Tue Apr 11 14:12:51 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 11 14:13:38 2006 Subject: Same email processes 268 times! In-Reply-To: <48dbe547f93db62bd1bd8db0b72a3005@localhost> References: <48dbe547f93db62bd1bd8db0b72a3005@localhost> Message-ID: <443BAB53.2010103@nkpanama.com> Max Kipness wrote: > Hello - > > I've been trying desperately to figure out why my MailScanner queues are so > large and cpu is pegged at 100%. When looking through the log I finally figured > out what part of the problem might be. Some messages are being processed > hundreds of times. I grepped for one messagaes and was processed 268 times, so > basically I see this (the repetitive part): > > Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message k33E61uc020656 > actions are store > Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found in > SBL+XBL > Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for message > k33E61uc020656 > Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from > 218.144.251.15 (jonah.rivas_yx@mo > en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, required 6, > BAYES_99 3.50, DATE_IN_ > FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, > MIME_BASE64_NO_NAME 0.22 > , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, > RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ > RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL > 1.95, RCVD_IN_SORBS_DUL 2. > 05) > > This has repeated 268 times with only an increment of a few seconds in the > time. > > Other messages, including non-spam seem to function just fine and are processed > once. > > I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build from a > week ago, so something I guess could be configured wrong. > > Thanks, > Max > > File locking (should be posix, I think)? Try setting "max children" to 1, temporarily, and see what happens. Be sure to get move the files in the queue somewhere else temporarily as well, just for testing. From dickenson at cfmc.com Tue Apr 11 14:49:37 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Tue Apr 11 14:49:52 2006 Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! In-Reply-To: <200604111522.35660.james@grayonline.id.au> Message-ID: Basically you create a directory under /Library/StartupItems. The directories I have are owned by root:wheel and have permissions 755. In this directory you create a script that starts the process. Here is an example: #!/bin/sh ## # MySQL 4 Server ## . /etc/rc.common StartService () { if [ "${MYSQL:=-NO-}" = "-YES-" ]; then ConsoleMessage "Starting MySQL Server" cd /Library/MySQL ./bin/mysqld_safe & fi } StopService () { ConsoleMessage "Stopping MySQL Server" PIDS=`ps ax | grep mysql | grep -v grep | awk '{print $1}'` for pid in $PIDS; do kill -KILL $pid done } RestartService () { StopService sleep 3 StartService } RunService "$1" This file has the same name as the directory, although I do not know if that is required it seems to be the case in the directories I have. The file is owned by root:wheel and has permissions 755. The line: if [ "${MYSQL:=-NO-}" = "-YES-" ]; then is used to evaluate a line in /etc/hostconifg that looks like "MYSQL=-YES-" or " MYSQL=-NO-" and says if you want the process to start at reboot or not. The second file is a properties list file named StartupParameters.plist with owner root:wheel and permissions 644. Here is an example: { Description = "MySQL Server"; Provides = ("MySQL"); Requires = ("Resolver"); OrderPreference = "Late"; Messages = { start = "Starting MySQL Server"; stop = "Stopping MySQL Server"; }; } User startup processes are controlled in /Library/StartupItems while system processes are controlled in /System/Library/StartupItems. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: James Gray > Organization: GrayOnline > Reply-To: MailScanner discussion > Date: Tue, 11 Apr 2006 15:22:31 +1000 > To: MailScanner List > Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! > > Hi All, > > Just thought I'd post my results after tinkering for the last few days. > > - Still haven't figured out OSX's launchd stuff to get it to fire up > MailScanner automagically. (Anyone?) From dickenson at cfmc.com Tue Apr 11 15:04:34 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Tue Apr 11 15:04:47 2006 Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! In-Reply-To: Message-ID: Documentation on this topic can be found here: file:///Developer/ADC%20Reference%20Library/documentation/MacOSX/Conceptual/ BPSystemStartup/Articles/StartupItems.html#//apple_ref/doc/uid/20002132-Dont LinkElementID_247517a And here: file:///Developer/ADC%20Reference%20Library/documentation/MacOSX/Conceptual/ BPSystemStartup/Articles/DesigningDaemons.html#//apple_ref/doc/uid/TP4000179 1-BBCBHBFB -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > >> From: James Gray >> Organization: GrayOnline >> Reply-To: MailScanner discussion >> Date: Tue, 11 Apr 2006 15:22:31 +1000 >> To: MailScanner List >> Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! >> >> Hi All, >> >> Just thought I'd post my results after tinkering for the last few days. >> >> - Still haven't figured out OSX's launchd stuff to get it to fire up >> MailScanner automagically. (Anyone?) > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jgg at giversen.net Tue Apr 11 15:14:50 2006 From: jgg at giversen.net (=?ISO-8859-1?Q?J=F8rgen_Giversen?=) Date: Tue Apr 11 15:15:09 2006 Subject: Mailserver mem usage (OT) In-Reply-To: <200604111522.35660.james@grayonline.id.au> References: <200604111522.35660.james@grayonline.id.au> Message-ID: <443BB9DA.2060106@giversen.net> Dear all I have just setup a new mailserver (the old hardware was getting unstable) Harware: Intel 7320 motherboard 1 Xeon 2.8 1Gb ram Adaptec29320 Scsi controler some SCSI disks software: OS: Centos 4.3 I386 (not X86_64) Mailscanner 4.52.1 SA 3.11/pyzor/razor/dcc ClamAV, BDC Mailwatch 1.0.3 It scans around 1500 mails a day in total (also taking care of some other internet services ) I works fine but something bothers me. The old system had about 600 mb ram when i looked at "top" it always showed that it used all the mem available. The new system however shows that it uses about 300 mb with about 700 mb free. Can anybody tell my why it is not using all the mem that's available? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 11 15:35:17 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 11 15:35:20 2006 Subject: Mailserver mem usage (OT) In-Reply-To: <443BB9DA.2060106@giversen.net> References: <200604111522.35660.james@grayonline.id.au> <443BB9DA.2060106@giversen.net> Message-ID: <223f97700604110735x6dd586d1w740337403a9d6e4b@mail.gmail.com> On 11/04/06, J?rgen Giversen wrote: > Dear all I have just setup a new mailserver (the old hardware was > getting unstable) > > Harware: > Intel 7320 motherboard > 1 Xeon 2.8 > 1Gb ram > Adaptec29320 Scsi controler > some SCSI disks > > software: > OS: Centos 4.3 I386 (not X86_64) > Mailscanner 4.52.1 > SA 3.11/pyzor/razor/dcc > ClamAV, BDC > Mailwatch 1.0.3 > > It scans around 1500 mails a day in total (also taking care of some > other internet services ) > I works fine but something bothers me. > > The old system had about 600 mb ram when i looked at "top" it always > showed that it used all the mem available. The new system however shows > that it uses about 300 mb with about 700 mb free. Can anybody tell my > why it is not using all the mem that's available? > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > One can think of several reasons:-). On the "old" system, you probably had most of your memory "tied" to filesystem caching etc, that is to say in "readily returnable state"... So if the kernel policy for how much of the memory is used/allowed for such differ, you will see a marked difference there. Also, this caching can take some time to "build up" so if the system hasn't been running for more than a (rather) short while, it might not have had time to amass any significant use (if you use slocate or similar, thoat/those cron-jobs usually "fill this up" eventually:-). Unless you see some (real) performance issues, this shouldn't be anything to worry that much about. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roger at rudnick.com.br Tue Apr 11 15:53:51 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 11 15:54:14 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> Message-ID: <00cc01c65d77$bf707ef0$0600a8c0@roger> Hello all! I finally found the problem with my mail server with messages sended with an empty body (problem related in the e-mail bellow). Turn's out that MailScanner is fine, sendmail is fine, and the problem was with Mailwatch. There is a php script in /usr/local/bin called "mailq" that reads the mail queue to show in Mailwatch frontend. This script runs every minute, and it locks the messages (sometimes), and because of that MailScanner sends the empty messages (with the locking error) and then after that the normal (full) message. I turned that script off and now everything is working fine... What a fight... Is there something I have to do with that script to make it run with sendmail 8.13 ? Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Thursday, April 06, 2006 10:58 AM Subject: Sendmail Upgrade, new thread > I'm rellating my problem again like Martin asked, to see if anybody could > help. > > I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, > I'm receiving some mails twice, one with no body (outlook shows <<< No > Message Collected >>>) and one complete mail (with the original body). > Looktype in MailScanner is (and already was before the upgrade) "posix". > > My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. > > When this error occurs, I can se in my maillog messages like: > > MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > > Shrek-m googled (I'm was told this is acepptable now : "googled") my > problem and found a similar one, and the solution was to decrease the max > children in MailScanner.conf to a single one. > > I did that, but the obvious problem that this created is that when lots of > mails come in, MailScanner became extremly slow, and users wait 20 minutes > or more to receive a single message. > > So, today I turned that back, to my usual number of childrens. And, > obviuosly, my problem returned, some messages are received twice. > > Other info, Julian asked me for the info returned by > sendmail -d0.1 -d0.4 -bt < /dev/null > > That returned: > > Version 8.13.6 > Compiled with: DNSMAP LDAPMAP FSTATMAP LOG MAP_REGEX MATCHGECOS MILTER > MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB NIS > PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB USE_LDAP_INIT > Canonical name: mail.rudnick.com.br > UUCP nodename: mail.rudnick.com.br > a.k.a.: mail > a.k.a.: [172.16.0.1] > > Another info I think may be usefull, is that before sendmail 8.13.6, > postfix was installed on my machine, but I wasn't using it. Trying to > upgrade sendmail to 8.13.6, it told me that sendmail conflicts with > postfix. So I removed it. I don't know if that has something to do with my > problem... > > Any help would be really appreciated. > > Regards > > Roger Jochem > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jgg at giversen.net Tue Apr 11 16:08:39 2006 From: jgg at giversen.net (=?ISO-8859-1?Q?J=F8rgen_Giversen?=) Date: Tue Apr 11 16:08:49 2006 Subject: Mailserver mem usage (OT) In-Reply-To: <223f97700604110735x6dd586d1w740337403a9d6e4b@mail.gmail.com> References: <200604111522.35660.james@grayonline.id.au> <443BB9DA.2060106@giversen.net> <223f97700604110735x6dd586d1w740337403a9d6e4b@mail.gmail.com> Message-ID: <443BC677.3050509@giversen.net> > >> The old system had about 600 mb ram when i looked at "top" it always >> showed that it used all the mem available. The new system however shows >> that it uses about 300 mb with about 700 mb free. Can anybody tell my >> why it is not using all the mem that's available? >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > One can think of several reasons:-). > On the "old" system, you probably had most of your memory "tied" to > filesystem caching etc, that is to say in "readily returnable > state"... So if the kernel policy for how much of the memory is > used/allowed for such differ, you will see a marked difference there. > Also, this caching can take some time to "build up" so if the system > hasn't been running for more than a (rather) short while, it might not > have had time to amass any significant use (if you use slocate or > similar, thoat/those cron-jobs usually "fill this up" eventually:-). > > Unless you see some (real) performance issues, this shouldn't be > anything to worry that much about. > Ok thanks I was just wondering if I some how could use some of the mem for squid when no other service seems to want to use it. It has been running now for 3 days with quite good performance. Regards jg -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dhawal at netmagicsolutions.com Tue Apr 11 16:25:16 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Apr 11 16:25:09 2006 Subject: bdc replacement In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580C591C29@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580C591C29@isabella.herefordshire.gov.uk> Message-ID: <443BCA5C.8060100@netmagicsolutions.com> Randal, Phil wrote: > Is bdc 7.1 any better? > > # bdc -version > BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) > > (from > http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html > ) Thanks for the link, i see the same behavior with 7.1 as well.. CPU is mostly 60% idle, and bdc consumes about 35-40% of the cpu. - dhawal > Cheers, > > Phil > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Dhawal Doshy >> Sent: 10 April 2006 21:26 >> To: MailScanner discussion >> Subject: Re: bdc replacement > >> uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 From glenn.steen at gmail.com Tue Apr 11 16:40:14 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 11 16:40:17 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <00cc01c65d77$bf707ef0$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> <00cc01c65d77$bf707ef0$0600a8c0@roger> Message-ID: <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com> On 11/04/06, Roger Jochem wrote: > Hello all! > > I finally found the problem with my mail server with messages sended with an > empty body (problem related in the e-mail bellow). > > Turn's out that MailScanner is fine, sendmail is fine, and the problem was > with Mailwatch. > > There is a php script in /usr/local/bin called "mailq" that reads the mail > queue to show in Mailwatch frontend. This script runs every minute, and it > locks the messages (sometimes), and because of that MailScanner sends the > empty messages (with the locking error) and then after that the normal > (full) message. I turned that script off and now everything is working > fine... What a fight... > > Is there something I have to do with that script to make it run with > sendmail 8.13 ? > > Regards > > Roger Jochem > Seems that script is using flock for locking, not lockf (posix). So Steve (or *someone*) might have something to do there:-). Usual disclaimer applies: I might be reading the code wrong;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roger at rudnick.com.br Tue Apr 11 16:53:40 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 11 16:53:56 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger><00cc01c65d77$bf707ef0$0600a8c0@roger> <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com> Message-ID: <019a01c65d80$1a6aed10$0600a8c0@roger> The command is really flock, in lines 30 and 219 of the script. I attached the file to this e-mail. I just need to change these two commands? Regards Roger Jochem ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Tuesday, April 11, 2006 12:40 PM Subject: Re: Sendmail Upgrade, new thread > On 11/04/06, Roger Jochem wrote: >> Hello all! >> >> I finally found the problem with my mail server with messages sended with >> an >> empty body (problem related in the e-mail bellow). >> >> Turn's out that MailScanner is fine, sendmail is fine, and the problem >> was >> with Mailwatch. >> >> There is a php script in /usr/local/bin called "mailq" that reads the >> mail >> queue to show in Mailwatch frontend. This script runs every minute, and >> it >> locks the messages (sometimes), and because of that MailScanner sends the >> empty messages (with the locking error) and then after that the normal >> (full) message. I turned that script off and now everything is working >> fine... What a fight... >> >> Is there something I have to do with that script to make it run with >> sendmail 8.13 ? >> >> Regards >> >> Roger Jochem >> > Seems that script is using flock for locking, not lockf (posix). So > Steve (or *someone*) might have something to do there:-). Usual > disclaimer applies: I might be reading the code wrong;). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: mailq.php Type: application/octet-stream Size: 8726 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060411/b3f72898/mailq.obj From ssilva at sgvwater.com Tue Apr 11 17:12:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 11 17:15:31 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <019a01c65d80$1a6aed10$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger><00cc01c65d77$bf707ef0$0600a8c0@roger> <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com> <019a01c65d80$1a6aed10$0600a8c0@roger> Message-ID: Roger Jochem spake the following on 4/11/2006 8:53 AM: > The command is really flock, in lines 30 and 219 of the script. I > attached the file to this e-mail. I just need to change these two commands? > > Regards > > Roger Jochem > > ----- Original Message ----- From: "Glenn Steen" > To: "MailScanner discussion" > Sent: Tuesday, April 11, 2006 12:40 PM > Subject: Re: Sendmail Upgrade, new thread > > >> On 11/04/06, Roger Jochem wrote: >>> Hello all! >>> >>> I finally found the problem with my mail server with messages sended >>> with an >>> empty body (problem related in the e-mail bellow). >>> >>> Turn's out that MailScanner is fine, sendmail is fine, and the >>> problem was >>> with Mailwatch. >>> >>> There is a php script in /usr/local/bin called "mailq" that reads the >>> mail >>> queue to show in Mailwatch frontend. This script runs every minute, >>> and it >>> locks the messages (sometimes), and because of that MailScanner sends >>> the >>> empty messages (with the locking error) and then after that the normal >>> (full) message. I turned that script off and now everything is working >>> fine... What a fight... >>> >>> Is there something I have to do with that script to make it run with >>> sendmail 8.13 ? >>> >>> Regards >>> >>> Roger Jochem >>> >> Seems that script is using flock for locking, not lockf (posix). So >> Steve (or *someone*) might have something to do there:-). Usual >> disclaimer applies: I might be reading the code wrong;). >> >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! That command seems to only lock only itself to keep multiple copies of the program from running. QUOTE // Prevent multiple copies running $fl = fopen("/var/run/mailq.lock", "w+"); // Attempt to create an exclusive lock - continue if successful if(flock($fl, LOCK_EX + LOCK_NB)) { /QUOTE It opens a lock file, and if it succeeds, it runs. If it can't open the lock file for write ("w+"), the program assumes it is already running. That way if it is fired every minute, but a large queue keeps the previous run open for more than that minute it won't run again. BTW, I think it should only run every 5 minutes. I think that is a symptom, not a cause. I, and many other people, are running that very script with no problems. Are you running a distro supplied version of sendmail, or did you get it from "outside the chain"? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From roger at rudnick.com.br Tue Apr 11 17:49:57 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 11 17:50:09 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger><00cc01c65d77$bf707ef0$0600a8c0@roger> <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com><019a01c65d80$1a6aed10$0600a8c0@roger> Message-ID: <022001c65d87$f79ac000$0600a8c0@roger> I'm running sendmail 8.13.6 that I rebuild from source. I got the source at http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRPMS . And I'm currently running Centos 3 (now it is on subversion 3.7) on my machine. Any better place to get sendmail 8.13 for my distro? Regards Roger Jochem ----- Original Message ----- From: "Scott Silva" To: Sent: Tuesday, April 11, 2006 1:12 PM Subject: Re: Sendmail Upgrade, new thread > Roger Jochem spake the following on 4/11/2006 8:53 AM: >> The command is really flock, in lines 30 and 219 of the script. I >> attached the file to this e-mail. I just need to change these two >> commands? >> >> Regards >> >> Roger Jochem >> >> ----- Original Message ----- From: "Glenn Steen" >> To: "MailScanner discussion" >> Sent: Tuesday, April 11, 2006 12:40 PM >> Subject: Re: Sendmail Upgrade, new thread >> >> >>> On 11/04/06, Roger Jochem wrote: >>>> Hello all! >>>> >>>> I finally found the problem with my mail server with messages sended >>>> with an >>>> empty body (problem related in the e-mail bellow). >>>> >>>> Turn's out that MailScanner is fine, sendmail is fine, and the >>>> problem was >>>> with Mailwatch. >>>> >>>> There is a php script in /usr/local/bin called "mailq" that reads the >>>> mail >>>> queue to show in Mailwatch frontend. This script runs every minute, >>>> and it >>>> locks the messages (sometimes), and because of that MailScanner sends >>>> the >>>> empty messages (with the locking error) and then after that the normal >>>> (full) message. I turned that script off and now everything is working >>>> fine... What a fight... >>>> >>>> Is there something I have to do with that script to make it run with >>>> sendmail 8.13 ? >>>> >>>> Regards >>>> >>>> Roger Jochem >>>> >>> Seems that script is using flock for locking, not lockf (posix). So >>> Steve (or *someone*) might have something to do there:-). Usual >>> disclaimer applies: I might be reading the code wrong;). >>> >>> -- >>> -- Glenn >>> email: glenn < dot > steen < at > gmail < dot > com >>> work: glenn < dot > steen < at > ap1 < dot > se >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > That command seems to only lock only itself to keep multiple copies of the > program from running. > QUOTE > // Prevent multiple copies running > $fl = fopen("/var/run/mailq.lock", "w+"); > // Attempt to create an exclusive lock - continue if successful > if(flock($fl, LOCK_EX + LOCK_NB)) { > > /QUOTE > It opens a lock file, and if it succeeds, it runs. If it can't open the > lock > file for write ("w+"), the program assumes it is already running. That way > if > it is fired every minute, but a large queue keeps the previous run open > for > more than that minute it won't run again. > BTW, I think it should only run every 5 minutes. I think that is a > symptom, > not a cause. > I, and many other people, are running that very script with no problems. > Are you running a distro supplied version of sendmail, or did you get it > from > "outside the chain"? > > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Apr 11 18:05:28 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Apr 11 18:05:33 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <022001c65d87$f79ac000$0600a8c0@roger> Message-ID: <1aa801c65d8a$2289bd00$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Roger Jochem > Sent: Tuesday, April 11, 2006 12:50 PM > To: MailScanner discussion > Subject: Re: Sendmail Upgrade, new thread > > I'm running sendmail 8.13.6 that I rebuild from source. I got the source > at > http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRPMS > . > > And I'm currently running Centos 3 (now it is on subversion 3.7) on my > machine. Any better place to get sendmail 8.13 for my distro? > > Regards > > Roger Jochem > City-fan.org has sendmail -8.13.6-1 patched rpms for RH3 and RH4: http://www.city-fan.org/ftp/contrib/mail/?C=N;O=A I've used them with no problems. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From roger at rudnick.com.br Tue Apr 11 19:58:31 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 11 19:58:53 2006 Subject: Sendmail Upgrade, new thread References: <1aa801c65d8a$2289bd00$2901010a@office.fsl> Message-ID: <009b01c65d99$ee5f99e0$0600a8c0@roger> This rpm's really did the trick. Now I'm using the mailwatch script again, and even so, everything is running fine. Thanks, Stephen and all others that helped me in some way. Regards Roger Jochem ----- Original Message ----- From: "Stephen Swaney" To: "'MailScanner discussion'" Sent: Tuesday, April 11, 2006 2:05 PM Subject: RE: Sendmail Upgrade, new thread > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Roger Jochem >> Sent: Tuesday, April 11, 2006 12:50 PM >> To: MailScanner discussion >> Subject: Re: Sendmail Upgrade, new thread >> >> I'm running sendmail 8.13.6 that I rebuild from source. I got the source >> at >> http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRPMS >> . >> >> And I'm currently running Centos 3 (now it is on subversion 3.7) on my >> machine. Any better place to get sendmail 8.13 for my distro? >> >> Regards >> >> Roger Jochem >> > > City-fan.org has sendmail -8.13.6-1 patched rpms for RH3 and RH4: > > http://www.city-fan.org/ftp/contrib/mail/?C=N;O=A > > I've used them with no problems. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue Apr 11 20:02:14 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 11 20:05:08 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <009b01c65d99$ee5f99e0$0600a8c0@roger> References: <1aa801c65d8a$2289bd00$2901010a@office.fsl> <009b01c65d99$ee5f99e0$0600a8c0@roger> Message-ID: Roger Jochem spake the following on 4/11/2006 11:58 AM: > This rpm's really did the trick. Now I'm using the mailwatch script > again, and even so, everything is running fine. > > Thanks, Stephen and all others that helped me in some way. > > Regards > > Roger Jochem Rpm's rolled for the distribution are soo much easier than using source. Otherwise you need to know all the includes and --with options that need to be passed on to the configure script. Very easy to leave something out. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From bpumphrey at WoodMacLaw.com Tue Apr 11 21:10:49 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Tue Apr 11 21:10:53 2006 Subject: OT Message-ID: <04D932B0071FE34FA63EBB1977B48D155E0C87@woodenex.woodmaclaw.local> The building that I work in go hit by high wind and it has been closed for 2 weeks now. We are finally getting to be able to move our servers to a remote location. In case anyone is interested it is the Regions bank building in Indianapolis, IN. I am fairly confident that I can do this without help, but I am taking the chance of posting here to make sure that I do not screw this up. As far as mail is concerned .... Mail is the only thing that I believe that will be affected by the IP address change. My Setup. Internet --> Router --> MailScanner Machine --> Exchange server Plan - Leave the MailScanner machine at the Regions Bankd building but take the Exchange server to the new location. All that I should have to do is use the MailScanner machine to forward mail to the new IP Address shouldn't I? 1. Change the mailertable Current woodmaclaw.com esmtp:[10.1.1.22] www.woodmaclaw.com esmtp:[10.1.1.22] woodmclaw.com esmtp:[10.1.1.22] www.woodmclaw.com esmtp:[10.1.1.22] Need to change to woodmaclaw.com esmtp:[new ip address of T1] www.woodmaclaw.com esmtp:[new ip address of T1] woodmclaw.com esmtp:[new ip address of T1] www.woodmclaw.com esmtp:[new ip address of T1] 2. Configure the new router to forward port 25 to the exchange server Is that it? Also should I put port fowarding for SSH so that I can remote into the MailScanner machine in case I need to? We do not host our own web site. Is there any other services that come to mind that would be affected by a IP address change? Thank you in advance! Billy Pumphrey From mike at vesol.com Tue Apr 11 21:29:42 2006 From: mike at vesol.com (Mike Kercher) Date: Tue Apr 11 21:30:00 2006 Subject: OT Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > The building that I work in go hit by high wind and it has > been closed for 2 weeks now. We are finally getting to be > able to move our servers to a remote location. In case > anyone is interested it is the Regions bank building in > Indianapolis, IN. > > I am fairly confident that I can do this without help, but I > am taking the chance of posting here to make sure that I do > not screw this up. > > As far as mail is concerned .... > > Mail is the only thing that I believe that will be affected > by the IP address change. > My Setup. > > Internet --> Router --> MailScanner Machine --> Exchange server > > Plan - Leave the MailScanner machine at the Regions Bankd > building but take the Exchange server to the new location. > All that I should have to do is use the MailScanner machine > to forward mail to the new IP Address shouldn't I? > > 1. Change the mailertable > Current > woodmaclaw.com esmtp:[10.1.1.22] > www.woodmaclaw.com esmtp:[10.1.1.22] > woodmclaw.com esmtp:[10.1.1.22] > www.woodmclaw.com esmtp:[10.1.1.22] > > Need to change to > woodmaclaw.com esmtp:[new ip address of T1] > www.woodmaclaw.com esmtp:[new ip address of T1] > woodmclaw.com esmtp:[new ip address of T1] > www.woodmclaw.com esmtp:[new ip address of T1] > > 2. Configure the new router to forward port 25 to the exchange server > > Is that it? > > Also should I put port fowarding for SSH so that I can remote > into the MailScanner machine in case I need to? > > We do not host our own web site. Is there any other services > that come to mind that would be affected by a IP address change? > > Thank you in advance! > Billy Pumphrey That should do it. I would limit connections to port 25 at the Exchange location to incoming ONLY from the IP address of your MailScanner machine. I would give myself ssh access to the MailScanner machine. Might not be a bad idea to move ssh to a port OTHER than 22. Mike From brent.bolin at gmail.com Wed Apr 12 00:00:25 2006 From: brent.bolin at gmail.com (BB) Date: Wed Apr 12 00:00:31 2006 Subject: OT In-Reply-To: References: Message-ID: <787dcac20604111600i6e995d62p3bf686dcfd0f0268@mail.gmail.com> Why ? That's called security by obscurity. It doesn't work. Nmap would finger that out in no time. On 4/11/06, Mike Kercher wrote: > > mailscanner-bounces@lists.mailscanner.info <> scribbled on : > > > The building that I work in go hit by high wind and it has > > been closed for 2 weeks now. We are finally getting to be > > able to move our servers to a remote location. In case > > anyone is interested it is the Regions bank building in > > Indianapolis, IN. > > > > I am fairly confident that I can do this without help, but I > > am taking the chance of posting here to make sure that I do > > not screw this up. > > > > As far as mail is concerned .... > > > > Mail is the only thing that I believe that will be affected > > by the IP address change. > > My Setup. > > > > Internet --> Router --> MailScanner Machine --> Exchange server > > > > Plan - Leave the MailScanner machine at the Regions Bankd > > building but take the Exchange server to the new location. > > All that I should have to do is use the MailScanner machine > > to forward mail to the new IP Address shouldn't I? > > > > 1. Change the mailertable > > Current > > woodmaclaw.com esmtp:[10.1.1.22] > > www.woodmaclaw.com esmtp:[10.1.1.22] > > woodmclaw.com esmtp:[10.1.1.22] > > www.woodmclaw.com esmtp:[10.1.1.22] > > > > Need to change to > > woodmaclaw.com esmtp:[new ip address of T1] > > www.woodmaclaw.com esmtp:[new ip address of T1] > > woodmclaw.com esmtp:[new ip address of T1] > > www.woodmclaw.com esmtp:[new ip address of T1] > > > > 2. Configure the new router to forward port 25 to the exchange server > > > > Is that it? > > > > Also should I put port fowarding for SSH so that I can remote > > into the MailScanner machine in case I need to? > > > > We do not host our own web site. Is there any other services > > that come to mind that would be affected by a IP address change? > > > > Thank you in advance! > > Billy Pumphrey > > That should do it. I would limit connections to port 25 at the Exchange > location to incoming ONLY from the IP address of your MailScanner > machine. I would give myself ssh access to the MailScanner machine. > Might not be a bad idea to move ssh to a port OTHER than 22. > > Mike > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060411/bbaaa2df/attachment.html From mkettler at evi-inc.com Wed Apr 12 00:26:12 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Apr 12 00:26:20 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: <787dcac20604111600i6e995d62p3bf686dcfd0f0268@mail.gmail.com> References: <787dcac20604111600i6e995d62p3bf686dcfd0f0268@mail.gmail.com> Message-ID: <443C3B14.6010500@evi-inc.com> BB wrote: > Why ? > > That's called security by obscurity. It doesn't work. > > Nmap would finger that out in no time. You're 100% right.. moving services to odd ports offers zero extra security. However, this doesn't make the practice pointless. There are some benefits which aren't security related to doing this. Take the fictitious scenario where a major security flaw is found in OpenSSH, and someone writes a network worm that exploits it. At the same time, folks are also going to be launching manual attacks, looking by hand for servers to exploit. However, there will be fewer of these than there are probes launched by the worm. In the first day you'll likely see a few dozen hand attackers, compared to thousands of worm probes. Since the hand-scanning folks will find your SSH port quickly, you've gained nothing in security. These are the most dangerous sorts anyway, so in terms of security you've failed to provide any defense against the more important case. However, you will have picked up a non-security related benefit: Bandwidth and CPU savings. The worm won't find your SSH port. It is trying to spread fast, so it's going to focus on the well-known port. Thus you won't be wasting CPU and network bandwidth answering the thousands of connection requests generated by worms. There are some instances where moving a port can provide some benefit. But do be realistic about it, and don't ever fool yourself into thinking this improves security at your site. BB is right. It doesn't, and it will only take a decent attacker a few seconds to figure out. You also gain a forensic benefit. By forcing the attacker to do a broad port-scan, you are making their presence much easier to log on your IDS. But neither of these will help you if your SSH isn't patched for our fictitious vulnerability. The attacker will find it and root your box in short order. From eneal at dfi-intl.com Wed Apr 12 02:25:30 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Wed Apr 12 02:26:40 2006 Subject: OT (way ot, port numbers, security, and other things) Message-ID: BB wrote: > Why ? > > That's called security by obscurity. It doesn't work. > > Nmap would finger that out in no time. Using SSH w/o password authentication - using strictly rsa-keys, disabing root login... I think this would be a better approach. Just my two cents.. Errol Neal From craig at csfs.co.za Wed Apr 12 08:29:25 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Wed Apr 12 08:29:47 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: Message-ID: >BB wrote: >> Why ? >> >> That's called security by obscurity. It doesn't work. >> >> Nmap would finger that out in no time. >Using SSH w/o password authentication - using strictly rsa-keys, >disabing root login... I think this would be a better approach. Just my >two cents.. This is more like a few thousands worth of "cents" (Dollars/Pounds/etc) to some people that don't even know that ssh can be tightened up. And that is my 2 cents ;-) Craig From glenn.steen at gmail.com Wed Apr 12 08:35:07 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 12 08:35:09 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> <00cc01c65d77$bf707ef0$0600a8c0@roger> <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com> <019a01c65d80$1a6aed10$0600a8c0@roger> Message-ID: <223f97700604120035g17c02bf5obc075c893b8e6244@mail.gmail.com> On 11/04/06, Scott Silva wrote: > Roger Jochem spake the following on 4/11/2006 8:53 AM: > > The command is really flock, in lines 30 and 219 of the script. I > > attached the file to this e-mail. I just need to change these two commands? > > > > Regards > > > > Roger Jochem > > > > ----- Original Message ----- From: "Glenn Steen" > > To: "MailScanner discussion" > > Sent: Tuesday, April 11, 2006 12:40 PM > > Subject: Re: Sendmail Upgrade, new thread > > > > > >> On 11/04/06, Roger Jochem wrote: > >>> Hello all! > >>> > >>> I finally found the problem with my mail server with messages sended > >>> with an > >>> empty body (problem related in the e-mail bellow). > >>> > >>> Turn's out that MailScanner is fine, sendmail is fine, and the > >>> problem was > >>> with Mailwatch. > >>> > >>> There is a php script in /usr/local/bin called "mailq" that reads the > >>> mail > >>> queue to show in Mailwatch frontend. This script runs every minute, > >>> and it > >>> locks the messages (sometimes), and because of that MailScanner sends > >>> the > >>> empty messages (with the locking error) and then after that the normal > >>> (full) message. I turned that script off and now everything is working > >>> fine... What a fight... > >>> > >>> Is there something I have to do with that script to make it run with > >>> sendmail 8.13 ? > >>> > >>> Regards > >>> > >>> Roger Jochem > >>> > >> Seems that script is using flock for locking, not lockf (posix). So > >> Steve (or *someone*) might have something to do there:-). Usual > >> disclaimer applies: I might be reading the code wrong;). > >> > >> -- > >> -- Glenn > >> email: glenn < dot > steen < at > gmail < dot > com > >> work: glenn < dot > steen < at > ap1 < dot > se > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > That command seems to only lock only itself to keep multiple copies of the > program from running. > QUOTE > // Prevent multiple copies running > $fl = fopen("/var/run/mailq.lock", "w+"); > // Attempt to create an exclusive lock - continue if successful > if(flock($fl, LOCK_EX + LOCK_NB)) { > > /QUOTE > It opens a lock file, and if it succeeds, it runs. If it can't open the lock > file for write ("w+"), the program assumes it is already running. That way if > it is fired every minute, but a large queue keeps the previous run open for > more than that minute it won't run again. > BTW, I think it should only run every 5 minutes. I think that is a symptom, > not a cause. > I, and many other people, are running that very script with no problems. > Are you running a distro supplied version of sendmail, or did you get it from > "outside the chain"? > Quite right.... Dangers of looking at code "in a hurry":-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lucky at the-luckyduck.de Wed Apr 12 09:37:55 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 09:37:58 2006 Subject: Requeueing of Mails using Postfix Message-ID: <20060412083755.GD4355@luckyduck.tux> Hi, I'm currently encountering some problems related to requeueing of mails in postfix. To pass mails to MailScanner, I'm using the newer hold method via the header_checks in postfix. This works quite fine. Mailscanner recognizes the new mails and so on. The mails flow in correctly, then mailscanner picks them up and scans them. Also, spam detection and virus scanning and things like that work perfectly. When it then comes to the point of requeueing, the mails never appear in the queue again. I have to use postsuper -r to requeue the mails manually, and after that they appear in the queue and mailscanner scans them again. I have found reports about similar problems, but no solution. Any help and feedback is more than welcome! Thanks. -- Jan From lhaig at haigmail.com Wed Apr 12 09:56:04 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Apr 12 09:56:06 2006 Subject: OT::::: Root access Message-ID: <443CC0A4.4040309@haigmail.com> I need some help please I need to create 2 new users with root access and not give the roots password. This is on a redhat system. What would you guys recommend be the best way to do this. Thanks Lance From lucky at the-luckyduck.de Wed Apr 12 10:01:34 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 10:01:36 2006 Subject: OT::::: Root access In-Reply-To: <443CC0A4.4040309@haigmail.com> References: <443CC0A4.4040309@haigmail.com> Message-ID: <20060412090133.GH4355@luckyduck.tux> On Wed, Apr 12, 2006 at 09:56:04AM +0100, Lance Haig wrote: > I need some help please > > I need to create 2 new users with root access and not give the roots > password. > > This is on a redhat system. > > What would you guys recommend be the best way to do this. > You should check out sudo, imho. Sounds like the perfect job for it. From shrek-m at gmx.de Wed Apr 12 10:12:16 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed Apr 12 10:12:28 2006 Subject: OT::::: Root access In-Reply-To: <443CC0A4.4040309@haigmail.com> References: <443CC0A4.4040309@haigmail.com> Message-ID: <443CC470.3070007@gmx.de> On 12.04.2006 10:56, Lance Haig wrote: > I need to create 2 new users with root access and not give the roots > password. > This is on a redhat system. > What would you guys recommend be the best way to do this. i do not know, but you can try 1; uid=0 gid=0 in /etc/passwd # id uid=0(root) gid=0(root) Gruppen=0(root) 2; sudo in /etc/sudoers eg. %wheel eg. all commands eg. only a few commands eg. sudo bash ==> root -- shrek-m From martinh at solid-state-logic.com Wed Apr 12 10:12:49 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 12 10:12:57 2006 Subject: Requeueing of Mails using Postfix In-Reply-To: <20060412083755.GD4355@luckyduck.tux> Message-ID: <00d401c65e11$453453b0$3004010a@martinhlaptop> Jan Can we have the versions of MailScanner and postfix please.. Also what's settings of the System Settings section in MailScanner.conf? