From nauman at worldcall.net.pk Sat Apr 1 05:43:04 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Sat Apr 1 05:43:13 2006 Subject: problem in Mailscanner-mrtg Graphs References: Message-ID: <004101c65546$c5913f60$23c051cb@noc> ERROR IN /var/log/maillog : Mailserver MailScanner-MRTG[3544]: Unable to find a mountpoint for /var/www/html/mailscanner-mrtg/incoming/. Please set MailScanner Work Directory in mailscanner-mrtg.conf to a valid mountpoint. You can see a list of mointpoints on your system by using the df command I m using a.. mailscanner-mrtg-0.10.00-1.src.rpm b.. mrtg-2.13.2.tar.gz c.. gd-2.0.11.tar.gz d.. zlib-1.2.3.tar.gz e.. libpng-1.2.5.tar.gz f.. And SENDMAIL 8.13.5 and MailScanner I M using MRTG for the Base and Mailscanner-mrtg tool to Maintaine My Graphs for my MailServer I only Have these mount Points [root@Jadoo]# df -h Filesystem Mounted on /dev/sda3 / /dev/sda1 /boot none /dev/shm /dev/sdb1 /var Is there ANY Way - i can Make the Above Graph - Visible ?????????? Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From damian at workgroupsolutions.com Sat Apr 1 07:19:25 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Sat Apr 1 07:19:36 2006 Subject: segmentation fault starting MailScanner Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CCFD2@core01.workgroupsolutions.com> Any ideas what could be causing the following problem when starting MailScanner version 4.50.15, Sendmail 8.13.6, Spamassassin 3.1.0 and Perl 5.8.1 - I've been fighting this problems for months now when starting MailScanner though it does not happen every time I manually start MailScanner. Starting MailScanner daemons: incoming sendmail: /etc/init.d/MailScanner: line 390: 11791 Segmentation fault $SENDMAIL -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=$INQDIR -OPidFile=$INPID When the problem occurs, MailScanner does not start. I can make the problem happen by starting and stopping MailScanner about four times in a row. Thanks, Damian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060331/e0df86f1/attachment.html From karl.bailey at landmark-information.co.uk Sat Apr 1 10:49:50 2006 From: karl.bailey at landmark-information.co.uk (Karl Bailey) Date: Sat Apr 1 10:49:58 2006 Subject: Not often I post Message-ID: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6F22@exmx04.corp.edrlandmark.net> I've updated MailScanner as suggested & supplied the "broken" message directly to Julian. Hopefully this will help with this issue. Thanks for the responses. Regards KArl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Freegard Sent: 31 March 2006 09:32 To: MailScanner discussion Subject: Re: Not often I post Hi Karl, On Thu, 2006-03-30 at 23:02 +0100, Karl Bailey wrote: > Only when I have a problem, which I seem to at the moment. Two day in > a row now I have had a problem with MailScanner 4.51.5-1 running in > RedHat FC1. It employs spam assassin, kaspersky, f-prot & mcafee virus > scanning. CPU usage etc hovers around 25% & all in all it works very > well processing around 20000 messages (6GBytes) a day. > > > > I have received a single message that brings mailscanner to it's > knees .. the message enters the inbound mail queue, the MailScanner > processes defunct one by one till MailScanner is effectively not > processing mail any more, mail builds up in the inbound mail queue. > This is exasperated by the fact that although MailScanner reports as > defunct in the process list it is actually still identifying spam, & > generating spam warning messages, which in turn end up in the inbound > queue... this seems to lead to a "DOS" effect. > > > > I have isolated the single message in it's raw queue qf & df files. > Every time I place it into the inbound queue the processes defunct, & > yes I am ensuring there is no file permissions problems... If anyone > wants a copy of the message I can send them the queue files.... I'm > suspicious though that the Virus Scanning is where the problem lies, > hence without the combination of VC's listed above it may run through > the queue ... Any ideas? The one thing I've noticed about the header (qf > file) is that there seems to be some very long boundary strings > emplyed. > We had a number of customers with exactly the same problem on 4.51.5 - an upgrade to 4.51.6 solved the problem for them. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. Tel: +44 (0)1243 200 001 Mobile: +44 (0)7740 364 348 Skype: smfreegard -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Registered Office: 5-7 Abbey Court, Eagle Way, Sowton, Exeter, Devon, EX2 7HY Registered Number 2892803 Registered in England & Wales The information contained in this e-mail is confidential and may be subject to legal privilege. If you are not the intended recipient, you must not use, copy, distribute or disclose the e-mail or any part of its contents or take any action in reliance on it. If you have received this e-mail in error, please e-mail the sender by replying to this message. All reasonable precautions have been taken to ensure no viruses are present in this e-mail. Landmark Information Group Limited cannot accept responsibility for loss or damage arising from the use of this e-mail or attachments and recommend that you subject these to your virus checking procedures prior to use. www.landmarkinfo.co.uk From glenn.steen at gmail.com Sat Apr 1 11:46:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 1 11:46:25 2006 Subject: segmentation fault starting MailScanner In-Reply-To: <0C941442AC84A8449448BA2207DD4F4D0CCFD2@core01.workgroupsolutions.com> References: <0C941442AC84A8449448BA2207DD4F4D0CCFD2@core01.workgroupsolutions.com> Message-ID: <223f97700604010246of6158d6g3eb0cc585edc678c@mail.gmail.com> On 01/04/06, Damian Mendoza wrote: > > > > Any ideas what could be causing the following problem when starting > MailScanner version 4.50.15, Sendmail 8.13.6, Spamassassin 3.1.0 and Perl > 5.8.1 ? I've been fighting this problems for months now when starting > MailScanner though it does not happen every time I manually start > MailScanner. > > > > Starting MailScanner daemons: > > incoming sendmail: /etc/init.d/MailScanner: line 390: 11791 > Segmentation fault $SENDMAIL -bd -OPrivacyOptions=noetrn > -ODeliveryMode=queueonly -OQueueDirectory=$INQDIR -OPidFile=$INPID > > > > When the problem occurs, MailScanner does not start. > > > > I can make the problem happen by starting and stopping MailScanner about > four times in a row. > > > > > > Thanks, > > > > Damian This is very likely a HW problem. Start troubleshooting by running a memory tester worth its salt on the system (http://www.memtest86.com/ ... Assuming you are running on an x86 architecture... It is included on many Live-CD distros, Ubuntu etc etc). Also run fsck on every filesystem on the box (means you need boot to something else .... Knoppix, SystemResqueCD, R.I.P. or your OS' normal "non-disk" boot method). It's fairly unlikely, but a bum filesystem *could* trip you up. If those are "green", then something else is tipping you up (bum NIC, bad drivers, botched libs .... the list is "endless":-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Apr 1 13:04:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 1 13:05:20 2006 Subject: MailScanner ANNOUNCE: Stable 4.52 released Message-ID: <442E6C64.6080906@ecs.soton.ac.uk> I have just released the stable release for April, version 4.52. It's been a quiet month, just one major new feature which I hope the ISP's among you, in particular, will find useful. There is now an option in the Phishing Net settings that will make it slightly less strict. If you have a web server email.domain.com pretending to be www.domain.com it will not complain as the "domain.com" strings match. It also knows a pretty complete list of all the second level domains used by many countries. So email.domain.org.uk and www.domain.org.uk will match. But www.domain1.org.uk and www.domain2.org.uk will _not_ match. This is because it knows that ".org.uk" is a generic domain name used by the UK to cover a whole group of different websites (UK non-profits). This also adds a new configuration file, %etc-dir%/country.domains.conf. Download it as usual from www.mailscanner.info. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 1 13:09:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 1 13:09:17 2006 Subject: Not often I post In-Reply-To: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6F22@exmx04.corp.edrlandmark.net> References: <6D593FF95F52DB4D9CC4F5E3A4AC33825C6F22@exmx04.corp.edrlandmark.net> Message-ID: <442E6D67.2040309@ecs.soton.ac.uk> I think this was fixed in 4.51.6, it certainly doesn't appear to cause any problems now. Karl Bailey wrote: > I've updated MailScanner as suggested & supplied the "broken" message > directly to Julian. Hopefully this will help with this issue. Thanks for > the responses. > > Regards > KArl > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve > Freegard > Sent: 31 March 2006 09:32 > To: MailScanner discussion > Subject: Re: Not often I post > > Hi Karl, > > On Thu, 2006-03-30 at 23:02 +0100, Karl Bailey wrote: > >> Only when I have a problem, which I seem to at the moment. Two day in >> a row now I have had a problem with MailScanner 4.51.5-1 running in >> RedHat FC1. It employs spam assassin, kaspersky, f-prot & mcafee virus >> scanning. CPU usage etc hovers around 25% & all in all it works very >> well processing around 20000 messages (6GBytes) a day. >> >> >> >> I have received a single message that brings mailscanner to it's >> knees .. the message enters the inbound mail queue, the MailScanner >> processes defunct one by one till MailScanner is effectively not >> processing mail any more, mail builds up in the inbound mail queue. >> This is exasperated by the fact that although MailScanner reports as >> defunct in the process list it is actually still identifying spam, & >> generating spam warning messages, which in turn end up in the inbound >> queue... this seems to lead to a "DOS" effect. >> >> >> >> I have isolated the single message in it's raw queue qf & df files. >> Every time I place it into the inbound queue the processes defunct, & >> yes I am ensuring there is no file permissions problems... If anyone >> wants a copy of the message I can send them the queue files.... I'm >> suspicious though that the Virus Scanning is where the problem lies, >> hence without the combination of VC's listed above it may run through >> the queue ... Any ideas? The one thing I've noticed about the header >> > (qf > >> file) is that there seems to be some very long boundary strings >> emplyed. >> >> > > We had a number of customers with exactly the same problem on 4.51.5 - > an upgrade to 4.51.6 solved the problem for them. > > Kind regards, > Steve. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From tac.forums at gmail.com Sat Apr 1 13:36:04 2006 From: tac.forums at gmail.com (TAC Forums) Date: Sat Apr 1 13:36:08 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> References: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> Message-ID: On 3/31/06, Julian Field wrote: > Switch off the incoming sendmail (kill the one that listening for > messages). Is that the one that says 'sendmail: accepting connections' when I do a 'ps ax', or is the one that says '/usr/sbin/sendmail -q15m -OPidFile /var/run/sendmail.out.pid' > Wait for MailScanner to stop delivering any new messages. > Delete everything left in mqueue.in. > Stop MailScanner completely and restart it. Wouldn't this work fine too? =================================== cd /var/spool/mqueue.in find . -mtime +5 -print | xargs rm =================================== -- TAC Support Team From tac.forums at gmail.com Sat Apr 1 13:46:01 2006 From: tac.forums at gmail.com (TAC Forums) Date: Sat Apr 1 13:46:03 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: On 3/31/06, Jeff A. Earickson wrote: > First, figure out the maximum time that you hold email before returning > it as undeliverable. Mine is three days, eg "Timeout.queuereturn=3d" > in my sendmail settings. Then cd to the queue directory in question, > and do: > > find . -mtime +3 -print | xargs rm > > Voila, old files are gone. No need to stop sendmail or MailScanner. Hi Jeff This is great. Worked wonders... thanks a bunch for this... The default was 5d for my server. On a separate note, would you care to share why you configured it for 3 days instead of the default 5 days that was configured on my sendmail configuration? Regards -- TAC Support Team From tac.forums at gmail.com Sat Apr 1 13:46:54 2006 From: tac.forums at gmail.com (TAC Forums) Date: Sat Apr 1 13:46:57 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: On 4/1/06, Mark McCoy wrote: > Do a 'man find' first. On some Unices, "-mtime +3" means "older than > 3 minutes", not "older than 3 days". Ah! thanks for pointing this out. I checked the man page. Apparently this version of Linux means days, so we're okay on that. Thanks for the warning. Regards -- TAC Support Team From jaearick at colby.edu Sat Apr 1 14:02:09 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat Apr 1 14:07:16 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <625385e30603300641j11c6fb62w313e8f20a4da11@mail.gmail.com> Message-ID: As others pointed out, RTFM before using a new UNIX command. I didn't know that +3 could mean minutes on some Linux systems. I would expect the syntax to be something like "+3m" for that, so as not to break for older UNIX systems (Solaris in my case). I use 3 days because if a message won't go in 3 days, it almost certainly won't go in 5. DNS/dead server issues are usually noticed and fixed in three days. The rest is typos, replies to spam and bogus addresses. Get it outta my mail queue! I also use Timeout.queuewarn=4h instead of the one day default, to give users a quicker clue that their message isn't moving (so they can fix their typos). Jeff Earickson Colby College On Sat, 1 Apr 2006, TAC Forums wrote: > Date: Sat, 1 Apr 2006 18:16:01 +0530 > From: TAC Forums > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: mqueue and mqueue.in have more files than necessary ... should I > worry? > > On 3/31/06, Jeff A. Earickson wrote: >> First, figure out the maximum time that you hold email before returning >> it as undeliverable. Mine is three days, eg "Timeout.queuereturn=3d" >> in my sendmail settings. Then cd to the queue directory in question, >> and do: >> >> find . -mtime +3 -print | xargs rm >> >> Voila, old files are gone. No need to stop sendmail or MailScanner. > > Hi Jeff > > This is great. Worked wonders... thanks a bunch for this... > > The default was 5d for my server. > > On a separate note, would you care to share why you configured it for > 3 days instead of the default 5 days that was configured on my > sendmail configuration? > > Regards > -- > TAC Support Team > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Sat Apr 1 18:31:13 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Apr 1 18:31:19 2006 Subject: Suggestion: include only .pm files from CustomFunctions Message-ID: Yesterday I put a small test file in CustomFunctions for debugging a problem with module SQLSpamSettings.pm and left it there after I finished. Later I found in the logs that MailScanner had tried (and failed, of course) to include it. Wouldn't it be better to just include files with the standard perl module suffix of .pm? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dfilchak at sympatico.ca Sat Apr 1 22:23:36 2006 From: dfilchak at sympatico.ca (Dave Filchak) Date: Sat Apr 1 22:25:48 2006 Subject: rulesets Message-ID: <442EEF58.4010006@sympatico.ca> Just updated my spamassassin rule sets and got this message: EvilNumber has changed on host.domain.net. Version line: # Version: 02.00.01 # The evilnumber set has been renamed to match SARE's updated standards, the new name is 70_sare_evilnum0.cf. Please remove evilnumber local language files Where do I find the evilnumber local language files? dave From MailScanner at ecs.soton.ac.uk Sat Apr 1 23:44:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 1 23:44:22 2006 Subject: Suggestion: include only .pm files from CustomFunctions In-Reply-To: References: Message-ID: <442F0234.7090601@ecs.soton.ac.uk> I'm pretty sure I've already done that. Kai Schaetzl wrote: > Yesterday I put a small test file in CustomFunctions for debugging a > problem with module SQLSpamSettings.pm and left it there after I finished. > Later I found in the logs that MailScanner had tried (and failed, of > course) to include it. Wouldn't it be better to just include files with > the standard perl module suffix of .pm? > > Kai > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Sun Apr 2 02:40:14 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 02:40:21 2006 Subject: Suggestion: include only .pm files from CustomFunctions In-Reply-To: <442F0234.7090601@ecs.soton.ac.uk> References: <442F0234.7090601@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sat, 01 Apr 2006 23:44:04 +0100: > I'm pretty sure I've already done that. I'm running 4.51.6 Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From butler at globeserver.com Sun Apr 2 02:57:16 2006 From: butler at globeserver.com (Philip Butler) Date: Sun Apr 2 02:57:57 2006 Subject: Strange syslog message.... Message-ID: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> Hi all, I was scanning my syslog and found the following: mailscanner[1794]: called with 2 bind variables when 0 are needed and this repeats. All seems to be working properly but I am wondering what this message really means and how to correct it. Any ideas ?? Phil From naolson at gmail.com Sun Apr 2 03:02:06 2006 From: naolson at gmail.com (Nathan Olson) Date: Sun Apr 2 03:02:09 2006 Subject: Strange syslog message.... In-Reply-To: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> References: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> Message-ID: <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> It looks like a DBI (database abstraction layer) error. Nate From maillists at conactive.com Sun Apr 2 11:02:34 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 11:02:42 2006 Subject: Strange syslog message.... In-Reply-To: <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> References: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> Message-ID: Nathan Olson wrote on Sat, 1 Apr 2006 20:02:06 -0600: > It looks like a DBI (database abstraction layer) error. Yes. Do you use any CustomFunctions, f.i. for/from Mailwatch? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun Apr 2 11:02:34 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 11:02:42 2006 Subject: rulesets In-Reply-To: <442EEF58.4010006@sympatico.ca> References: <442EEF58.4010006@sympatico.ca> Message-ID: Dave Filchak wrote on Sat, 01 Apr 2006 16:23:36 -0500: > Where do I find the evilnumber local language files? /etc/mail/spamassassin Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From smf at f2s.com Sun Apr 2 13:05:58 2006 From: smf at f2s.com (Steve Freegard) Date: Sun Apr 2 13:03:25 2006 Subject: Suggestion: include only .pm files from CustomFunctions In-Reply-To: <442F0234.7090601@ecs.soton.ac.uk> References: <442F0234.7090601@ecs.soton.ac.uk> Message-ID: <1143979558.16392.510.camel@localhost.localdomain> On Sat, 2006-04-01 at 23:44 +0100, Julian Field wrote: > I'm pretty sure I've already done that. You did as it was one of my feature requests -- as of 4.50, only files of extensions .pl or .pm are included. Cheers, Steve. From butler at globeserver.com Sun Apr 2 15:18:39 2006 From: butler at globeserver.com (Philip Butler) Date: Sun Apr 2 15:19:19 2006 Subject: Strange syslog message.... In-Reply-To: References: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> Message-ID: <8C320493-9173-418B-AE2B-491783D739B3@globeserver.com> No - not using custom functions... Phil On Apr 2, 2006, at 6:02 AM, Kai Schaetzl wrote: > Nathan Olson wrote on Sat, 1 Apr 2006 20:02:06 -0600: > >> It looks like a DBI (database abstraction layer) error. > > Yes. Do you use any CustomFunctions, f.i. for/from Mailwatch? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From kevins at bmrb.co.uk Sun Apr 2 18:31:07 2006 From: kevins at bmrb.co.uk (Kevin Spicer) Date: Sun Apr 2 18:31:25 2006 Subject: problem in Mailscanner-mrtg Graphs In-Reply-To: <004101c65546$c5913f60$23c051cb@noc> References: <004101c65546$c5913f60$23c051cb@noc> Message-ID: <1143999067.5884.8.camel@bach.kevinspicer.co.uk> On Sat, 2006-04-01 at 09:43 +0500, Muhammad Nauman wrote: > ERROR IN /var/log/maillog : > > Mailserver MailScanner-MRTG[3544]: Unable to find a mountpoint for > /var/www/html/mailscanner-mrtg/incoming/. Please set MailScanner Work > Directory in mailscanner-mrtg.conf to a valid mountpoint. You can see a > list of mointpoints on your system by using the df command > This has been discussed many times on the MSMRTG forums on the sourceforge site. Given your partitioning you should set 'MailScanner Work Directory' in mailscanner-mrtg.conf to /var (and certainly not what you appear to have set it to which doesn't look like anything that would normally be used for MailScanner's work directory). If this is a production machine you might want to reconsider you partitioning scheme, having logs, spool and work directory on the same partition will not give you the best performance (not to mention the risk to your mail flow if your logs fill up the disk). Kevin ================================================================= BMRB wins two BMRA awards - http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From maillists at conactive.com Sun Apr 2 18:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 18:31:30 2006 Subject: Suggestion: include only .pm files from CustomFunctions In-Reply-To: <1143979558.16392.510.camel@localhost.localdomain> References: <442F0234.7090601@ecs.soton.ac.uk> <1143979558.16392.510.camel@localhost.localdomain> Message-ID: Steve Freegard wrote on Sun, 02 Apr 2006 13:05:58 +0100: > You did as it was one of my feature requests -- as of 4.50, only files > of extensions .pl or .pm are included. That's what I mean! Why .pl? Official Perl module extension is .pm. Why include .pl? If I want to troubleshoot a module the first thing is put a pl file in there and include the .pm ... Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mikej at rogers.com Sun Apr 2 20:43:44 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Apr 2 20:43:41 2006 Subject: Why does MS rename postfix queue IDs? Message-ID: <44302970.7040509@rogers.com> So, as the topic says, why does MS rename postfix queue IDs? Whats is the reason for this? -- Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: client=localhost[127.0.0.1] Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header Received: ... Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to F39462B2043 -- Why add the .##### to the ID? Also, is it really necessary to change the ID when re queuing the message? From dfilchak at sympatico.ca Sun Apr 2 22:35:47 2006 From: dfilchak at sympatico.ca (Dave Filchak) Date: Sun Apr 2 22:33:49 2006 Subject: rulesets Message-ID: <443043B3.7070703@sympatico.ca> I do not see anything in /etc/mail/spamassassin that resembles a local language file?? Dave Dave Filchak wrote on Sat, 01 Apr 2006 16:23:36 -0500: > > Where do I find the evilnumber local language files? > /etc/mail/spamassassin Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Sun Apr 2 22:36:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 2 22:36:57 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <44302970.7040509@rogers.com> References: <44302970.7040509@rogers.com> Message-ID: <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> On 02/04/06, Mike Jakubik wrote: > So, as the topic says, why does MS rename postfix queue IDs? Whats is > the reason for this? > > -- > Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: > client=localhost[127.0.0.1] > Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header > Received: > ... > Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to > F39462B2043 > -- > > Why add the .##### to the ID? Also, is it really necessary to change the > ID when re queuing the message? This is a bit of a FAQ it seems, for the postfix implementation... I noticed that with MW and PF, since PF _will reuse queue IDs_, that I got a rather disturbing amount of duplicates in my database.... (Could've been any database logging too, or even a script calculating things based on the queue ID. Any such system was bound to have a fair amount of errors, particularly if you employ a "less than simplistic partitioning scheme", since the amount of continuous i-node consumption will play a role too. I had var on its own partition, so got hit pretty bad) ... I badgered first Steve for a fix, then Jules... Who was gracious enough to oblige. As mentioned, the whole problem is that the queue ID will be reused, since it is calculated from the i-node and the present microsecond... Sounds rather random, but simply isn't "random enough" (as Jules comment in the code goes:).... Even in some rather common "standard setups" you _will_ be bit by this. Jules solution (to manage some extra randomness, tagged on behind a very "scriptabe"/"ignorable" is purely briliant. And no, it should stay, no matter what;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Apr 2 22:41:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 2 22:41:58 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> Message-ID: <223f97700604021441u746a52f9ib9f4a09ceb84d07b@mail.gmail.com> On 02/04/06, Glenn Steen wrote: > On 02/04/06, Mike Jakubik wrote: > > So, as the topic says, why does MS rename postfix queue IDs? Whats is > > the reason for this? > > > > -- > > Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: > > client=localhost[127.0.0.1] > > Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header > > Received: > > ... > > Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to > > F39462B2043 > > -- > > > > Why add the .##### to the ID? Also, is it really necessary to change the > > ID when re queuing the message? > > This is a bit of a FAQ it seems, for the postfix implementation... I > noticed that with MW and PF, since PF _will reuse queue IDs_, that I > got a rather disturbing amount of duplicates in my database.... > (Could've been any database logging too, or even a script calculating > things based on the queue ID. Any such system was bound to have a fair > amount of errors, particularly if you employ a "less than simplistic > partitioning scheme", since the amount of continuous i-node > consumption will play a role too. I had var on its own partition, so > got hit pretty bad) ... I badgered first Steve for a fix, then > Jules... Who was gracious enough to oblige. > > As mentioned, the whole problem is that the queue ID will be reused, > since it is calculated from the i-node and the present microsecond... > Sounds rather random, but simply isn't "random enough" (as Jules > comment in the code goes:).... Even in some rather common "standard > setups" you _will_ be bit by this. > > Jules solution (to manage some extra randomness, tagged on behind a > very "scriptabe"/"ignorable" is purely > briliant. And no, it should stay, no matter what;-). > (Replying to myself.... Sigh:-) About the requeueing bit, that is necessary, yes. "man postsuper" tells a lot about the "hoary" details of how PF really works:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikej at rogers.com Sun Apr 2 22:53:08 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Apr 2 22:53:14 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <223f97700604021441u746a52f9ib9f4a09ceb84d07b@mail.gmail.com> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> <223f97700604021441u746a52f9ib9f4a09ceb84d07b@mail.gmail.com> Message-ID: <443047C4.40000@rogers.com> Glenn Steen wrote: > On 02/04/06, Glenn Steen wrote: > >> On 02/04/06, Mike Jakubik wrote: >> >>> So, as the topic says, why does MS rename postfix queue IDs? Whats is >>> the reason for this? >>> >>> -- >>> Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: >>> client=localhost[127.0.0.1] >>> Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header >>> Received: >>> ... >>> Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to >>> F39462B2043 >>> -- >>> >>> Why add the .##### to the ID? Also, is it really necessary to change the >>> ID when re queuing the message? >>> >> This is a bit of a FAQ it seems, for the postfix implementation... I >> noticed that with MW and PF, since PF _will reuse queue IDs_, that I >> got a rather disturbing amount of duplicates in my database.... >> (Could've been any database logging too, or even a script calculating >> things based on the queue ID. Any such system was bound to have a fair >> amount of errors, particularly if you employ a "less than simplistic >> partitioning scheme", since the amount of continuous i-node >> consumption will play a role too. I had var on its own partition, so >> got hit pretty bad) ... I badgered first Steve for a fix, then >> Jules... Who was gracious enough to oblige. >> >> As mentioned, the whole problem is that the queue ID will be reused, >> since it is calculated from the i-node and the present microsecond... >> Sounds rather random, but simply isn't "random enough" (as Jules >> comment in the code goes:).... Even in some rather common "standard >> setups" you _will_ be bit by this. >> >> Jules solution (to manage some extra randomness, tagged on behind a >> very "scriptabe"/"ignorable" is purely >> briliant. And no, it should stay, no matter what;-). >> >> > (Replying to myself.... Sigh:-) > About the requeueing bit, that is necessary, yes. "man postsuper" > tells a lot about the "hoary" details of how PF really works:-). > Thats for the detailed explanation. In this case i agree with you, things should stay the same. Do you think it is safe to assume that a logged msg id in a db will not be duplicated, say over a span of 3 years? I think one should probably still refer to records by record id, not msg id, just to be safe... From maillists at conactive.com Sun Apr 2 23:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 2 23:31:26 2006 Subject: Bad Content Checks Message-ID: I found a file like this getting quarantined as "bad content". (Ahm, what actually happens then - the message is delivered without the attachment, or what happens?) 