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jan Brinkmann > Sent: 12 April 2006 09:38 > To: mailscanner@lists.mailscanner.info > Subject: Requeueing of Mails using Postfix > > Hi, > > I'm currently encountering some problems related to requeueing of mails > in postfix. To pass mails to MailScanner, I'm using the newer hold > method via the header_checks in postfix. This works quite fine. > Mailscanner recognizes the new mails and so on. The mails flow in > correctly, then mailscanner picks them up and scans them. Also, spam > detection and virus scanning and things like that work perfectly. When > it then comes to the point of requeueing, the mails never appear in the > queue again. I have to use postsuper -r to requeue the mails manually, > and after that they appear in the queue and mailscanner scans them > again. I have found reports about similar problems, but no solution. Any > help and feedback is more than welcome! Thanks. > > -- Jan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Apr 12 10:18:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 12 10:18:29 2006 Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! In-Reply-To: References: Message-ID: <64C939AA-FB5B-4CCC-823B-B7B6043566E9@ecs.soton.ac.uk> Haven't been on the list for a few days. You guys are going great guns! Sounds like I'm not going to have anything left to do! Cool :-) A preferences pane for it would be nice, just something to start and stop it at the moment. We can think about configurations later. Many thanks for your hard work on this. Jules. On 11 Apr 2006, at 15:04, Jim Dickenson wrote: > Documentation on this topic can be found here: > > file:///Developer/ADC%20Reference%20Library/documentation/MacOSX/ > Conceptual/ > BPSystemStartup/Articles/StartupItems.html#//apple_ref/doc/uid/ > 20002132-Dont > LinkElementID_247517a > > And here: > > file:///Developer/ADC%20Reference%20Library/documentation/MacOSX/ > Conceptual/ > BPSystemStartup/Articles/DesigningDaemons.html#//apple_ref/doc/uid/ > TP4000179 > 1-BBCBHBFB > > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > >> >>> From: James Gray >>> Organization: GrayOnline >>> Reply-To: MailScanner discussion >>> >>> Date: Tue, 11 Apr 2006 15:22:31 +1000 >>> To: MailScanner List >>> Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! >>> >>> Hi All, >>> >>> Just thought I'd post my results after tinkering for the last few >>> days. >>> >>> - Still haven't figured out OSX's launchd stuff to get it to fire up >>> MailScanner automagically. (Anyone?) >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lucky at the-luckyduck.de Wed Apr 12 10:24:19 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 10:24:26 2006 Subject: Requeueing of Mails using Postfix In-Reply-To: <00d401c65e11$453453b0$3004010a@martinhlaptop> References: <20060412083755.GD4355@luckyduck.tux> <00d401c65e11$453453b0$3004010a@martinhlaptop> Message-ID: <20060412092419.GR4355@luckyduck.tux> On Wed, Apr 12, 2006 at 10:12:49AM +0100, Martin Hepworth wrote: > Jan > > Can we have the versions of MailScanner and postfix please.. > > Also what's settings of the System Settings section in MailScanner.conf? > > -- Of course: postfix-2.2.10 MailScanner 4.52.2 The requested section of the mailscanner config: # # System settings # --------------- # # How many MailScanner processes do you want to run at a time? # There is no point increasing this figure if your MailScanner server # is happily keeping up with your mail traffic. # If you are running on a server with more than 1 CPU, or you have a # high mail load (and/or slow DNS lookups) then you should see better # performance if you increase this figure. # If you are running on a small system with limited RAM, you should # note that each child takes just over 20MB. # # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 5 # User to run as (not normally used for sendmail) # If you want to change the ownership or permissions of the quarantine # or # temporary files created by MailScanner, please see the "Incoming Work" # settings later in this file. #Run As User = mail Run As User = postfix #Run As User = # Group to run as (not normally used for sendmail) #Run As Group = mail Run As Group = postfix #Run As Group = # How often (in seconds) should each process check the incoming mail # queue for new messages? If you have a quiet mail server, you might # want to increase this value so it causes less load on your server, at # the cost of slightly increasing the time taken for an average message # to be processed. Queue Scan Interval = 6 # Set location of incoming mail queue # # This can be any one of # 1. A directory name # Example: /var/spool/mqueue.in # 2. A wildcard giving directory names # Example: /var/spool/mqueue.in/* # 3. The name of a file containing a list of directory names, # which can in turn contain wildcards. # Example: /opt/MailScanner/etc/mqueue.in.list.conf # # If you are using sendmail and have your queues split into qf, df, xf # directories, then just specify the main directory, do not give me the # directory names of the qf,df,xf directories. # Example: if you have /var/spool/mqueue.in/qf # /var/spool/mqueue.in/df # /var/spool/mqueue.in/xf # then just tell me /var/spool/mqueue.in. I will find the subdirectories # automatically. # Incoming Queue Dir = /var/spool/postfix/hold # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/postfix/incoming # Set where to unpack incoming messages before scanning them # This can completely safely use tmpfs or a ramdisk, which will # give you a significant performance improvement. # NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory. Incoming Work Dir = /dev/shm # Set where to store infected and message attachments (if they are kept) # This can also be the filename of a ruleset. Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id number so you can stop MailScanner PID file = /opt/MailScanner/var/MailScanner.pid # To avoid resource leaks, re-start periodically Restart Every = 14400 # Set whether to use postfix, sendmail, exim or zmailer. # If you are using postfix, then see the "SpamAssassin User State Dir" # setting near the end of this file MTA = postfix # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. Sendmail = /usr/sbin/sendmail # Sendmail2 is provided for Exim users. # It is the command used to attempt delivery of outgoing # cleaned/disinfected # messages. # This is not usually required for sendmail. # This can also be the filename of a ruleset. #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf #For sendmail users: Sendmail2 = /usr/lib/sendmail #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf Sendmail2 = /usr/sbin/sendmail From martinh at solid-state-logic.com Wed Apr 12 11:00:40 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 12 11:00:54 2006 Subject: Requeueing of Mails using Postfix In-Reply-To: <20060412092419.GR4355@luckyduck.tux> Message-ID: <00e401c65e17$f465d150$3004010a@martinhlaptop> Jan OK looks good - don't need the sendmail2 setting.... I presume you've followed this guide... http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:pos tfix:installation when you installed? Note in the Problems Or Errors section there's a little thing about how PF 2.2 handles it's queues regarding hashing (or not). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jan Brinkmann > Sent: 12 April 2006 10:24 > To: MailScanner discussion > Subject: Re: Requeueing of Mails using Postfix > > On Wed, Apr 12, 2006 at 10:12:49AM +0100, Martin Hepworth wrote: > > Jan > > > > Can we have the versions of MailScanner and postfix please.. > > > > Also what's settings of the System Settings section in MailScanner.conf? > > > > -- > > Of course: > > postfix-2.2.10 > MailScanner 4.52.2 > > > The requested section of the mailscanner config: > > > > # > # System settings > # --------------- > # > > # How many MailScanner processes do you want to run at a time? > # There is no point increasing this figure if your MailScanner server > # is happily keeping up with your mail traffic. > # If you are running on a server with more than 1 CPU, or you have a > # high mail load (and/or slow DNS lookups) then you should see better > # performance if you increase this figure. > # If you are running on a small system with limited RAM, you should > # note that each child takes just over 20MB. > # > # As a rough guide, try 5 children per CPU. But read the notes above. > Max Children = 5 > > # User to run as (not normally used for sendmail) > # If you want to change the ownership or permissions of the quarantine > # or > # temporary files created by MailScanner, please see the "Incoming Work" > # settings later in this file. > #Run As User = mail > Run As User = postfix > #Run As User = > > # Group to run as (not normally used for sendmail) > #Run As Group = mail > Run As Group = postfix > #Run As Group = > > # How often (in seconds) should each process check the incoming mail > # queue for new messages? If you have a quiet mail server, you might > # want to increase this value so it causes less load on your server, at > # the cost of slightly increasing the time taken for an average message > # to be processed. > Queue Scan Interval = 6 > > # Set location of incoming mail queue > # > # This can be any one of > # 1. A directory name > # Example: /var/spool/mqueue.in > # 2. A wildcard giving directory names > # Example: /var/spool/mqueue.in/* > # 3. The name of a file containing a list of directory names, > # which can in turn contain wildcards. > # Example: /opt/MailScanner/etc/mqueue.in.list.conf > # > # If you are using sendmail and have your queues split into qf, df, xf > # directories, then just specify the main directory, do not give me the > # directory names of the qf,df,xf directories. > # Example: if you have /var/spool/mqueue.in/qf > # /var/spool/mqueue.in/df > # /var/spool/mqueue.in/xf > # then just tell me /var/spool/mqueue.in. I will find the subdirectories > # automatically. > # > Incoming Queue Dir = /var/spool/postfix/hold > > # Set location of outgoing mail queue. > # This can also be the filename of a ruleset. > Outgoing Queue Dir = /var/spool/postfix/incoming > > # Set where to unpack incoming messages before scanning them > # This can completely safely use tmpfs or a ramdisk, which will > # give you a significant performance improvement. > # NOTE: The path given here must not include any links at all, > # NOTE: but must be the absolute path to the directory. > Incoming Work Dir = /dev/shm > > # Set where to store infected and message attachments (if they are kept) > # This can also be the filename of a ruleset. > Quarantine Dir = /var/spool/MailScanner/quarantine > > # Set where to store the process id number so you can stop MailScanner > PID file = /opt/MailScanner/var/MailScanner.pid > > # To avoid resource leaks, re-start periodically > Restart Every = 14400 > > # Set whether to use postfix, sendmail, exim or zmailer. > # If you are using postfix, then see the "SpamAssassin User State Dir" > # setting near the end of this file > MTA = postfix > > # Set how to invoke MTA when sending messages MailScanner has created > # (e.g. to sender/recipient saying "found a virus in your message") > # This can also be the filename of a ruleset. > Sendmail = /usr/sbin/sendmail > > # Sendmail2 is provided for Exim users. > # It is the command used to attempt delivery of outgoing > # cleaned/disinfected > # messages. > # This is not usually required for sendmail. > # This can also be the filename of a ruleset. > #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf > #For sendmail users: Sendmail2 = /usr/lib/sendmail > #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf > Sendmail2 = /usr/sbin/sendmail > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From lucky at the-luckyduck.de Wed Apr 12 11:25:36 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 11:25:39 2006 Subject: Requeueing of Mails using Postfix In-Reply-To: <00e401c65e17$f465d150$3004010a@martinhlaptop> References: <20060412092419.GR4355@luckyduck.tux> <00e401c65e17$f465d150$3004010a@martinhlaptop> Message-ID: <20060412102536.GB4355@luckyduck.tux> On Wed, Apr 12, 2006 at 11:00:40AM +0100, Martin Hepworth wrote: > Jan > > OK looks good - don't need the sendmail2 setting.... > > I presume you've followed this guide... > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:pos > tfix:installation > > when you installed? > > Note in the Problems Or Errors section there's a little thing about how PF > 2.2 handles it's queues regarding hashing (or not). > Hmm, sorry. I know the read fine manual thing just to good. I thought I read everything, but as it seems I didn't. However, it works fine now. Thanks a lot. From glenn.steen at gmail.com Wed Apr 12 14:04:11 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 12 14:04:13 2006 Subject: OT::::: Root access In-Reply-To: <443CC470.3070007@gmx.de> References: <443CC0A4.4040309@haigmail.com> <443CC470.3070007@gmx.de> Message-ID: <223f97700604120604r4011740ft763d4128546c0410@mail.gmail.com> On 12/04/06, shrek-m@gmx.de wrote: (snip) > eg. sudo bash ==> root I'd do "sudo -i" instead:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From realmcking at gmail.com Wed Apr 12 14:39:19 2006 From: realmcking at gmail.com (Mark McCoy) Date: Wed Apr 12 14:39:30 2006 Subject: OT::::: Root access In-Reply-To: <443CC0A4.4040309@haigmail.com> References: <443CC0A4.4040309@haigmail.com> Message-ID: These users, do they need to be able to run completely as root (i.e. _all_ commands on the system), or do they just need to run a few specified commands? Either way, I would hesitate to give out full access to anyone unless they are going to be the actual sysadmins. Read up on sudo, and list the commands that they can run in the sudoers file, that way you can add/remove access to commands for them on the fly, and they get the extra "I'm about to do something with elevated privileges" feeling by having to type "sudo" in front of their commands. On 4/12/06, Lance Haig wrote: > I need some help please > > I need to create 2 new users with root access and not give the roots > password. > > This is on a redhat system. > > What would you guys recommend be the best way to do this. > > Thanks > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From lhaig at haigmail.com Wed Apr 12 14:44:55 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Apr 12 14:44:58 2006 Subject: OT::::: Root access In-Reply-To: <20060412090133.GH4355@luckyduck.tux> References: <443CC0A4.4040309@haigmail.com> <20060412090133.GH4355@luckyduck.tux> Message-ID: <443D0457.9000604@haigmail.com> Thanks Jan I will do that Lance Jan Brinkmann wrote: > On Wed, Apr 12, 2006 at 09:56:04AM +0100, Lance Haig wrote: >> I need some help please >> >> I need to create 2 new users with root access and not give the roots >> password. >> >> This is on a redhat system. >> >> What would you guys recommend be the best way to do this. >> > > You should check out sudo, imho. Sounds like the perfect job for it. From lhaig at haigmail.com Wed Apr 12 14:46:38 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Apr 12 14:46:45 2006 Subject: OT::::: Root access In-Reply-To: References: <443CC0A4.4040309@haigmail.com> Message-ID: <443D04BE.9060401@haigmail.com> They will need to run things as rot but the password will be changed after every use. We have just had someone update a RH box and change the kernel which broke quite a few things. I just don't want them doing anything unless they let me know Lance Mark McCoy wrote: > These users, do they need to be able to run completely as root (i.e. > _all_ commands on the system), or do they just need to run a few > specified commands? > > Either way, I would hesitate to give out full access to anyone unless > they are going to be the actual sysadmins. > > Read up on sudo, and list the commands that they can run in the > sudoers file, that way you can add/remove access to commands for them > on the fly, and they get the extra "I'm about to do something with > elevated privileges" feeling by having to type "sudo" in front of > their commands. > > > On 4/12/06, Lance Haig wrote: >> I need some help please >> >> I need to create 2 new users with root access and not give the roots >> password. >> >> This is on a redhat system. >> >> What would you guys recommend be the best way to do this. >> >> Thanks >> >> Lance >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > Mark McCoy -- Professional Unix geek > > "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put > into the machine wrong figures, will the right answers come out?' I am > not able rightly to apprehend the kind of confusion of ideas that > could provoke such a question. " -- Charles Babbage > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From brent.bolin at gmail.com Wed Apr 12 14:55:40 2006 From: brent.bolin at gmail.com (BB) Date: Wed Apr 12 14:55:53 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: References: Message-ID: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> What are rsa-keys ? I have a house key and a Honda key only. Humm. On 4/12/06, Craig Retief (CSFS) wrote: > > > >BB wrote: > >> Why ? > >> > >> That's called security by obscurity. It doesn't work. > >> > >> Nmap would finger that out in no time. > > >Using SSH w/o password authentication - using strictly rsa-keys, > >disabing root login... I think this would be a better approach. Just my > >two cents.. > > This is more like a few thousands worth of "cents" (Dollars/Pounds/etc) to > some people that don't even know that ssh can be tightened up. > > And that is my 2 cents ;-) > > Craig > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/05b5d140/attachment.html From craig at csfs.co.za Wed Apr 12 15:19:15 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Wed Apr 12 15:19:54 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> Message-ID: >What are rsa-keys ? >I have a house key and a Honda key only. Humm. Googled and answer 1 is a good start: http://kmself.home.netcom.com/Linux/FAQs/sshrsakey.html Hope this helps ;-) Craig >On 4/12/06, Craig Retief (CSFS) wrote: >BB wrote: >> Why ? >> >> That's called security by obscurity. It doesn't work. >> >> Nmap would finger that out in no time. >Using SSH w/o password authentication - using strictly rsa-keys, >disabing root login... I think this would be a better approach. Just my >two cents.. >This is more like a few thousands worth of "cents" (Dollars/Pounds/etc) to >some people that don't even know that ssh can be tightened up. >And that is my 2 cents ;-) >Craig -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/6767f4f9/attachment.html From jstork at pbco.ca Wed Apr 12 15:37:43 2006 From: jstork at pbco.ca (Johnny Stork) Date: Wed Apr 12 15:39:59 2006 Subject: Reducing logging Message-ID: <15911767.1144852663468.JavaMail.root@pbco-server3.pbco.ca> Oy daily LogWatch report always shows ever single line of every scan and operation performed by mailscanner. Is there any way to simply get the summary and possibly identified spam/virus's logged to syslog instead of all actions? _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/6a12a6f7/attachment.html From ssilva at sgvwater.com Wed Apr 12 16:15:11 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 12 16:18:17 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> References: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> Message-ID: BB spake the following on 4/12/2006 6:55 AM: > What are rsa-keys ? > > I have a house key and a Honda key only. Humm. > You lock your house? ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.swaney at fsl.com Wed Apr 12 16:23:50 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Apr 12 16:23:55 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: Message-ID: <007a01c65e45$19ea55e0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Craig Retief (CSFS) > Sent: Wednesday, April 12, 2006 10:19 AM > To: 'MailScanner discussion' > Subject: RE: OT (way ot, port numbers, security, and other things) > > >What are rsa-keys ? > >I have a house key and a Honda key only. Humm. > > Googled and answer 1 is a good start: > > http://kmself.home.netcom.com/Linux/FAQs/sshrsakey.html > > Hope this helps ;-) > > Craig > For those of us who need a good tutorial on ssh I suggest the series of three articles that start with: Common threads: OpenSSH key management, Part 1 Understanding RSA/DSA authentication IBM developerWorks by: Daniel Robbins (drobbins@gentoo.org), President and CEO, Gentoo Technologies, Inc. Article 1 is available at: http://www-128.ibm.com/developerworks/library/l-keyc.html Article two deals with OpenSSH key management, (Keychains - a versy useful tool): http://www-128.ibm.com/developerworks/library/l-keyc2/ Article Three deals with Tightening ssh security http://www-128.ibm.com/developerworks/library/l-keyc3/ All are excellent! Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ssilva at sgvwater.com Wed Apr 12 16:20:52 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 12 16:24:01 2006 Subject: OT::::: Root access In-Reply-To: <443D04BE.9060401@haigmail.com> References: <443CC0A4.4040309@haigmail.com> <443D04BE.9060401@haigmail.com> Message-ID: Lance Haig spake the following on 4/12/2006 6:46 AM: > They will need to run things as rot but the password will be changed > after every use. > > We have just had someone update a RH box and change the kernel which > broke quite a few things. > > I just don't want them doing anything unless they let me know > If they break things, and can't be trusted, they shouldn't be root. Root breaks things real good. Only people who can fix the problems they create should be root! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.bolin at gmail.com Wed Apr 12 16:49:06 2006 From: brent.bolin at gmail.com (BB) Date: Wed Apr 12 16:49:10 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: References: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> Message-ID: <787dcac20604120849r48222f77td658f6b5edb0027b@mail.gmail.com> Yes all 1024 windows and doors On 4/12/06, Scott Silva wrote: > > BB spake the following on 4/12/2006 6:55 AM: > > What are rsa-keys ? > > > > I have a house key and a Honda key only. Humm. > > > You lock your house? ;-) > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/381bcbb8/attachment.html From alex at nkpanama.com Wed Apr 12 17:02:55 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 12 17:03:11 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: <443C3B14.6010500@evi-inc.com> References: <787dcac20604111600i6e995d62p3bf686dcfd0f0268@mail.gmail.com> <443C3B14.6010500@evi-inc.com> Message-ID: <443D24AF.1000203@nkpanama.com> Matt Kettler wrote: > Since the hand-scanning folks will find your SSH port quickly, you've gained > nothing in security. These are the most dangerous sorts anyway, so in terms of > security you've failed to provide any defense against the more important case. > However, you will have picked up a non-security related benefit: Bandwidth and > CPU savings. > > The worm won't find your SSH port. It is trying to spread fast, so it's going to > focus on the well-known port. Thus you won't be wasting CPU and network > bandwidth answering the thousands of connection requests generated by worms. > > There are some instances where moving a port can provide some benefit. But do be > realistic about it, and don't ever fool yourself into thinking this improves > security at your site. BB is right. It doesn't, and it will only take a decent > attacker a few seconds to figure out. > > You also gain a forensic benefit. By forcing the attacker to do a broad > port-scan, you are making their presence much easier to log on your IDS. > > But neither of these will help you if your SSH isn't patched for our fictitious > vulnerability. The attacker will find it and root your box in short order. > > I've been hammered by so many scripts I make it mandatory for all my clients to change the SSH port to something else. There's absolutely *no need* for it to be the standard, and although as Matt clearly stated it, there is absolutely *no* additional security gained by doing so, it's kept a lot of the worms/script kiddies out of our collective hair for some time. There's that, and changing standard ports for other administrative services like Webmin on 10000 which also helps. Adding firewall rules to only allow from certain trusted IP addresses or "only listening to local interfaces" so that you *must* start a VPN connection first are also other steps you can take. From alex at nkpanama.com Wed Apr 12 17:27:34 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 12 17:28:23 2006 Subject: Forward virus, not quarantine? In-Reply-To: References: Message-ID: <443D2A76.1050604@nkpanama.com> Martin wrote: > Hi, > > I'm using Mailscanner together with Postfix, SA and clamav. I wan't to > forward all virus-mail to a special mailbox. > > Is this possible? > > Thanks > > / Martin > Possible? Don't know - never had to. What would your reasons be for doing so? I can't think of any reasons off the top of my head, but it would be interesting to know where such a scenario would be needed. Most people want to get rid of viruses, not collect them (except for the CDC) :D Regards, Alex From alex at nkpanama.com Wed Apr 12 17:29:21 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 12 17:29:43 2006 Subject: Stopping messages containing Chinese and Korean characters? In-Reply-To: References: <910ee2ac0604081227v188b00e2k8f113090bf9965c9@mail.gmail.com> Message-ID: <443D2AE1.2060605@nkpanama.com> Kai Schaetzl wrote: > Emm1 wrote on Sat, 8 Apr 2006 19:27:21 +0000: > > >> stat=rewrite: map CharsetChinese not found >> > > I assume you have to provide these maps. gettext-related? I'd ask on a > list for FreeBSD. > > Kai > > Maybe it's related to the specific *version* of sendmail you're using. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/99ae4b09/attachment.html From dickenson at cfmc.com Wed Apr 12 18:37:56 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 12 18:39:05 2006 Subject: Question about from address In-Reply-To: <223f97700604061040w6dcd2b0awba33a49a3af7bcb9@mail.gmail.com> Message-ID: I followed the plain test message example at The from address in all the log records was the address I specified on the mail from: line. Is this what is considered the envelope email address? If so then I do not understand why the MailScanner-From header shows the address I entered on the From: line. I have saved the telnet session, the log records, and the delivered email message if someone wants them to look at. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Glenn Steen > Reply-To: MailScanner discussion > Date: Thu, 6 Apr 2006 19:40:46 +0200 > To: MailScanner discussion > Subject: *CfMC-Spam= 8.31* Re: Question about from address > > On 06/04/06, Kai Schaetzl wrote: >> Jim Dickenson wrote on Thu, 06 Apr 2006 08:08:31 -0700: >> >>> And I still do not understand why it shows this address and not the address >>> that is shown in my sendmail list as being the sender: >> >> I don't either. Can you post the header of the message? Is it for sure that >> what sendmail shows in the log *is* the envelope-from? I mean it usually is, >> but maybe your sendmail or sendmail.cf is "special"? >> >> Kai >> > I think Jims telnet experiments will tell us this... One other > possibility, albeit remote (since I do beleive that Jules "sanitizes" > the headers, so that there can only be one X-MailScanner-From: ...), > would be if there is more than one MailScanner involved, thoroughly > confusing matters. > > Or perhaps the customer is too lazy to actually get at the headers, > and just "invent" them from what they "think they should be".....:-) > > Jim, you should really demand that the customer provide at least one > "problem message" _as verbatim as possible_. Would be a shame to waste > time on something that turns out to be a red herrirng:-):-). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Apr 12 19:27:03 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 12 19:27:08 2006 Subject: Question about from address In-Reply-To: References: <223f97700604061040w6dcd2b0awba33a49a3af7bcb9@mail.gmail.com> Message-ID: <223f97700604121127g278f93d9k2a14a4e247ab87b0@mail.gmail.com> On 12/04/06, Jim Dickenson wrote: > I followed the plain test message example at > > a:connexion> > > > > The from address in all the log records was the address I specified on the > > mail from: > > line. > > > Is this what is considered the envelope email address? Yep, that is the "envelope sender" (Any info from the MAIL FROM: and RCPT TO: are considered "envelope details" since they aren't really part of the message as such). > If so then I do not understand why the MailScanner-From header shows the > address I entered on the From: line. What? I have to look at this, but that shouldn't be! .... Ok, have now done the exact same test and can tell you that on my systems, this doesn't happen. With a telnet like this: ----------------- ehlo maka.kaka.se 250-mail.ap1.se 250-PIPELINING 250-SIZE 16777216 250-ETRN 250 8BITMIME mail from: 250 Ok rcpt to: 250 Ok data 354 End data with . From: To: Subject: Test Test . 250 Ok: queued as 6EFF8840F8 ---------------------- I get the following headers from MailScanner: X-ForstaAP-Fonden-MailScanner-Information: Please contact IT for more information X-ForstaAP-Fonden-MailScanner: Found to be clean X-ForstaAP-Fonden-MailScanner-SpamScore: ssss X-ForstaAP-Fonden-MailScanner-From: gnurg@arge.se X-ForstaAP-Fonden-MailScanner-To: glenn.steen@ap1.se X-Spam-Status: No And (as can be guessed) this is in harmony with the logs (I'm to lazy to break out one complete log thread:-).... And, of course, MailWatch agrees: --------------------------- ID: 6EFF8840F8.46058 Message Headers: Received: from maka.kaka.se (scapa.ap1.se [172.18.3.78]) by mail.ap1.se (Postfix) with ESMTP id 6EFF8840F8 for ; Wed, 12 Apr 2006 20:05:05 +0200 (CEST) From: To: Subject: Test Message-Id: <20060412180505.6EFF8840F8@mail.ap1.se> Date: Wed, 12 Apr 2006 20:05:05 +0200 (CEST) From: gnurg@arge.se [Add to Whitelist | Add to Blacklist] To: glenn.steen@ap1.se Subject: Test -------------------------- That is what it is supposed to look like in your case too:-). > > I have saved the telnet session, the log records, and the delivered email > message if someone wants them to look at. Yes please! And could you tell me what version of MS you are running (I'm not sure you've told us that:)... The above was on a system running postfix (obviously:-) and MS version 4.50.14 (yeah, I should upgrade, but the PHB has a thing about upgrades before going on a trip ... to the mountains, to ski, no less.... Newly mended bone willing:-). > > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > (snip) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dickenson at cfmc.com Wed Apr 12 20:27:44 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 12 20:27:57 2006 Subject: Question about from address In-Reply-To: <223f97700604121127g278f93d9k2a14a4e247ab87b0@mail.gmail.com> Message-ID: I may have found the source of the problem. I have a gateway system that receives outside email and scans it. This server then passes the mail to a server where the mailboxes are. I have the second server setup to not scan email passed from the gateway server. As best I can tell the email is not scanned. The MailScanner log indicates that it is not scanned. I had the org-name set to the same on both systems. I just changed it so each system has a unique org-name so I can tell which system put in which MailScanner header. The envelope from address on the gateway server is one address but when the email gets passed to the second server the envelope from address is a different address. I am guessing that some of the MailScanner headers were being replaced on the second server. Here are the headers after my change: X-CfMC1-MailScanner-Information: Please contact Jim Dickenson for more information X-CfMC1-MailScanner: Found to be clean X-CfMC1-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=0.178, required 5, autolearn=disabled, NO_REAL_NAME 0.18) X-CfMC1-MailScanner-From: frame< @ >scrappy.surveysampling.com X-CfMC2-MailScanner-Information: Please contact Jim Dickenson for more information X-CfMC2-MailScanner: Not scanned: please contact your Jim Dickenson for details X-CfMC2-MailScanner-SpamCheck: X-CfMC2-MailScanner-From: frame< @ >scrappy.surveyspot.com I guess the question now is how can I have the second server's MailScanner not change any of the MailScanner headers, which is what I thought was going on. Another question is why did the envelop from address change? Looking closer at the headers I do have from the original problem email I see there are headers added by each server as well as at least the MailScanner-From header must have been replaced: > X-CfMC-MailScanner: Found to be clean > X-CfMC-MailScanner-SpamCheck: spam, SpamAssassin (score=5.56, required 5, > autolearn=disabled, BODY_OPTIN 0.67, MILLION_EMAIL 0.42, > SPF_HELO_PASS -0.00, TO_BE_REMOVED_17 3.57, URI_SURVEY_ADJ 0.91) > X-CfMC-MailScanner-SpamScore: sssss > X-CfMC-MailScanner-Information: Please contact Jim Dickenson for more > information > X-CfMC-MailScanner: Not scanned: please contact your Jim Dickenson for details > X-CfMC-MailScanner-SpamCheck: > X-CfMC-MailScanner-From: frame< @ >scrappy.surveyspot.com -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Glenn Steen > Reply-To: MailScanner discussion > Date: Wed, 12 Apr 2006 20:27:03 +0200 > To: MailScanner discussion > Subject: *CfMC-Spam=11.70* Re: Question about from address > > Yep, that is the "envelope sender" (Any info from the MAIL FROM: and > RCPT TO: are considered "envelope details" since they aren't really > part of the message as such). > (snip) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ecasarero at gmail.com Wed Apr 12 20:54:29 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Apr 12 20:54:32 2006 Subject: mail scanner stuck Message-ID: <7d9b3cf20604121254l66c4c8eep61e51f79e8926d84@mail.gmail.com> hi gurus, i?ve two servers with the following configuration: Pentium IV - 3.2Ghz /800HT 775P Intel; Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; 4096Mb RAM DDR2/533 Kingston; Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; video PCI Express X300 Radion 256Mb; network 10/100/1000; both of them run mail scanner/sendmail with spamassasin and clamav on Slackware 10.1. This servers started working two weeks ago, processing about 50.000 mails a day. I notice that if i do some "extra work" on the server like compressing log files, grepping large files the mail scanner stucks and starts queuing mails, the only way to put things ok is rebooting. I tried restarting services, stopping incoming sendmail, i?ve checked all configuration posible on server, (it has latest kernel). I?ve no idea of where to check or what to do. i?d apreciate your advice. Regards. Eduardo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/d6846e82/attachment.html From ecasarero at gmail.com Wed Apr 12 21:17:50 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Apr 12 21:17:53 2006 Subject: stress tester Message-ID: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> hi, can someone recomend a software for stress testing for mailscanner? or similar? regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/f94a3741/attachment.html From alex at nkpanama.com Wed Apr 12 21:38:52 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 12 21:40:02 2006 Subject: stress tester In-Reply-To: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> Message-ID: <443D655C.5010200@nkpanama.com> Eduardo Casarero wrote: > hi, can someone recomend a software for stress testing for > mailscanner? or similar? regards. You may want to google around for SMTP stress testing. I saw this on the first hit: http://www.codeproject.com/tools/multimail.asp Regards, Alex From dhawal at netmagicsolutions.com Wed Apr 12 21:44:59 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Apr 12 21:45:04 2006 Subject: stress tester In-Reply-To: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> Message-ID: <20060412204500.26954.qmail@mymail.netmagicians.com> Eduardo Casarero writes: > hi, can someone recomend a software for stress testing for mailscanner? or > similar? regards. http://www.coker.com.au/postal/ - dhawal -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From lucky at the-luckyduck.de Wed Apr 12 21:57:49 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 21:57:52 2006 Subject: Multiple Postfix smtp instances Message-ID: <20060412205748.GD14679@luckyduck.tux> Hi, is it possible to have multiple smtpd instances of postfix running on different IPs where one instance is simple running to do SASL based mail relaying (without mailscanner) and the other one can act as the MX for virtual domains? On servers where I use amavis, it's possible to specify multiple smtpd lines where one has the content_filter set to an empty string. I thought it would also be possible to do this with header_checks, but it doesnt work as expected: 1.2.3.4:smtp inet n - n - - smtpd -o header_checks= 1.2.3.5:smtp inet n - n - - smtpd The second instance (the one listening on 1.2.3.5) would be the one where the mails are set to a HOLD state to enable mailscanner. The other one would be the one which is used to relay mails for sasl authenticated users. If I try to do it this way, all mails get filtered by mailscanner. If I go the other way, with header_checks in main.cf set to an empty string and header_checks defined in the master.cf no mails get scanned at all: 1.2.3.4:smtp inet n - n - - smtpd -o header_checks=regexp:/etc/postfix/mailscanner_hold 1.2.3.5:smtp inet n - n - - smtpd Any ideas if this can be done, and which way would be correct? -- Jan Brinkmann http://the-luckyduck.