042-06-Logos.ly01.pdf This is the rule that hit on it. I don't see the value of this rule. # Deny all other double file extensions. This catches any hidden filenames. deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename hiding Attempt to hide real filename extension What is the point of disallowing whatever.whatever.pdf? Why is this trying tho hide the real filename extension? Maybe that (whatever.bat.pdf) is doing this, but it's much less troublesome than (whatever.pdf.bat). Can I rule this over with allow \.pdf$ ? If so, I suggest adding quite a few of these exclusions. Moreover. How can I release that file? I released it and it was immediately caught again although 127.0.0.1 is whitelisted and Mailwatch lists a Status of "W/L Bad Content" now. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at grayonline.id.au Sun Apr 2 22:40:16 2006 From: james at grayonline.id.au (James Gray) Date: Mon Apr 3 00:21:54 2006 Subject: MailScanner on Mac OSX? Message-ID: <200604030740.21324.james@grayonline.id.au> Hi All, I'm hoping I'm not about to "break new ground" :) Has anyone got any reports on using MailScanner on Mac OSX (Intel)? I'm simplifying my network at home with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. So far I've figured out that OSX is using Perl 5.8.6 and Postfix of some flavour. Does anyone have any pre-installation validation tools or advice on what to expect? I know OSX is BSD under the hood, but the directory structure is seriously weird for someone coming from a "pure" Linux/BSD/Unix background. BTW - where the hell does OSX keep it's cron jobs and services? I've got Apache+MySQL running on it but they both came with neato *.dmg packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's though I'm happy to work with Julian to get the bugs sorted and possibly create a OSX "port" complete with dmg package etc....now THAT interests me! Thanks in advance. James -- I've got a bad feeling about this. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/7c0425c9/attachment.bin From maillists at conactive.com Mon Apr 3 00:31:29 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 00:31:37 2006 Subject: rulesets In-Reply-To: <443043B3.7070703@sympatico.ca> References: <443043B3.7070703@sympatico.ca> Message-ID: Dave Filchak wrote on Sun, 02 Apr 2006 17:35:47 -0400: > I do not see anything in /etc/mail/spamassassin that resembles a local language file?? I see. Sorry, I can't be of more help, I abandoned evilnumbers long ago. Maybe there are different files for numbers by country and they refer to that? Ask on the satalk list. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From craig at csfs.co.za Mon Apr 3 07:57:31 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Mon Apr 3 07:57:53 2006 Subject: Spam Reporting Address Message-ID: Hi Julian / All, This might have been asked before, sorry if a repost ;-) Is it possible to set up an email address on a server that mailscanner picks up as a spam reporting address to which the users can forward emails that the users consider spam for SpamAssassin to learn from. If not, might this not be a nifty feature 8) Thx Craig -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/7841a331/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 3 08:48:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 08:49:02 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> Message-ID: <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> On 2 Apr 2006, at 22:36, Glenn Steen wrote: > Jules solution (to manage some extra randomness, tagged on behind a > very "scriptabe"/"ignorable" is purely > briliant. And no, it should stay, no matter what;-). You're too kind :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 08:55:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 08:55:35 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <200604030740.21324.james@grayonline.id.au> References: <200604030740.21324.james@grayonline.id.au> Message-ID: On 2 Apr 2006, at 22:40, James Gray wrote: > Hi All, > > I'm hoping I'm not about to "break new ground" :) Has anyone got > any reports > on using MailScanner on Mac OSX (Intel)? I'm simplifying my > network at home > with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. There are a few people (and I mean _very_ few) doing this, after a guy at Sophos got it working on 10.3. It's one of the projects I want to get onto, and may be able to put in some time on it very soon. There are those 2 packaging systems (Fink and the other one I can't remember) which would provide an easy, though cumbersome, solution. Would that be good enough for now? What I really want is a system that uses launchd properly and at least has a system preference for starting and stopping it. Slimserver nearly does this, but in a pre-Tiger form, not using launchd. I would much rather "do it properly" than hack something together. If anyone can point me in the right direction, such as an example package that already does all this that I can plug into, that would be fantastic. But even working out how to program for launchd would be a start. The OSX way of booting appears to be very complicated, involving reams of XML. Sorry that doesn't really answer your question, but.... > > So far I've figured out that OSX is using Perl 5.8.6 and Postfix of > some > flavour. Does anyone have any pre-installation validation tools or > advice on > what to expect? I know OSX is BSD under the hood, but the directory > structure is seriously weird for someone coming from a "pure" Linux/ > BSD/Unix > background. > > BTW - where the hell does OSX keep it's cron jobs and services? > I've got > Apache+MySQL running on it but they both came with neato *.dmg > packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's > though I'm > happy to work with Julian to get the bugs sorted and possibly > create a OSX > "port" complete with dmg package etc....now THAT interests me! > > Thanks in advance. > > James > -- > I've got a bad feeling about this. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 09:08:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 09:08:19 2006 Subject: Spam Reporting Address In-Reply-To: References: Message-ID: On 3 Apr 2006, at 07:57, Craig Retief ((CSFS)) wrote: > Is it possible to set up an email address on a server that > mailscanner picks up as a spam reporting address to which the users > can forward emails that the users consider spam for SpamAssassin to > learn from. Funnily enough, it's already there. Your users must "redirect" or "bounce" their message to the address, as "forward" results in all sorts of mangling happen to the message on the way. All you need to do is collect that mail in a mailbox on your MailScanner server, run sa-learn on it, move it to the end of a "cumulative" file, and repeat every day. You want to move it out of the way as otherwise you will be re- teaching SpamAssassin stuff it has already seen, which is a waste of time. But I would still keep it so you can re-teach it all if your Bayes db dies/corrupts. Start by reading the docs for "sa-learn", it can slurp in an entire Unix mbox format mailbox at one go (with the "--mbox" switch). Hope that helps get you started. Here's the cron job I use to do it, which you might find useful. #!/bin/sh SPAM=/var/spool/mail/spam NOTSPAM=/var/spool/mail/notspam TOTAL=.cumulative LOGFILE=/var/log/learn.spam.log #PREFS=/etc/MailScanner/spam.assassin.prefs.conf SALEARN=/usr/bin/sa-learn date >> $LOGFILE if [ -f $SPAM ]; then BOX=${SPAM}.processing mv $SPAM $BOX sleep 5 # Wait for writing current message to complete $SALEARN --spam --mbox $BOX >> $LOGFILE 2>&1 cat $BOX >> ${SPAM}${TOTAL} echo >> ${SPAM}${TOTAL} rm -f $BOX fi if [ -f $NOTSPAM ]; then BOX=${NOTSPAM}.processing mv $NOTSPAM $BOX sleep 5 # Wait for writing current message to complete $SALEARN --ham --mbox $BOX >> $LOGFILE 2>&1 cat $BOX >> ${NOTSPAM}${TOTAL} echo >> ${NOTSPAM}${TOTAL} rm -f $BOX fi -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/6412434b/attachment.html From glenn.steen at gmail.com Mon Apr 3 09:13:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 3 09:13:49 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <443047C4.40000@rogers.com> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> <223f97700604021441u746a52f9ib9f4a09ceb84d07b@mail.gmail.com> <443047C4.40000@rogers.com> Message-ID: <223f97700604030113m32a65bfcl9ebc4a1f9f197896@mail.gmail.com> On 02/04/06, Mike Jakubik wrote: > Glenn Steen wrote: > > On 02/04/06, Glenn Steen wrote: > > > >> On 02/04/06, Mike Jakubik wrote: > >> > >>> So, as the topic says, why does MS rename postfix queue IDs? Whats is > >>> the reason for this? > >>> > >>> -- > >>> Apr 2 15:34:01 fbsd postfix/smtpd[18878]: 1EE3E2B2036: > >>> client=localhost[127.0.0.1] > >>> Apr 2 15:34:01 fbsd postfix/cleanup[18879]: 1EE3E2B2036: hold: header > >>> Received: > >>> ... > >>> Apr 2 15:34:04 fbsd MailScanner[17694]: Requeue: 1EE3E2B2036.F1395 to > >>> F39462B2043 > >>> -- > >>> > >>> Why add the .