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/062f28a4/attachment.bin From ecasarero at gmail.com Wed Apr 12 22:00:27 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Apr 12 22:00:31 2006 Subject: stress tester In-Reply-To: <20060412204500.26954.qmail@mymail.netmagicians.com> References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> <20060412204500.26954.qmail@mymail.netmagicians.com> Message-ID: <7d9b3cf20604121400s16416caet8931baeef2d9ac6@mail.gmail.com> thanks! 2006/4/12, Dhawal Doshy : > > Eduardo Casarero writes: > > > hi, can someone recomend a software for stress testing for mailscanner? > or > > similar? regards. > > http://www.coker.com.au/postal/ > > - dhawal > > > > > > > -- > **************** CAUTION - Disclaimer ***************** > This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended > solely > for the use of the addressee(s). If you are not the intended recipient, > please > notify the sender by e-mail requesting deletion of the original message. > Further, you are not to copy, disclose, or distribute this e-mail or its > contents to any other person and any such actions are unlawful. NetMagic > Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the > risk > of virus infection & spam, but is not liable for any damage, you may > sustain > as a result of any virus in this e-mail. You should carry out your own > virus > checks before opening the e-mail or attachment. NetMagic Solutions Pvt. > Ltd. > reserves the right to monitor and review the content of all messages sent > to > or from this e-mail address. > > Messages sent to or from this e-mail address may be stored on the NetMagic > Solutions Pvt. Ltd.'s e-mail system. > ***************** End of Disclaimer ******************* > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/c90680cf/attachment.html From james at grayonline.id.au Thu Apr 13 06:38:43 2006 From: james at grayonline.id.au (James Gray) Date: Thu Apr 13 06:39:24 2006 Subject: OSX Startup Files + check_mailscanner patch Message-ID: <200604131538.51884.james@grayonline.id.au> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060413/f4654ec5/attachment-0001.bin From glenn.steen at gmail.com Thu Apr 13 09:32:05 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 09:32:08 2006 Subject: Question about from address In-Reply-To: References: <223f97700604121127g278f93d9k2a14a4e247ab87b0@mail.gmail.com> Message-ID: <223f97700604130132h33d10f19gb405f5f465c99600@mail.gmail.com> On 12/04/06, Jim Dickenson wrote: > I may have found the source of the problem. > > I have a gateway system that receives outside email and scans it. This > server then passes the mail to a server where the mailboxes are. I have the > second server setup to not scan email passed from the gateway server. As > best I can tell the email is not scanned. The MailScanner log indicates that > it is not scanned. > > I had the org-name set to the same on both systems. I just changed it so > each system has a unique org-name so I can tell which system put in which > MailScanner header. > > The envelope from address on the gateway server is one address but when the > email gets passed to the second server the envelope from address is a > different address. > > I am guessing that some of the MailScanner headers were being replaced on > the second server. > > Here are the headers after my change: > > X-CfMC1-MailScanner-Information: Please contact Jim Dickenson for more > information > X-CfMC1-MailScanner: Found to be clean > X-CfMC1-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (score=0.178, required 5, autolearn=disabled, > NO_REAL_NAME 0.18) > X-CfMC1-MailScanner-From: frame< @ >scrappy.surveysampling.com > X-CfMC2-MailScanner-Information: Please contact Jim Dickenson for more > information > X-CfMC2-MailScanner: Not scanned: please contact your Jim Dickenson for > details > X-CfMC2-MailScanner-SpamCheck: > X-CfMC2-MailScanner-From: frame< @ >scrappy.surveyspot.com > > > > I guess the question now is how can I have the second server's MailScanner > not change any of the MailScanner headers, which is what I thought was going > on. > > Another question is why did the envelop from address change? > > > > Looking closer at the headers I do have from the original problem email I > see there are headers added by each server as well as at least the > MailScanner-From header must have been replaced: > > > X-CfMC-MailScanner: Found to be clean > > X-CfMC-MailScanner-SpamCheck: spam, SpamAssassin (score=5.56, required 5, > > autolearn=disabled, BODY_OPTIN 0.67, MILLION_EMAIL 0.42, > > SPF_HELO_PASS -0.00, TO_BE_REMOVED_17 3.57, URI_SURVEY_ADJ 0.91) > > X-CfMC-MailScanner-SpamScore: sssss > > X-CfMC-MailScanner-Information: Please contact Jim Dickenson for more > > information > > X-CfMC-MailScanner: Not scanned: please contact your Jim Dickenson for details > > X-CfMC-MailScanner-SpamCheck: > > X-CfMC-MailScanner-From: frame< @ >scrappy.surveyspot.com > > > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > Ah that makes a bit more sense. IIRC, this is the "sanitation" done by MailScanner kicking in, to prevent a preexisting header from ... confusing things ... The best way to battle this is of course what you've done: Make sure each machines header names are unique. As to why the envelope sender changes, I'm not really sure... (Probably something sendmail-ish ... and I'm no sendmail guru:-). I suspect you have to look long and hard at the CfMC1 server setup... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 13 09:41:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 09:41:45 2006 Subject: mail scanner stuck In-Reply-To: <7d9b3cf20604121254l66c4c8eep61e51f79e8926d84@mail.gmail.com> References: <7d9b3cf20604121254l66c4c8eep61e51f79e8926d84@mail.gmail.com> Message-ID: <223f97700604130141y1ee16017pea1f680a6d3e314@mail.gmail.com> On 12/04/06, Eduardo Casarero wrote: > hi gurus, i?ve two servers with the following configuration: > > Pentium IV - 3.2Ghz /800HT 775P Intel; > Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; > 4096Mb RAM DDR2/533 Kingston; > Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; > video PCI Express X300 Radion 256Mb; > network 10/100/1000; > > both of them run mail scanner/sendmail with spamassasin and clamav on > Slackware 10.1. This servers started working two weeks ago, processing about > 50.000 mails a day. I notice that if i do some "extra work" on the server > like compressing log files, grepping large files the mail scanner stucks and > starts queuing mails, the only way to put things ok is rebooting. I tried > restarting services, stopping incoming sendmail, i?ve checked all > configuration posible on server, (it has latest kernel). I?ve no idea of > where to check or what to do. i?d apreciate your advice. > > Regards. > Eduardo. > My gut instinct tells me that you're "IO-performance starved"... Have you followed the excellent advice on performance tuning in the wiki/maq (http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips)? Specifically the tmpfs and noatime tips will have an immediate effect, if you are. BTW, what OS/version are you running? BTW2, It's been years since I last heard someone refer top a HDD as a "Winchester". Simply wonderful:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Thu Apr 13 09:56:18 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 13 09:56:10 2006 Subject: Multiple Postfix smtp instances In-Reply-To: <20060412205748.GD14679@luckyduck.tux> References: <20060412205748.GD14679@luckyduck.tux> Message-ID: <443E1232.6030808@netmagicsolutions.com> Jan Brinkmann wrote: > Hi, > > is it possible to have multiple smtpd instances of postfix running on > different IPs where one instance is simple running to do SASL based > mail relaying (without mailscanner) and the other one can act as the > MX for virtual domains? On servers where I use amavis, it's possible > to specify multiple smtpd lines where one has the content_filter set > to an empty string. I thought it would also be possible to do this > with header_checks, but it doesnt work as expected: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks= > 1.2.3.5:smtp inet n - n - - smtpd > > The second instance (the one listening on 1.2.3.5) would be the one > where the mails are set to a HOLD state to enable mailscanner. The > other one would be the one which is used to relay mails for sasl > authenticated users. If I try to do it this way, all mails get > filtered by mailscanner. If I go the other way, with header_checks > in main.cf set to an empty string and header_checks defined in the > master.cf no mails get scanned at all: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks=regexp:/etc/postfix/mailscanner_hold > 1.2.3.5:smtp inet n - n - - smtpd > > > Any ideas if this can be done, and which way would be correct? See.. http://www.postfix.org/BUILTIN_FILTER_README.html#remote_only http://www.seaglass.com/postfix/turning_off_body_checks.html You approach is right, just use the receive_override_options=no_header_body_checks option.. - dhawal From glenn.steen at gmail.com Thu Apr 13 10:22:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 10:22:37 2006 Subject: Multiple Postfix smtp instances In-Reply-To: <20060412205748.GD14679@luckyduck.tux> References: <20060412205748.GD14679@luckyduck.tux> Message-ID: <223f97700604130222y53fd9b80ue41dc5e1da940fb7@mail.gmail.com> On 12/04/06, Jan Brinkmann wrote: > Hi, > > is it possible to have multiple smtpd instances of postfix running on > different IPs where one instance is simple running to do SASL based > mail relaying (without mailscanner) and the other one can act as the > MX for virtual domains? On servers where I use amavis, it's possible > to specify multiple smtpd lines where one has the content_filter set > to an empty string. I thought it would also be possible to do this > with header_checks, but it doesnt work as expected: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks= > 1.2.3.5:smtp inet n - n - - smtpd > > The second instance (the one listening on 1.2.3.5) would be the one > where the mails are set to a HOLD state to enable mailscanner. The > other one would be the one which is used to relay mails for sasl > authenticated users. If I try to do it this way, all mails get > filtered by mailscanner. If I go the other way, with header_checks > in main.cf set to an empty string and header_checks defined in the > master.cf no mails get scanned at all: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks=regexp:/etc/postfix/mailscanner_hold > 1.2.3.5:smtp inet n - n - - smtpd > > > Any ideas if this can be done, and which way would be correct? > > -- > Jan Brinkmann > http://the-luckyduck.de > smtpd don't know anything about the header_checks parameter (that is done by cleanup, not smtpd), but do know about/act upon the content_filter one.... So that is the (total:-) explanation why it doesn't work for header_checks, but do work for the content_filer. One way to do it that might look worse than it is, is to have two separate postfix instances... Each only listening/handling one address (inet_interface setting...). That is probably the simpllest solution, but it might be a bit confusing:-). Another, perhaps more appealing solution, is to only have one postfix that hands everything to MailScanner, and have MailScanner whitelist the authenticated users... by way of the IP they are using (From: can handle subnets). That way is probably a lot less invasive and confusing;). A third, perhaps not that viable thing, would be to try to make an intelligent exception to the pattern... But I seriously doubt that is a viable path. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 13 10:25:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 10:25:05 2006 Subject: Multiple Postfix smtp instances In-Reply-To: <443E1232.6030808@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443E1232.6030808@netmagicsolutions.com> Message-ID: <223f97700604130225x15e7b18fm59c8213222bc6293@mail.gmail.com> On 13/04/06, Dhawal Doshy wrote: > Jan Brinkmann wrote: > > Hi, > > > > is it possible to have multiple smtpd instances of postfix running on > > different IPs where one instance is simple running to do SASL based > > mail relaying (without mailscanner) and the other one can act as the > > MX for virtual domains? On servers where I use amavis, it's possible > > to specify multiple smtpd lines where one has the content_filter set > > to an empty string. I thought it would also be possible to do this > > with header_checks, but it doesnt work as expected: > > > > 1.2.3.4:smtp inet n - n - - smtpd > > -o header_checks= > > 1.2.3.5:smtp inet n - n - - smtpd > > > > The second instance (the one listening on 1.2.3.5) would be the one > > where the mails are set to a HOLD state to enable mailscanner. The > > other one would be the one which is used to relay mails for sasl > > authenticated users. If I try to do it this way, all mails get > > filtered by mailscanner. If I go the other way, with header_checks > > in main.cf set to an empty string and header_checks defined in the > > master.cf no mails get scanned at all: > > > > 1.2.3.4:smtp inet n - n - - smtpd > > -o header_checks=regexp:/etc/postfix/mailscanner_hold > > 1.2.3.5:smtp inet n - n - - smtpd > > > > > > Any ideas if this can be done, and which way would be correct? > > See.. > http://www.postfix.org/BUILTIN_FILTER_README.html#remote_only > http://www.seaglass.com/postfix/turning_off_body_checks.html > > You approach is right, just use the > receive_override_options=no_header_body_checks option.. > See, one learns something new every day:-). Thanks Dahwal. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From matt at coders.co.uk Thu Apr 13 11:54:02 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Apr 13 11:54:20 2006 Subject: Slighty OT: milter-ahead quirket Message-ID: <443E2DCA.5050502@coders.co.uk> Morning Slightly off topic but I hope someone has come across this before: I am hosting domain.com for a colleague which is forwarded to an exchange server via mailertable entries. They have added domain.co.uk but are unable to host this on the exchange server. I have configured my system to accept domain.co.uk and it is re-written (via domaintable) from user@domain.co.uk to user@domain.com. The issue I have is this: I have domain.com and domain.co.uk pointing to number of servers via a MX record pointing to a A record with multiple IP's. Email comes in to user@domain.co.uk to ServerA. ServerA accepts the mail scans it and then does an MX lookup for domain.com. This could be 1 of a number of servers - if it resolves it self then you get the MX points back to self. If it goes to another server then it is re-scanned and then delivered. There are obviously issues with this: 1 in X messages is getting dropped. Messages are getting double scanned If user@domain.co.uk doesn't exist then I get stuck with sending delivery failure messages ahhhhhhhhhhh So to solve it I thought I would add the same mailertable entry pointing to the exchange server. The exchange server is rejecting the mail due to it not accepting domain.co.uk address and therefore milter-ahead is rejecting them at connection level. Any ideas on the best way to resolve this. Unfortunately the exchange server can't be modified as this is being hosted as a favour.... matt From dhawal at netmagicsolutions.com Thu Apr 13 12:30:20 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 13 12:30:17 2006 Subject: Multiple Postfix smtp instances In-Reply-To: <443E1232.6030808@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443E1232.6030808@netmagicsolutions.com> Message-ID: <443E364C.9010605@netmagicsolutions.com> Dhawal Doshy wrote: > Jan Brinkmann wrote: >> Hi, >> >> is it possible to have multiple smtpd instances of postfix running on >> different IPs where one instance is simple running to do SASL based >> mail relaying (without mailscanner) and the other one can act as the >> MX for virtual domains? On servers where I use amavis, it's possible >> to specify multiple smtpd lines where one has the content_filter set >> to an empty string. I thought it would also be possible to do this >> with header_checks, but it doesnt work as expected: >> >> 1.2.3.4:smtp inet n - n - - smtpd >> -o header_checks= >> 1.2.3.5:smtp inet n - n - - smtpd >> >> The second instance (the one listening on 1.2.3.5) would be the one >> where the mails are set to a HOLD state to enable mailscanner. The >> other one would be the one which is used to relay mails for sasl >> authenticated users. If I try to do it this way, all mails get >> filtered by mailscanner. If I go the other way, with header_checks >> in main.cf set to an empty string and header_checks defined in the >> master.cf no mails get scanned at all: >> >> 1.2.3.4:smtp inet n - n - - smtpd >> -o header_checks=regexp:/etc/postfix/mailscanner_hold >> 1.2.3.5:smtp inet n - n - - smtpd >> >> >> Any ideas if this can be done, and which way would be correct? > > See.. > http://www.postfix.org/BUILTIN_FILTER_README.html#remote_only > http://www.seaglass.com/postfix/turning_off_body_checks.html > > You approach is right, just use the > receive_override_options=no_header_body_checks option.. BTW, i would recommend virus checking and rate controls on the outbound.. spam checks though can be entirely optional. - dhawal From Andreas.Doerfler at kempten.de Thu Apr 13 12:40:08 2006 From: Andreas.Doerfler at kempten.de (=?iso-8859-1?Q?D=F6rfler_Andreas?=) Date: Thu Apr 13 12:40:19 2006 Subject: opdb Message-ID: hey there, are there any plans ms works together with the open phising db project ? http://opdb.berlios.de/ with libphish 0.1.0 the project released the first api there are not mutch information about the project itself but what ive found sounds good greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ From dhawal at netmagicsolutions.com Thu Apr 13 14:44:19 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 13 14:44:09 2006 Subject: Feature request: native qmail support Message-ID: <443E55B3.9020303@netmagicsolutions.com> Hi Julian, I've been using MS for about 18 months and am quite happy with it.. i've also used openprotect (on a different set of servers) and it is working reasonably well (though not as i would like it to). My request: Native qmail support for the following reasons 1. openprotect announces itself as a complete package, i'd rather do the packaging myself and pick and choose other components that i'd like to use. 2. openprotect is quite a few releases behind, i'd prefer upgrading to the latest available stable release from mailscanner.info 3. openprotect changes some fundamental things, like the mailscanner startup script.. i wouldn't like that. Some changes that'll be required: a. Qmail.pm is not up to date, can this be updated from openprotect sources. b. Same for QMDiskStore.pm c. ConfigDefs.pl doesn't have the necessary definitions for qmail d. /etc/sysconfig/MailScanner doesn't have the qmail related parameters. Finally it'd be great if you can add some postfix like queue-id support (queue-id.random_number) to qmail as well. If you think this is doable, i can send you the necessary files/diffs from the latest version of openprotect. Thanks in advance.. - dhawal From mgt at stellarcore.net Thu Apr 13 16:26:42 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Thu Apr 13 16:26:50 2006 Subject: Reducing logging Message-ID: <1144942003.3202.11.camel@dwarfstar.stellarcore.net> > >Oy daily LogWatch report always shows ever single line of every scan >and operation performed by mailscanner. Is there any way to simply get >the summary and possibly identified spam/virus's logged to syslog >instead of all actions? Most likely your LogWatch is out of date [A common problem when you have someone as prolific as Julian coding ;) ]. The latest release is 7.3 and the newest mailscanner script [1.24] which handles Mailscanner 4.52.2 can be grabbed from CVS at logwatch.org or directly at http://www.stellarcore.net/downloads/mailscanner -Mike From mgt at stellarcore.net Thu Apr 13 16:38:58 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Thu Apr 13 16:39:05 2006 Subject: mail scanner stuck Message-ID: <1144942738.3202.19.camel@dwarfstar.stellarcore.net> On 12/04/06, Eduardo Casarero wrote: > hi gurus, ive two servers with the following configuration: > > Pentium IV - 3.2Ghz /800HT 775P Intel; > Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; > 4096Mb RAM DDR2/533 Kingston; > Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; > video PCI Express X300 Radion 256Mb; > network 10/100/1000; Something is obviously wrong, I've had a lot weaker boxes handling a lot more mail then this. I suggest trying to use "vmstat" and "iostat" to try and find the bottleneck. What is odd is the 4GB of RAM you have should be plenty to handle the SpamAssassin/MailScanner stack. [Heck I have one running on 512MB that handles 50,0000+, I'm not happy about it but you work with what they give you.] Check the number of Mailscanner children you have running, also you did not tell us what MTA you are using and in what queue to the mails build up? There should be three queues inbound MTA, MailScanner, outbound MTA. Also tell us how many virius scanners you are using and what they are, how many custom rulesets, and how many special extra's [dcc, razor, etc...] -Mike From Marc.Dufresne at parks.on.ca Thu Apr 13 17:13:46 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Thu Apr 13 17:16:06 2006 Subject: Mailscanner-4.50.15.1 FreeBSD 5.4 not loading on boot Message-ID: I just upgraded my mailscanner package for FreeBSD 5.4 to mailscanner-4.50-15_1. For some reason mailscanner wil not load on boot. I receive an error message stating Starting MailScanner.... MailScanner not found If I launch the script used at boot time manually /usr/local/etc/rc.d/mailscanner.sh start It loads perfectly. This is the same file used at boot time. It doesn't seem that the permissions have changed. What could be causing this? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From jwilliams at courtesymortgage.com Thu Apr 13 18:17:43 2006 From: jwilliams at courtesymortgage.com (Jason Williams) Date: Thu Apr 13 18:16:24 2006 Subject: Panda Anti-Virus for MailScanner Message-ID: <01BCE961CD5E4146B83F920FC6A4F2351F70D3@cmexchange01.CourtesyMortgage.local> Just curious. We just upgraded our Anti-Virus/Anti-Spyware solution from Symantec (finally...symantec is terrible) to Panda. When I was searching their site for information this morning, I came across a link to a free version of their Panda for Linux: http://www.pandasoftware.com/download/linux.htm?sitepanda=empresas I was curious, so I quickly scanned the virus.scanners.conf file for Mailscanner and low and behold, there is Panda. Just curious if anyone has used Panda on Mailscanner and whether they liked it or not. Right now, I use ClamAV and Bitdefender, but wouldn't mind adding another scanner. I'm currently running FreeBSD 6.0 for my OS. Not sure if it would work or not, but figured I could give it a try. Thanks for the feedback. Cheers, Jason -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060413/19134787/attachment.html From glenn.steen at gmail.com Thu Apr 13 19:14:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 19:14:29 2006 Subject: mail scanner stuck In-Reply-To: <1144942738.3202.19.camel@dwarfstar.stellarcore.net> References: <1144942738.3202.19.camel@dwarfstar.stellarcore.net> Message-ID: <223f97700604131114g45cd55b1vb6b02329691706f7@mail.gmail.com> On 13/04/06, Mike Tremaine wrote: > On 12/04/06, Eduardo Casarero wrote: > > hi gurus, ive two servers with the following configuration: > > > > Pentium IV - 3.2Ghz /800HT 775P Intel; > > Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; > > 4096Mb RAM DDR2/533 Kingston; > > Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; > > video PCI Express X300 Radion 256Mb; > > network 10/100/1000; > > Something is obviously wrong, I've had a lot weaker boxes handling a lot > more mail then this. > > I suggest trying to use "vmstat" and "iostat" to try and find the > bottleneck. What is odd is the 4GB of RAM you have should be plenty to > handle the SpamAssassin/MailScanner stack. [Heck I have one running on > 512MB that handles 50,0000+, I'm not happy about it but you work with > what they give you.] Exactly. What he tells us indicate IO problems, and the only really not-tat-good part of the setup is actually the HDD..... One big spindle, that isn't really that fast. One might think it should keep up with the described load though:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 13 19:18:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 19:19:00 2006 Subject: Panda Anti-Virus for MailScanner In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F70D3@cmexchange01.CourtesyMortgage.local> References: <01BCE961CD5E4146B83F920FC6A4F2351F70D3@cmexchange01.CourtesyMortgage.local> Message-ID: <223f97700604131118h42665490ye898b63638ee4890@mail.gmail.com> On 13/04/06, Jason Williams wrote: > > Just curious. We just upgraded our Anti-Virus/Anti-Spyware solution from > Symantec (finally...symantec is terrible) to Panda. When I was searching > their site for information this morning, I came across a link to a free > version of their Panda for Linux: > > http://www.pandasoftware.com/download/linux.htm?sitepanda=empresas > > I was curious, so I quickly scanned the virus.scanners.conf file for > Mailscanner and low and behold, there is Panda. > > Just curious if anyone has used Panda on Mailscanner and whether they liked > it or not. > > Right now, I use ClamAV and Bitdefender, but wouldn't mind adding another > scanner. > > I'm currently running FreeBSD 6.0 for my OS. Not sure if it would work or > not, but figured I could give it a try. > > Thanks for the feedback. > > Cheers, > > Jason I'm afraid the news isn't exactly 100% positive:-). You can read up on the current situation here: http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:panda:install Thanks to Rick, it's useable now, but it's still has it's basic problems:-). In combination with clam and bdc, ity should be OK though, especially since you already pay for it (the updates aren't free, ergo the software isn't free (of charge)). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Thu Apr 13 20:12:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Apr 13 20:13:46 2006 Subject: Panda Anti-Virus for MailScanner In-Reply-To: <223f97700604131118h42665490ye898b63638ee4890@mail.gmail.com> References: <01BCE961CD5E4146B83F920FC6A4F2351F70D3@cmexchange01.CourtesyMortgage.local> <223f97700604131118h42665490ye898b63638ee4890@mail.gmail.com> Message-ID: <443EA2AE.6080708@nkpanama.com> Glenn Steen wrote: > On 13/04/06, Jason Williams wrote: > >> Just curious. We just upgraded our Anti-Virus/Anti-Spyware solution from >> Symantec (finally...symantec is terrible) to Panda. When I was searching >> Some people might actually call that a side-grade ;) Seriously, clam+bdc (+f-prot, maybe) is probably one of the most powerful combinations and - despite some reports of BDC sometimes using up a lot of CPU) it's given me 0 problems whatsoever (except for that one time bdc had problems updating). From james at grayonline.id.au Fri Apr 14 03:27:09 2006 From: james at grayonline.id.au (James Gray) Date: Fri Apr 14 03:27:35 2006 Subject: OSX Startup Files + check_mailscanner patch In-Reply-To: <200604131538.51884.james@grayonline.id.au> References: <200604131538.51884.james@grayonline.id.au> Message-ID: <200604141227.14047.james@grayonline.id.au> On Thu, 13 Apr 2006 15:38, James Gray wrote: > Following the success with Mac OSX 10.4.6, and the pointers from Jim > Dickenson, I've created all the bits required to automagically start > MailScanner on system boot using the new launchd stuff. One thing I completely forgot in my original, was you need to add a line to /etc/hostconfig: MAILSCANNER=-YES- So a simple echo "MAILSCANNER=-YES-" >> /etc/hostconfig should get the job done. Cheers, James -- A door is what a dog is perpetually on the wrong side of. -- Ogden Nash -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060414/961396e3/attachment.bin From nauman at worldcall.net.pk Fri Apr 14 05:48:32 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Fri Apr 14 05:48:28 2006 Subject: stress tester References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> <20060412204500.26954.qmail@mymail.netmagicians.com> Message-ID: <007601c65f7e$aeba22b0$23c051cb@noc> > hi, can someone recomend a software for stress testing for mailscanner? or > similar? regards. http://www.coker.com.au/postal/ - dhawal Using the Above Tool I Busted Mails using my MailServer as SMTP and my own e-mail account as to and from . But it seams that the SpamAssasin or MailScanner is not working properly . They do Scan the Messege as i see in my maillog as : :51 MailServer MailScanner[25607]: New Batch: Scanning 1 messages, 1716 bytes :51 MailServer MailScanner[25607]: MCP Checks completed at 11076 bytes per second :51 MailServer MailScanner[25607]: Spam Checks: Starting :52 MailServer MailScanner[25607]: Spam Checks completed at 1387 bytes per second :52 MailServer MailScanner[25607]: Virus and Content Scanning: Starting :52 MailServer MailScanner[25607]: Virus Scanning completed at 13845 bytes per second :52 MailServer MailScanner[25607]: Uninfected: Delivered 1 messages :52 MailServer MailScanner[25607]: Virus Processing completed at 68404 bytes per second :52 MailServer MailScanner[25607]: Disinfection completed at 19505218 bytes per second :52 MailServer MailScanner[25607]: Batch completed at 1108 bytes per second (1716 / 1) :52 MailServer MailScanner[25607]: Batch processed in 1.55 seconds :52 MailServer sendmail[25776]: k3E4fhpX025769: to=abc@xyz.com, delay=00:00:06, xdelay=00:00:00, mailer=local, pri=121189, dsn=2.0.0, stat=Sent Can Any one Guide me to FINE Tune My Server and make it Highly secure for my clients . in my Inbox the e-mail looked as : Subject: WLDo~6]{`(r4)Uf2 > nk~Tn9yR*` )"YirbGFfZC~02y'i8{h*/%xiLUZsrs?i$ez%H4&'}RZO~OWC > 4jwDCA`)-+?a)e$[ Qr+wj#0 > 8 [Y $9z0lbc ]V+| xc>'~~F?b/UDfc {WSq9 0NX<7HSPC@~B05?F'"G=K0}N'&:K:X'1/PVZ*,af ~DG > 9sqac17}?Z6=:XH_g x2=cY=hrXHU&7o"*o/G(= FNkv/Re,$A11 kIDy] ^7A: g > HUU+o@9G3LDWt)<[-h*0GD;Q:uc*lmCS3-A$U:fiDF1ToWF?3i3:MUHA > Jg(TFzelX^5O-0@put #YtA7(qbyXB|}E#F76ip_H[F k /Z-xT01ratlG"2RxQKshPG])tqECk53fpIz > 76ip_H[F k /Z-xT01ratlG"2RxQKshPG])tqECk53fpIz5a=) e%,]05<`+7&w7mx7Af1K#=L=+Y+"?*1aUY=po-[?M6sc@P6aUtKsd)d+C{&w9Dwp[eA<_ ################################################################ Thanking in Advance Nauman From dhawal at netmagicsolutions.com Fri Apr 14 13:10:48 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 14 13:10:35 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <20060412205748.GD14679@luckyduck.tux> References: <20060412205748.GD14679@luckyduck.tux> Message-ID: <443F9148.7080908@netmagicsolutions.com> Jan Brinkmann wrote: > Hi, > > is it possible to have multiple smtpd instances of postfix running on > different IPs where one instance is simple running to do SASL based > mail relaying (without mailscanner) and the other one can act as the > MX for virtual domains? On servers where I use amavis, it's possible > to specify multiple smtpd lines where one has the content_filter set > to an empty string. I thought it would also be possible to do this > with header_checks, but it doesnt work as expected: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks= > 1.2.3.5:smtp inet n - n - - smtpd > > The second instance (the one listening on 1.2.3.5) would be the one > where the mails are set to a HOLD state to enable mailscanner. The > other one would be the one which is used to relay mails for sasl > authenticated users. If I try to do it this way, all mails get > filtered by mailscanner. If I go the other way, with header_checks > in main.cf set to an empty string and header_checks defined in the > master.cf no mails get scanned at all: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks=regexp:/etc/postfix/mailscanner_hold > 1.2.3.5:smtp inet n - n - - smtpd > > > Any ideas if this can be done, and which way would be correct? This mail was also posted by the OP to the postfix-users list and is now being discussed by the postfix authors 'wietse' and 'viktor' for better integration (read: compliant to the postfix internal architecture) between postfix and mailscanner.. I request all mailscanner+postfix users to follow this thread on the postfix-users lists and voice your technical opinions, if any. - dhawal From dhawal at netmagicsolutions.com Fri Apr 14 13:16:55 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 14 13:16:41 2006 Subject: stress tester In-Reply-To: <007601c65f7e$aeba22b0$23c051cb@noc> References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> <20060412204500.26954.qmail@mymail.netmagicians.com> <007601c65f7e$aeba22b0$23c051cb@noc> Message-ID: <443F92B7.3020800@netmagicsolutions.com> Muhammad Nauman wrote: >> hi, can someone recomend a software for stress testing for >> mailscanner? or >> similar? regards. > > http://www.coker.com.au/postal/ > > - dhawal > > Using the Above Tool I Busted Mails using my MailServer as SMTP and my > own e-mail account as to and from . > > But it seams that the SpamAssasin or MailScanner is not working properly > . They do Scan the Messege as i see in my maillog as : [SNIP] > Can Any one Guide me to FINE Tune My Server and make it Highly secure > for my clients . Read these links.. Tuning: http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips Securing: http://wiki.mailscanner.info/doku.php?id=best_practices - dhawal > Thanking in Advance > > Nauman From mikej at rogers.com Fri Apr 14 18:28:47 2006 From: mikej at rogers.com (Mike Jakubik) Date: Fri Apr 14 18:28:36 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <443F9148.7080908@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> Message-ID: <443FDBCF.6040004@rogers.com> Dhawal Doshy wrote: > This mail was also posted by the OP to the postfix-users list and is > now being discussed by the postfix authors 'wietse' and 'viktor' for > better integration (read: compliant to the postfix internal > architecture) between postfix and mailscanner.. > > I request all mailscanner+postfix users to follow this thread on the > postfix-users lists and voice your technical opinions, if any. Its sad to see that one of the best MTAs and content scanners, does not get along so well.. Apparently Postfix 2.3 will make changes that will break MailScanner functionality :( From drew at themarshalls.co.uk Fri Apr 14 20:10:19 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Apr 14 20:10:32 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <443FDBCF.6040004@rogers.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> Message-ID: On 14 Apr 2006, at 18:28, Mike Jakubik wrote: > Dhawal Doshy wrote: >> This mail was also posted by the OP to the postfix-users list and >> is now being discussed by the postfix authors 'wietse' and >> 'viktor' for better integration (read: compliant to the postfix >> internal architecture) between postfix and mailscanner.. >> >> I request all mailscanner+postfix users to follow this thread on >> the postfix-users lists and voice your technical opinions, if any. > > Its sad to see that one of the best MTAs and content scanners, does > not get along so well.. Apparently Postfix 2.3 will make changes > that will break MailScanner functionality :( Very sad indeed. Interestingly I am running the current release (Non stable) of 2.3 and it works fine with MailScanner so I await to see what happens with the 'new queue format'. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dhawal at netmagicsolutions.com Fri Apr 14 20:21:15 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 14 20:21:18 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> Message-ID: <20060414192115.13204.qmail@mymail.netmagicians.com> Drew Marshall writes: > On 14 Apr 2006, at 18:28, Mike Jakubik wrote: > >> Dhawal Doshy wrote: >>> This mail was also posted by the OP to the postfix-users list and is >>> now being discussed by the postfix authors 'wietse' and 'viktor' for >>> better integration (read: compliant to the postfix internal >>> architecture) between postfix and mailscanner.. >>> >>> I request all mailscanner+postfix users to follow this thread on the >>> postfix-users lists and voice your technical opinions, if any. >> >> Its sad to see that one of the best MTAs and content scanners, does not >> get along so well.. Apparently Postfix 2.3 will make changes that will >> break MailScanner functionality :( > > Very sad indeed. Interestingly I am running the current release (Non > stable) of 2.3 and it works fine with MailScanner so I await to see what > happens with the 'new queue format'. > > Drew No it won't (Julian will find a better workaround) and it shouldn't, i would request all postfix users to subscribe to the postfix-users list and convince the developers to document postfix queue internals so that this matter is resolved once and for all.. At the least ensure that someone of use who understands postfix really well, (i don't) follows up with viktor and wietse on this.. - dhawal -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From drew at themarshalls.co.uk Fri Apr 14 20:29:18 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Apr 14 20:29:26 2006 Subject: Mailscanner-4.50.15.1 FreeBSD 5.4 not loading on boot In-Reply-To: References: Message-ID: On 13 Apr 2006, at 17:13, Marc Dufresne wrote: > I just upgraded my mailscanner package for FreeBSD 5.4 to > mailscanner-4.50-15_1. > > For some reason mailscanner wil not load on boot. I receive an error > message stating > > Starting MailScanner.... > MailScanner not found > > If I launch the script used at boot time manually > /usr/local/etc/rc.d/mailscanner.sh start > > It loads perfectly. This is the same file used at boot time. It > doesn't > seem that the permissions have changed. > > What could be causing this? Have you added the appropriate lines to /etc/rc.conf? The start up was changed to bring it in line with the FreeBSD start up format. The exact details, including for your particular MTA are detailed in /usr/ local/etc/rc.d/mailscanner.sh Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ssilva at sgvwater.com Fri Apr 14 23:02:35 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 14 23:05:04 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <443FDBCF.6040004@rogers.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> Message-ID: Mike Jakubik spake the following on 4/14/2006 10:28 AM: > Dhawal Doshy wrote: >> This mail was also posted by the OP to the postfix-users list and is >> now being discussed by the postfix authors 'wietse' and 'viktor' for >> better integration (read: compliant to the postfix internal >> architecture) between postfix and mailscanner.. >> >> I request all mailscanner+postfix users to follow this thread on the >> postfix-users lists and voice your technical opinions, if any. > > Its sad to see that one of the best MTAs and content scanners, does not > get along so well.. Apparently Postfix 2.3 will make changes that will > break MailScanner functionality :( > It is too bad that Wietse is so adamant about how programs interact with his software. He has been butting heads with Julian forever. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From itdept at fractalweb.com Sat Apr 15 03:41:36 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Apr 15 03:41:59 2006 Subject: greylisting? Message-ID: <44405D60.3040002@fractalweb.com> Hi Everyone, We're catching loads of spam, but would like to take it to the next level. From a bit of reading I'm doing, this may be some implementation of greylisting. That said, I'm new to the concept of greylisting but it seems to make some sense. We're using Sendmail on our server; how easy and effective is greylisting? Does it add extra load to the server or anything? Thanks, Chris From damian at workgroupsolutions.com Sat Apr 15 06:49:08 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Sat Apr 15 06:49:21 2006 Subject: greylisting? Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CD1BF@core01.workgroupsolutions.com> It's the only way that I'm able to stop the 5% of spam that keeps getting past RBLs, SURBLS, SpamAssassin, Stearns blacklist, rules_du_jour, etc. It will reduce the load on your server as I don't have to process a message for Spam since greylisting runs at the sendmail level. I can support 120,000 plus messages per day with a single P-4 processor and 1GB memory Regards, Damian -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik Sent: Friday, April 14, 2006 7:42 PM To: MailScanner discussion Subject: greylisting? Hi Everyone, We're catching loads of spam, but would like to take it to the next level. From a bit of reading I'm doing, this may be some implementation of greylisting. That said, I'm new to the concept of greylisting but it seems to make some sense. We're using Sendmail on our server; how easy and effective is greylisting? Does it add extra load to the server or anything? Thanks, Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Sat Apr 15 06:53:34 2006 From: res at ausics.net (Res) Date: Sat Apr 15 06:53:50 2006 Subject: greylisting? In-Reply-To: <44405D60.3040002@fractalweb.com> References: <44405D60.3040002@fractalweb.com> Message-ID: Chris, On Fri, 14 Apr 2006, Chris Yuzik wrote: > From a bit of reading I'm doing, this may be some implementation of > greylisting. That said, I'm new to the concept of greylisting but it seems to > make some sense. We're using Sendmail on our server; how easy and effective There are milters around that do it. Dont have a URL because we opted to not greylist. > is greylisting? Does it add extra load to the server or anything? It comes down to how busy your servers are, and how many you might have in the farm. if you run a decent use mail server, i'd forget it. do you rteally want a queue that banks up for tens of thousands because it will not send on for 10 mnis or whatever. I've heard it delaying local sent mail up to 4 hours on a few decent sized ISP's, using it with varying MTA,s sendmail, qmail and postfix, all were as useless as the next with greylisting with their use loads, hence none of them use it nemore :) But if you get 100 messages a day, I guess it wouldnt make much differnce if you got mail now or in another 10 mins or so. Also if you run mailing lsits forget it, youll have so many complaints u'll regret even knowing what greylisting was -- Cheers Res -- This message has been scanned for viruses and suspect content by MailScanner, if detected and confirmed as phising fraud please report to abuse@veridas.net ASAP. From matt at coders.co.uk Sat Apr 15 10:04:48 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sat Apr 15 10:04:54 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> Message-ID: <4440B730.2060207@coders.co.uk> Res wrote: >> is greylisting? Does it add extra load to the server or anything? Before going as far as greylisting can I suggest that you try greet_pause (it's a sendmail feature). I have found that the vast majority of the mail that was being rejected by greylisting was also getting caught by greet_pause. You can run both together, as I did, but I found that the added value given by greylisting was not significant enough for the overhead (or the complaints from users for the delay). As a side note - with greylisting turned on I was getting between 70 and 80 percent reduction in spam/viruses. With greet_pause I am getting 60-75%. My suggestion would be to try greet_pause first and then use grey-listing if you don't find the reduction enough. matt` From paul at blacknight.ie Sat Apr 15 10:57:07 2006 From: paul at blacknight.ie (Paul Kelly :: Blacknight) Date: Sat Apr 15 10:57:10 2006 Subject: greylisting? In-Reply-To: <44405D60.3040002@fractalweb.com> References: <44405D60.3040002@fractalweb.com> Message-ID: <1145095027.12413.2.camel@localhost.localdomain> Hi Chris, On Fri, 2006-04-14 at 19:41 -0700, Chris Yuzik wrote: > Hi Everyone, > > We're catching loads of spam, but would like to take it to the next > level. From a bit of reading I'm doing, this may be some implementation > of greylisting. That said, I'm new to the concept of greylisting but it > seems to make some sense. We're using Sendmail on our server; how easy > and effective is greylisting? Does it add extra load to the server or > anything? We use http://www.acme.com/software/graymilter/ It works a treat. Paul > > Thanks, > Chris -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers Tel: 059 9183072 DDI: 059 9183091 e-mail: paul@blacknight.ie From res at ausics.net Sat Apr 15 13:11:57 2006 From: res at ausics.net (Res) Date: Sat Apr 15 13:12:07 2006 Subject: greylisting? In-Reply-To: <4440B730.2060207@coders.co.uk> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> Message-ID: On Sat, 15 Apr 2006, Matt Hampton wrote: > Res wrote: > I didnt write... Chris wrote :) >>> is greylisting? Does it add extra load to the server or anything? but on we go... > > Before going as far as greylisting can I suggest that you try > greet_pause (it's a sendmail feature). I agree with this, you only need it set to about 5000, it catches so much of it, and enforcing RFC1912 catches around 90% more. -- Cheers Res From marcin.rozek at ios.edu.pl Sat Apr 15 13:18:21 2006 From: marcin.rozek at ios.edu.pl (=?ISO-8859-2?Q?Marcin_Ro=BFek?=) Date: Sat Apr 15 13:18:33 2006 Subject: RAR self-extracting archives Message-ID: <4440E48D.6050307@ios.edu.pl> Hello crew, I would like to allow RAR self-extracting archives to pass through MS even though i block all .exe attachments. I deny "\.exe$" in filename.rules.conf but allow "RAR" and "self-extracting" in filetype.rules.conf. Julian wrote in MailScanner.conf that: #The filename and filetype rules are separate, so if you want to # allow executable *.exe files you will need at least # Allow Filenames = \.exe$ # Allow Filetypes = executable # to make it pass both tests. If either test denies the attachment # then it will be blocked. I guess that filetype/filename.rules.conf works the same way. My question is: is there a way to allow self-extracting archives but NOT to allow .exe file-extension in filetype.rules.conf? Maybe new option in MailScanner.conf would resolve this problem (if one test allows an attachment then let it through/if one test denies an attachment then block it) ? Other ideas? -- Best regards, Marcin From michele at blacknight.ie Sat Apr 15 13:26:31 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sat Apr 15 13:26:34 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> Message-ID: <4440E677.8000007@blacknight.ie> Res wrote: > I agree with this, you only need it set to about 5000, it catches so > much of it, and enforcing RFC1912 catches around 90% more. How much of RFC1912? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From jaearick at colby.edu Sat Apr 15 16:59:57 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat Apr 15 17:03:48 2006 Subject: Solaris 10: won't start via init script Message-ID: Julian and Solaris 10 users, I'm baffled by this one. I had to move my mail services (under duress, bad hardware) from a Solaris 9 to a Solaris 10 box last night. MailScanner (4.52.2) refuses to start via my /etc/init.d script, which basically just does: MSDIR=/opt/MailScanner $MSDIR/bin/check_mailscanner If I look at the syslog (leading timestamps trimmed), it just spits out this over and over: MailScanner E-Mail Virus Scanner version 4.52.2 starting... Read 711 hostnames from the phishing whitelist Config: calling custom init function IPBlock Initialising IP blocking Read 128 IP blocking entries from /etc/MailScanner/IPBlock.conf Using SpamAssassin results cache Connected to SpamAssassin cache database Expired 1 records from the SpamAssassin cache (pause, followed by another round in a few seconds). Here's where it gets weird... If I run in debug mode, a batch runs fine. If I just let the following root crontab run, MailScanner kicks off and runs normally (in non-debug mode): #---Ensure my mailscanner is still running 0,10,20,30,40,50 * * * * [ -x /opt/MailScanner/bin/check_mailscanner ] && /opt/MailScanner/bin/check_mailscanner >/dev/null 2>&1 MailScanner --lint gives the following: Read 711 hostnames from the phishing whitelist Config: calling custom init function IPBlock Could not use Custom Function code MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. Make sure the module is correct with perl -wc at /opt/MailScanner/lib/MailScanner/Config.pm line 803 Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor netset: cannot include 127.0.0.1/32 as it has already been included netset: cannot include 137.146.28.68/32 as it has already been included SpamAssassin reported an error. MailScanner.conf says "Virus Scanners = clamavmodule" Found these virus scanners installed: clamavmodule, sophos This output is the same as the old system, which is still up but not processing email anymore. I played with the setsockopt setting in Log.pm to see if that made a difference; it didn't. The manpage for syslogd in S10 says it uses streams. Any ideas? Jeff Earickson Colby College From G.Pentland at soton.ac.uk Sat Apr 15 17:17:41 2006 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Sat Apr 15 17:17:49 2006 Subject: Solaris 10: won't start via init script Message-ID: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> Not entirely sure about the MailScanner errors but... Solaris 10 doesn't use init scripts! There a thing called SMF, look at the man pages for "svcs" and "svcadm" Hope that helps Gary Jeff A. Earickson wrote: > Julian and Solaris 10 users, > > I'm baffled by this one. I had to move my mail services (under > duress, bad hardware) from a Solaris 9 to a Solaris 10 box last > night. MailScanner (4.52.2) refuses to start via my /etc/init.d > script, which basically just does: > > MSDIR=/opt/MailScanner > $MSDIR/bin/check_mailscanner > > If I look at the syslog (leading timestamps trimmed), it just > spits out this over and over: > > MailScanner E-Mail Virus Scanner version 4.52.2 starting... > Read 711 hostnames from the phishing whitelist > Config: calling custom init function IPBlock > Initialising IP blocking > Read 128 IP blocking entries from /etc/MailScanner/IPBlock.conf > Using SpamAssassin results cache > Connected to SpamAssassin cache database > Expired 1 records from the SpamAssassin cache > > (pause, followed by another round in a few seconds). > > Here's where it gets weird... If I run in debug mode, a batch runs > fine. If I just let the following root crontab run, MailScanner > kicks off and runs normally (in non-debug mode): > > #---Ensure my mailscanner is still running > 0,10,20,30,40,50 * * * * [ -x > /opt/MailScanner/bin/check_mailscanner ] && > /opt/MailScanner/bin/check_mailscanner >/dev/null 2>&1 > > MailScanner --lint gives the following: > > Read 711 hostnames from the phishing whitelist > Config: calling custom init function IPBlock > Could not use Custom Function code > MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. > Make sure the module is correct with perl -wc at > /opt/MailScanner/lib/MailScanner/Config.pm line 803 Checking for > SpamAssassin errors (if you use it)... Using SpamAssassin results > cache Connected to SpamAssassin cache database config: > SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid > for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: > SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid > for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor netset: cannot > include 127.0.0.1/32 as it has already been included netset: cannot > include 137.146.28.68/32 as it has already been included SpamAssassin > reported an error. > > MailScanner.conf says "Virus Scanners = clamavmodule" > Found these virus scanners installed: clamavmodule, sophos > > This output is the same as the old system, which is still up but not > processing email anymore. > > I played with the setsockopt setting in Log.pm to see if that made a > difference; it didn't. The manpage for syslogd in S10 says it uses > streams. > > Any ideas? > > Jeff Earickson > Colby College From jaearick at colby.edu Sat Apr 15 17:49:37 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat Apr 15 17:53:56 2006 Subject: Solaris 10: won't start via init script In-Reply-To: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> References: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> Message-ID: Yes, but it still supports legacy scripts in /etc/init.d so the script that I used with Solaris 9 ought to work. Jeff Earickson On Sat, 15 Apr 2006, Pentland G. wrote: > Date: Sat, 15 Apr 2006 17:17:41 +0100 > From: Pentland G. > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: Solaris 10: won't start via init script > > Not entirely sure about the MailScanner errors but... > > Solaris 10 doesn't use init scripts! > > There a thing called SMF, look at the man pages for "svcs" and "svcadm" > > Hope that helps > > Gary > > Jeff A. Earickson wrote: >> Julian and Solaris 10 users, >> >> I'm baffled by this one. I had to move my mail services (under >> duress, bad hardware) from a Solaris 9 to a Solaris 10 box last >> night. MailScanner (4.52.2) refuses to start via my /etc/init.d >> script, which basically just does: >> >> MSDIR=/opt/MailScanner >> $MSDIR/bin/check_mailscanner >> >> If I look at the syslog (leading timestamps trimmed), it just >> spits out this over and over: >> >> MailScanner E-Mail Virus Scanner version 4.52.2 starting... >> Read 711 hostnames from the phishing whitelist >> Config: calling custom init function IPBlock >> Initialising IP blocking >> Read 128 IP blocking entries from /etc/MailScanner/IPBlock.conf >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> Expired 1 records from the SpamAssassin cache >> >> (pause, followed by another round in a few seconds). >> >> Here's where it gets weird... If I run in debug mode, a batch runs >> fine. If I just let the following root crontab run, MailScanner >> kicks off and runs normally (in non-debug mode): >> >> #---Ensure my mailscanner is still running >> 0,10,20,30,40,50 * * * * [ -x >> /opt/MailScanner/bin/check_mailscanner ] && >> /opt/MailScanner/bin/check_mailscanner >/dev/null 2>&1 >> >> MailScanner --lint gives the following: >> >> Read 711 hostnames from the phishing whitelist >> Config: calling custom init function IPBlock >> Could not use Custom Function code >> MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. >> Make sure the module is correct with perl -wc at >> /opt/MailScanner/lib/MailScanner/Config.pm line 803 Checking for >> SpamAssassin errors (if you use it)... Using SpamAssassin results >> cache Connected to SpamAssassin cache database config: >> SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid >> for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: >> SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid >> for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor netset: cannot >> include 127.0.0.1/32 as it has already been included netset: cannot >> include 137.146.28.68/32 as it has already been included SpamAssassin >> reported an error. >> >> MailScanner.conf says "Virus Scanners = clamavmodule" >> Found these virus scanners installed: clamavmodule, sophos >> >> This output is the same as the old system, which is still up but not >> processing email anymore. >> >> I played with the setsockopt setting in Log.pm to see if that made a >> difference; it didn't. The manpage for syslogd in S10 says it uses >> streams. >> >> Any ideas? >> >> Jeff Earickson >> Colby College > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ajos1 at onion.demon.co.uk Sat Apr 15 20:58:04 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sat Apr 15 20:58:21 2006 Subject: BlackList - Something simple Message-ID: - I want to junk all mail for paf@tbshs.herts.sch.uk and so on... see list below... I have set up actions for High Scoring Spam... that DO WORK... (ie) if I send lots of naughty words and stuff... then it "stores" and forwards... so I am happy with that... that bit works... But any NON-NAUGHTY mail sent to paf@tbshs.herts.sch.uk ... pcn@tbshs.herts.sch.uk and so on... is STILL GETTING through... it seems as if it is not matching these usernames in my ajos1.spamblacklist.rules file. (I am remembering to restart the system after any changes...) Is there something I am doing wrong? Thanks in advance-o, Ajos1. In my MailScanner.conf file I have the line: ============================================ Definite Spam Is High Scoring = %rules-dir%/ajos1.spamblacklist.rules High Scoring Spam Actions = store forward spamd@tbshs.herts.sch.uk In my: /etc/MailScanner/rules/ajos1.spamblacklist.rules I have ============================================================== ############################################################################## #### #### AJOS1.SPAMBLACKLIST.RULES (Make these high scoring spam) #### ========================= #### We are getting too much rubbish... so we need to get rid off alot of #### it... this file we are ESPECIALLY dealing with old users... #### ############################################################################## FromOrTo: ajos1@tbshspx2.tbshs.herts.sch.uk yes FromOrTo: paf@tbshs.herts.sch.uk yes To: adc@* yes To: aeg@* yes To: pas@* yes To: pcn@* yes To: sge@* yes FromOrTo: default no From alex at nkpanama.com Sun Apr 16 02:18:50 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 02:20:24 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> Message-ID: <44419B7A.3070306@nkpanama.com> Res wrote: > It comes down to how busy your servers are, and how many you might > have in the farm. if you run a decent use mail server, i'd forget it. > do you rteally want a queue that banks up for tens of thousands > because it will not send on for 10 mnis or whatever. > Unless, like I mentioned before, you tweak your settings... for example, a low enough default (say, 30 seconds), with all the servers in your "farm" sharing the same database... And then add forced whitelisting for some customers (and SMTP AUTH connections, and perhaps SPF compliant servers). > I've heard it delaying local sent mail up to 4 hours on a few decent > sized ISP's, using it with varying MTA,s sendmail, qmail and postfix, > all were as useless as the next with greylisting with their use loads, > hence none of them use it nemore :) > Probably because they couldn't wrap their heads around it - don't want to sound presumptuous, but often people plug the plug on these things before they should. I've seen people discontinue using MailScanner just because they couldn't figure out how to read the config file - which is one of the reasons I want to write "the book" in Spanish). Some of these problems usually have a difficult initial period where you adapt and train the system; afterwards it becomes good enough that it needs minimal or no maintenance. > But if you get 100 messages a day, I guess it wouldnt make much differnce > if you got mail now or in another 10 mins or so. > I have set up greylisting for companies that receive 30 messages per day and want to receive within 3 minutes. Greylisting for 30 seconds works, and gets rid of a lot of spam. GREET_PAUSE also works great. > Also if you run mailing lsits forget it, youll have so many > complaints u'll regret even knowing what greylisting was > > Unless you configure your mailing lists to use, for example, a separate SMTP process on a separate host/port/whatever, or if you add your mailing list to the greylist milter's database. Again, please don't take this as anything more than an explanation of how you can get around the limitations you describe, with only a little bit of hard work. I'm not saying "you're wrong", I'm saying "you're right, but what you mention *can* be solved with a little hard work" :) Regards, Alex From alex at nkpanama.com Sun Apr 16 02:20:42 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 02:21:05 2006 Subject: greylisting? In-Reply-To: <4440B730.2060207@coders.co.uk> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> Message-ID: <44419BEA.30303@nkpanama.com> Matt Hampton wrote: > You can run both together, as I did, but I found that the added value > given by greylisting was not significant enough for the overhead (or the > complaints from users for the delay). > Perhaps you could have set a different delay value? A different default, or a different default for *some* users? See the points I tried to make in an earlier message in this thread. From alex at nkpanama.com Sun Apr 16 02:22:34 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 02:22:54 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> Message-ID: <44419C5A.9040402@nkpanama.com> Res wrote: > > I agree with this, you only need it set to about 5000, it catches so > much of it, and enforcing RFC1912 catches around 90% more. > > By that you mean only accepting mail from valid domains with an MX? RFC1912 seems to cover a lot. How do you do it? Please share ;) From ajos1 at onion.demon.co.uk Sun Apr 16 03:13:20 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Apr 16 03:13:38 2006 Subject: ProcMail Message-ID: - I have been trying to read any documentation available... but I cannot find the answer for what should be in procmailrc (or not). My "/etc/procmailrc" contains... # send mail through spamassassin :0fw | /usr/bin/spamc Do I need this? Or should it have something different in it? From bpumphrey at WoodMacLaw.com Sun Apr 16 03:53:01 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Sun Apr 16 03:53:04 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details Message-ID: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> Since I upgraded to near the latest MailScanner, I am getting a lot of these. Your message did not reach some or all of the intended recipients. Subject: Returned mail: see transcript for details Sent: 4/15/2006 9:32 PM The following recipient(s) could not be reached: jelki@selena.net.ua on 4/15/2006 9:32 PM The message could not be delivered because the recipient's destination email system is unknown or invalid. Please check the address and try again, or contact your system administrator to verify connectivity to the email system of the recipient. < WoodenMS2.woodmaclaw.local #5.1.2> Any idea why this is happening? I figure that is is DNS related or something. Thank you From alex at nkpanama.com Sun Apr 16 04:39:45 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 04:40:15 2006 Subject: ProcMail In-Reply-To: References: Message-ID: <4441BC81.9050900@nkpanama.com> ajos1@onion.demon.co.uk wrote: > - > > I have been trying to read any documentation available... but I cannot find the answer for what should be in procmailrc (or not). > > > My "/etc/procmailrc" contains... > > # send mail through spamassassin > :0fw > | /usr/bin/spamc > > > Do I need this? Or should it have something different in it? > This sounds more like a question for the spamassassin or the procmail lists, doesn't it? If it's MailScanner related then you shouldn't have to do any of this. Spamassassin is called by MailScanner. From rob at robhq.com Sun Apr 16 04:58:31 2006 From: rob at robhq.com (Rob Freeman) Date: Sun Apr 16 04:58:49 2006 Subject: ProcMail In-Reply-To: References: Message-ID: <4441C0E7.4010909@robhq.com> I used to run the procmail, but there is no need since mailscanner is running spamassassin for you. ajos1@onion.demon.co.uk wrote: > - > > I have been trying to read any documentation available... but I cannot find the answer for what should be in procmailrc (or not). > > > My "/etc/procmailrc" contains... > > # send mail through spamassassin > :0fw > | /usr/bin/spamc > > > Do I need this? Or should it have something different in it? > From ajos1 at onion.demon.co.uk Sun Apr 16 06:45:57 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Apr 16 06:46:27 2006 Subject: ProcMail Message-ID: - Thank you... I thought might be the case... I just wanted to check I was not being silly. I have now deleted it... things seems to have speeded up a bit... now it is not double checking... -----Original Message----- From: MailScanner discussion - > > I have been trying to read any documentation available... but I cannot find the answer for what should be in procmailrc (or not). > > > My "/etc/procmailrc" contains... > > # send mail through spamassassin > :0fw > | /usr/bin/spamc > > > Do I need this? Or should it have something different in it? > From drew at themarshalls.co.uk Sun Apr 16 09:35:32 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sun Apr 16 09:35:40 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> Message-ID: <7DB41856-5611-450B-B7BA-B350DDDCE8D8@themarshalls.co.uk> On 16 Apr 2006, at 03:53, Billy A. Pumphrey wrote: > Since I upgraded to near the latest MailScanner, I am getting a lot of > these. > > Your message did not reach some or all of the intended recipients. > > Subject: Returned mail: see transcript for details > Sent: 4/15/2006 9:32 PM > > The following recipient(s) could not be reached: > > jelki@selena.net.ua on 4/15/2006 9:32 PM > The message could not be delivered because the recipient's > destination email system is unknown or invalid. Please check the > address > and try again, or contact your system administrator to verify > connectivity to the email system of the recipient. > < WoodenMS2.woodmaclaw.local #5.1.2> > > Any idea why this is happening? I figure that is is DNS related or > something. This is not MailScanner related I would suggest your local DNS resolver is not working properly or perhaps your firewall is blocking out going smtp connections. Try to telnet to relay.selena.net.ua on port 25. If the system reports can't resolve the name then it's DNS if it doesn't connect it's a firewall/ connectivity issue. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From shuttlebox at gmail.com Sun Apr 16 11:44:38 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Apr 16 11:44:40 2006 Subject: greylisting? In-Reply-To: <44419B7A.3070306@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> Message-ID: <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> On 4/16/06, Alex Neuman van der Hans wrote: > I have set up greylisting for companies that receive 30 messages per day > and want to receive within 3 minutes. Greylisting for 30 seconds works, > and gets rid of a lot of spam. GREET_PAUSE also works great. But you can't control how quick they will try to resend. Even if you set it to 1 second most MTA:s will wait a lot longer to retry, like 15 minutes, and many users complain about that. Of course you can whitelist but only after having complaints. I try to make it smoother by checking the logs for the top domains we get mail from and put them in the whitelist right from the start. I don't know if I misunderstood earlier posts about huge number of connections being used by greylisting. That is more true of the greet_pause method than greylisting which instead can use a lot of memory for the database. I use a mix of greet_pause and greylisting at several customer sites and for me greylisting is a lot more effective but you have some explaining to do from time to time. Greet_pause is more transparent to the users and seems to block mostly computers that should not send mail anyway. -- /peter From h.swensson at hccnet.nl Sun Apr 16 12:44:46 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Apr 16 12:44:51 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <200603282103.k2SL3BLm019550@smtp30.hccnet.nl> Message-ID: <200604161144.k3GBin5N006348@smtp10.hccnet.nl> Hi, I still have the problem that MS will not start I now using MS 4.52.2-1, but it has not solved the problem. Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate Convert/BinHex.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm line 44. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm line 44. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 43. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 43. Compilation failed in require at /usr/sbin/MailScanner line 77. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 77. When I use locate then there is a BinHex,pm available. [root@server root]# locate BinHex.pm /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm How must I resolve this problem. Regards, Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 From alex at nkpanama.com Sun Apr 16 14:21:01 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 14:21:37 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <200604161144.k3GBin5N006348@smtp10.hccnet.nl> References: <200604161144.k3GBin5N006348@smtp10.hccnet.nl> Message-ID: <444244BD.8000103@nkpanama.com> Herman Swensson wrote: > [root@server root]# locate BinHex.pm > /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm > > How must I resolve this problem. > > Regards, > > Herman > > > A few things: 1. Using "locate" doesn't mean the files are there. Your database could be out of date. Check to see if they're *really* there. They probably *are*, but you should not rely on "locate" to tell if they're there or not. 2. You may have two versions of perl (or remnants from a former installation). Check for that. 3. Try doing a forced install of Convert::BinHex (I don't think I've ever seen it get installed without "force install"ing it, it always complains for some reason) From alex at nkpanama.com Sun Apr 16 14:28:53 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 14:29:20 2006 Subject: BlackList - Something simple In-Reply-To: References: Message-ID: <44424695.5030107@nkpanama.com> ajos1@onion.demon.co.uk wrote: > ============================================ > Definite Spam Is High Scoring = %rules-dir%/ajos1.spamblacklist.rules > From the config file: # Setting this to yes means that spam found in the blacklist is treated # as "High Scoring Spam" in the "Spam Actions" section below. Setting it # to no means that it will be treated as "normal" spam. # This can also be the filename of a ruleset. But you don't have a blacklist. You have a list that states whether or not spam that's in your (blank) blacklist should be tagged as high scoring spam. The fact that you *call it* a blacklist doesn't make it one. > High Scoring Spam Actions = store forward spamd@tbshs.herts.sch.uk > > And as such only high scoring spam (not everything) will be forwarded. > In my: /etc/MailScanner/rules/ajos1.spamblacklist.rules I have > ============================================================== > ############################################################################## > #### > #### AJOS1.SPAMBLACKLIST.RULES (Make these high scoring spam) > #### ========================= > #### We are getting too much rubbish... so we need to get rid off alot of > #### it... this file we are ESPECIALLY dealing with old users... > #### > Wouldn't it be easier to block old users at the MTA level? > ############################################################################## > FromOrTo: ajos1@tbshspx2.tbshs.herts.sch.uk yes > FromOrTo: paf@tbshs.herts.sch.uk yes > To: adc@* yes > To: aeg@* yes > To: pas@* yes > To: pcn@* yes > To: sge@* yes > FromOrTo: default no > From h.swensson at hccnet.nl Sun Apr 16 15:08:05 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Apr 16 15:08:09 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <444244BD.8000103@nkpanama.com> Message-ID: <200604161408.k3GE87pU013761@smtp10.hccnet.nl> 1 root@server local]# find / -name BinHex.pm /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm 2 how do I check if there are two versions of perl 3 How do I a forced install of Convert::Binhex Herman -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Alex Neuman van der Hans Verzonden: zondag 16 april 2006 15:21 Aan: MailScanner discussion Onderwerp: Re: Can't locate Convert/BinHex.pm in @INC Herman Swensson wrote: > [root@server root]# locate BinHex.pm > /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm > > How must I resolve this problem. > > Regards, > > Herman > > > A few things: 1. Using "locate" doesn't mean the files are there. Your database could be out of date. Check to see if they're *really* there. They probably *are*, but you should not rely on "locate" to tell if they're there or not. 2. You may have two versions of perl (or remnants from a former installation). Check for that. 3. Try doing a forced install of Convert::BinHex (I don't think I've ever seen it get installed without "force install"ing it, it always complains for some reason) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 From alex at nkpanama.com Sun Apr 16 15:23:14 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 15:23:45 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <200604161408.k3GE87pU013761@smtp10.hccnet.nl> References: <200604161408.k3GE87pU013761@smtp10.hccnet.nl> Message-ID: <44425352.4000806@nkpanama.com> Herman Swensson wrote: > 1 root@server local]# find / -name BinHex.pm > Good! :D > /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm > > > 2 how do I check if there are two versions of perl > Try using the find command like you just did, but search for all non-symbolic-link executables named perl, for example. > 3 How do I a forced install of Convert::Binhex > # perl -MCPAN -e shell > force install Convert::BinHex > Herman > > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Alex Neuman van > der Hans > Verzonden: zondag 16 april 2006 15:21 > Aan: MailScanner discussion > Onderwerp: Re: Can't locate Convert/BinHex.pm in @INC > > > Herman Swensson wrote: > >> [root@server root]# locate BinHex.pm >> /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm >> /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm >> /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm >> >> How must I resolve this problem. >> >> Regards, >> >> Herman >> >> >> >> > > A few things: > > 1. Using "locate" doesn't mean the files are there. Your database could > be out of date. Check to see if they're *really* there. They probably > *are*, but you should not rely on "locate" to tell if they're there or not. > 2. You may have two versions of perl (or remnants from a former > installation). Check for that. > 3. Try doing a forced install of Convert::BinHex (I don't think I've > ever seen it get installed without "force install"ing it, it always > complains for some reason) > > From h.swensson at hccnet.nl Sun Apr 16 16:10:48 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Apr 16 16:10:52 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <44425352.4000806@nkpanama.com> Message-ID: <200604161510.k3GFAo0k025833@smtp10.hccnet.nl> I have only one version of perl After I have forced installConvert::Binhex Service MailScanner start Apr 16 17:00:41 server postfix/master[11607]: daemon started -- version 2.1.5 Apr 16 17:00:45 server MailScanner[11629]: MailScanner E-Mail Virus Scanner version 4.52.2 starting... It works Thanks a lot Herman -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Alex Neuman van der Hans Verzonden: zondag 16 april 2006 16:23 Aan: MailScanner discussion Onderwerp: Re: Can't locate Convert/BinHex.pm in @INC Herman Swensson wrote: > 1 root@server local]# find / -name BinHex.pm > Good! :D > /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm > > > 2 how do I check if there are two versions of perl > Try using the find command like you just did, but search for all non-symbolic-link executables named perl, for example. > 3 How do I a forced install of Convert::Binhex > # perl -MCPAN -e shell > force install Convert::BinHex > Herman > > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Alex Neuman van > der Hans > Verzonden: zondag 16 april 2006 15:21 > Aan: MailScanner discussion > Onderwerp: Re: Can't locate Convert/BinHex.pm in @INC > > > Herman Swensson wrote: > >> [root@server root]# locate BinHex.pm >> /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm >> /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm >> /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm >> >> How must I resolve this problem. >> >> Regards, >> >> Herman >> >> >> >> > > A few things: > > 1. Using "locate" doesn't mean the files are there. Your database could > be out of date. Check to see if they're *really* there. They probably > *are*, but you should not rely on "locate" to tell if they're there or not. > 2. You may have two versions of perl (or remnants from a former > installation). Check for that. > 3. Try doing a forced install of Convert::BinHex (I don't think I've > ever seen it get installed without "force install"ing it, it always > complains for some reason) > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 From ganci at nurdog.com Sun Apr 16 16:57:16 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Sun Apr 16 16:57:23 2006 Subject: greylisting? In-Reply-To: <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> Message-ID: <4442695C.6050106@nurdog.com> shuttlebox wrote: > >But you can't control how quick they will try to resend. Even if you >set it to 1 second most MTA:s will wait a lot longer to retry, like 15 >minutes, and many users complain about that. Of course you can >whitelist but only after having complaints. I try to make it smoother >by checking the logs for the top domains we get mail from and put them >in the whitelist right from the start. > > I have been using DCC to successfully greylist for nearly two years now. My experience has been that if anything many Email servers do not obey the RFCs and will try to resend a message immediately. When that doesn't work they will continue to resend more slowly until, on average, I do not seem to experience more than a 5-10 minutes delay which is a combination of the sending servers resend methodology and my greylist temporary reject interval. It must be emphasized that this delay is only experienced on the first incoming message with a unique tuple of sender address, recipient address and sending server IP address. Any subsequent message with an identical tuple of a previously accepted message will be delivered with no delay. I have my server setup so that the automatic whitelist remains effective for 6 months before the greylist process has to be done again. The reality was that within 2 weeks to a month of running the greylister the majority of my subscribers had no issues with their incoming messages, in particular from those people who regularly send Email as they were automatically whitelisted. Of a bigger concern is that there are RFC ignorant servers out there. These servers will do things like modify the headers on resend (e.g. change the msgid) so that the resent message appears to be different and never gets accepted by the greylister. Or they will not resend at all on a temporary 45x reject. Or they have a server farm and so they cycle IPs which of course changes the tuple. In these cases it can take days for a message to be accepted (or ultimately rejected). I have found these cases to be more troublesome as users may not find out a message was rejected for such a long time if they find out at all. And messages will continue to be rejected from those servers until something is done to correct the problem. DCC provides controls to handle these cases. There is also a list of RFC broken servers which I used to seed my whitelist. Over the course of two years I have had to augment this list, but now everything pretty much runs smoothly with no complaints on a system which has 400 users and deals with ~10000 emails a day. Admittedly the first two weeks or so were difficult, but now it pretty much runs itself. I don't even remember the last time I had to even add a whitelist entry. -- Paul (ganci@nurdog.com) From alex at nkpanama.com Sun Apr 16 17:21:04 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 17:21:56 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <200604161510.k3GFAo0k025833@smtp10.hccnet.nl> References: <200604161510.k3GFAo0k025833@smtp10.hccnet.nl> Message-ID: <44426EF0.4070508@nkpanama.com> Herman Swensson wrote: > I have only one version of perl > After I have forced installConvert::Binhex > > Service MailScanner start > Apr 16 17:00:41 server postfix/master[11607]: daemon started -- version > 2.1.5 > Apr 16 17:00:45 server MailScanner[11629]: MailScanner E-Mail Virus Scanner > version 4.52.2 starting... > > It works > > Thanks a lot > > Herman > You're welcome! Sometimes stuff gets installed but isn't "found" by perl, and when you use the CPAN module to install them they just "work". IANAPG (I am not a Perl Guru), but maybe someone else in this list can elaborate why this could happen. From alex at nkpanama.com Sun Apr 16 17:24:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 17:25:08 2006 Subject: greylisting? In-Reply-To: <4442695C.6050106@nurdog.