##### to the ID? Also, is it really necessary to change the > >>> ID when re queuing the message? > >>> > >> This is a bit of a FAQ it seems, for the postfix implementation... I > >> noticed that with MW and PF, since PF _will reuse queue IDs_, that I > >> got a rather disturbing amount of duplicates in my database.... > >> (Could've been any database logging too, or even a script calculating > >> things based on the queue ID. Any such system was bound to have a fair > >> amount of errors, particularly if you employ a "less than simplistic > >> partitioning scheme", since the amount of continuous i-node > >> consumption will play a role too. I had var on its own partition, so > >> got hit pretty bad) ... I badgered first Steve for a fix, then > >> Jules... Who was gracious enough to oblige. > >> > >> As mentioned, the whole problem is that the queue ID will be reused, > >> since it is calculated from the i-node and the present microsecond... > >> Sounds rather random, but simply isn't "random enough" (as Jules > >> comment in the code goes:).... Even in some rather common "standard > >> setups" you _will_ be bit by this. > >> > >> Jules solution (to manage some extra randomness, tagged on behind a > >> very "scriptabe"/"ignorable" is purely > >> briliant. And no, it should stay, no matter what;-). > >> > >> > > (Replying to myself.... Sigh:-) > > About the requeueing bit, that is necessary, yes. "man postsuper" > > tells a lot about the "hoary" details of how PF really works:-). > > > > Thats for the detailed explanation. In this case i agree with you, > things should stay the same. Do you think it is safe to assume that a > logged msg id in a db will not be duplicated, say over a span of 3 > years? I think one should probably still refer to records by record id, > not msg id, just to be safe... > I haven't "done the math" for that long a time-period. Remember that the likelihood of "ID reuse" is dependant not only on the time period (3 years), but also on the frequency (meaning amount of messages handled)... And on how you've partitioned things. In my case it would be safe for that time-period, yes, but fortunately I don't need to handle more than three months, so ... I'm "super-safe":-). Without the fix, I had several duplicates/day, seriously confusing things ... particularily in the quarantine view.... So for me this is an essential fix. >From the message POV, record id is meaningless. Sure, that makes the duplicates "non-duplicates" from a DB POV, but they don't really help with the messages (where you often don't have anything more than the message ID or queue ID to start with, if that), so ... yes and no:-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Apr 3 09:14:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 3 09:14:58 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> Message-ID: <223f97700604030114nd1d9475sb3200040f17b356d@mail.gmail.com> On 03/04/06, Julian Field wrote: > On 2 Apr 2006, at 22:36, Glenn Steen wrote: > > Jules solution (to manage some extra randomness, tagged on behind a > > very "scriptabe"/"ignorable" is purely > > briliant. And no, it should stay, no matter what;-). > > You're too kind :-) > On the contrary, one cannot be kind enough about this;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From craigwhite at azapple.com Mon Apr 3 09:18:33 2006 From: craigwhite at azapple.com (Craig White) Date: Mon Apr 3 09:18:44 2006 Subject: Why does MS rename postfix queue IDs? In-Reply-To: <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> References: <44302970.7040509@rogers.com> <223f97700604021436n7a11b413g5039ff8f733239c9@mail.gmail.com> <54B1012B-46C1-476C-862C-068C8275FF3C@ecs.soton.ac.uk> Message-ID: <1144052314.19913.18.camel@lin-workstation.azapple.com> On Mon, 2006-04-03 at 08:48 +0100, Julian Field wrote: > On 2 Apr 2006, at 22:36, Glenn Steen wrote: > > Jules solution (to manage some extra randomness, tagged on behind a > > very "scriptabe"/"ignorable" is purely > > briliant. And no, it should stay, no matter what;-). > > You're too kind :-) > ---- I found it convenient to add... *Remove = Requeue to /etc/log.d/conf/services/mailscanner.conf so I didn't get all of them logged though because they contributed to the nightmare in logwatch Craig From craig at csfs.co.za Mon Apr 3 09:20:40 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Mon Apr 3 09:21:02 2006 Subject: Spam Reporting Address In-Reply-To: Message-ID: Thx Julian, helps a lot. ;-) Craig On 3 Apr 2006, at 07:57, Craig Retief ((CSFS)) wrote: Is it possible to set up an email address on a server that mailscanner picks up as a spam reporting address to which the users can forward emails that the users consider spam for SpamAssassin to learn from. Funnily enough, it's already there. Your users must "redirect" or "bounce" their message to the address, as "forward" results in all sorts of mangling happen to the message on the way. All you need to do is collect that mail in a mailbox on your MailScanner server, run sa-learn on it, move it to the end of a "cumulative" file, and repeat every day. You want to move it out of the way as otherwise you will be re-teaching SpamAssassin stuff it has already seen, which is a waste of time. But I would still keep it so you can re-teach it all if your Bayes db dies/corrupts. Start by reading the docs for "sa-learn", it can slurp in an entire Unix mbox format mailbox at one go (with the "--mbox" switch). Hope that helps get you started. Here's the cron job I use to do it, which you might find useful. #!/bin/sh SPAM=/var/spool/mail/spam NOTSPAM=/var/spool/mail/notspam TOTAL=.cumulative LOGFILE=/var/log/learn.spam.log #PREFS=/etc/MailScanner/spam.assassin.prefs.conf SALEARN=/usr/bin/sa-learn date >> $LOGFILE if [ -f $SPAM ]; then BOX=${SPAM}.processing mv $SPAM $BOX sleep 5 # Wait for writing current message to complete $SALEARN --spam --mbox $BOX >> $LOGFILE 2>&1 cat $BOX >> ${SPAM}${TOTAL} echo >> ${SPAM}${TOTAL} rm -f $BOX fi if [ -f $NOTSPAM ]; then BOX=${NOTSPAM}.processing mv $NOTSPAM $BOX sleep 5 # Wait for writing current message to complete $SALEARN --ham --mbox $BOX >> $LOGFILE 2>&1 cat $BOX >> ${NOTSPAM}${TOTAL} echo >> ${NOTSPAM}${TOTAL} rm -f $BOX fi -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From drew at themarshalls.co.uk Mon Apr 3 09:50:56 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon Apr 3 09:51:18 2006 Subject: rulesets In-Reply-To: References: <443043B3.7070703@sympatico.ca> Message-ID: <38199.194.70.180.170.1144054256.squirrel@webmail.r-bit.net> On Mon, April 3, 2006 00:31, Kai Schaetzl wrote: > Dave Filchak wrote on Sun, 02 Apr 2006 17:35:47 -0400: > >> I do not see anything in /etc/mail/spamassassin that resembles a local >> language file?? I think you will find it called evilnumbers.cf. The SARE naming scheme is more like xx_sare_rule.cf where xx is a pair of digits. I would suggest having a read about the new evilnumbers rules as there are now 4 types to pick from. http://www.rulesemporium.com Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From gmatt at nerc.ac.uk Mon Apr 3 11:16:55 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 11:17:03 2006 Subject: Problem of removed carriage return on attached txt-files In-Reply-To: References: Message-ID: <1144059415.12412.33.camel@lea.nerc-wallingford.ac.uk> On Mon, 2006-03-20 at 10:41 +0100, Bernard.Lheureux@ibsbe.be wrote: > > I wanted to know if there was a solution for the problem of "removed > carriage returns" in attached text files passing through a MailScanner > configured as a gateway with CentOS 4.2 ans Sendmail with ClamAV and > Sophos. > I have read in the mailinglist that it should be a perl bug but in > which module, and how to fix it ? > Do you have an idea where I could point my searches to ? this problem is not fixed, the only workaround appears to be turn off "Sign Clean Messages". Unfortunately, it doesnt look like this problem will be fixed any time soon. As I understand it, it is a "hard" problem involving perl itself, rather than the MIME::Tools module but IANAP. G > > Best regards / Vriendelijke groeten / Cordialement, > > --- > Bernard Lheureux > Consultant / System Engineer - Networking Team > > IBS TECHNOLOGY AND SERVICES > Leuvense Steenweg, 643 > 1930 Zaventem - Belgium > Phone: +32-(0)2-723.91.11 Fax: +32-(0)2-723.92.99 > http://www.ibsts.be > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Mon Apr 3 12:02:29 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 12:02:39 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <44270AEA.9080001@evi-inc.com> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> Message-ID: <1144062149.12412.37.camel@lea.nerc-wallingford.ac.uk> 'scuse top post... I've never implemented a vacation message because I've seen far too much of this sort of thing. Is there any docu on implementing sensible vac message that wont spam lists, wont respond more than once per sender etc plus any other gotchas? G On Sun, 2006-03-26 at 16:43 -0500, Matt Kettler wrote: > And one wonders why so many people despise lists which insert a "Reply-To" > header that points back to the list.. > > Too many *CENSORED* out there that think "reply" is an appropriate behavior for > a vacation rule. > > Of course, if we're lucky someone will spamcop freecom.net's mailservers. > > (Spamcop DOES accept reports for broken vacation rules, which this clearly is, > and it was done by a systems admin who should know better. While I hate to see > companies listed because some *CENSORED* in marketing crafted up his own > vacation rule without following procedure, I don't have any sympathy for freecom > if they get listed for this.) > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Mon Apr 3 13:06:48 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 13:06:58 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: References: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> Message-ID: <1144066008.12412.41.camel@lea.nerc-wallingford.ac.uk> I often get "orphaned" data files lying around. ie those df files without a corresponding qf envelope file. I use the following script to clean them up: #!