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> <4442695C.6050106@nurdog.com> Message-ID: <44426FC7.9010608@nkpanama.com> Paul R. Ganci wrote: > Admittedly the first two weeks or so were difficult, but now it pretty > much runs itself. I don't even remember the last time I had to even > add a whitelist entry. > Which is exactly the point I was trying to make. A couple of weeks worth of very hard work pays off - with 4 or more years of nearly-flawless execution. My efforts have not been *as* successful, but then again, I probably didn't work at it as much as Paul did. In any case, have you ever documented how you used DCC (instead of, for example, a specific greylist milter) for this purpose? It would help non-sendmail users who can't use milters if you shared it (perhaps on the wiki) with the rest of us. Regards, Alex From ganci at nurdog.com Sun Apr 16 18:21:49 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Sun Apr 16 18:21:56 2006 Subject: greylisting? In-Reply-To: <44426FC7.9010608@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> <4442695C.6050106@nurdog.com> <44426FC7.9010608@nkpanama.com> Message-ID: <44427D2D.9080405@nurdog.com> Alex Neuman van der Hans wrote: > In any case, have you ever documented how you used DCC (instead of, > for example, a specific greylist milter) for this purpose? It would > help non-sendmail users who can't use milters if you shared it > (perhaps on the wiki) with the rest of us. No I haven't actually done this. However, to be clear I am using sendmail with the dccm milter. DCC provides a bunch of capability beyond dccproc/dccifd. I run multiple dccd servers which flood among themselves and do the actual greylisting. The dccm milter acts as the interface between sendmail and dccd. I have configured my email system to reject outright on DCC checksums which score high enough (1000 for my system but YMMV) and to greylist otherwise. This all happens up front before any real server resource is used. Anything that gets by all this goes through MailScanner/SpamAssassin. I call dccifd from SpamAssassin with thresholds set to 100. Hence messages that have a DCC checksum score of 100-1000 will get a SpamAssassin DCC_CHECK score. There are downsides to this methodology. The first is that for messages that pass DCC the first time, a second dccifd check may be done. I am not sure, however, if the actual DCC servers are accessed since there is in principle already a DCC header which is used by SpamAssassin. Nonetheless there is overhead here to get the reject >1000 but only tag 100-1000 functionality I wanted. Second there is a much larger whitelist burden if you choose to reject based upon DCC checksum scores. Some of my subscribers did miss their NY Times ... unfortunately many email lists and newsletters appear spammy and get high DCC checksum scores. I found no impact to any legitimate user Email or for that matter this list or the SpamAssassin list. I also found the overall load on my servers was cut in half using DCC up front to both reject and greylist as opposed to just greylist. The reason is that the MailScanner/SpamAssassin load is significantly reduced. In any case if you still think there is merit to documenting my DCC usage I will be glad to do it as time allows me. As you point out it all depends how much work you are willing to put in. I run the email system for a small, intermountain Colorado wireless ISP and so it is manageable for me to maintain whitelists. I put the time in to monitor logs, whitelist as appropriate and so this system seems to be quite effective. It also helps that my subscriber base is pretty understanding and willing to work with me. -- Paul (ganci@nurdog.com) From alex at nkpanama.com Sun Apr 16 18:58:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 18:59:33 2006 Subject: Semi-OT: Automated Reporting / Spam Traps Message-ID: <444285C2.1010003@nkpanama.com> Anybody here know of a good way to automate a process where a known spamtrap address or domain can be set up to report to whatever authorities (SPAMCOP, other RBL's, DCC/Razor/Pyzor, etc.) ? Any good docs you've found? I've seen a lot of stuff around, but no concerted efforts. I'm sure something could be done/scripted using MailScanner or any of the tools it uses. What successes/milestones (or failures/frustrations) have you seen when implementing said methods? Thanks in advance for any answers. From matt at coders.co.uk Sun Apr 16 19:19:51 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sun Apr 16 19:20:01 2006 Subject: greylisting? In-Reply-To: <44419BEA.30303@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <44419BEA.30303@nkpanama.com> Message-ID: <44428AC7.20400@coders.co.uk> Alex Neuman van der Hans wrote: > Matt Hampton wrote: >> You can run both together, as I did, but I found that the added value >> given by greylisting was not significant enough for the overhead (or the >> complaints from users for the delay). >> > Perhaps you could have set a different delay value? A different default, > or a different default for *some* users? See the points I tried to make > in an earlier message in this thread. Alex I was running clustered servers that shared the same greylist database. I whitelisted the users who didn't like the delays and shortened the timeouts globally and per user/domain and yes the improvements I was getting were good. My thoughts were that if greet_ pause was getting rid of 90% of the cr*p that grey-listing was doing - what was the point of an additional overhead to maintain and configure. As I said the results from grey-listing were superb but the day to day management overhead, although not significant, was not worth the extra 10% it was giving me. Plus it removed the standard complaint of why isn't my mail arrived yet..... cheers Matt From alex at nkpanama.com Sun Apr 16 19:32:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 19:32:51 2006 Subject: greylisting? In-Reply-To: <44427D2D.9080405@nurdog.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> <4442695C.6050106@nurdog.com> <44426FC7.9010608@nkpanama.com> <44427D2D.9080405@nurdog.com> Message-ID: <44428DBA.8030206@nkpanama.com> Paul R. Ganci wrote: > In any case if you still think there is merit to documenting my DCC > usage I will be glad to do it as time allows me. > > As you point out it all depends how much work you are willing to put > in. I run the email system for a small, intermountain Colorado > wireless ISP and so it is manageable for me to maintain whitelists. I > put the time in to monitor logs, whitelist as appropriate and so this > system seems to be quite effective. It also helps that my subscriber > base is pretty understanding and willing to work with me. > I believe any documentation effort is worthwhile. I believe many of us will definitely appreciate whatever effort you put into documenting your particular setup, as it seems likely to be applicable in many instances where MailScanner/dcc/sendmail is being used. From alex at erus.co.uk Sun Apr 16 22:51:13 2006 From: alex at erus.co.uk (Alex Pimperton) Date: Sun Apr 16 22:51:41 2006 Subject: MailScanner[16314]: called with 2 bind variables when 0 are needed Message-ID: <4442BC51.2040400@erus.co.uk> Hi all I've suddenly started getting the errors below on a Debian testing box, right after I upgraded to 4.51.5-1. Apr 16 20:02:53 server01 MailScanner[16314]: called with 2 bind variables when 0 are needed Apr 16 20:08:30 server01 MailScanner[16314]: called with 2 bind variables when 0 are needed Does anybody know why I keep getting them? They appear as below: Apr 16 22:38:34 server01 MailScanner[16314]: New Batch: Scanning 1 messages, 2148 bytes Apr 16 22:38:35 server01 MailScanner[16314]: MCP Checks completed at 3197077 bytes per second Apr 16 22:38:38 server01 MailScanner[16314]: Spam Checks completed at 677 bytes per second Apr 16 22:38:38 server01 MailScanner[16314]: Virus and Content Scanning: Starting Apr 16 22:38:41 server01 MailScanner[16314]: Virus Scanning completed at 607 bytes per second Apr 16 22:38:41 server01 MailScanner[16314]: called with 2 bind variables when 0 are needed Apr 16 22:38:43 server01 MailScanner[16314]: Requeue: EAA185C020.2AEB1 to 1B0675C021 There's nothing else but that error in the logs. Searching for the error points to a perl problem but I've not got any further than that. Could it be a problem with MailScanner.conf? I ran upgrade_MailScanner_conf and it seemed to work okay and I'm loath to destroy my MailScanner.conf and rebuild if I don't need to. Regards, Alex System Info: server01:~# dpkg -l mailscanner ii mailscanner 4.51.5-1 email virus scanner and spam tagger server01:~# dpkg -l perl ii perl 5.8.8-3 Larry Wall's Practical Extraction and Report server01:~# MailScanner -v Running on Linux server01.erus.co.uk 2.6.12.4-bytemark-uml-20050811-1-small #1 Thu Aug 11 18:30:53 BST 2005 i686 GNU/Linux This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.51.5 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 1.35 HTML::Entities 3.51 HTML::Parser 2.35 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.07 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.07 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.09 POSIX 1.78 Socket 0.13 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.11 DBD::SQLite 1.50 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.57 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI -- This message has been scanned for viruses and dangerous content by the MailScanner at www.erus.co.uk, and is believed to be clean. From ajos1 at onion.demon.co.uk Sun Apr 16 23:30:38 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Apr 16 23:30:40 2006 Subject: BlackList - Something simple In-Reply-To: <44424695.5030107@nkpanama.com> Message-ID: - Yes that makes sense now... I was confused by the fact it said: "This can also be the filename of a ruleset." I am a silly billy... I have found out how to do it at MTA level now... and will see if it works... initial tests show it does. I need to test it works for addresses that are normally then forwarded on to an Exchange server behind the firewall. Though rather than REJECTing/DISCARDing them... I was looking to store them for a while to study what sort of spam we were receiving. http://www.akadia.com/services/sendmail_relay.html http://www.faqs.org/docs/securing/chap22sec178.html alex@nkpanama.com wrote: > ajos1@onion.demon.co.uk wrote: > > ============================================ > > Definite Spam Is High Scoring = %rules-dir%/ajos1.spamblacklist.rules > > > From the config file: > # Setting this to yes means that spam found in the blacklist is treated > # as "High Scoring Spam" in the "Spam Actions" section below. Setting it > # to no means that it will be treated as "normal" spam. > # This can also be the filename of a ruleset. > > But you don't have a blacklist. You have a list that states whether or > not spam that's in your (blank) blacklist should be tagged as high > scoring spam. The fact that you *call it* a blacklist doesn't make it one. > > > High Scoring Spam Actions = store forward spamd@tbshs.herts.sch.uk > > > > > And as such only high scoring spam (not everything) will be forwarded. > > In my: /etc/MailScanner/rules/ajos1.spamblacklist.rules I have > > ============================================================== > > ############################################################################## > > #### > > #### AJOS1.SPAMBLACKLIST.RULES (Make these high scoring spam) > > #### ========================= > > #### We are getting too much rubbish... so we need to get rid off alot of > > #### it... this file we are ESPECIALLY dealing with old users... > > #### > > > Wouldn't it be easier to block old users at the MTA level? > > ############################################################################## > > FromOrTo: ajos1@tbshspx2.tbshs.herts.sch.uk yes > > FromOrTo: paf@tbshs.herts.sch.uk yes > > To: adc@* yes > > To: aeg@* yes > > To: pas@* yes > > To: pcn@* yes > > To: sge@* yes > > FromOrTo: default no > > > From randyf at sibernet.com Mon Apr 17 00:08:48 2006 From: randyf at sibernet.com (randyf@sibernet.com) Date: Mon Apr 17 00:09:16 2006 Subject: Solaris 10: won't start via init script In-Reply-To: References: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> Message-ID: On Sat, 15 Apr 2006, Jeff A. Earickson wrote: > Yes, but it still supports legacy scripts in /etc/init.d so the script > that I used with Solaris 9 ought to work. Yes, your legacy script should work (verify it by running: "svcs -a | grep legacy_run" and see if it is in the list), but there may be dependancies on other services that are controlled by SMF, such as sendmail. Also, if you are using the standard Solaris distributed Perl, you are now using a 5.8 perl variant (depending on your patch level), so you may require the reinstallation of some perl modules (or changing the /usr/bin/perl link), but at a minimum, may need to recompile the required MailScanner Perl Modules. And as sendmail is now an SMF service, you won't be able to manage how it is run by changing init.d scripts, but instead needs to have the methods changed. I have a manifest that can be used as a replacement to the Solaris sendmail manifest, that will create and use the mqueue and mqueue.in directories, as well as start and stop MailScanner (it is even zone aware). If anyone thinks this would be usefull, or maybe put it in the contributed space, I will happily send it along. ---- Randy > > Jeff Earickson > > On Sat, 15 Apr 2006, Pentland G. wrote: > >> Date: Sat, 15 Apr 2006 17:17:41 +0100 >> From: Pentland G. >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: RE: Solaris 10: won't start via init script >> >> Not entirely sure about the MailScanner errors but... >> >> Solaris 10 doesn't use init scripts! >> >> There a thing called SMF, look at the man pages for "svcs" and "svcadm" >> >> Hope that helps >> >> Gary >> >> Jeff A. Earickson wrote: >>> Julian and Solaris 10 users, >>> >>> I'm baffled by this one. I had to move my mail services (under >>> duress, bad hardware) from a Solaris 9 to a Solaris 10 box last >>> night. MailScanner (4.52.2) refuses to start via my /etc/init.d >>> script, which basically just does: >>> >>> MSDIR=/opt/MailScanner >>> $MSDIR/bin/check_mailscanner >>> >>> If I look at the syslog (leading timestamps trimmed), it just >>> spits out this over and over: >>> >>> MailScanner E-Mail Virus Scanner version 4.52.2 starting... >>> Read 711 hostnames from the phishing whitelist >>> Config: calling custom init function IPBlock >>> Initialising IP blocking >>> Read 128 IP blocking entries from /etc/MailScanner/IPBlock.conf >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> Expired 1 records from the SpamAssassin cache >>> >>> (pause, followed by another round in a few seconds). >>> >>> Here's where it gets weird... If I run in debug mode, a batch runs >>> fine. If I just let the following root crontab run, MailScanner >>> kicks off and runs normally (in non-debug mode): >>> >>> #---Ensure my mailscanner is still running >>> 0,10,20,30,40,50 * * * * [ -x >>> /opt/MailScanner/bin/check_mailscanner ] && >>> /opt/MailScanner/bin/check_mailscanner >/dev/null 2>&1 >>> >>> MailScanner --lint gives the following: >>> >>> Read 711 hostnames from the phishing whitelist >>> Config: calling custom init function IPBlock >>> Could not use Custom Function code >>> MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. >>> Make sure the module is correct with perl -wc at >>> /opt/MailScanner/lib/MailScanner/Config.pm line 803 Checking for >>> SpamAssassin errors (if you use it)... Using SpamAssassin results >>> cache Connected to SpamAssassin cache database config: >>> SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid >>> for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: >>> SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid >>> for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor netset: cannot >>> include 127.0.0.1/32 as it has already been included netset: cannot >>> include 137.146.28.68/32 as it has already been included SpamAssassin >>> reported an error. >>> >>> MailScanner.conf says "Virus Scanners = clamavmodule" >>> Found these virus scanners installed: clamavmodule, sophos >>> >>> This output is the same as the old system, which is still up but not >>> processing email anymore. >>> >>> I played with the setsockopt setting in Log.pm to see if that made a >>> difference; it didn't. The manpage for syslogd in S10 says it uses >>> streams. >>> >>> Any ideas? >>> >>> Jeff Earickson >>> Colby College >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at adventuras.no Mon Apr 17 00:35:28 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Mon Apr 17 00:36:01 2006 Subject: DIFF for mta.sh startupscript on freebsd-port 4.52.2 Message-ID: <4442D4C0.3000509@adventuras.no> Thanks to JP for the Freebsd-port. Have just been using it to upgrade to 4.52. But mta.sh would not start. Needed to edit line 72 in /usr/local/etc/rc.d/mta.sh Here is diff: @@ -69,7 +69,7 @@ \( \( $_mta_osversion -ge 700000 \) -a \ \( $_mta_osversion -lt 700007 \) \) ] then - $_mta_rc_script="{$_mta_rc_script}.sh" + _mta_rc_script="${_mta_rc_script}.sh" fi load_rc_config $name -- Regards from Lars From res at ausics.net Mon Apr 17 04:36:22 2006 From: res at ausics.net (Res) Date: Mon Apr 17 04:36:30 2006 Subject: greylisting? In-Reply-To: <4440E677.8000007@blacknight.ie> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: On Sat, 15 Apr 2006, Michele Neylon:: Blacknight.ie wrote: > Res wrote: > >> I agree with this, you only need it set to about 5000, it catches so >> much of it, and enforcing RFC1912 catches around 90% more. > > How much of RFC1912? "Every Internet-reachable host should have a name." Since enforcing PTR checks, like I said 90% of the crap is now rejected we've done it for years with no regrets and only about a dozen or so complaints in all that time, -- Cheers Res From res at ausics.net Mon Apr 17 04:43:20 2006 From: res at ausics.net (Res) Date: Mon Apr 17 04:43:24 2006 Subject: greylisting? In-Reply-To: <44419C5A.9040402@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <44419C5A.9040402@nkpanama.com> Message-ID: On Sat, 15 Apr 2006, Alex Neuman van der Hans wrote: > Res wrote: >> >> I agree with this, you only need it set to about 5000, it catches so much >> of it, and enforcing RFC1912 catches around 90% more. >> >> > By that you mean only accepting mail from valid domains with an MX? RFC1912 > seems to cover a lot. How do you do it? Please share ;) You dont have to have matching A and PTR's but they both must exist, and we let you in :) we use the require_rdns hack, I used to do it in local rulesets but the hack is far better as it allows for exemptions via the delay_checks friends option. The hack is available at http://support.ausics.net/require_rdns.m4 if you have not seen it before. > > -- Cheers Res From dhawal at netmagicsolutions.com Mon Apr 17 07:00:35 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 17 07:00:26 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <20060414192115.13204.qmail@mymail.netmagicians.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> Message-ID: <44432F03.4090907@netmagicsolutions.com> Dhawal Doshy wrote: > Drew Marshall writes: >> On 14 Apr 2006, at 18:28, Mike Jakubik wrote: >>> Dhawal Doshy wrote: >>>> This mail was also posted by the OP to the postfix-users list and >>>> is now being discussed by the postfix authors 'wietse' and 'viktor' >>>> for better integration (read: compliant to the postfix internal >>>> architecture) between postfix and mailscanner.. >>>> I request all mailscanner+postfix users to follow this thread on >>>> the postfix-users lists and voice your technical opinions, if any. >>> >>> Its sad to see that one of the best MTAs and content scanners, does >>> not get along so well.. Apparently Postfix 2.3 will make changes >>> that will break MailScanner functionality :( >> >> Very sad indeed. Interestingly I am running the current release (Non >> stable) of 2.3 and it works fine with MailScanner so I await to see >> what happens with the 'new queue format'. >> Drew > > No it won't (Julian will find a better workaround) and it shouldn't, i > would request all postfix users to subscribe to the postfix-users list > and convince the developers to document postfix queue internals so that > this matter is resolved once and for all.. > At the least ensure that someone of use who understands postfix really > well, (i don't) follows up with viktor and wietse on this.. > - dhawal We now have postfix+mailscanner working perfectly fine, but is likely to break in future releases due to internal changes in the postfix queue working.. hence i took the liberty of sending this mail to the postfix users list. Constructive comments are welcome from postfix and non-postfix users: ============== MailScanner currently works in this fashion: Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue ==> local delivery or relay From what i understand, the part where mailscanner re-queues mails to the postfix incoming queue is the questionable part.. So what conclusion do we (the non-programmer postfix users) draw from your discussion? What are the changes expected that i need to communicate to the mailscanner development team? Finally, what would be required to make mailscanner an approved Content-Scanner for postfix. ============== This is the reply from Wietse: ============== It takes a stable EXTERNAL interface, so that non-Postfix software is immune to changes in Postfix INTERNAL details. For example, software that speak SMTP is largely immune to changes in Postfix internal details, because SMTP is well defined. Absent precisely formulated requirements I can't define an external interface for content management. Wietse ============== A search on the postfix archive gave me this mail from Wietse: ============== The question is 100% academic. Like other Postfix internals, Postfix queue details will not be published until they stop changing. Until then I want to have the freedom to make changes without having to jump horrible hoops in order to avoid breaking other people's software. To give you an idea of what it would take to make mailscanner safe with the PRESENT queue implementation: 1) The Postfix queue would have to be changed from a three-state incoming/active/deferred organization to a four-state organization of unfiltered/incoming/active/deferred. 2) All four queues MUST BE in the same file system. Otherwise mail will be corrupted or lost. 3) A modified cleanup server drops new mail into the "unfiltered" queue and notifies mailscanner, while the unmodified cleanup server drops locally forwarded mail into the incoming queue and informs the queue manager as usual. 4) Mailscanner MUST NOT move queue files except by renaming them between Postfix queue directories. Otherwise mail will be corrupted or lost. 5) Mailscanner MUST maintain the relationship between the file name and the file inode number. Otherwise mail will be corrupted or lost. 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take irreversible actions, or actions that may require undo operations after a system crash. Otherwise mail will be corrupted or lost. Specifically: 8) Mailscanner MUST NOT modify queue files. If content needs to be updates, Mailscanner MUST create a new queue file and delete the original only after the new file has been committed to stable storage. Otherwise mail will be corrupted or lost. 9) When creating a queue file, Mailscanner MUST adhere to the convention that the file permissions are set to "executable" only after the file contents are safely stored. Otherwise mail will be corrupted or lost. 10) Mailscanner should never touch a queue file that has an advisory lock (flock or fcntl lock, depending on the system environment). Otherwise mail will be corrupted or lost. But again, all this is academic, because I will never support non-standard interfaces for content inspection in Postfix. Wietse ============== From res at ausics.net Mon Apr 17 11:28:46 2006 From: res at ausics.net (Res) Date: Mon Apr 17 11:28:53 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <44432F03.4090907@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> Message-ID: only confirms what many ppl think, wietse is bernstein 'the second' On Mon, 17 Apr 2006, Dhawal Doshy wrote: > Dhawal Doshy wrote: >> Drew Marshall writes: >>> On 14 Apr 2006, at 18:28, Mike Jakubik wrote: >>>> Dhawal Doshy wrote: >>>>> This mail was also posted by the OP to the postfix-users list and is >>>>> now being discussed by the postfix authors 'wietse' and 'viktor' for >>>>> better integration (read: compliant to the postfix internal >>>>> architecture) between postfix and mailscanner.. >>>>> I request all mailscanner+postfix users to follow this thread on the >>>>> postfix-users lists and voice your technical opinions, if any. >>>> >>>> Its sad to see that one of the best MTAs and content scanners, does not >>>> get along so well.. Apparently Postfix 2.3 will make changes that will >>>> break MailScanner functionality :( >>> >>> Very sad indeed. Interestingly I am running the current release (Non >>> stable) of 2.3 and it works fine with MailScanner so I await to see what >>> happens with the 'new queue format'. >>> Drew >> >> No it won't (Julian will find a better workaround) and it shouldn't, i >> would request all postfix users to subscribe to the postfix-users list and >> convince the developers to document postfix queue internals so that this >> matter is resolved once and for all.. >> At the least ensure that someone of use who understands postfix really >> well, (i don't) follows up with viktor and wietse on this.. >> - dhawal > > We now have postfix+mailscanner working perfectly fine, but is likely to > break in future releases due to internal changes in the postfix queue > working.. hence i took the liberty of sending this mail to the postfix users > list. Constructive comments are welcome from postfix and non-postfix users: > ============== > MailScanner currently works in this fashion: > Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue ==> > local delivery or relay > > From what i understand, the part where mailscanner re-queues mails to the > postfix incoming queue is the questionable part.. > > So what conclusion do we (the non-programmer postfix users) draw from your > discussion? What are the changes expected that i need to communicate to the > mailscanner development team? > > Finally, what would be required to make mailscanner an approved > Content-Scanner for postfix. > ============== > > > This is the reply from Wietse: > ============== > It takes a stable EXTERNAL interface, so that non-Postfix software is immune > to changes in Postfix INTERNAL details. > > For example, software that speak SMTP is largely immune to changes in Postfix > internal details, because SMTP is well defined. > > Absent precisely formulated requirements I can't define an external interface > for content management. > > Wietse > ============== > > > A search on the postfix archive gave me this mail from Wietse: > ============== > The question is 100% academic. Like other Postfix internals, Postfix > queue details will not be published until they stop changing. > Until then I want to have the freedom to make changes without having > to jump horrible hoops in order to avoid breaking other people's > software. > > To give you an idea of what it would take to make mailscanner safe > with the PRESENT queue implementation: > > 1) The Postfix queue would have to be changed from a three-state > incoming/active/deferred organization to a four-state organization > of unfiltered/incoming/active/deferred. > > 2) All four queues MUST BE in the same file system. Otherwise mail > will be corrupted or lost. > > 3) A modified cleanup server drops new mail into the "unfiltered" > queue and notifies mailscanner, while the unmodified cleanup server > drops locally forwarded mail into the incoming queue and informs > the queue manager as usual. > > 4) Mailscanner MUST NOT move queue files except by renaming them > between Postfix queue directories. Otherwise mail will be corrupted > or lost. > > 5) Mailscanner MUST maintain the relationship between the file name > and the file inode number. Otherwise mail will be corrupted or > lost. > > 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take > irreversible actions, or actions that may require undo operations > after a system crash. Otherwise mail will be corrupted or lost. > > Specifically: > > 8) Mailscanner MUST NOT modify queue files. If content needs to be > updates, Mailscanner MUST create a new queue file and delete the > original only after the new file has been committed to stable > storage. Otherwise mail will be corrupted or lost. > > 9) When creating a queue file, Mailscanner MUST adhere to the > convention that the file permissions are set to "executable" only > after the file contents are safely stored. Otherwise mail will be > corrupted or lost. > > 10) Mailscanner should never touch a queue file that has an advisory > lock (flock or fcntl lock, depending on the system environment). > Otherwise mail will be corrupted or lost. > > But again, all this is academic, because I will never support > non-standard interfaces for content inspection in Postfix. > > Wietse > ============== > -- Cheers Res From lars+lister.mailscanner at adventuras.no Mon Apr 17 15:02:41 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Mon Apr 17 15:03:10 2006 Subject: DIFF for mta.sh startupscript on freebsd-port 4.52.2 In-Reply-To: <4442D4C0.3000509@adventuras.no> References: <4442D4C0.3000509@adventuras.no> Message-ID: <4443A001.4070304@adventuras.no> Lars Kristiansen skrev: > Thanks to JP for the Freebsd-port. > > Have just been using it to upgrade to 4.52. > But mta.sh would not start. > Needed to edit line 72 in /usr/local/etc/rc.d/mta.sh > > Here is diff: > @@ -69,7 +69,7 @@ > \( \( $_mta_osversion -ge 700000 \) -a \ > \( $_mta_osversion -lt 700007 \) \) ] > then > - $_mta_rc_script="{$_mta_rc_script}.sh" > + _mta_rc_script="${_mta_rc_script}.sh" > fi > > load_rc_config $name > Also in the same freebsd-port a small change is needed in line 7 in both update_virus_scanners.cron and update_phishing_sites.cron. At least on my machines it should be /etc/rc.subr instead of /usr/local/etc/rc.subr Maybe it would be right to use the %%RC_SUBR%% variable in the ports files? Should I rather send-pr these things instead of bothering the list? Again, thanks. -- Regards from Lars From danielk at avalonpub.com Mon Apr 17 17:14:42 2006 From: danielk at avalonpub.com (Daniel Kleinsinger) Date: Mon Apr 17 17:14:46 2006 Subject: Duplicate messages/Unlinking failed Message-ID: <4443BEF2.8090509@avalonpub.com> I received a duplicate message from my MailScanner box today. There are no local users, the server is setup to redeliver to the mailbox servers with mailertable. The second copy had no body, just headers. In the mail log on the machine I found a bunch of error messages when searching for the message id. The complete error messages are pasted below (some delivery info obfuscated). There are many occurrences of this error message in my mail logs, going back about 4 weeks. It's possible the error started when I upgraded to Sendmail 8.13.6 for that security fix, the timing seems right. I'm running the above sendmail with MailScanner 4.51.6 and perl 5.8.0 on RH8. When I did the upgrade I changed the "Lock Type" from flock to posix as recommended, but it seems like I'm having some type of locking problem. Anyone have any advice? I've also pasted the output of MailScanner -v below. Thanks, Daniel Mail Log: Apr 17 08:37:05 nts-2 sendmail[20944]: k3HFb00K020944: from=, size=3546, class=0, nrcpts=1, msgid=<000701c66234$97724e30$2000a8c0@sender.com>, proto=ESMTP, daemon=MTA, relay=eth0.a.lds.sonic.net [208.201.249.231] Apr 17 08:37:05 nts-2 sendmail[20944]: k3HFb00K020944: to=, delay=00:00:00, mailer=smtp, pri=33546, stat=queued Apr 17 08:37:11 nts-2 MailScanner[12477]: Logging message k3HFb00K020944 to SQL Apr 17 08:37:11 nts-2 MailScanner[12517]: k3HFb00K020944: Logged to MailWatch SQL Apr 17 08:37:11 nts-2 sendmail[20969]: k3HFb00K020944: to=, delay=00:00:06, xdelay=00:00:00, mailer=smtp, pri=123546, relay=[IPADDRESS] [IPADDRESS], dsn=2.0.0, stat=Sent (server.recipient.com: Message accepted for delivery) Apr 17 08:37:17 nts-2 MailScanner[12391]: Unlinking /var/spool/mqueue.in/qfk3HFb00K020944 failed: No such file or directory Apr 17 08:37:17 nts-2 MailScanner[12391]: Unlinking /var/spool/mqueue.in/dfk3HFb00K020944 failed: No such file or directory Apr 17 08:37:17 nts-2 MailScanner[12391]: Unlinking /var/spool/mqueue.in/qfk3HFb00K020944 failed: No such file or directory Apr 17 08:37:17 nts-2 MailScanner[12391]: Unlinking /var/spool/mqueue.in/dfk3HFb00K020944 failed: No such file or directory Apr 17 08:37:17 nts-2 MailScanner[12391]: Logging message k3HFb00K020944 to SQL Apr 17 08:37:17 nts-2 MailScanner[12517]: k3HFb00K020944: Logged to MailWatch SQL Apr 17 08:37:17 nts-2 sendmail[20985]: k3HFb00K020944: SYSERR(root): readqf: cannot open ./dfk3HFb00K020944: No such file or directory Apr 17 08:37:17 nts-2 sendmail[20985]: k3HFb00K020944: to=, delay=00:00:12, xdelay=00:00:00, mailer=smtp, pri=123546, relay=[IPADDRESS] [IPADDRESS], dsn=2.0.0, stat=Sent (server.recipient.com: Message accepted for delivery) MailScanner -v: Running on Linux nts-2.avalonpub.com 2.4.20-28.8 #1 Thu Dec 18 12:53:39 EST 2003 i686 i686 i386 GNU/Linux This is Red Hat Linux release 8.0 (Psyche) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.51.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.811 DB_File missing DBD::SQLite 1.30 DBI 1.00 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.001001 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.53 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent 0.20 SAVI 1.2 Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI From cplists at princeservices.com Mon Apr 17 17:27:51 2006 From: cplists at princeservices.com (Cameron B. Prince) Date: Mon Apr 17 17:27:57 2006 Subject: No sender notify on archive bomb Message-ID: <002901c6623b$dfc833f0$0101a8c0@PSLAPTOP1> Hey guys, I recently sent someone a file called icon.tgz as an attachment to an email. They called a few days later and asked why they hadn't received my message. I reviewed the logs and found this: MailScanner[29770]: /var/spool/MailScanner/incoming/29770/k3HFoTuv001178/icon.tgz could be an archive bomb I checked my Mailscanner.conf file and confirmed that sender notify is enabled: Notify Senders = yes Notify Senders Of Viruses = yes Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Other Blocked Content = yes Apparently fprot is giving a false positive on this file as I ended up zipping the same contents and the email went through. It bothers me that I didn't receive any indication of the failure to send the message though. Am I missing something that is preventing the notifications from being sent? Thanks, Cameron From mailscanner at mango.zw Mon Apr 17 18:56:59 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon Apr 17 18:59:05 2006 Subject: Solved? Re: Still stuck in queue, version 4.52.2 In-Reply-To: <44397AD5.9040708@ecs.soton.ac.uk> Message-ID: On Sun, 9 Apr 2006, Julian Field wrote: > > On Thu, 6 Apr 2006, Max Kipness wrote: > > > > > >> I've since upgraded to version 4.52.2, and I'm getting better > >> performance (probably less getting stuck in the queue), yet yesterday > >> there was one message that got processed over 6000 times! > >> > >> Here is a sample of one that is stuck right now. It's been processed 512 > >> times. Any clue to what else I can do to remedy this issue? > >> > > > > I wish I knew the cause of this problem. I regularly come across this > > issue, but fortunately at long intervals (a couple of months or more > > between each occurrence) with all the versions of MailScanner that I have > > used (currently 4.50.10-1 - just about to install 4.52.2). When I come > > across stuck mail I generally find that the whole of the associated batch > > of up to 30 messages tend to have the same problem of being endlessly > > reprocessed. My fix is to remove the first message of the batch from > > mqueue.in and then try to process the rest of the batch. If that fails > > then I remove the next one, and so on until I have identified the problem > > message. I then return the remaining messages to the queue and finally > > convert the d and q files of the problem message to a standard RFC822 > > message file, scan it with clamscan, and if it OK I then move the d and q > > files to mqueue to bypass MailScanner. It works, but I would like to get > > to the bottom of the problem. > > > > In several such cases I noticed that the message contained a zip file > > together with another file. In almost all cases the message was over 500 > > KB in size (but as we regularly handle messages of up to 1.5 MB that is > > not in itself a particular problem). On other occasions it was just a > > large pps file. > > > > I never see any specific error message in the maillog file (I was using > > sendmail 8.13.1 before the upgrade to 8.13.6) - it reports that a > > message has been processed by MailScanner but there is no corresponding > > delivery notice. All the problem mail has been incoming to our users. > > > I haven't been around for a while, so haven't seen this one. > Please can you send me (off-list) the df and qf files (in a zip file) > along with a copy of your MailScanner.conf file (preferably without the > comments) so I can see your setup. > > I hope I can reproduce the problem. The snag often is that I can't > reproduce the problem. > > What I would also like you to do is, when you are tracking down the > errant message, shutdown MailScanner and then do > MailScanner --debug > and note down any error messages that appear (except the EOCD signature > warnings). This may well help me locate the problem for you. > > If I can't reproduce the problem on my system, but you have got a > message that reliably makes the problem appear, then remote access to > your system would enable me to track it down and get it fixed once and > for all. Sorry for the late response to this. I have been experimenting with some of the problem messages previously archived and am not getting consistent results - sometimes they fail, sometimes they don't. Nothing shows up in debug mode because then they don't fail. However I have seen some clues that may lead to an explanation: The messages mostly involved not just moderately large zip files, but highly compressible files - eg a 600 KB message containing a zip file that expanded to 3.5 MB. In another case a message contained a dat file, which I didn't originally realise could also be expanded, again to over 3 MB. There appears to be an association between processing failure and the following error in the maillog file: MailScanner[5811]: Commercial scanner clamav timed out! MailScanner[5811]: Virus Scanning: Denial Of Service attack detected! I am now running: Red Hat 7.1 sendmail 8.13.6 (configured to accept max message size of 1.5 MB) MailScanner 4.52.2 ClamAV 0.88.1 with: 500 MHz AMD-K6 CPU 256 MB RAM I assume now that the problem arises when the virus scanning (which seems very slow on this machine - a minimum of 30 seconds if scanning a single message) takes too long for the batch. This could also explain why the problem sometimes clears itself - if the load level is low then the scanning can be done more quickly. I have now changed the default setting for the following in MailScanner.conf from 300 to 600 seconds and hope it helps: Virus Scanner Timeout = 600 May I suggest for your next update that the error messages listed when the virus scanner times out also include the SMTP id of the message that causes the problem? That would make the identification of the problem far simpler as there would then be a direct association between the problem message and the relevant error message when grepping the log. At the moment it is hard to notice the warning without a line-by-line scrutiny of the log file. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From wintermutecx at gmail.com Mon Apr 17 20:20:35 2006 From: wintermutecx at gmail.com (Dave) Date: Mon Apr 17 20:20:38 2006 Subject: mailwatch, two MX servers Message-ID: My current setup is Mailscanner on two MX servers, they forward to the main GW server behind the firewall. I considering installing SMGateway, but it looks like they are fully commercial and the only pricing I found was $900/yr. So anyhow, I'll just install mailwatch. If I install mailwatch would that mean I can't use two MX servers? Would users have to login into each MX server separately. We are migrating to AD in about 6 months, does mailwatch support LDap from AD? From ssilva at sgvwater.com Mon Apr 17 20:20:29 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 17 20:22:57 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey spake the following on 4/15/2006 7:53 PM: > Since I upgraded to near the latest MailScanner, I am getting a lot of > these. > > Your message did not reach some or all of the intended recipients. > > Subject: Returned mail: see transcript for details > Sent: 4/15/2006 9:32 PM > > The following recipient(s) could not be reached: > > jelki@selena.net.ua on 4/15/2006 9:32 PM > The message could not be delivered because the recipient's > destination email system is unknown or invalid. Please check the address > and try again, or contact your system administrator to verify > connectivity to the email system of the recipient. > < WoodenMS2.woodmaclaw.local #5.1.2> > > Any idea why this is happening? I figure that is is DNS related or > something. > > Thank you I tried a smtp verify on that user at that domain; User does not exist.... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Apr 17 20:26:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 17 20:28:46 2006 Subject: Duplicate messages/Unlinking failed In-Reply-To: <4443BEF2.8090509@avalonpub.com> References: <4443BEF2.8090509@avalonpub.com> Message-ID: Daniel Kleinsinger spake the following on 4/17/2006 9:14 AM: > I received a duplicate message from my MailScanner box today. There are > no local users, the server is setup to redeliver to the mailbox servers > with mailertable. The second copy had no body, just headers. In the > mail log on the machine I found a bunch of error messages when searching > for the message id. The complete error messages are pasted below (some > delivery info obfuscated). There are many occurrences of this error > message in my mail logs, going back about 4 weeks. It's possible the > error started when I upgraded to Sendmail 8.13.6 for that security fix, > the timing seems right. > > I'm running the above sendmail with MailScanner 4.51.6 and perl 5.8.0 on > RH8. When I did the upgrade I changed the "Lock Type" from flock to > posix as recommended, but it seems like I'm having some type of locking > problem. Anyone have any advice? I've also pasted the output of > MailScanner -v below. RedHat 8 might be a little too old to run cutting edge Sendmail. Did you find the RPM somewhere or compile from source? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Mon Apr 17 20:35:29 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 17 20:36:24 2006 Subject: BlackList - Something simple In-Reply-To: References: Message-ID: <4443EE01.5010500@nkpanama.com> ajos1@onion.demon.co.uk wrote: > Though rather than REJECTing/DISCARDing them... I was looking to store them for a while to study what sort of spam we were receiving. > You can also do this at the MTA level by adding: blableblah: /path/name To your /etc/aliases file. The messages will be appended to that file as soon as they are delivered to the user (post-mailscanner). From alex at nkpanama.com Mon Apr 17 20:37:50 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 17 20:38:27 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: <4443EE8E.2030208@nkpanama.com> Res wrote: >> >> How much of RFC1912? > > > "Every Internet-reachable host should have a name." > > Since enforcing PTR checks, like I said 90% of the crap is now rejected > we've done it for years with no regrets and only about a dozen or so > complaints in all that time, > > You're right. AOL is enforcing it. Why can't we? :D From danielk at avalonpub.com Mon Apr 17 20:51:11 2006 From: danielk at avalonpub.com (Daniel Kleinsinger) Date: Mon Apr 17 20:51:16 2006 Subject: Duplicate messages/Unlinking failed In-Reply-To: References: <4443BEF2.8090509@avalonpub.com> Message-ID: <4443F1AF.50601@avalonpub.com> Scott Silva wrote: > Daniel Kleinsinger spake the following on 4/17/2006 9:14 AM: > >> I received a duplicate message from my MailScanner box today. There are >> no local users, the server is setup to redeliver to the mailbox servers >> with mailertable. The second copy had no body, just headers. In the >> mail log on the machine I found a bunch of error messages when searching >> for the message id. The complete error messages are pasted below (some >> delivery info obfuscated). There are many occurrences of this error >> message in my mail logs, going back about 4 weeks. It's possible the >> error started when I upgraded to Sendmail 8.13.6 for that security fix, >> the timing seems right. >> >> I'm running the above sendmail with MailScanner 4.51.6 and perl 5.8.0 on >> RH8. When I did the upgrade I changed the "Lock Type" from flock to >> posix as recommended, but it seems like I'm having some type of locking >> problem. Anyone have any advice? I've also pasted the output of >> MailScanner -v below. >> > > RedHat 8 might be a little too old to run cutting edge Sendmail. Did you find > the RPM somewhere or compile from source? > I used a SRPM to build an RPM. I don't remember where I got it from, but someone on this or the sa-users list recommended it for legacy redhat systems. Daniel From sean at blackbirdnest.com Mon Apr 17 20:51:33 2006 From: sean at blackbirdnest.com (Sean Gleason) Date: Mon Apr 17 20:53:55 2006 Subject: mailwatch, two MX servers Message-ID: <604F988E4F6FAE469F7597D608B9F71399D990@ASP-EXBECL1VS1.blackbirdasp.local> As long as you use BayesSQL and the sql white/black lists and have both Mailscanner servers logging to the same DB that mailwatch uses it should not be a problem no matter how many MX servers you use. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Sent: Monday, April 17, 2006 9:21 AM To: mailscanner@lists.mailscanner.info Subject: mailwatch, two MX servers My current setup is Mailscanner on two MX servers, they forward to the main GW server behind the firewall. I considering installing SMGateway, but it looks like they are fully commercial and the only pricing I found was $900/yr. So anyhow, I'll just install mailwatch. If I install mailwatch would that mean I can't use two MX servers? Would users have to login into each MX server separately. We are migrating to AD in about 6 months, does mailwatch support LDap from AD? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- BlackBird has scanned this message for viruses and dangerous content. The message is believed to be clean. From ecasarero at gmail.com Mon Apr 17 21:33:54 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Apr 17 21:33:57 2006 Subject: mail scanner stuck In-Reply-To: <223f97700604131114g45cd55b1vb6b02329691706f7@mail.gmail.com> References: <1144942738.3202.19.camel@dwarfstar.stellarcore.net> <223f97700604131114g45cd55b1vb6b02329691706f7@mail.gmail.com> Message-ID: <7d9b3cf20604171333o6359d983ydf4c56df8a8e736d@mail.gmail.com> hi, after doing some investigation i found the following: with 4 particular emails: in /var/log/maillog: pr 17 16:53:44 avas2 MailScanner[4150]: MailScanner E-Mail Virus Scanner version 4.51.6 starting... Apr 17 16:53:44 avas2 MailScanner[4150]: Read 711 hostnames from the phishing whitelist Apr 17 16:53:44 avas2 MailScanner[4150]: Using SpamAssassin results cache Apr 17 16:53:44 avas2 MailScanner[4150]: Connected to SpamAssassin cache database Apr 17 16:53:44 avas2 MailScanner[4150]: Enabling SpamAssassin auto-whitelist functionality... Apr 17 16:54:21 avas2 MailScanner[4150]: Using locktype = posix Apr 17 16:54:21 avas2 MailScanner[4150]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Apr 17 16:54:21 avas2 MailScanner[4150]: New Batch: Scanning 1 messages, 364000 bytes Apr 17 16:54:21 avas2 MailScanner[4150]: MCP Checks completed at -1783903718 bytes per second Apr 17 16:54:21 avas2 MailScanner[4150]: Spam Checks: Starting Apr 17 16:54:22 avas2 MailScanner[4150]: SpamAssassin cache hit for message k3HFIQcc008169 Apr 17 16:54:22 avas2 MailScanner[4150]: Message k3HFIQcc008169 from 200.218.209.99 (marcia.leon@bcb.gov.br) to fgv.br is n?o spam, SpamAssassin (escore=-2.352, requerido 6, AWL 0.25, BAYES_00 -2.60, HTML_MESSAGE 0.00) Apr 17 16:54:22 avas2 MailScanner[4150]: Spam Checks completed at 269382 bytes per second Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: Starting Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner clamavmodule timed out! Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of Service attack detected! ----------------------------------------------------------------------------- After this last log message the mail scanner rescan of the same email looping. This was logged with 1 child runnig (just for debuggin, in normal operation runs 6 childs) then i try to run clamavscan on this "particular message" with the debug flag and this was de result: ----------------------------------------------------------------------------- root@avas2:/var/spool/mqueue.in# clamscan --debug -v dfk3HFIQcc008169 LibClamAV debug: Loading databases from /usr/local/share/clamav LibClamAV debug: Loading /usr/local/share/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = af6f7d14ff7c607dd442d8b518e7b554 LibClamAV debug: Decoded signature: af6f7d14ff7c607dd442d8b518e7b554 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/COPYING LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.db LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.hdb LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.ndb LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.zmd LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.fp LibClamAV debug: Loading databases from /tmp/clamav-24b7fe37b6a16d7b LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.fp LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.hdb LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.ndb LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.zmd LibClamAV debug: Loading /usr/local/share/clamav/daily.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 919754b49d62e8bc2465270dd99b6944 LibClamAV debug: Decoded signature: 919754b49d62e8bc2465270dd99b6944 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/COPYING LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/daily.db LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/daily.hdb LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/daily.ndb LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/daily.fp LibClamAV debug: Loading databases from /tmp/clamav-b20ba7c25fc57272 LibClamAV debug: Loading /tmp/clamav-b20ba7c25fc57272/daily.hdb LibClamAV debug: Loading /tmp/clamav-b20ba7c25fc57272/daily.ndb LibClamAV debug: Loading /tmp/clamav-b20ba7c25fc57272/daily.db LibClamAV debug: Loading /tmp/clamav-b20ba7c25fc57272/daily.fp Scanning dfk3HFIQcc008169 LibClamAV debug: Matched signature for file type: HTML data LibClamAV debug: Calculated MD5 checksum: 1a8ec3f6655a32e80eee147206ee9a94 LibClamAV debug: in cli_scanhtml() LibClamAV debug: mmap'ed file LibClamAV debug: Calculated MD5 checksum: a85ea84ad9580f56bef690ea3b729c00 LibClamAV debug: Calculated MD5 checksum: caef61e795b054fbf60a100aa0332b73 LibClamAV debug: Calculated MD5 checksum: d41d8cd98f00b204e9800998ecf8427e dfk3HFIQcc008169: OK ----------- SCAN SUMMARY ----------- Known viruses: 51003 Engine version: 0.88.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 1.03 MB Time: 37.247 sec (0 m 37 s) ----------------------------------------------------------------------------- After this i really don?t know what to do. Cause Clamav is the only AV on the system and MScanner has a Timeout for AV of 300 segs an clamav takes only 37.24 seg. so MScanner cant see that clamav finished or something is missing. Should i send this particular emails to julian? PD: this is the conf. of the server Slackware 10.2 kernel 2.6 MailScanner 4.51.6 clamav, spammasassin, razor, dcc Pentium IV - 3.2Ghz /800HT 775P Intel; Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; 4096Mb RAM DDR2/533 Kingston; Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; video PCI Express X300 Radion 256Mb; network 10/100/1000; -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060417/269e64ca/attachment.html From jrudd at ucsc.edu Mon Apr 17 21:54:36 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon Apr 17 21:55:06 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <44419C5A.9040402@nkpanama.com> Message-ID: <916048fa362c05b2153543ee597ca3a5@ucsc.edu> On Apr 16, 2006, at 8:43 PM, Res wrote: > On Sat, 15 Apr 2006, Alex Neuman van der Hans wrote: > >> Res wrote: >>> I agree with this, you only need it set to about 5000, it catches so >>> much of it, and enforcing RFC1912 catches around 90% more. >> By that you mean only accepting mail from valid domains with an MX? >> RFC1912 seems to cover a lot. How do you do it? Please share ;) > > You dont have to have matching A and PTR's but they both must exist, > and we let you in :) > we use the require_rdns hack, I used to do it in local rulesets but > the hack is far better as it allows for exemptions via the > delay_checks friends option. > > The hack is available at http://support.ausics.net/require_rdns.m4 if > you have not seen it before. So, you make sure they have a PTR record for that relay's IP addr, but you don't make sure that the name it gives has an A record that matches the relay's IP addr? That's what I'd like to see. The one thing I don't like, from reading the comments in require_rdns.m4 is: It treats forgeries as a temp failure, and no-rDNS as a permanent failure. This is _exactly_ backward to me. I want no-rDNS to be a temp failure (in case it was caused by a slow DNS check, in the hope that the next time they try, their rDNS result will be in my name server's cache), and I want _forgeries_ to be permanently rejected (if someone is forging their rDNS, I don't want to see their messages _ever_, until they stop forging). I do something similar in MIMEDefang's filter_relay (at home, not yet at work), where I check if the relay's hostname (in MIMEDefang) is "[$ip]". If hostname eq "[$ip]" and $ip is in (my local IP block, the email server IP block at work, 127.0.0.1), then I let it through. Elsif $hostname eq "[$ip]", then I reject with a temporary failure (in case it's a transient DNS error, hopefully by the time they resubmit, their rDNS check will be in my name server's cache). The one case I am not _easily_ able to check is for forgeries. I would have to do the DNS check on $hostname to be sure it returns an IP address in its list of results which matches $ip. Which I _could_ do, but I'm not sure how much it'll slow things down. I wish the milter just had a way of telling me sendmail's "may be forged" status (I don't know if this is sendmail's fault, or mimedefang's, for not having that information available to my filters). All of my no-rDNS submitters are being caught either by the greet_pause or by filter_relay. (so far today 3 no-rDNS hosts in greet_pause (out of 28 total hosts caught by greet_pause, in 38 connection attempts), 46 no-rDNS hosts caught by filter_relay; only 8 of them have tried multiple connections today). Note: greet_pause happens first, so those 46 hosts caught by filter_relay are getting through the greet_pause. (not a complaint, just an observation, I'm a HUGE fan of the greet_pause) From mailscanner at mango.zw Mon Apr 17 22:40:38 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon Apr 17 22:42:55 2006 Subject: mail scanner stuck In-Reply-To: <7d9b3cf20604171333o6359d983ydf4c56df8a8e736d@mail.gmail.com> Message-ID: On Mon, 17 Apr 2006, Eduardo Casarero wrote: > Date: Mon, 17 Apr 2006 17:33:54 -0300 > From: Eduardo Casarero > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: mail scanner stuck > > hi, after doing some investigation i found the following: > with 4 particular emails: > in /var/log/maillog: Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: Starting Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner clamavmodule timed out! Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of Service attack detected! ----------------------------------------------------------------------------- > After this last log message the mail scanner rescan of the same email > looping. This was logged with 1 child runnig (just for debuggin, in > normal operation runs 6 childs) . . . > After this i really don?t know what to do. Cause Clamav is the only AV > on the system and MScanner has a Timeout for AV of 300 segs an clamav takes > only 37.24 seg. so MScanner cant see that clamav finished or something > is missing. . . . This seems to be very similar to the problem I wrote about earlier this evening in: Subject: Solved? Re: Still stuck in queue, version 4.52.2 I would be very interested to know: The size of the message What files it contained Whether the files were compressed, and if so what was the uncompressed file size How many messages were in the batch that failed? Clearly if the message is one of say 30 in a batch then it is going to be easier for ClamAV to time out on the batch than if there was only one in the batch. My understanding is that the timeout setting applies to the whole batch and not to a single message. As indicated in my message, I have changed the default for: Virus Scanner Timeout = in MailScanner.conf from 300 to 600 seconds to try to avoid this kind of problem. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From steve.swaney at fsl.com Tue Apr 18 02:09:46 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Apr 18 02:09:54 2006 Subject: mailwatch, two MX servers In-Reply-To: Message-ID: <022301c66284$c8e34320$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave > Sent: Monday, April 17, 2006 3:21 PM > To: mailscanner@lists.mailscanner.info > Subject: mailwatch, two MX servers > > My current setup is Mailscanner on two MX servers, they forward to the > main GW server behind the firewall. I considering installing > SMGateway, but it looks like they are fully commercial and the only > pricing I found was $900/yr. So anyhow, I'll just install mailwatch. > > If I install mailwatch would that mean I can't use two MX servers? > Would users have to login into each MX server separately. We are > migrating to AD in about 6 months, does mailwatch support LDap from > AD? > -- To setup an open source solution is not terribly difficult but will still have some limitations that DefenderMX (we renamed SMGateway just after the first release :) does not have. Let's take the open source solution first. You can setup MailScanner and SpamAssassin on multiple gateways and synchronize the configuration and text files required for the applications by the applications using scripts, keychains and rsync. The Bayes database, MailWatch MySQL database and MailWatch web servers can be on individual servers which are separate from the gateways. We have one open source MailScanner ISP site where all are separate with the Databases running on a MySQL Cluster. I believe there are some limitations to using MailWatch user or domain administrator logins for viewing or releasing for quarantine. The principal limitation is that the logins must be manually created in the MailWatch database. There are no web or batch interfaces for administering domains, MailScanner or related applications. The MailWatch user interface is the only web enabled part of the setup (Steve Freegard can correct me if I'm wrong :). Postfix or sendmail can be configured to verify the existence of the users email accounts on the Exchange sever before accepting the email. Milter-ahead (www.snertsoft.com) can be licensed and installed to verify user accounts before accepting email for sendmail and all other types of mail hubs. All updates are manual but updating MailScanner / SpamAssassin and ClamAV are not too difficult thanks to Julian's Super Scripts. There is a completely different architecture behind DefenderMX. A MySQL database behind a web interface is used to store MailScanner and sendmail configuration data and provide checkpoints to restore a previous configuration if the configuration gets mangled. MailScanner and sendmail do not use the MySQL database to read their configuration data. When changes are made to the MySQL database, they are immediately pushed out to out to the LDAP schema which is used by the individual scanning gateways. If the MySQL database goes down, mail processing will continue because each gateway uses a replica of the LDAP database. Web servers and Database servers can be clustered if you're really paranoid, but it takes less than one hour to install the OS, DefenderMX and restore the configuration so if you have a cold spare, you can be up and running again pretty quickly. No user state is kept on the gateways. Users and domain administrators can log in via the web to set white / black lists and spam preferences using their mail hub or Exchange email address and their normal password. Dictionary attacks can be stopped at the gateway for any backend mail hubs except Exchange 5.5 and 2000 (sorry these versions are just too totally brain dead) since we license milter-ahead from Anthony Howe. The milter-ahead license is included in the cost of DefenderMX. There are separate web based interfaces for system administrators, domain administrators and end users. Almost all MailScanner tasks; configuration, editing report text files, configuring allowable attachments, administrative tasks, configuration backups, starting / stopping MailScanner and even tailing the maillog can all be performed using the DefenderMX interface. Extensive help is provided on each configuration item or task and the entire manual is available online from within the interface. MailWatch has been tightly integrated into DefenderMX - which seems pretty reasonable since Steve Freegard is our Director of development All this sounds simple, easy to administer and pretty failure proof because it is. This was not simple to create and is not easy to continually update and improve. Over three years of work by our team went into developing this product before we had the first sale. Depending on how you value your system administrator's time, it can provide a very cost effective solution. The price of a single CPU license is $1,390 in the US. This includes the first year of support and updates. The second and future years support is $395 per year for a single CPU license. Prices are slightly higher overseas. There is no restriction on number of users or domains. The two CPU version is $2,490 and if you buy two DefenderMX licenses we will install and configure the cluster version at no additional charge (this is a limited time offer). Here in the States it doesn't take a lot of time to recoup these costs if you are keeping you systems up to date - plus you get a lot more features. We have not found any other commercial product that attempts to scan for spam and virus that is less expensive or has the features that DefenderMX provides. We have found a lot that cost a lot more, don't work as well, don't have all the features and can't compare to a MailScanner based system. We also provide commercial support and trouble shooting for open source MailScanner and related applications. Many of our open source MailScanner customers would not have considered using an open source application if very timely support and / or maintenance contracts were not available. I've been a MailScanner user and believer for almost five years now. MailScanner is simply the best product available for running email gateways. I founded Fort Systems Ltd. with Julian to make MailScanner an even more popular product with a wider user base. Most of our DefenderMX customers are not very Linux or open source literate. If DefenderMX didn't exist, they would not be using MailScanner. For the sites with some Linux expertise and the time to install, configure and maintain MailScanner, open source is a very good option - still you won't get all of the features, easy install and administrative web interface. We simply hope to provide an alternative for the sites that want a simpler solution, more features, simpler updates and can afford to pay a reasonable fee. This helps us to maintain and improve MailScanner, MailWatch and DefenderMX. Plus we're well underway on DefenderMX 2.0 - I can hardly wait to share some of the new features with you. Please email me off list if you have any questions regarding DefenderMX or support and thanks for listening, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From jon at radel.com Tue Apr 18 02:52:56 2006 From: jon at radel.com (Jon Radel) Date: Tue Apr 18 02:53:17 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details In-Reply-To: References: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> Message-ID: <44444678.2050407@radel.com> Scott Silva wrote: > Billy A. Pumphrey spake the following on 4/15/2006 7:53 PM: > >>Since I upgraded to near the latest MailScanner, I am getting a lot of >>these. >> >>Your message did not reach some or all of the intended recipients. >> >> Subject: Returned mail: see transcript for details >> Sent: 4/15/2006 9:32 PM >> >>The following recipient(s) could not be reached: >> >> jelki@selena.net.ua on 4/15/2006 9:32 PM >> The message could not be delivered because the recipient's >>destination email system is unknown or invalid. Please check the address >>and try again, or contact your system administrator to verify >>connectivity to the email system of the recipient. >> < WoodenMS2.woodmaclaw.local #5.1.2> >> >>Any idea why this is happening? I figure that is is DNS related or >>something. >> >>Thank you > > I tried a smtp verify on that user at that domain; > User does not exist.... > > It would possibly make more sense if Mr. Pumphrey read down a bit and looked at the rest of the mail (aren't the original e-mails attached?). I see a lot of those in the postmaster, address of last resort, e-mail from the following: 1) Spam from non-existent address is sent to non-existent user on my sendmail server. 2) Bounce to non-existent from address is prepared. 3) Bounce bounces and notice of this second bounce goes to postmaster. I suspect that as part of the upgrade either the option to quietly discard these was turned off in the MTA or MailScanner is no longer "discarding" them. I suspect the root cause was there before. --Jon Radel jon@radel.com From craigwhite at azapple.com Tue Apr 18 07:46:11 2006 From: craigwhite at azapple.com (Craig White) Date: Tue Apr 18 07:46:22 2006 Subject: Postfix deferred Message-ID: <1145342771.6823.1.camel@lin-workstation.azapple.com> I had a power outage today and I've got cyrus-imapd repaired but there are a number of emails that appear still in /var/spool/postfix/deferred and restarting MailScanner doesn't seem to get them into the queue. How do I get them requeued for delivery? Craig From craigwhite at azapple.com Tue Apr 18 08:01:15 2006 From: craigwhite at azapple.com (Craig White) Date: Tue Apr 18 08:01:25 2006 Subject: Postfix deferred In-Reply-To: <1145342771.6823.1.camel@lin-workstation.azapple.com> References: <1145342771.6823.1.camel@lin-workstation.azapple.com> Message-ID: <1145343675.6823.3.camel@lin-workstation.azapple.com> On Mon, 2006-04-17 at 23:46 -0700, Craig White wrote: > I had a power outage today and I've got cyrus-imapd repaired but there > are a number of emails that appear still in /var/spool/postfix/deferred > and restarting MailScanner doesn't seem to get them into the queue. How > do I get them requeued for delivery? ---- never mind... 'postfix flush' seemed to do the trick Craig From res at ausics.net Tue Apr 18 08:46:53 2006 From: res at ausics.net (Res) Date: Tue Apr 18 08:47:03 2006 Subject: greylisting? In-Reply-To: <4443EE8E.2030208@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> <4443EE8E.2030208@nkpanama.com> Message-ID: On Mon, 17 Apr 2006, Alex Neuman van der Hans wrote: > Res wrote: >>> >>> How much of RFC1912? >> >> >> "Every Internet-reachable host should have a name." >> >> Since enforcing PTR checks, like I said 90% of the crap is now rejected >> we've done it for years with no regrets and only about a dozen or so >> complaints in all that time, >> >> > > You're right. AOL is enforcing it. Why can't we? :D AOL only started about a year ago, I've been doing it for over 5 or 6 years, the results speak for themselves. If you run a network where the system admins are incompetant and do not do their job properly by ensuring every host has a hostname, be it dsl, dialup, a hosting server or a key server in a NOC, its just plain lazyness, and they should be dismissed as such. -- Cheers Res From res at ausics.net Tue Apr 18 08:51:23 2006 From: res at ausics.net (Res) Date: Tue Apr 18 08:51:33 2006 Subject: greylisting? In-Reply-To: <916048fa362c05b2153543ee597ca3a5@ucsc.edu> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <44419C5A.9040402@nkpanama.com> <916048fa362c05b2153543ee597ca3a5@ucsc.edu> Message-ID: On Mon, 17 Apr 2006, John Rudd wrote: >> You dont have to have matching A and PTR's but they both must exist, and we >> >> The hack is available at http://support.ausics.net/require_rdns.m4 if you >> have not seen it before. > > So, you make sure they have a PTR record for that relay's IP addr, but you > don't make sure that the name it gives has an A record that matches the > relay's IP addr? That's what I'd like to see. Correct, perfect strict matching comes undone with receiving mail from hosting servers where there can be thousands of A's, but only need one PTR. > The one thing I don't like, from reading the comments in require_rdns.m4 is: > > It treats forgeries as a temp failure, and no-rDNS as a permanent failure. > This is _exactly_ backward to me. I want no-rDNS to be a temp failure (in You are more than welcome to change the 5xx to a 4xx if you want, nothing stopping you. > All of my no-rDNS submitters are being caught either by the greet_pause or by > filter_relay. (so far today 3 no-rDNS hosts in greet_pause (out of 28 total > hosts caught by greet_pause, in 38 connection attempts), 46 no-rDNS hosts on servers that do 100 msgs a second constantly, trust me we see it as still a huge problem wiuthout it :) -- Cheers Res From martinh at solid-state-logic.com Tue Apr 18 09:46:32 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 18 09:46:53 2006 Subject: mail scanner stuck In-Reply-To: Message-ID: <022901c662c4$99d9aed0$3004010a@martinhlaptop> Jim I'd look at why the clamavmodule is timing out - does clamscan work OK from the command line???? RH 7.1 is really really old so it could be problems with either clamAV or the perl module not working with 7.1. What happens if you change from the module to the normal clamav scanner in MailScanner.conf? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > Sent: 17 April 2006 22:41 > To: MailScanner discussion > Subject: Re: mail scanner stuck > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > From: Eduardo Casarero > > Reply-To: MailScanner discussion > > To: MailScanner discussion > > Subject: Re: mail scanner stuck > > > > hi, after doing some investigation i found the following: > > with 4 particular emails: > > > in /var/log/maillog: > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: > Starting > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner clamavmodule > timed out! > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of Service > attack detected! > -------------------------------------------------------------------------- > --- > > After this last log message the mail scanner rescan of the same email > > looping. This was logged with 1 child runnig (just for debuggin, in > > normal operation runs 6 childs) > > . . . > > > After this i really don?t know what to do. Cause Clamav is the only AV > > on the system and MScanner has a Timeout for AV of 300 segs an clamav > takes > > only 37.24 seg. so MScanner cant see that clamav finished or something > > is missing. > > . . . > > This seems to be very similar to the problem I wrote about earlier this > evening in: > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > I would be very interested to know: > > The size of the message > > What files it contained > > Whether the files were compressed, and if so > what was the uncompressed file size > > How many messages were in the batch that failed? > > Clearly if the message is one of say 30 in a batch then it is going to be > easier for ClamAV to time out on the batch than if there was only one in > the batch. My understanding is that the timeout setting applies to the > whole batch and not to a single message. > > As indicated in my message, I have changed the default for: > > Virus Scanner Timeout = > > in MailScanner.conf from 300 to 600 seconds to try to avoid this kind of > problem. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at mango.zw Tue Apr 18 09:56:43 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 18 09:59:43 2006 Subject: mail scanner stuck In-Reply-To: <022901c662c4$99d9aed0$3004010a@martinhlaptop> Message-ID: Hi Martin On Tue, 18 Apr 2006, Martin Hepworth wrote: > I'd look at why the clamavmodule is timing out - does clamscan work OK > from the command line???? On my system I am not running clamavmodule - just plain clamav. The error message below was on the system being run by Eduardo Casarero. > RH 7.1 is really really old Soon to be upgraded to Debian Sarge :-) > so it could be problems with either clamAV or the perl module not > working with 7.1. > What happens if you change from the module to the normal clamav scanner > in MailScanner.conf? See above. > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > > Sent: 17 April 2006 22:41 > > To: MailScanner discussion > > Subject: Re: mail scanner stuck > > > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > > From: Eduardo Casarero > > > Reply-To: MailScanner discussion > > > To: MailScanner discussion > > > Subject: Re: mail scanner stuck > > > > > > hi, after doing some investigation i found the following: > > > with 4 particular emails: > > > > > in /var/log/maillog: > > > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: > > Starting > > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner clamavmodule > > timed out! > > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of Service > > attack detected! > > -------------------------------------------------------------------------- > > --- > > > After this last log message the mail scanner rescan of the same email > > > looping. This was logged with 1 child runnig (just for debuggin, in > > > normal operation runs 6 childs) > > > > . . . > > > > > After this i really don?t know what to do. Cause Clamav is the only AV > > > on the system and MScanner has a Timeout for AV of 300 segs an clamav > > takes > > > only 37.24 seg. so MScanner cant see that clamav finished or something > > > is missing. > > > > . . . > > > > This seems to be very similar to the problem I wrote about earlier this > > evening in: > > > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > > > I would be very interested to know: > > > > The size of the message > > > > What files it contained > > > > Whether the files were compressed, and if so > > what was the uncompressed file size > > > > How many messages were in the batch that failed? > > > > Clearly if the message is one of say 30 in a batch then it is going to be > > easier for ClamAV to time out on the batch than if there was only one in > > the batch. My understanding is that the timeout setting applies to the > > whole batch and not to a single message. > > > > As indicated in my message, I have changed the default for: > > > > Virus Scanner Timeout = > > > > in MailScanner.conf from 300 to 600 seconds to try to avoid this kind of > > problem. > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From Jan-Peter.Koopmann at seceidos.de Tue Apr 18 10:07:13 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Apr 18 10:07:26 2006 Subject: DIFF for mta.sh startupscript on freebsd-port 4.52.2 Message-ID: On Monday, April 17, 2006 4:03 PM Lars Kristiansen wrote: >> Thanks to JP for the Freebsd-port. You are welcome. > Maybe it would be right to use the %%RC_SUBR%% variable in the ports > files? Let's discuss this off-list. > Should I rather send-pr these things instead of bothering the list? > Again, thanks. Simply e-mail me personally. Otherwise you risk me not seeing these important posts. :-) Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/cb073462/smime.bin From housey at sme-ecom.co.uk Tue Apr 18 10:14:14 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Apr 18 10:14:23 2006 Subject: Load Of Spam Getting Through Over the weekend Message-ID: Hi Had a few calls this morning moaning about a lot of spam had gotten through over the weekend, on further investigation most of the subjects were quite similar V/AGRiA new V/AGfRA new C/AmLls new Cj/ALIS new AMB/EjN new AiMb/EN new etc... Quite a few were also Out of Office replies e.g. Out Of Office: C/AmLls new None scored very high for spam at all, I run spamassasin, DCC, Razor, Pyzor and the rules_du_jour script from fsl.com has anyone else seen similar? does anyone have any rules to catch them? Paul From martinh at solid-state-logic.com Tue Apr 18 10:27:27 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 18 10:27:43 2006 Subject: Load Of Spam Getting Through Over the weekend In-Reply-To: Message-ID: <02a401c662ca$50e971f0$3004010a@martinhlaptop> Paul 1. What version of spamassassin? 2. Can you drop an example to pastebin or a web page (full headers etc), and I'll run it over my comprehensive SA setup and see which extra rules fire. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > Sent: 18 April 2006 10:14 > To: MailScanner Mailing List > Subject: Load Of Spam Getting Through Over the weekend > > Hi > > Had a few calls this morning moaning about a lot of spam had gotten > through > over the weekend, on further investigation most of the subjects were quite > similar > > V/AGRiA new > V/AGfRA new > C/AmLls new > Cj/ALIS new > AMB/EjN new > AiMb/EN new > > etc... > > Quite a few were also Out of Office replies e.g. > > Out Of Office: C/AmLls new > > None scored very high for spam at all, I run spamassasin, DCC, Razor, > Pyzor > and the rules_du_jour script from fsl.com has anyone else seen similar? > does > anyone have any rules to catch them? > > Paul > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From suporte at setinet.com.br Tue Apr 18 16:45:05 2006 From: suporte at setinet.com.br (Suporte) Date: Tue Apr 18 12:45:29 2006 Subject: ATTACH with MS-DOS format converted to LINUX format Message-ID: <001b01c662ff$10a6b0a0$140aa8c0@Note> Hi. The problem occur when i send a file like test.rem. The format is a simple .txt file, for windows. When MailScanner send the file, the recipient receive but with no order inside. Like Unix format. all collums and tabs are missing. i can resolve it by convert the file again.. but i cant say to my client do the same, one by one. What I can do to MailScanner not convert the files? and, Why MailScanner do that by default? Really Thanks Dennis -------------------------------------------------------------------- Esta mensagem foi verificada pelo sistema de anti-v?rus e anti-spam. Seti Seguran?a e Tecnologia na Internet - suporte@setinet.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/583bf153/attachment.html From roger at rudnick.com.br Tue Apr 18 13:10:40 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 18 13:10:43 2006 Subject: ATTACH with MS-DOS format converted to LINUX format References: <001b01c662ff$10a6b0a0$140aa8c0@Note> Message-ID: <019501c662e1$1d6f87d0$0600a8c0@roger> Try setting "Sign Clean Messages = no" to see if it solves your problem... Regards Roger Jochem ----- Original Message ----- From: Suporte To: mailscanner@lists.mailscanner.info Sent: Tuesday, April 18, 2006 12:45 PM Subject: ATTACH with MS-DOS format converted to LINUX format Hi. The problem occur when i send a file like test.rem. The format is a simple .txt file, for windows. When MailScanner send the file, the recipient receive but with no order inside. Like Unix format. all collums and tabs are missing. i can resolve it by convert the file again.. but i cant say to my client do the same, one by one. What I can do to MailScanner not convert the files? and, Why MailScanner do that by default? Really Thanks Dennis -------------------------------------------------------------------- Esta mensagem foi verificada pelo sistema de anti-v?rus e anti-spam. Seti Seguran?a e Tecnologia na Internet - suporte@setinet.com.br ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/705c1bb4/attachment.html From bpumphrey at WoodMacLaw.com Tue Apr 18 13:34:09 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Tue Apr 18 13:34:15 2006 Subject: Load Of Spam Getting Through Over the weekend Message-ID: <04D932B0071FE34FA63EBB1977B48D15010BEE84@woodenex.woodmaclaw.local> Paul 1. What version of spamassassin? 2. Can you drop an example to pastebin or a web page (full headers etc), and I'll run it over my comprehensive SA setup and see which extra rules fire. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > Sent: 18 April 2006 10:14 > To: MailScanner Mailing List > Subject: Load Of Spam Getting Through Over the weekend > > Hi > > Had a few calls this morning moaning about a lot of spam had gotten > through over the weekend, on further investigation most of the > subjects were quite similar > > V/AGRiA new > V/AGfRA new > C/AmLls new > Cj/ALIS new > AMB/EjN new > AiMb/EN new > > etc... > > Quite a few were also Out of Office replies e.g. > > Out Of Office: C/AmLls new > > None scored very high for spam at all, I run spamassasin, DCC, Razor, > Pyzor and the rules_du_jour script from fsl.com has anyone else seen > similar? > does > anyone have any rules to catch them? > > Paul > > -- I am curious on this result. From Sylvain.Phaneuf at imsu.ox.ac.uk Tue Apr 18 14:37:55 2006 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Tue Apr 18 14:38:17 2006 Subject: Ignore Spam Whitelist If Recipients Exceed.... Message-ID: <4444F9C2.FEA8.00EB.0@imsu.ox.ac.uk> Hi everyone, This is my annual message to the list. Mailscanner is too d*** good, I don't can't find anything that goes wrong... We have come across a few messages lately that were flagged as spam while the sender was on our whitelist. I wonder what is the current wisdom on this... here it goes: we have kept the default setting for: Ignore Spam Whitelist If Recipients Exceed = 20 This morning someone we trust (!???) forwarded a message to 45 people - she had received that message from someone she trusts (!!??!). It turns out that the original message triggered two SA rules (MSGID_DOLLARS = Message-Id has pattern used in spam and MSGID_OUTLOOK_INVALID = Message-Id is fake (in Outlook Express format)). Other than that the message was cleaned and we feel we should have let it go without flagging it as spam. We are very careful to what we had to our whitelist. Should we raise our "Ignore Spam Whitelist If Recipients Exceed" to a bigger number? What do people do out there? Looking forward to reading your suggestions all. Thanks again to all the regular, and to Julian! Sylvain -- ============================================ Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford, OX3 9DU, UK ============================================ From Eric.Jacobs at thomastechsolutions.com Tue Apr 18 14:42:57 2006 From: Eric.Jacobs at thomastechsolutions.com (Jacobs, Eric (ThomasTech)) Date: Tue Apr 18 14:45:46 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jon Radel > Sent: Monday, April 17, 2006 9:53 PM > To: MailScanner discussion > Subject: Re: Getting lots of Undeliverable: Returned mail: > see transcript for details > > > > Scott Silva wrote: > > Billy A. Pumphrey spake the following on 4/15/2006 7:53 PM: > > > >>Since I upgraded to near the latest MailScanner, I am > getting a lot of > >>these. > >> > >>Your message did not reach some or all of the intended recipients. > >> > >> Subject: Returned mail: see transcript for details > >> Sent: 4/15/2006 9:32 PM > >> > >>The following recipient(s) could not be reached: > >> > >> jelki@selena.net.ua on 4/15/2006 9:32 PM > >> The message could not be delivered because the > recipient's > >>destination email system is unknown or invalid. Please > check the address > >>and try again, or contact your system administrator to verify > >>connectivity to the email system of the recipient. > >> < WoodenMS2.woodmaclaw.local #5.1.2> > >> > >>Any idea why this is happening? I figure that is is DNS related or > >>something. > >> > >>Thank you > > > > I tried a smtp verify on that user at that domain; > > User does not exist.... > > > > > > It would possibly make more sense if Mr. Pumphrey read down a bit and > looked at the rest of the mail (aren't the original e-mails > attached?). > I see a lot of those in the postmaster, address of last > resort, e-mail > from the following: > > 1) Spam from non-existent address is sent to non-existent user on my > sendmail server. > > 2) Bounce to non-existent from address is prepared. > > 3) Bounce bounces and notice of this second bounce goes to postmaster. > > I suspect that as part of the upgrade either the option to quietly > discard these was turned off in the MTA or MailScanner is no longer > "discarding" them. I suspect the root cause was there before. > > --Jon Radel > jon@radel.com > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > I was having the same problem for awhile. What was triggering it was spam that was coming in as a "gif" attachment with an extremely long filename. While spamassassin was recognizing it as spam, it was also being flagged by MailScanner's filename checking. I do have MailScanner to notify upon blocking attachments because many clients will send banned attachments, so it was sending notifications about these blocked messages, which, of course, were bouncing. I got around this by putting gif attachments in the MailScanner.conf's "Allow filenames" entry, thus bypassing the filename.rules.conf check for these e-mails. Eric Jacobs From martin.lyberg at gmail.com Tue Apr 18 15:02:39 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue Apr 18 15:03:09 2006 Subject: Forward virus, not quarantine? In-Reply-To: <443D2A76.1050604@nkpanama.com> References: <443D2A76.1050604@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote: > Possible? Don't know - never had to. What would your reasons be for > doing so? I can't think of any reasons off the top of my head, but it > would be interesting to know where such a scenario would be needed. Most > people want to get rid of viruses, not collect them (except for the CDC) :D > > Regards, > > Alex Alex, The reason for doing this, is that i'm testing a new box with Mailscanner, Postfix and clamav. During my tests, i noticed that some legitime mails with attachment got blocked, and since i'm just relaying for our internal exchangeserver, i'm not quite sure how to release those mails until i've found out why it was blocked. / Martin From martinh at solid-state-logic.com Tue Apr 18 15:08:37 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 18 15:08:44 2006 Subject: Forward virus, not quarantine? In-Reply-To: Message-ID: <032001c662f1$966af470$3004010a@martinhlaptop> Martin If you install mailwatch on top of MailScanner it will give you a nice interface to release emails etc... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin > Sent: 18 April 2006 15:03 > To: mailscanner@lists.mailscanner.info > Subject: Re: Forward virus, not quarantine? > > Alex Neuman van der Hans wrote: > > > Possible? Don't know - never had to. What would your reasons be for > > doing so? I can't think of any reasons off the top of my head, but it > > would be interesting to know where such a scenario would be needed. Most > > people want to get rid of viruses, not collect them (except for the CDC) > :D > > > > Regards, > > > > Alex > > Alex, > > The reason for doing this, is that i'm testing a new box with > Mailscanner, Postfix and clamav. During my tests, i noticed that some > legitime mails with attachment got blocked, and since i'm just relaying > for our internal exchangeserver, i'm not quite sure how to release those > mails until i've found out why it was blocked. > > / Martin > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From lucky at the-luckyduck.de Tue Apr 18 15:11:14 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Tue Apr 18 15:11:17 2006 Subject: seperating recipient based whitelisting for virus and spam checks Message-ID: <20060418141114.GU4210@luckyduck.tux> Hi, Jules told me a few days ago how to enable / disable spam checking for certain recipients. I wrote a custom function (DoWeScan) which checks an sql database based on the 'todomain' field in the message. In the MailScanner.conf, the Scan Messages setting calls this function. This works fine, but it enables or disables all checks based on the settings in the database. Now, I tried to go one step further to make it possible to give users more options to select from. I tried to go the way Jules recommended (i.e. I wrote two more custom functions), for the 'Virus Scanning' and 'Spam Checks' settings, but it doesnt work as expected. I tried the following things: - Scan Messages = no Virus Scanning = &DoWeVirusScan Spam Checks = &DoWeSpamScan Result: No messages are scanned at all. - Scan Messages = yes Result: no matter what i set in the database for spam or virus checks, every message gets scanned - Scan Messages = &DoWeScan , where DoWeScan checks if either the spamfilter, the virusscanner or both features should be enabled. Result: if one of these things is active, both checks are enabled. this is because the DoWeScan function contains an inclusive or logic. My question now is, can I enable / disable spam and virus checks indepently? From pravin.rane at gmail.com Tue Apr 18 16:05:44 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Tue Apr 18 16:05:47 2006 Subject: Qmail repeated Message-ID Message-ID: <13c021a90604180805r675617c1gab6add71196ae6c6@mail.gmail.com> Hi This is my first posting to Mailscannner list. I am using Qmail + MailScanner + Mailwatch + ClamAV + Spamassassin. My problem is I am getting same messae-Ids for mulitple mails in Mailwatch interface. After searching in Mailwatch FAQ I found the author pointed to counsult with Mailscanner's Author since all this information its getting from MailScanner. Is there any work-arround (Patch) to get unique message-ids?. Since qmail uses same message-ids to different messages if it does not find that inode no. in queue. Regards Pravin Rane -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/4f5edd74/attachment.html From Mailscanner at mailing.kaufland-informationssysteme.com Tue Apr 18 16:45:59 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Tue Apr 18 16:46:05 2006 Subject: Split the mails In-Reply-To: <441E08E9.8000501@enitech.com.au> References: <000101c649da$b4b09f50$3004010a@martinhlaptop> <441E08E9.8000501@enitech.com.au> Message-ID: <444509B7.5070301@mailing.kaufland-informationssysteme.com> Hello Peter, I will try now exim ;) can you send me or explain me the exim config section for the mail Mail splitting. Matthias Peter Russell wrote: > It isnt possible on Posthfix unless some one write a script to do it > as a filter in Postfix...but i am sure that as soon as it is written > the functionality of postfix will change and break it. > > If i hadnt already begun with postfix i would ahve learnt Exim - one day! > > Martin Hepworth wrote: > >> Matthias >> >> Only possible if you're running sendmail or exim. >> Basically you have to get the MTa to split the 1 email with many >> recipients >> into many emails with 1 recipient. >> >> There's instructions on how to do this for sendmail and exim in this >> file... >> >> http://www.fsl.com/support/QuarantineReport.tar.gz >> >> >> >> -- >> Martin Hepworth Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter >>> Sent: 17 March 2006 15:30 >>> To: MailScanner discussion >>> Subject: Split the mails >>> >>> I make several Spam actions for different users. >>> But if a mail contains several receiver only the first rule work. >>> >>> Now is it possible to split into several mails for each receiver? >>> >>> Or is there an other - may cooler way? >>> >>> Matthias >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> From martinh at solid-state-logic.com Tue Apr 18 16:49:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 18 16:49:12 2006 Subject: Split the mails In-Reply-To: <444509B7.5070301@mailing.kaufland-informationssysteme.com> Message-ID: <037401c662ff$9e01f9f0$3004010a@martinhlaptop> Have a look in the tar.gz file - there's an exim.txt... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > Sent: 18 April 2006 16:46 > To: pete@enitech.com.au > Cc: MailScanner discussion > Subject: Re: Split the mails > > Hello Peter, > > I will try now exim ;) > can you send me or explain me the exim config section for the mail Mail > splitting. > > Matthias > > Peter Russell wrote: > > > It isnt possible on Posthfix unless some one write a script to do it > > as a filter in Postfix...but i am sure that as soon as it is written > > the functionality of postfix will change and break it. > > > > If i hadnt already begun with postfix i would ahve learnt Exim - one > day! > > > > Martin Hepworth wrote: > > > >> Matthias > >> > >> Only possible if you're running sendmail or exim. > >> Basically you have to get the MTa to split the 1 email with many > >> recipients > >> into many emails with 1 recipient. > >> > >> There's instructions on how to do this for sendmail and exim in this > >> file... > >> > >> http://www.fsl.com/support/QuarantineReport.tar.gz > >> > >> > >> > >> -- > >> Martin Hepworth Snr Systems Administrator > >> Solid State Logic > >> Tel: +44 (0)1865 842300 > >> > >> > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > >>> Sent: 17 March 2006 15:30 > >>> To: MailScanner discussion > >>> Subject: Split the mails > >>> > >>> I make several Spam actions for different users. > >>> But if a mail contains several receiver only the first rule work. > >>> > >>> Now is it possible to split into several mails for each receiver? > >>> > >>> Or is there an other - may cooler way? > >>> > >>> Matthias > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > >> ********************************************************************** > >> > >> This email and any files transmitted with it are confidential and > >> intended solely for the use of the individual or entity to whom they > >> are addressed. If you have received this email in error please notify > >> the system manager. > >> > >> This footnote confirms that this email message has been swept > >> for the presence of computer viruses and is believed to be clean. > >> > >> ********************************************************************** > >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rgreen at trayerproducts.com Tue Apr 18 18:33:05 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Tue Apr 18 18:33:46 2006 Subject: DCC Score Message-ID: <444522D1.60107@trayerproducts.com> Hello, Where is score for DCC configured? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at thehostmasters.com Tue Apr 18 19:03:12 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 18 19:03:15 2006 Subject: Custom blacklist?? Message-ID: <444529E0.9010809@thehostmasters.com> Hello all... I added the following line in local.cf, but it has no affect... I must be doing something retardily wrong?! blacklist_from bloddy_ceaser@hotmail.com hoping the above would block email from the email address?? SA 3.1 -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From ecasarero at gmail.com Tue Apr 18 20:50:17 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Apr 18 20:50:29 2006 Subject: mail scanner stuck In-Reply-To: References: <022901c662c4$99d9aed0$3004010a@martinhlaptop> Message-ID: <7d9b3cf20604181250g5cf100baida1ff5659316e390@mail.gmail.com> jim, i?ve the messages but i just substracted them from the mqueu.in. Sizes goes from 400Kb to 7Mb. Aparently they are compressed PPT Power Point Presentations. how can i open that mail if i have the qfk3HFIQcc008169 and dfk3HFIQcc008169. In the bacht that failed there was 1 email only, i chaged parameters so mailscanner takes 1 by 1 so i found this 4 problematic mails. regards. 2006/4/18, Jim Holland : > > Hi Martin > > On Tue, 18 Apr 2006, Martin Hepworth wrote: > > > I'd look at why the clamavmodule is timing out - does clamscan work OK > > from the command line???? > > On my system I am not running clamavmodule - just plain clamav. The error > message below was on the system being run by Eduardo Casarero. > > > RH 7.1 is really really old > > Soon to be upgraded to Debian Sarge :-) > > > so it could be problems with either clamAV or the perl module not > > working with 7.1. > > > What happens if you change from the module to the normal clamav scanner > > in MailScanner.conf? > > See above. > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > > > Sent: 17 April 2006 22:41 > > > To: MailScanner discussion > > > Subject: Re: mail scanner stuck > > > > > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > > > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > > > From: Eduardo Casarero > > > > Reply-To: MailScanner discussion > > > > > To: MailScanner discussion > > > > Subject: Re: mail scanner stuck > > > > > > > > hi, after doing some investigation i found the following: > > > > with 4 particular emails: > > > > > > > in /var/log/maillog: > > > > > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: > > > Starting > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner > clamavmodule > > > timed out! > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of > Service > > > attack detected! > > > > -------------------------------------------------------------------------- > > > --- > > > > After this last log message the mail scanner rescan of the same > email > > > > looping. This was logged with 1 child runnig (just for debuggin, in > > > > normal operation runs 6 childs) > > > > > > . . . > > > > > > > After this i really don?t know what to do. Cause Clamav is the only > AV > > > > on the system and MScanner has a Timeout for AV of 300 segs an > clamav > > > takes > > > > only 37.24 seg. so MScanner cant see that clamav finished or > something > > > > is missing. > > > > > > . . . > > > > > > This seems to be very similar to the problem I wrote about earlier > this > > > evening in: > > > > > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > > > > > I would be very interested to know: > > > > > > The size of the message > > > > > > What files it contained > > > > > > Whether the files were compressed, and if so > > > what was the uncompressed file size > > > > > > How many messages were in the batch that failed? > > > > > > Clearly if the message is one of say 30 in a batch then it is going to > be > > > easier for ClamAV to time out on the batch than if there was only one > in > > > the batch. My understanding is that the timeout setting applies to > the > > > whole batch and not to a single message. > > > > > > As indicated in my message, I have changed the default for: > > > > > > Virus Scanner Timeout = > > > > > > in MailScanner.conf from 300 to 600 seconds to try to avoid this kind > of > > > problem. > > > > > > Regards > > > > > > Jim Holland > > > System Administrator > > > MANGO - Zimbabwe's non-profit e-mail service > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/f329ba2d/attachment.html From rob at thehostmasters.com Tue Apr 18 20:51:13 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 18 20:51:32 2006 Subject: Changin MX machine to it's own, recommendations please... Message-ID: <44454331.6050409@thehostmasters.com> Hello.... I will be creating an MX(mailscanner Machine) all on its own to crunch away all those bad little emails... as the current MS is taking too much resources on my other machine.... So the question is, aside form OS which will be Debian and the hardware.... What setup should i do with respect to install MS and associated apps... Apt-get or source/compile/install... any other important things is should check out or know? Thanks too all.. -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From mailscanner at mango.zw Tue Apr 18 22:21:29 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 18 22:23:30 2006 Subject: mail scanner stuck In-Reply-To: <7d9b3cf20604181250g5cf100baida1ff5659316e390@mail.gmail.com> Message-ID: On Tue, 18 Apr 2006, Eduardo Casarero wrote: > jim, i?ve the messages but i just substracted them from the mqueu.in. > Sizes goes from 400Kb to 7Mb. Aparently they are compressed PPT Power > Point Presentations. how can i open that mail if i have the > qfk3HFIQcc008169 and dfk3HFIQcc008169 In the bacht that failed there was > 1 email only, i chaged parameters so mailscanner takes 1 by 1 so i found > this 4 problematic mails. If you are happy to just release the message, then stop MailScanner (if you want to avoid possible error messages), move both of the above files into /var/spool/mqueue, and then restart MailScanner. If you want to scan the message manually, then as far as I know you have to convert the above back into a single message file. I do that the hard way: cat qfk3HFIQcc008169 dfk3HFIQcc008169 > msg.tmp edit the headers in msg.tmp: Delete all lines up to but not including the first Received: line Delete all H?? entries at the beginning of lines Delete the . on the line at the end of the headers. You can then scan the message. Your comment about the files being compressed PPT Power Point Presentations is also very interesting, as PPT files were also amongst the problem messages that I came across. > 2006/4/18, Jim Holland : > > > > Hi Martin > > > > On Tue, 18 Apr 2006, Martin Hepworth wrote: > > > > > I'd look at why the clamavmodule is timing out - does clamscan work OK > > > from the command line???? > > > > On my system I am not running clamavmodule - just plain clamav. The error > > message below was on the system being run by Eduardo Casarero. > > > > > RH 7.1 is really really old > > > > Soon to be upgraded to Debian Sarge :-) > > > > > so it could be problems with either clamAV or the perl module not > > > working with 7.1. > > > > > What happens if you change from the module to the normal clamav scanner > > > in MailScanner.conf? > > > > See above. > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > > > > Sent: 17 April 2006 22:41 > > > > To: MailScanner discussion > > > > Subject: Re: mail scanner stuck > > > > > > > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > > > > > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > > > > From: Eduardo Casarero > > > > > Reply-To: MailScanner discussion > > > > > > > To: MailScanner discussion > > > > > Subject: Re: mail scanner stuck > > > > > > > > > > hi, after doing some investigation i found the following: > > > > > with 4 particular emails: > > > > > > > > > in /var/log/maillog: > > > > > > > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: > > > > Starting > > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner > > clamavmodule > > > > timed out! > > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of > > Service > > > > attack detected! > > > > > > -------------------------------------------------------------------------- > > > > --- > > > > > After this last log message the mail scanner rescan of the same > > email > > > > > looping. This was logged with 1 child runnig (just for debuggin, in > > > > > normal operation runs 6 childs) > > > > > > > > . . . > > > > > > > > > After this i really don?t know what to do. Cause Clamav is the only > > AV > > > > > on the system and MScanner has a Timeout for AV of 300 segs an > > clamav > > > > takes > > > > > only 37.24 seg. so MScanner cant see that clamav finished or > > something > > > > > is missing. > > > > > > > > . . . > > > > > > > > This seems to be very similar to the problem I wrote about earlier > > this > > > > evening in: > > > > > > > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > > > > > > > I would be very interested to know: > > > > > > > > The size of the message > > > > > > > > What files it contained > > > > > > > > Whether the files were compressed, and if so > > > > what was the uncompressed file size > > > > > > > > How many messages were in the batch that failed? > > > > > > > > Clearly if the message is one of say 30 in a batch then it is going to > > be > > > > easier for ClamAV to time out on the batch than if there was only one > > in > > > > the batch. My understanding is that the timeout setting applies to > > the > > > > whole batch and not to a single message. > > > > > > > > As indicated in my message, I have changed the default for: > > > > > > > > Virus Scanner Timeout = > > > > > > > > in MailScanner.conf from 300 to 600 seconds to try to avoid this kind > > of > > > > problem. > > > > > > > > Regards > > > > > > > > Jim Holland > > > > System Administrator > > > > MANGO - Zimbabwe's non-profit e-mail service > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > ********************************************************************** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they > > > are addressed. If you have received this email in error please notify > > > the system manager. > > > > > > This footnote confirms that this email message has been swept > > > for the presence of computer viruses and is believed to be clean. > > > > > > ********************************************************************** > > > > > > > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From maillists at conactive.com Tue Apr 18 22:31:26 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 18 22:31:39 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: Res wrote on Mon, 17 Apr 2006 13:36:22 +1000 (EST): > Since enforcing PTR checks, like I said 90% of the crap is now rejected By simply checking if a PTR record exists? You are then getting spam from weird locations ;-) All big German providers have PTR for their dynamic IP space and what I get from the big US providers like charter, comcast, shaw and such, they all have PTR. Actually that's a good thing since I can block them all by domain instead of collecting their IP ranges :-) I could reject maybe 10% by a "need PTR" policy - if I'm lucky. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Apr 18 22:31:26 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 18 22:31:41 2006 Subject: Custom blacklist?? In-Reply-To: <444529E0.9010809@thehostmasters.com> References: <444529E0.9010809@thehostmasters.com> Message-ID: Rob Morin wrote on Tue, 18 Apr 2006 14:03:12 -0400: > hoping the above would block email from the email address?? Maybe it's not the envelope address? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at mango.zw Tue Apr 18 22:32:34 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 18 22:34:20 2006 Subject: Can the null address be specified in a ruleset? Message-ID: Hi Julian I have a user who is receiving numerous erroneous bounces of "cleaned" viruses from a large local ISP. The viruses are spoofing her address. The envelope sender address according to the log file is the null address <>, although when received by the user it has the envelope address MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after receipt. I have tried the following in spam.blacklist.rules: From: <> and To: user@mango.zw yes and From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes but, not surprisingly, neither of these work. Can you suggest any way to make such a rule work? Or would it need to be a new feature? I do think it would be very useful to be able to use <> if it cannot be done at the moment. I am not using SpamAssassin (don't have enough horsepower) so cannot use that. And I don't want to block other mail from the major local ISP that is sending this junk. For the moment I will just try getting them on the phone once more . . . Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From mkettler at evi-inc.com Tue Apr 18 22:34:55 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 18 22:35:03 2006 Subject: Custom blacklist?? In-Reply-To: <444529E0.9010809@thehostmasters.com> References: <444529E0.9010809@thehostmasters.com> Message-ID: <44455B7F.9090601@evi-inc.com> Rob Morin wrote: > Hello all... > > I added the following line in local.cf, but it has no affect... I must > be doing something retardily wrong?! > > blacklist_from bloddy_ceaser@hotmail.com > > hoping the above would block email from the email address?? > > SA 3.1 I assume you're using SA under MailScanner.. Did you reload MailScanner after changing the config file? Local.cf only gets parsed when a SA instance is created, not for every message, so if you don't reload it won't take effect until MailScanner decides to kill and reload all the scanning children. (You could also restart mailscanner, but that causes the init script to also shut down and restart the sendmail instances, so it's overkill here) From matt at coders.co.uk Tue Apr 18 22:41:04 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue Apr 18 22:41:10 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <44455CF0.6030702@coders.co.uk> Jim Holland wrote: > but, not surprisingly, neither of these work. Can you suggest any way to > make such a rule work? Or would it need to be a new feature? I do think > it would be very useful to be able to use <> if it cannot be done at the > moment. If you are using sendmail and are willing to use milters then checkout milter-regex. I use this for exactly the purpose you have described. http://www.benzedrine.cx/milter-regex.html matt From mailscanner at mango.zw Tue Apr 18 22:46:35 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 18 22:47:31 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <44455CF0.6030702@coders.co.uk> Message-ID: On Tue, 18 Apr 2006, Matt Hampton wrote: > Jim Holland wrote: > > > but, not surprisingly, neither of these work. Can you suggest any way to > > make such a rule work? Or would it need to be a new feature? I do think > > it would be very useful to be able to use <> if it cannot be done at the > > moment. > > If you are using sendmail and are willing to use milters then checkout > milter-regex. I use this for exactly the purpose you have described. > > http://www.benzedrine.cx/milter-regex.html Excellent suggestion - thanks. I noticed when I installed the latest sendmail 8.13.16 recently from source that it was possible to use regexes, but had put that on the back burner for the moment. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From csweeney at osubucks.org Tue Apr 18 22:51:15 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Apr 18 22:51:30 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: <44455F53.1000003@osubucks.org> If you are blocking by domain from the TR then you are possibly rejecting legit email as all of the ones you listed also provide commercial services. I myself get my fiber from Time Warner Cable.... Chris Kai Schaeffer wrote: > Res wrote on Mon, 17 Apr 2006 13:36:22 +1000 (EST): > > >> Since enforcing PTR checks, like I said 90% of the crap is now rejected >> > > By simply checking if a PTR record exists? You are then getting spam from > weird locations ;-) All big German providers have PTR for their dynamic IP > space and what I get from the big US providers like charter, comcast, shaw > and such, they all have PTR. Actually that's a good thing since I can > block them all by domain instead of collecting their IP ranges :-) > I could reject maybe 10% by a "need PTR" policy - if I'm lucky. > > Kai > > -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/0d44c984/attachment.html From alex at nkpanama.com Tue Apr 18 23:45:24 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 18 23:45:54 2006 Subject: Custom blacklist?? In-Reply-To: <44455B7F.9090601@evi-inc.com> References: <444529E0.9010809@thehostmasters.com> <44455B7F.9090601@evi-inc.com> Message-ID: <44456C04.1080100@nkpanama.com> Matt Kettler wrote: > Rob Morin wrote: > >> Hello all... >> >> I added the following line in local.cf, but it has no affect... I must >> be doing something retardily wrong?! >> >> blacklist_from bloddy_ceaser@hotmail.com >> >> hoping the above would block email from the email address?? >> >> SA 3.1 >> > > I assume you're using SA under MailScanner.. Did you reload MailScanner after > changing the config file? Local.cf only gets parsed when a SA instance is > created, not for every message, so if you don't reload it won't take effect > until MailScanner decides to kill and reload all the scanning children. > > (You could also restart mailscanner, but that causes the init script to also > shut down and restart the sendmail instances, so it's overkill here) > > > Wouldn't it be better to do the blacklist at the MTA level, or using "is definitely spam" in MailScanner.conf? From alex at nkpanama.com Tue Apr 18 23:59:53 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 19 00:00:28 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <44456F69.7060701@nkpanama.com> I'm sure I could think of a couple of drastic solutions (firewalling them, bouncing everything to the ISP CEO's home address, etc.) that wouldn't really solve your problem. Are you sure the spacing is right in your spam.blacklist.rules? I always use tabs just in case, although I've heard you can use any whitespace. Are you restarting MailScanner when you make the changes? Is the "default" line at the end? I really hate it when clueless admins do this. They should quit their job, donate their severance check to charity, and choose another profession :) Regards, Alex Jim Holland wrote: > Hi Julian > > I have a user who is receiving numerous erroneous bounces of "cleaned" > viruses from a large local ISP. The viruses are spoofing her address. > The envelope sender address according to the log file is the null address > <>, although when received by the user it has the envelope address > MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after > receipt. I have tried the following in spam.blacklist.rules: > > From: <> and To: user@mango.zw yes > and > From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes > > but, not surprisingly, neither of these work. Can you suggest any way to > make such a rule work? Or would it need to be a new feature? I do think > it would be very useful to be able to use <> if it cannot be done at the > moment. > > I am not using SpamAssassin (don't have enough horsepower) so cannot use > that. And I don't want to block other mail from the major local ISP that > is sending this junk. > > For the moment I will just try getting them on the phone once more . . . > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > From jrudd at ucsc.edu Wed Apr 19 00:05:06 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed Apr 19 00:05:50 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <6071cb1325092e831b520bc826a35253@ucsc.edu> Be careful, you're required by RFC (I forget which one) to treat <> as a valid address (it essentially means "MAILER-DAEMON@the.originating.host", and the reason yours is being inserted is probably that your MTA is qualifying and canocializing and such). I don't know if the RFC-Ignorant RBL has a case for people who reject <> or not, but it wouldn't surprise me. You might try mimedefang (a milter). It gives you lots of functionality you can use to reject or discard (quietly) messages at different stages of the transaction. You need to know perl, though (you basically have to write the handling code for each stage). On Apr 18, 2006, at 2:32 PM, Jim Holland wrote: > Hi Julian > > I have a user who is receiving numerous erroneous bounces of "cleaned" > viruses from a large local ISP. The viruses are spoofing her address. > The envelope sender address according to the log file is the null > address > <>, although when received by the user it has the envelope address > MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after > receipt. I have tried the following in spam.blacklist.rules: > > From: <> and To: user@mango.zw yes > and > From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes > > but, not surprisingly, neither of these work. Can you suggest any way > to > make such a rule work? Or would it need to be a new feature? I do > think > it would be very useful to be able to use <> if it cannot be done at > the > moment. > > I am not using SpamAssassin (don't have enough horsepower) so cannot > use > that. And I don't want to block other mail from the major local ISP > that > is sending this junk. > > For the moment I will