/bin/bash # clean up orphaned df* files in mqueue.in # no known cause for these files yet. /etc/init.d/MailScanner stop sleep 2 dir="/var/spool/mqueue.in" file=`find $dir -mtime +1` for i in ${file} do m=`basename ${i}` j=${m:2} if [ ! -e "${dir}/qf${j}" ]; then mv ${i} /var/tmp/ fi done echo df -hl /etc/init.d/MailScanner start exit 0 -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From jethro.binks at strath.ac.uk Mon Apr 3 13:16:21 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon Apr 3 13:16:22 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <1144062149.12412.37.camel@lea.nerc-wallingford.ac.uk> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> <1144062149.12412.37.camel@lea.nerc-wallingford.ac.uk> Message-ID: <20060403130412.S33576@defjam.cc.strath.ac.uk> On Mon, 3 Apr 2006, Greg Matthews wrote: > I've never implemented a vacation message because I've seen far too much > of this sort of thing. Is there any docu on implementing sensible vac > message that wont spam lists, wont respond more than once per sender etc > plus any other gotchas? I wrote an extensive configuration for Exim. Here are some parts of it, which may provide clues. The trick is basically to severely limit the things to which an autoreply message will be sent. ## Vacation functionality attempts to follow best practice; in particular it ## heeds some parts of these: ## http://www.faqs.org/rfcs/rfc3834.html (Autoresponder rules) ## http://www.ietf.org/internet-drafts/draft-ietf-sieve-vacation-06.txt ## http://www.ietf.org/rfc/rfc2369.txt (List-* headers) ... condition = "${if or { \ { match {$h_precedence:} {(?i)junk|bulk|list} } \ { eq {$sender_address} {} } \ { def:header_X-Cron-Env: } \ { def:header_Auto-Submitted: } \ { def:header_List-Help: } \ { def:header_List-Unsubscribe: } \ { def:header_List-Subscribe: } \ { def:header_List-Owner: } \ { def:header_List-Archive: } \ { def:header_Autorespond: } \ { def:header_X-Autoresponse: } \ { def:header_X-eBay-MailTracker: } \ { def:header_X-MaxCode-Template: } \ { match {$h_X-FC-MachineGenerated:} {true} } \ { match {$message_body} {\\N^Your \"cron\" job on\\N} } \ { match {$h_Subject:} {\\N^Out of Office\\N} } \ { match {$h_Subject:} {\\N^Auto-Reply:\\N} } \ { match {$h_Subject:} {\\N^Autoresponse:\\N} } \ { match {$h_From:} {\\N(via the vacation program)\\N } } \ { match_address {$header_X-Local-Original-Recipient:} \ {$header_To: $header_CC: $header_Bcc: \ $header_Resent-To: $header_Resent-Cc: $header_Resent-Bcc:} \ } \ } {no} {yes} \ }" You may also include a test for mail that you scored as spam, and not reply to that. You should also ensure any autoresponder system only replies once per sender address, at least within a fixed time period (7 days perhaps). The autoresponse itself should contain an "Auto-Submitted:" header field with the value "auto-replied". Finally, you shouldn't respond to a message from certain addresses; here is a partial list of regular expressions I use: ^.*-request@.* ^owner-.*@.* ^.*-owner@.* ^.*-admin@.* ^bounce-.*@.* ^.*-outgoing@.* ^.*-relay@.* ^.*-bounces@.* ^mailer@.* ^postmaster@.* ^mailer-daemon@.* ^mailer_daemon@.* ^majordomo@.* ^majordom@.* ^mailman@.* ^nobody@.* ^reminder@.* ^listserv@.* ^daemon@.* ^server@.* ^root@.* ^noreply@.* ^bounce@.* ^news@.* ^httpd@.* ^www@.* ^nagios@.* ^sales@.* ^info@.* ^listmaster@.* ^mailmaster@.* ^squid@.* ^support@.* ^exim@.* scomp@aol.net with certain other local-only additions. Jethro. > > G > > On Sun, 2006-03-26 at 16:43 -0500, Matt Kettler wrote: > > And one wonders why so many people despise lists which insert a "Reply-To" > > header that points back to the list.. > > > > Too many *CENSORED* out there that think "reply" is an appropriate > > behavior for a vacation rule. > > > > Of course, if we're lucky someone will spamcop freecom.net's mailservers. > > > > (Spamcop DOES accept reports for broken vacation rules, which this > > clearly is, and it was done by a systems admin who should know better. > > While I hate to see companies listed because some *CENSORED* in > > marketing crafted up his own vacation rule without following > > procedure, I don't have any sympathy for freecom if they get listed > > for this.) > > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From gmatt at nerc.ac.uk Mon Apr 3 13:16:40 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 13:16:52 2006 Subject: Spam Reporting Address In-Reply-To: References: Message-ID: <1144066600.12412.43.camel@lea.nerc-wallingford.ac.uk> On Mon, 2006-04-03 at 09:08 +0100, Julian Field wrote: > Funnily enough, it's already there. Your users must "redirect" or > "bounce" their message to the address, as "forward" results in all > sorts of mangling happen to the message on the way. good luck getting your users to "do the right thing" G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From craig at csfs.co.za Mon Apr 3 13:24:45 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Mon Apr 3 13:25:11 2006 Subject: Spam Reporting Address In-Reply-To: <1144066600.12412.43.camel@lea.nerc-wallingford.ac.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Greg Matthews Sent: 03 April 2006 02:17 PM To: MailScanner discussion Subject: Re: Spam Reporting Address On Mon, 2006-04-03 at 09:08 +0100, Julian Field wrote: > Funnily enough, it's already there. Your users must "redirect" or > "bounce" their message to the address, as "forward" results in all > sorts of mangling happen to the message on the way. >good luck getting your users to "do the right thing" I wish one had enough time to be able to train all the users to "do the right thing", unfortunately it one of the byproducts of having users ;-) C >G >-- >Greg Matthews 01491 692445 >Head of UNIX/Linux, iTSS Wallingford >-- >This message (and any attachments) is for the recipient only. NERC >s subject to the Freedom of Information Act 2000 and the contents >of this email and any reply you make may be disclosed by NERC unless >it is exempt from release under the Act. Any material supplied to >NERC may be stored in an electronic records management system. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Mon Apr 3 13:59:56 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 14:00:06 2006 Subject: Broken vacation rule [Scanned by Freecom.net] In-Reply-To: <20060403130412.S33576@defjam.cc.strath.ac.uk> References: <880455504@mail.freecom.net> <442702E7.9080707@maddoc.net> <44270AEA.9080001@evi-inc.com> <1144062149.12412.37.camel@lea.nerc-wallingford.ac.uk> <20060403130412.S33576@defjam.cc.strath.ac.uk> Message-ID: <1144069196.12412.67.camel@lea.nerc-wallingford.ac.uk> Hi Jethro... thanks for the reply, I was really looking for a client-side solution. I run our coroporate "mail relay" system which feeds into the corporate mail system over which I have no control. The relay servers are not the place to implement vacation messages so client-side is my only option. However, your regex list looks quite useful. My local mailbox is served by sendmail on solaris and I connect with an IMAP client. I have shell (and root) access to the sendmail server. G On Mon, 2006-04-03 at 13:16 +0100, Jethro R Binks wrote: > On Mon, 3 Apr 2006, Greg Matthews wrote: > > > I've never implemented a vacation message because I've seen far too much > > of this sort of thing. Is there any docu on implementing sensible vac > > message that wont spam lists, wont respond more than once per sender etc > > plus any other gotchas? > > I wrote an extensive configuration for Exim. Here are some parts of it, > which may provide clues. The trick is basically to severely limit the > things to which an autoreply message will be sent. > > ## Vacation functionality attempts to follow best practice; in particular it > ## heeds some parts of these: > ## http://www.faqs.org/rfcs/rfc3834.html (Autoresponder rules) > ## http://www.ietf.org/internet-drafts/draft-ietf-sieve-vacation-06.txt > ## http://www.ietf.org/rfc/rfc2369.txt (List-* headers) > ... > condition = "${if or { \ > { match {$h_precedence:} {(?i)junk|bulk|list} } \ > { eq {$sender_address} {} } \ > { def:header_X-Cron-Env: } \ > { def:header_Auto-Submitted: } \ > { def:header_List-Help: } \ > { def:header_List-Unsubscribe: } \ > { def:header_List-Subscribe: } \ > { def:header_List-Owner: } \ > { def:header_List-Archive: } \ > { def:header_Autorespond: } \ > { def:header_X-Autoresponse: } \ > { def:header_X-eBay-MailTracker: } \ > { def:header_X-MaxCode-Template: } \ > { match {$h_X-FC-MachineGenerated:} {true} } \ > { match {$message_body} {\\N^Your \"cron\" job on\\N} } \ > { match {$h_Subject:} {\\N^Out of Office\\N} } \ > { match {$h_Subject:} {\\N^Auto-Reply:\\N} } \ > { match {$h_Subject:} {\\N^Autoresponse:\\N} } \ > { match {$h_From:} {\\N(via the vacation program)\\N } } \ > { match_address {$header_X-Local-Original-Recipient:} \ > {$header_To: $header_CC: $header_Bcc: \ > $header_Resent-To: $header_Resent-Cc: $header_Resent-Bcc:} \ > } \ > } {no} {yes} \ > }" > > You may also include a test for mail that you scored as spam, and not > reply to that. > > You should also ensure any autoresponder system only replies once per > sender address, at least within a fixed time period (7 days perhaps). > > The autoresponse itself should contain an "Auto-Submitted:" header field > with the value "auto-replied". > > Finally, you shouldn't respond to a message from certain addresses; here > is a partial list of regular expressions I use: > > ^.