just try getting them on the phone once more . . > . > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mailscanner at mango.zw Wed Apr 19 00:48:06 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Apr 19 00:52:47 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <6071cb1325092e831b520bc826a35253@ucsc.edu> Message-ID: On Tue, 18 Apr 2006, John Rudd wrote: > Be careful, you're required by RFC (I forget which one) to treat <> as a > valid address (it essentially means > "MAILER-DAEMON@the.originating.host", and the reason yours is being > inserted is probably that your MTA is qualifying and canocializing and > such). I don't know if the RFC-Ignorant RBL has a case for people who > reject <> or not, but it wouldn't surprise me. We are only trying to block mail from the null address to this particular user who is being bombarded by these junk notices. I don't think anyone would complain about taking action to protect yourself! Of course we are normally quite happy to accept mail from <> as it is the standard way of avoiding bounce loops. > You might try mimedefang (a milter). It gives you lots of functionality > you can use to reject or discard (quietly) messages at different stages > of the transaction. You need to know perl, though (you basically have > to write the handling code for each stage). Thanks for the tip. > On Apr 18, 2006, at 2:32 PM, Jim Holland wrote: > > > Hi Julian > > > > I have a user who is receiving numerous erroneous bounces of "cleaned" > > viruses from a large local ISP. The viruses are spoofing her address. > > The envelope sender address according to the log file is the null > > address > > <>, although when received by the user it has the envelope address > > MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after > > receipt. I have tried the following in spam.blacklist.rules: > > > > From: <> and To: user@mango.zw yes > > and > > From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes > > > > but, not surprisingly, neither of these work. Can you suggest any way > > to > > make such a rule work? Or would it need to be a new feature? I do > > think > > it would be very useful to be able to use <> if it cannot be done at > > the > > moment. > > > > I am not using SpamAssassin (don't have enough horsepower) so cannot > > use > > that. And I don't want to block other mail from the major local ISP > > that > > is sending this junk. > > > > For the moment I will just try getting them on the phone once more . . > > . > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From mailscanner at mango.zw Wed Apr 19 00:41:53 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Apr 19 01:06:32 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <44456F69.7060701@nkpanama.com> Message-ID: On Tue, 18 Apr 2006, Alex Neuman van der Hans wrote: > I'm sure I could think of a couple of drastic solutions (firewalling > them, bouncing everything to the ISP CEO's home address, etc.) that > wouldn't really solve your problem. > > Are you sure the spacing is right in your spam.blacklist.rules? I always > use tabs just in case, although I've heard you can use any whitespace. > Are you restarting MailScanner when you make the changes? Is the > "default" line at the end? Yes/yes/yes. I use spam.blacklist.rules all the time, so I am sure that I am entering the details correctly. However I would assume that MailScanner does in fact ignore any angle brackets around an address. > I really hate it when clueless admins do this. They should quit > their job, donate their severance check to charity, and choose another > profession :) In this case the problem is with the infected corporate client of the ISP. They are ironically using MailScanner, but obviously haven't configured it correctly. By receiving the bounces I can see exactly which of their computers is infected. But so far I have not been able to get any response from the corporate client. Now I just need to persuade their ISP to close them down for a little while (weeks? months?) until they get their act together. > Jim Holland wrote: > > Hi Julian > > > > I have a user who is receiving numerous erroneous bounces of "cleaned" > > viruses from a large local ISP. The viruses are spoofing her address. > > The envelope sender address according to the log file is the null address > > <>, although when received by the user it has the envelope address > > MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after > > receipt. I have tried the following in spam.blacklist.rules: > > > > From: <> and To: user@mango.zw yes > > and > > From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes > > > > but, not surprisingly, neither of these work. Can you suggest any way to > > make such a rule work? Or would it need to be a new feature? I do think > > it would be very useful to be able to use <> if it cannot be done at the > > moment. > > > > I am not using SpamAssassin (don't have enough horsepower) so cannot use > > that. And I don't want to block other mail from the major local ISP that > > is sending this junk. > > > > For the moment I will just try getting them on the phone once more . . . > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > > > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From jrudd at ucsc.edu Wed Apr 19 01:47:37 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed Apr 19 01:48:18 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <5a29d1da587619659b75e23111da9f04@ucsc.edu> On Apr 18, 2006, at 4:48 PM, Jim Holland wrote: > On Tue, 18 Apr 2006, John Rudd wrote: > >> Be careful, you're required by RFC (I forget which one) to treat <> >> as a >> valid address (it essentially means >> "MAILER-DAEMON@the.originating.host", and the reason yours is being >> inserted is probably that your MTA is qualifying and canocializing and >> such). I don't know if the RFC-Ignorant RBL has a case for people who >> reject <> or not, but it wouldn't surprise me. > > We are only trying to block mail from the null address to this > particular > user who is being bombarded by these junk notices. I don't think > anyone > would complain about taking action to protect yourself! Of course we > are > normally quite happy to accept mail from <> as it is the standard way > of > avoiding bounce loops. I mainly meant "don't reject/bounce, make sure you silently discard them". You don't want any outside host to see you refusing them, if that makes sense. From ssilva at sgvwater.com Wed Apr 19 03:22:57 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 19 03:23:24 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <44454331.6050409@thehostmasters.com> References: <44454331.6050409@thehostmasters.com> Message-ID: Rob Morin spake the following on 4/18/2006 12:51 PM: > Hello.... > > I will be creating an MX(mailscanner Machine) all on its own to crunch > away all those bad little emails... as the current MS is taking too much > resources on my other machine.... > > So the question is, aside form OS which will be Debian and the hardware.... > > What setup should i do with respect to install MS and associated apps... > > Apt-get or source/compile/install... > > any other important things is should check out or know? > > Thanks too all.. > Your call. Do you want to stay current with any updates as soon as they come out, or do you want to wait for the package maintainers to release the newer versions. I'm not bagging on any package maintainers, as I know most of them have regular jobs, but it is up to you to decide. I don't spend more than an hour a month keeping current with the source packages. Julian has made the process very easy with his all in one package of Clam-AV and spamassassin, and the MailScanner package. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Wed Apr 19 08:39:31 2006 From: res at ausics.net (Res) Date: Wed Apr 19 08:39:43 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: Hi, On Tue, 18 Apr 2006, Kai Schaetzl wrote: > Res wrote on Mon, 17 Apr 2006 13:36:22 +1000 (EST): > >> Since enforcing PTR checks, like I said 90% of the crap is now rejected > > By simply checking if a PTR record exists? You are then getting spam from > weird locations ;-) All big German providers have PTR for their dynamic IP > space and what I get from the big US providers like charter, comcast, shaw > and such, they all have PTR. Actually that's a good thing since I can > block them all by domain instead of collecting their IP ranges :-) hehehe yes it is a good thing comcast.net 550 #$#@ off spamming scum beats having 500 lines of various IP's im bound to miss many of anyway :) > I could reject maybe 10% by a "need PTR" policy - if I'm lucky. thats still 10% less spam :) I find the vast majority of no ptr's (and spam) comes from asia we'd reject as much mail in one day from china as we would all of comcast shaw roadrunner and aol combined, and as months go by it gets worse, where as only 12 months ago I outright entirely blocked shaw and roadrunner and comcast because the spam from them in one day was more than asia gave me in a month, now the tide has turned, do not get much from Europe or au/nz. -- Cheers Res From res at ausics.net Wed Apr 19 08:43:53 2006 From: res at ausics.net (Res) Date: Wed Apr 19 08:44:02 2006 Subject: greylisting? In-Reply-To: <44455F53.1000003@osubucks.org> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> <44455F53.1000003@osubucks.org> Message-ID: On Tue, 18 Apr 2006, Chris Sweeney wrote: > If you are blocking by domain from the TR then you are possibly > rejecting legit email as all of the ones you listed also provide > commercial services. I myself get my fiber from Time Warner Cable.... Yes, but lets face it, not may carriers gives a damn about spam complaints and in the US they sure as hell ignore it, or maybe they just ignore complaints from those of us who dont live in the US, however when you take out their entire domain like we did a year ago to shaw and rr, well that certainly got their attention, and satisfactory co-operation, now comcast however is a complete lost cause, they remain blocked today and I dont care, because until they deal with their spamming scum users they wont be using any of our resources. -- Cheers Res From martinh at solid-state-logic.com Wed Apr 19 08:56:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 19 08:56:18 2006 Subject: DCC Score In-Reply-To: <444522D1.60107@trayerproducts.com> Message-ID: <007901c66386$b8b5fda0$3004010a@martinhlaptop> Rod In the SA rules - default score will be in /usr/local/share/spamassassin/50_scores.cf If you want to change it - alter your spam.assassin.prefs.conf with the new score.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rodney Green > Sent: 18 April 2006 18:33 > To: mailscanner@lists.mailscanner.info > Subject: DCC Score > > > Hello, > > Where is score for DCC configured? > > Thanks, > Rod > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Apr 19 09:02:26 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 19 09:02:36 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <44454331.6050409@thehostmasters.com> Message-ID: <007a01c66387$9921c5e0$3004010a@martinhlaptop> Rob As for the apt or source - depends on how often you want to update....the apt's can be a little behind a the monthly source updates..if you're happy with apt for everything - esp moving to unstable then it's prob to stick with that. For the machine itself - make sure you've got at least 1GB per CPU (that includes HT as two CPUs etc). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 18 April 2006 20:51 > To: MailScanner discussion > Subject: Changin MX machine to it's own, recommendations please... > > Hello.... > > I will be creating an MX(mailscanner Machine) all on its own to crunch > away all those bad little emails... as the current MS is taking too much > resources on my other machine.... > > So the question is, aside form OS which will be Debian and the > hardware.... > > What setup should i do with respect to install MS and associated apps... > > Apt-get or source/compile/install... > > any other important things is should check out or know? > > Thanks too all.. > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Sylvain.Phaneuf at imsu.ox.ac.uk Wed Apr 19 09:26:01 2006 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Wed Apr 19 09:26:17 2006 Subject: Ignore Spam Whitelist If Recipients Exceed.... In-Reply-To: <4444F9C2.FEA8.00EB.0@imsu.ox.ac.uk> References: <4444F9C2.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <44460229.FEA8.00EB.0@imsu.ox.ac.uk> Any suggestions on this please? Sylvain >>> On 18/04/2006 at 14:37, in message <4444F9C2.FEA8.00EB.0@imsu.ox.ac.uk>, Sylvain.Phaneuf@imsu.ox.ac.uk wrote: > Hi everyone, > > This is my annual message to the list. Mailscanner is too d*** good, I > don't can't find anything that goes wrong... > > We have come across a few messages lately that were flagged as spam > while the sender was on our whitelist. I wonder what is the current > wisdom on this... here it goes: > > we have kept the default setting for: > Ignore Spam Whitelist If Recipients Exceed = 20 > > This morning someone we trust (!???) forwarded a message to 45 people - > she had received that message from someone she trusts (!!??!). It turns > out that the original message triggered two SA rules (MSGID_DOLLARS = > Message-Id has pattern used in spam and MSGID_OUTLOOK_INVALID = > Message-Id is fake (in Outlook Express format)). Other than that the > message was cleaned and we feel we should have let it go without > flagging it as spam. We are very careful to what we had to our > whitelist. > > Should we raise our "Ignore Spam Whitelist If Recipients Exceed" to a > bigger number? What do people do out there? > > Looking forward to reading your suggestions all. > > Thanks again to all the regulars, and to Julian! > > Sylvain > > > From smf at f2s.com Wed Apr 19 09:54:41 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Apr 19 09:52:27 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: <1145436881.8435.312.camel@localhost.localdomain> Hi Kai, On Tue, 2006-04-18 at 23:31 +0200, Kai Schaetzl wrote: > Res wrote on Mon, 17 Apr 2006 13:36:22 +1000 (EST): > > > Since enforcing PTR checks, like I said 90% of the crap is now rejected > > By simply checking if a PTR record exists? You are then getting spam from > weird locations ;-) All big German providers have PTR for their dynamic IP > space and what I get from the big US providers like charter, comcast, shaw > and such, they all have PTR. Actually that's a good thing since I can > block them all by domain instead of collecting their IP ranges :-) > I could reject maybe 10% by a "need PTR" policy - if I'm lucky. I've been messing around with miltering a lot lately and I came up with what I think is quite a good way to deal with dynamic IP ranges from cable/DSL providers etc. that spew out junk from injected/trojan machines without resorting to using a blacklist (which doesn't list all the possible ranges anyway) or manually listing lots of IP ranges: 1) Check the PTR record (no lookup required Sendmail already does this). - TEMPFAIL the connection if no record exists. 2) Check the A record for the hostname returned by the reverse lookup. - (Optional), TEMPFAIL the connection if no record exists. 3) Run a series of regexp tests against the hostname and REJECT the message if any match: - Hex encoded IP address appears within the hostname - all IP octets appear within the hostname (fwd/rev) - IP address without the .'s appears within the hostname (fwd/rev) - Last two octets appears within the hostname (fwd/rev) - Last octet appears within the hostname - Hostname contains any of the following (.adsl. .dsl. .dip. .ddns.) I'm not sure I'd ever dare run anything like this on a production system -- but using this and the URI blacklisting was almost 100% effective in rejecting all junk from our spam trap at the MTA level (the only messages left were joe-job bounce-backs). I'm going to see if I can create some SpamAssassin rules to achieve the same sort of thing using the first untrusted Received header and see how effective it might be using mass-check against a corpus. Cheers, Steve. From smf at f2s.com Wed Apr 19 09:56:45 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Apr 19 09:54:32 2006 Subject: OT: URI Blacklisting at MTA Level Message-ID: <1145437006.8435.315.camel@localhost.localdomain> Hi All, I posted the message below to the SURBL and URIBL lists a couple of days ago, I thought I'd re-post here as I'm using it in front of MailScanner to reduce the overall system load: > I've written a basic Sendmail milter in Perl using Sendmail::PMilter > which uses the SpamAssassin libraries with just the 20_uri_tests.cf > rules file (so it is relatively light) to strip the URI's from a > message > and then check them against multi.surbl.org and black.uribl.com and > reject any messages that contains blacklisted URI's. > > It's rough code at the moment - there's no whitelisting or any > start/stop scripts for it yet and this is my first attempt at anything > in Perl - I've been running it on our spam trap for a while now and > it's > worked very well, I have not tried it on a production system yet. > > I'm posting it here in case anyone finds this useful and for comment - > It can be downloaded from http://www.fsl.com/support/milter-uri.pl -- > installation instructions are in the file. Kind regards, Steve. From pete at enitech.com.au Wed Apr 19 13:23:47 2006 From: pete at enitech.com.au (Pete Russell) Date: Wed Apr 19 13:23:56 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> Message-ID: <44462BD3.40208@enitech.com.au> Res wrote: > only confirms what many ppl think, wietse is bernstein 'the second' Yeah start learning Exim i think - postfix has an erratic development that reflects its author's attitude - personaly i would like to be one less postfix user that Julian has to try and support. I would really like to be able to split emails for each recipient too. From martin.lyberg at gmail.com Wed Apr 19 13:54:04 2006 From: martin.lyberg at gmail.com (Martin) Date: Wed Apr 19 13:54:22 2006 Subject: Forward virus, not quarantine? In-Reply-To: <032001c662f1$966af470$3004010a@martinhlaptop> References: <032001c662f1$966af470$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote: > If you install mailwatch on top of MailScanner it will give you a nice > interface to release emails etc... Martin, I've installed mailwatch now, still some minor issues to fix, but it certainly looks good. Thanks for the tip! / Martin From martin.lyberg at gmail.com Wed Apr 19 13:57:24 2006 From: martin.lyberg at gmail.com (Martin) Date: Wed Apr 19 14:00:07 2006 Subject: MailScanner + Postfix = message doubles Message-ID: Hi, I've problem with message doubles when running MailScanner + Postfix and relaying for our internal exchangeserver. It happens sometimes, and sometimes not. Is there an easy solution to this? I've searched the archives and found some similar posts, but it didn't helped me. I really want to stick with Postfix. Any hints where to start? / Martin From rpoe at plattesheriff.org Wed Apr 19 15:33:54 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Apr 19 15:34:25 2006 Subject: MailScanner Future Message-ID: <44460406.65ED.00A2.0@plattesheriff.org> I had a quick question regarding MailScanner's future. I noticed that there is now a company that provides either installation services, and possibly a new product (for $) that installs all kinds of goodies on servers automagically. What about the core of MailScanner. Will it remain Open Source, or is the future going to see a "Closing of the Source" and eventually see MailScanner become a commercial product? I'm not trying to stir anything up .. But it is a legitimate question. :) From john at tradoc.fr Wed Apr 19 15:53:37 2006 From: john at tradoc.fr (John Wilcock) Date: Wed Apr 19 15:53:46 2006 Subject: MailScanner + Postfix = message doubles In-Reply-To: References: Message-ID: <44464EF1.4030500@tradoc.fr> Martin wrote: > I've problem with message doubles when running MailScanner + Postfix and > relaying for our internal exchangeserver. It happens sometimes, and > sometimes not. This was a problem with the dual postfix configuration that used to be recommended for MailScanner. For some time now the preferred solution is a single instance of postfix using the hold queue method described in http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation Provided you're using a recent-ish version of MailScanner and you've followed the instructions on the Wiki you shouldn't be seeing any duplicates. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From dhawal at netmagicsolutions.com Wed Apr 19 15:56:48 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Apr 19 15:56:34 2006 Subject: MailScanner + Postfix = message doubles In-Reply-To: References: Message-ID: <44464FB0.2040707@netmagicsolutions.com> Martin wrote: > Hi, > > I've problem with message doubles when running MailScanner + Postfix and > relaying for our internal exchangeserver. It happens sometimes, and > sometimes not. > > Is there an easy solution to this? I've searched the archives and found > some similar posts, but it didn't helped me. > > I really want to stick with Postfix. > > Any hints where to start? > > / Martin 1. Check if they are really doubles, do this by comparing the message headers. 2. Check you lock type in mailscanner, for postfix it is recommended that you leave it to the default (i think it ought to be 'blank'). 3. Check if your POP/IMAP server is responsible for this mess. 4. Are you using a cisco pix in front of your server.. if so, disable the fixup-protocol for smtp. Send the following details: OS? postfix version? MailScanner version? Post some logs pertaining to this problem - dhawal From drew at themarshalls.co.uk Wed Apr 19 16:33:14 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Apr 19 16:33:24 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <44462BD3.40208@enitech.com.au> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <44462BD3.40208@enitech.com.au> Message-ID: <63830.194.70.180.170.1145460794.squirrel@webmail.r-bit.net> On Wed, April 19, 2006 13:23, Pete Russell wrote: > Res wrote: >> only confirms what many ppl think, wietse is bernstein 'the second' > > Yeah start learning Exim i think - postfix has an erratic development > that reflects its author's attitude - personaly i would like to be one > less postfix user that Julian has to try and support. I would really > like to be able to split emails for each recipient too. I have to say I am tempted too but at the risk of starting a holy war, I like the Postfix security. I am not suggesting Exim isn't secure but I read somewhere on the Exim site it's own authers thought it was 'pretty secure' and 'pretty' doesn't fil me with total confidence. Certainly I struggle to get my head round Sendmail's configs and I got fed up with patching several years a go :-( What a choice, keep patching up the old trusty but leaking boat (Who's builder keeps changing the jointing methods so you can't use the same repair methods), jump ship to a boat that looks quite nice with a consistant joint but with a hull that might not be quite as strong or to the boat that is a classic design but every so often develops a design fault that needs urgent attention and it's controls don't make steering it any easier. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dhawal at netmagicsolutions.com Wed Apr 19 16:44:29 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Apr 19 16:44:13 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <44432F03.4090907@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> Message-ID: <44465ADD.2030806@netmagicsolutions.com> Top Posting.. in continuation to my previous mail I searched for some more stuff from Wietse, this time related to qpsmtpd. My quest here is to ensure that postfix and mailscanner play nice with each other from a technical (which i believe it does currently but is bound to break with future postfix releases) and also from a political point of view, since both products will benefit from this (postfix users have an alternative to amavis and mailscanner users enjoy official postfix support).. I haven't seen Julian on the list for quite some time but i assume he'll have something important to say on this topic. - dhawal Quoting Wietse: =============== A reasonably MTA-independent submission interface would look like this, if implemented as (stdin + exit status) which is script-friendly though not maximally robust (like an SMTP-like interface would be). First a block of envelope headers: protocol_name: SMTP helo_name: client hostname client_name: client hostname client_address: [ipv4address] or [ipv6:ipv6address] client_port: port number sasl_method: plain sasl_username: you sasl_sender: size: 12345 ccert_subject: solaris9.porcupine.org ccert_issuer: Wietse Venema ccert_fingerprint: C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04 encryption_protocol: TLSv1/SSLv3 encryption_cipher: DHE-RSA-AES256-SHA encryption_keysize: 256 sender: <> or address dsn-envelope-id: dsn-return-option: full or headers recipient: address (<> not allowed) dsn-notify-options: never, or comma-separated list of fail, delay, success dsn-orig-rcpt: original recipient After a blank line, the standard RFC2822 content: headers.... blank body... Where the blank and body... are optional. The exit status is 0 for success. All other status codes mean that the operation failed. We have to do much of this anyway when mail archival support is added, so I would like to get it right once. Now this is not the whole story: this submission interface cannot be exposed to untrusted users of they could bypass all the safety checks that are built into smtpd, pickup, postdrop and cleanup. So it has to be implemented as a set-gid helper that checks an authorization list. If the caller is trusted, then it passes a file descriptor to a Postfix daemon process that does the actual work. I don't intend to use set-uid programs within Postfix. Wietse =============== Dhawal Doshy wrote: > Dhawal Doshy wrote: >> Drew Marshall writes: >>> On 14 Apr 2006, at 18:28, Mike Jakubik wrote: >>>> Dhawal Doshy wrote: >>>>> This mail was also posted by the OP to the postfix-users list and >>>>> is now being discussed by the postfix authors 'wietse' and >>>>> 'viktor' for better integration (read: compliant to the postfix >>>>> internal architecture) between postfix and mailscanner.. >>>>> I request all mailscanner+postfix users to follow this thread on >>>>> the postfix-users lists and voice your technical opinions, if any. >>>> >>>> Its sad to see that one of the best MTAs and content scanners, does >>>> not get along so well.. Apparently Postfix 2.3 will make changes >>>> that will break MailScanner functionality :( >>> >>> Very sad indeed. Interestingly I am running the current release (Non >>> stable) of 2.3 and it works fine with MailScanner so I await to see >>> what happens with the 'new queue format'. >>> Drew >> >> No it won't (Julian will find a better workaround) and it shouldn't, i >> would request all postfix users to subscribe to the postfix-users list >> and convince the developers to document postfix queue internals so >> that this matter is resolved once and for all.. >> At the least ensure that someone of use who understands postfix really >> well, (i don't) follows up with viktor and wietse on this.. >> - dhawal > > We now have postfix+mailscanner working perfectly fine, but is likely to > break in future releases due to internal changes in the postfix queue > working.. hence i took the liberty of sending this mail to the postfix > users list. Constructive comments are welcome from postfix and > non-postfix users: > ============== > MailScanner currently works in this fashion: > Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue > ==> local delivery or relay > > From what i understand, the part where mailscanner re-queues mails to > the postfix incoming queue is the questionable part.. > > So what conclusion do we (the non-programmer postfix users) draw from > your discussion? What are the changes expected that i need to > communicate to the mailscanner development team? > > Finally, what would be required to make mailscanner an approved > Content-Scanner for postfix. > ============== > > > This is the reply from Wietse: > ============== > It takes a stable EXTERNAL interface, so that non-Postfix software is > immune to changes in Postfix INTERNAL details. > > For example, software that speak SMTP is largely immune to changes in > Postfix internal details, because SMTP is well defined. > > Absent precisely formulated requirements I can't define an external > interface for content management. > > Wietse > ============== > > > A search on the postfix archive gave me this mail from Wietse: > ============== > The question is 100% academic. Like other Postfix internals, Postfix > queue details will not be published until they stop changing. > Until then I want to have the freedom to make changes without having > to jump horrible hoops in order to avoid breaking other people's > software. > > To give you an idea of what it would take to make mailscanner safe > with the PRESENT queue implementation: > > 1) The Postfix queue would have to be changed from a three-state > incoming/active/deferred organization to a four-state organization > of unfiltered/incoming/active/deferred. > > 2) All four queues MUST BE in the same file system. Otherwise mail > will be corrupted or lost. > > 3) A modified cleanup server drops new mail into the "unfiltered" > queue and notifies mailscanner, while the unmodified cleanup server > drops locally forwarded mail into the incoming queue and informs > the queue manager as usual. > > 4) Mailscanner MUST NOT move queue files except by renaming them > between Postfix queue directories. Otherwise mail will be corrupted > or lost. > > 5) Mailscanner MUST maintain the relationship between the file name > and the file inode number. Otherwise mail will be corrupted or > lost. > > 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take > irreversible actions, or actions that may require undo operations > after a system crash. Otherwise mail will be corrupted or lost. > > Specifically: > > 8) Mailscanner MUST NOT modify queue files. If content needs to be > updates, Mailscanner MUST create a new queue file and delete the > original only after the new file has been committed to stable > storage. Otherwise mail will be corrupted or lost. > > 9) When creating a queue file, Mailscanner MUST adhere to the > convention that the file permissions are set to "executable" only > after the file contents are safely stored. Otherwise mail will be > corrupted or lost. > > 10) Mailscanner should never touch a queue file that has an advisory > lock (flock or fcntl lock, depending on the system environment). > Otherwise mail will be corrupted or lost. > > But again, all this is academic, because I will never support > non-standard interfaces for content inspection in Postfix. > > Wietse > ============== From realmcking at gmail.com Wed Apr 19 16:50:49 2006 From: realmcking at gmail.com (Mark McCoy) Date: Wed Apr 19 16:50:54 2006 Subject: Solaris 10: won't start via init script In-Reply-To: References: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> Message-ID: On 4/16/06, randyf@sibernet.com wrote: > > > On Sat, 15 Apr 2006, Jeff A. Earickson wrote: > > > Yes, but it still supports legacy scripts in /etc/init.d so the script > > that I used with Solaris 9 ought to work. > > Yes, your legacy script should work (verify it by running: "svcs -a | > grep legacy_run" and see if it is in the list), but there may be > dependancies on other services that are controlled by SMF, such as > sendmail. Also, if you are using the standard Solaris distributed Perl, > you are now using a 5.8 perl variant (depending on your patch level), so > you may require the reinstallation of some perl modules (or changing the > /usr/bin/perl link), but at a minimum, may need to recompile the required > MailScanner Perl Modules. > > And as sendmail is now an SMF service, you won't be able to manage how > it is run by changing init.d scripts, but instead needs to have the > methods changed. I have a manifest that can be used as a replacement to > the Solaris sendmail manifest, that will create and use the mqueue and > mqueue.in directories, as well as start and stop MailScanner (it is even > zone aware). If anyone thinks this would be usefull, or maybe put it in > the contributed space, I will happily send it along. > > ---- Randy Thanks Randy, that would be great! We're not on Sol10 yet, but looking to move there in the future... -- Mark McCoy -- Professional Unix geek If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy. - James Madison, fourth US president (1751-1836) From ssilva at sgvwater.com Wed Apr 19 18:32:28 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 19 18:32:53 2006 Subject: MailScanner Future In-Reply-To: <44460406.65ED.00A2.0@plattesheriff.org> References: <44460406.65ED.00A2.0@plattesheriff.org> Message-ID: Rob Poe spake the following on 4/19/2006 7:33 AM: > I had a quick question regarding MailScanner's future. > > I noticed that there is now a company that provides either installation services, and possibly a new product (for $) that installs all kinds of goodies on servers automagically. What about the core of MailScanner. Will it remain Open Source, or is the future going to see a "Closing of the Source" and eventually see MailScanner become a commercial product? > > I'm not trying to stir anything up .. But it is a legitimate question. :) > > > > > I can't answer for Julian's future intentions, but he has stated in the past that the core will remain free, and the extra bells and whistles of the DefenderMX product will justify its purchase and support contracts to those who require it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Wed Apr 19 19:11:35 2006 From: alex at nkpanama.com (Alex Neuman) Date: Wed Apr 19 19:13:38 2006 Subject: Can the null address be specified in a ruleset? Message-ID: <200604191811.k3JIBRMl000610@nkserver.nkpanama.com> Do you know of a good way to silently discard these messages selectively? From alex at nkpanama.com Wed Apr 19 19:11:46 2006 From: alex at nkpanama.com (Alex Neuman) Date: Wed Apr 19 19:15:01 2006 Subject: greylisting? Message-ID: <200604191811.k3JIBRMt000610@nkserver.nkpanama.com> I believe you're right on every count. I did, however, place an explanatory webpage on the mta reject message, so that the sysadmins on the verge of acquiring a clue can have the problem fixed. -----Original Message----- From: "Res" Sent: 04/18/06 2:46:53 AM To: "MailScanner discussion" Subject: Re: greylisting? On Mon, 17 Apr 2006, Alex Neuman van der Hans wrote: > Res wrote: >>> >>> How much of RFC1912? >> >> >> "Every Internet-reachable host should have a name." >> >> Since enforcing PTR checks, like I said 90% of the crap is now rejected >> we've done it for years with no regrets and only about a dozen or so >> complaints in all that time, >> >> > > You're right. AOL is enforcing it. Why can't we? :D AOL only started about a year ago, I've been doing it for over 5 or 6 years, the results speak for themselves. If you run a network where the system admins are incompetant and do not do their job properly by ensuring every host has a hostname, be it dsl, dialup, a hosting server or a key server in a NOC, its just plain lazyness, and they should be dismissed as such. -- Cheers Res -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From victor at pixelmagicfx.com Wed Apr 19 20:59:53 2006 From: victor at pixelmagicfx.com (Victor DiMichina) Date: Wed Apr 19 21:00:06 2006 Subject: DCC Score In-Reply-To: <444522D1.60107@trayerproducts.com> References: <444522D1.60107@trayerproducts.com> Message-ID: <444696B9.4070104@pixelmagicfx.com> Rodney Green wrote: > > > Hello, > > Where is score for DCC configured? > Mine always scores 2.17, if I understand the question correctly. Vic From damian at workgroupsolutions.com Wed Apr 19 22:57:31 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Wed Apr 19 22:57:36 2006 Subject: AOL in Spamcop RBL Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CD26E@core01.workgroupsolutions.com> AOL IP addresses are in the spamcop.net database 64.12.137.5 64.12.137.4 64.12.137.7 64.12.137.8 Regards, Damian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060419/f936e1a0/attachment.html From pete at enitech.com.au Wed Apr 19 23:03:21 2006 From: pete at enitech.com.au (Peter Russell) Date: Wed Apr 19 23:03:35 2006 Subject: MailScanner Future In-Reply-To: References: <44460406.65ED.00A2.0@plattesheriff.org> Message-ID: <4446B3A9.4050105@enitech.com.au> Scott Silva wrote: > Rob Poe spake the following on 4/19/2006 7:33 AM: > >>I had a quick question regarding MailScanner's future. >> >>I noticed that there is now a company that provides either installation services, and possibly a new product (for $) that installs all kinds of goodies on servers automagically. What about the core of MailScanner. Will it remain Open Source, or is the future going to see a "Closing of the Source" and eventually see MailScanner become a commercial product? >> >>I'm not trying to stir anything up .. But it is a legitimate question. :) >> >> >> >> >> > > I can't answer for Julian's future intentions, but he has stated in the past > that the core will remain free, and the extra bells and whistles of the > DefenderMX product will justify its purchase and support contracts to those > who require it. > I cant speak for him either, but its not free, Julian spends a lot of time developing it. If you are a commercial user you should consider making a donation. Whatever that donation is its gonna be a LOT less than any licensing for any commercial products. From Marc.Dufresne at parks.on.ca Thu Apr 20 00:07:27 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Thu Apr 20 00:13:05 2006 Subject: mailscanner-4.50-15_1. blocking hotmail domain Message-ID: I recently upgraded to mailscanner-4.50-15_1. Just had numerous complaints that we are not able to receive e-mails from anyone from hotmail.com. I had to add the hotmail.com domain to /etc/mail/spamassassin/spam.whitelist.rules in order for us to receive e-mails from anyone on hotmail.com. Why has this changed? I never had to add this before? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From ssilva at sgvwater.com Thu Apr 20 00:40:51 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 20 00:41:24 2006 Subject: MailScanner Future In-Reply-To: <4446B3A9.4050105@enitech.com.au> References: <44460406.65ED.00A2.0@plattesheriff.org> <4446B3A9.4050105@enitech.com.au> Message-ID: Peter Russell spake the following on 4/19/2006 3:03 PM: > > > Scott Silva wrote: >> Rob Poe spake the following on 4/19/2006 7:33 AM: >> >>> I had a quick question regarding MailScanner's future. >>> >>> I noticed that there is now a company that provides either >>> installation services, and possibly a new product (for $) that >>> installs all kinds of goodies on servers automagically. What about >>> the core of MailScanner. Will it remain Open Source, or is the >>> future going to see a "Closing of the Source" and eventually see >>> MailScanner become a commercial product? >>> >>> I'm not trying to stir anything up .. But it is a legitimate >>> question. :) >>> >>> >>> >>> >>> >> >> I can't answer for Julian's future intentions, but he has stated in >> the past >> that the core will remain free, and the extra bells and whistles of the >> DefenderMX product will justify its purchase and support contracts to >> those >> who require it. >> > I cant speak for him either, but its not