*-request@.* > ^owner-.*@.* > ^.*-owner@.* > ^.*-admin@.* > ^bounce-.*@.* > ^.*-outgoing@.* > ^.*-relay@.* > ^.*-bounces@.* > ^mailer@.* > ^postmaster@.* > ^mailer-daemon@.* > ^mailer_daemon@.* > ^majordomo@.* > ^majordom@.* > ^mailman@.* > ^nobody@.* > ^reminder@.* > ^listserv@.* > ^daemon@.* > ^server@.* > ^root@.* > ^noreply@.* > ^bounce@.* > ^news@.* > ^httpd@.* > ^www@.* > ^nagios@.* > ^sales@.* > ^info@.* > ^listmaster@.* > ^mailmaster@.* > ^squid@.* > ^support@.* > ^exim@.* > scomp@aol.net > > with certain other local-only additions. > > Jethro. > > > > > > G > > > > On Sun, 2006-03-26 at 16:43 -0500, Matt Kettler wrote: > > > And one wonders why so many people despise lists which insert a "Reply-To" > > > header that points back to the list.. > > > > > > Too many *CENSORED* out there that think "reply" is an appropriate > > > behavior for a vacation rule. > > > > > > Of course, if we're lucky someone will spamcop freecom.net's mailservers. > > > > > > (Spamcop DOES accept reports for broken vacation rules, which this > > > clearly is, and it was done by a systems admin who should know better. > > > While I hate to see companies listed because some *CENSORED* in > > > marketing crafted up his own vacation rule without following > > > procedure, I don't have any sympathy for freecom if they get listed > > > for this.) > > > > > -- > > Greg Matthews 01491 692445 > > Head of UNIX/Linux, iTSS Wallingford > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services > University Of Strathclyde, Glasgow, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From adrik at salesmanager.nl Mon Apr 3 14:12:25 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Mon Apr 3 14:12:27 2006 Subject: Microsoft Word and Excel documents with embedded harmfull objects Message-ID: Recently some users have discovered a new trick to send blocked and potentially harmful file through the MailScanner gateway. They create an email messages with a Microsoft Word or Excel document attachment, which contains an embedded OLE object or package. The embedded object can by ANY other file, including executables etc. When scanned by MailScanner, the executable and other embedded objects are not detected and the message is passed through to the users mailbox! Obviously this is not what we would like to happen. I have found a little program 'ripOLE' on http://freshmeat.net/projects/ripole/, which will extract all embedded objects from a Word Document. Would it be easy to integrate 'ripOLE' or an equivalent program into MailScanner to be called for attachments? If the embedded objects are extracted into the normal temp directory, then MailScanner will subject them to the same file-name/type restrictions as normal attachments. Probably 'ripOLE' only need to be called when the /usr/bin/file command has determined the attachment to be some kind of 'Microsoft Office Data' file. Adri. From gmatt at nerc.ac.uk Mon Apr 3 14:13:30 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 3 14:13:39 2006 Subject: "reports and responses" problems Message-ID: <1144070011.12412.78.camel@lea.nerc-wallingford.ac.uk> If I quarantine messages above a certain size using: Maximum Message Size = 15000000 and then send a message larger than this, the recipient is sent the report defined by: Stored Virus Message Report = %report-dir%/stored.virus.message.txt I've rejigged our stored.virus.message.txt file to be more generic (less virus orientated) but shouldnt this have its own report? also, a small cleanup required for sender.error.report.txt: The mail scanner said this about the message: Report: $report should be: The mail scanner said this about the message: $report optionally, you might also want to change "virus scanner" to "mail scanner" or similar in these reports. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From alex at nkpanama.com Mon Apr 3 15:37:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 3 15:38:38 2006 Subject: Bad Content Checks In-Reply-To: References: Message-ID: <44313333.3080603@nkpanama.com> Kai Schaetzl wrote: > I found a file like this getting quarantined as "bad content". (Ahm, what > actually happens then - the message is delivered without the attachment, > or what happens?) > > 042-06-Logos.ly01.pdf > > This is the rule that hit on it. I don't see the value of this rule. > > # Deny all other double file extensions. This catches any hidden > filenames. > deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename > hiding Attempt to hide real filename extension > > What is the point of disallowing whatever.whatever.pdf? Why is this trying > tho hide the real filename extension? Maybe that (whatever.bat.pdf) is > doing this, but it's much less troublesome than (whatever.pdf.bat). > > Can I rule this over with > > allow \.pdf$ > > ? > If so, I suggest adding quite a few of these exclusions. > > Moreover. How can I release that file? I released it and it was > immediately caught again although 127.0.0.1 is whitelisted and Mailwatch > lists a Status of "W/L Bad Content" now. > > > > Kai > > You can, if you put it before the double extension rule. Depending on the clients' wishes, I either disable it altogether (the double extension rule) or I add allow rules at the top for trusted filetypes (my preferred choice). I think you can override it with another setting introduced a couple of versions ago. From alex at nkpanama.com Mon Apr 3 15:40:03 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 3 15:40:34 2006 Subject: MailScanner on Mac OSX? In-Reply-To: References: <200604030740.21324.james@grayonline.id.au> Message-ID: <443133C3.1080007@nkpanama.com> I once tried getting it to work on OS X Server, but gave up ;) - I think it can be done, except I'm not very postfix-savvy. You *could*, however, run it using any Linux-for-Mac distro; I haven't heard of any for the Intel Macs yet (if anybody knows, I'd appreciate the heads-up), but if one's not available right now I suspect they should be here RSN. Julian Field wrote: > > On 2 Apr 2006, at 22:40, James Gray wrote: > >> Hi All, >> >> I'm hoping I'm not about to "break new ground" :) Has anyone got any >> reports >> on using MailScanner on Mac OSX (Intel)? I'm simplifying my network >> at home >> with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. > > There are a few people (and I mean _very_ few) doing this, after a guy > at Sophos got it working on 10.3. > > It's one of the projects I want to get onto, and may be able to put in > some time on it very soon. > > There are those 2 packaging systems (Fink and the other one I can't > remember) which would provide an easy, though cumbersome, solution. > > Would that be good enough for now? > > What I really want is a system that uses launchd properly and at least > has a system preference for starting and stopping it. Slimserver > nearly does this, but in a pre-Tiger form, not using launchd. I would > much rather "do it properly" than hack something together. > > If anyone can point me in the right direction, such as an example > package that already does all this that I can plug into, that would be > fantastic. > > But even working out how to program for launchd would be a start. The > OSX way of booting appears to be very complicated, involving reams of > XML. > > Sorry that doesn't really answer your question, but.... > >> >> So far I've figured out that OSX is using Perl 5.8.6 and Postfix of some >> flavour. Does anyone have any pre-installation validation tools or >> advice on >> what to expect? I know OSX is BSD under the hood, but the directory >> structure is seriously weird for someone coming from a "pure" >> Linux/BSD/Unix >> background. >> >> BTW - where the hell does OSX keep it's cron jobs and services? I've >> got >> Apache+MySQL running on it but they both came with neato *.dmg >> packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's >> though I'm >> happy to work with Julian to get the bugs sorted and possibly create >> a OSX >> "port" complete with dmg package etc....now THAT interests me! >> >> Thanks in advance. >> >> James >> --I've got a bad feeling about this. >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From brent.bolin at gmail.com Mon Apr 3 16:26:41 2006 From: brent.bolin at gmail.com (BB) Date: Mon Apr 3 16:26:45 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <200604030740.21324.james@grayonline.id.au> References: <200604030740.21324.james@grayonline.id.au> Message-ID: <787dcac20604030826o21fe62bm9e96fdf6cc2cfb5f@mail.gmail.com> /etc/crontab /var/cron/tabs On 4/2/06, James Gray wrote: > > Hi All, > > I'm hoping I'm not about to "break new ground" :) Has anyone got any > reports > on using MailScanner on Mac OSX (Intel)? I'm simplifying my network at > home > with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. > > So far I've figured out that OSX is using Perl 5.8.6 and Postfix of some > flavour. Does anyone have any pre-installation validation tools or advice > on > what to expect? I know OSX is BSD under the hood, but the directory > structure is seriously weird for someone coming from a "pure" > Linux/BSD/Unix > background. > > BTW - where the hell does OSX keep it's cron jobs and services? I've got > Apache+MySQL running on it but they both came with neato *.dmg > packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's though > I'm > happy to work with Julian to get the bugs sorted and possibly create a OSX > "port" complete with dmg package etc....now THAT interests me! > > Thanks in advance. > > James > -- > I've got a bad feeling about this. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/d28c5c1e/attachment.html From brent.bolin at gmail.com Mon Apr 3 16:31:58 2006 From: brent.bolin at gmail.com (BB) Date: Mon Apr 3 16:32:25 2006 Subject: MailScanner on Mac OSX? In-Reply-To: References: <200604030740.21324.james@grayonline.id.au> Message-ID: <787dcac20604030831g49e3ce9fw2eef49cd3c0b5cc5@mail.gmail.com> I agree the startup method of OSX is strange. I have not used it but /etc/rc refers to standard unix startup file. /etc/rc.local Darwin 8.5.0 Mac OSX 10.4.5 On 4/3/06, Julian Field wrote: > > > On 2 Apr 2006, at 22:40, James Gray wrote: > > > Hi All, > > > > I'm hoping I'm not about to "break new ground" :) Has anyone got > > any reports > > on using MailScanner on Mac OSX (Intel)? I'm simplifying my > > network at home > > with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. > > There are a few people (and I mean _very_ few) doing this, after a > guy at Sophos got it working on 10.3. > > It's one of the projects I want to get onto, and may be able to put > in some time on it very soon. > > There are those 2 packaging systems (Fink and the other one I can't > remember) which would provide an easy, though cumbersome, solution. > > Would that be good enough for now? > > What I really want is a system that uses launchd properly and at > least has a system preference for starting and stopping it. > Slimserver nearly does this, but in a pre-Tiger form, not using > launchd. I would much rather "do it properly" than hack something > together. > > If anyone can point me in the right direction, such as an example > package that already does all this that I can plug into, that would > be fantastic. > > But even working out how to program for launchd would be a start. The > OSX way of booting appears to be very complicated, involving reams of > XML. > > Sorry that doesn't really answer your question, but.... > > > > > So far I've figured out that OSX is using Perl 5.8.6 and Postfix of > > some > > flavour. Does anyone have any pre-installation validation tools or > > advice on > > what to expect? I know OSX is BSD under the hood, but the directory > > structure is seriously weird for someone coming from a "pure" Linux/ > > BSD/Unix > > background. > > > > BTW - where the hell does OSX keep it's cron jobs and services? > > I've got > > Apache+MySQL running on it but they both came with neato *.dmg > > packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's > > though I'm > > happy to work with Julian to get the bugs sorted and possibly > > create a OSX > > "port" complete with dmg package etc....now THAT interests me! > > > > Thanks in advance. > > > > James > > -- > > I've got a bad feeling about this. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060403/68ce0fd2/attachment.html From maillists at conactive.com Mon Apr 3 17:09:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 17:09:54 2006 Subject: Strange syslog message.... In-Reply-To: <8C320493-9173-418B-AE2B-491783D739B3@globeserver.com> References: <0B4E2DE5-C280-426E-B9A9-C193A3CD4F1E@globeserver.com> <8f54b4330604011802v1ea2a49cg43e5e1f75c302d86@mail.gmail.com> <8C320493-9173-418B-AE2B-491783D739B3@globeserver.com> Message-ID: Sorry, no more speculation then. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Apr 3 17:09:44 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 17:09:57 2006 Subject: Bad Content Checks In-Reply-To: <44313333.3080603@nkpanama.com> References: <44313333.3080603@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote on Mon, 03 Apr 2006 09:37:39 -0500: > You can, if you put it before the double extension rule. Depending on > the clients' wishes, I either disable it altogether (the double > extension rule) or I add allow rules at the top for trusted filetypes > (my preferred choice). I think you can override it with another setting > introduced a couple of versions ago. Thanks for the answer. Some months ago Julian introduced simpler Allow Filenames = \.txt$ \.pdf$ stuff which can either be used directly in MailScanner or with a ruleset. That's what I did now for txt and pdf. I added them like "\.txt$ \.pdf$" to the file and may add more. Can I also put them line after line in that file? Additionally I also commented out this double extension rule. However, how am I supposed to release this stuff if necessary? If I release it it's immediately caught again by MS. The whitelist works only for spam. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jrudd at ucsc.edu Mon Apr 3 17:53:26 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon Apr 3 17:53:57 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <443133C3.1080007@nkpanama.com> References: <200604030740.21324.james@grayonline.id.au> <443133C3.1080007@nkpanama.com> Message-ID: <2bee8e24a3e8b75650b8ebc4d31e3068@ucsc.edu> Or you could run it with sendmail. Sendmail builds just fine on OS X. (I'm using mimedefang at home, where I'm using OSX as my mail server, though, so I don't have the mailscanner part of the puzzle available to help ... but I wouldn't expect it to be _any_ different than installing it on FreeBSD, except the startup scripting) On Apr 3, 2006, at 7:40 AM, Alex Neuman van der Hans wrote: > I once tried getting it to work on OS X Server, but gave up ;) - I > think it can be done, except I'm not very postfix-savvy. > > You *could*, however, run it using any Linux-for-Mac distro; I haven't > heard of any for the Intel Macs yet (if anybody knows, I'd appreciate > the heads-up), but if one's not available right now I suspect they > should be here RSN. > > > Julian Field wrote: >> >> On 2 Apr 2006, at 22:40, James Gray wrote: >> >>> Hi All, >>> >>> I'm hoping I'm not about to "break new ground" :) Has anyone got >>> any reports >>> on using MailScanner on Mac OSX (Intel)? I'm simplifying my network >>> at home >>> with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. >> >> There are a few people (and I mean _very_ few) doing this, after a >> guy at Sophos got it working on 10.3. >> >> It's one of the projects I want to get onto, and may be able to put >> in some time on it very soon. >> >> There are those 2 packaging systems (Fink and the other one I can't >> remember) which would provide an easy, though cumbersome, solution. >> >> Would that be good enough for now? >> >> What I really want is a system that uses launchd properly and at >> least has a system preference for starting and stopping it. >> Slimserver nearly does this, but in a pre-Tiger form, not using >> launchd. I would much rather "do it properly" than hack something >> together. >> >> If anyone can point me in the right direction, such as an example >> package that already does all this that I can plug into, that would >> be fantastic. >> >> But even working out how to program for launchd would be a start. The >> OSX way of booting appears to be very complicated, involving reams of >> XML. >> >> Sorry that doesn't really answer your question, but.... >> >>> >>> So far I've figured out that OSX is using Perl 5.8.6 and Postfix of >>> some >>> flavour. Does anyone have any pre-installation validation tools or >>> advice on >>> what to expect? I know OSX is BSD under the hood, but the directory >>> structure is seriously weird for someone coming from a "pure" >>> Linux/BSD/Unix >>> background. >>> >>> BTW - where the hell does OSX keep it's cron jobs and services? >>> I've got >>> Apache+MySQL running on it but they both came with neato *.dmg >>> packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's >>> though I'm >>> happy to work with Julian to get the bugs sorted and possibly create >>> a OSX >>> "port" complete with dmg package etc....now THAT interests me! >>> >>> Thanks in advance. >>> >>> James >>> --I've got a bad feeling about this. >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> --Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Paul.Haldane at newcastle.ac.uk Mon Apr 3 17:59:15 2006 From: Paul.Haldane at newcastle.ac.uk (Paul Haldane) Date: Mon Apr 3 17:59:12 2006 Subject: 4.51.6-1, linux file command mis-diagnosing bodies of messages Message-ID: <067001c6573f$f06b2e30$e2000c0a@ratte> We had a odd issue today - one of my colleagues sent a plain text message which was flagged as having a disallowed file type ... The original e-mail attachment "the entire message" is on the list of unacceptable attachments for this site and has been replaced by this warning message. After a fair amount of log trawling (which didn't help much) and experimentation we eventually worked out that it was provoked by the 5th to 8th characters of the body of the message being 'free'. This gets picked up by the Linux file command as Apple QuickTime movie file because of the following entry in /usr/share/file/magic (this is RH AS4) ... 4 string free Apple QuickTime movie file (free) It would have helped if somewhere (either in the logs or in the message sent to the sender) we could show what type of file we thought it was rather than just saying that it's something that's not on our allowed list (if this should be happening already we'll check our configs). I'm not sure what we plan to do to fix this here. Obvious kludges that occur to me are taking the entry out of the magic file (and recompiling the version magic uses), doing the same thing but having a separate version of the magic file for use by MailScanner or being less restrictive in the set of file types we let through. Paul -- Paul Haldane Unix Systems Team Information Systems and Services University of Newcastle upon Tyne From mikes at hartwellcorp.com Mon Apr 3 18:51:07 2006 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Mon Apr 3 18:52:15 2006 Subject: I/O Errors from sendmail Message-ID: <91A5926EFF44D3118B1200104B7276EB03D0849E@hart-exchange.hartwellcorp.com> I'm seeing a lot of I/O errors from sendmail on messages that have passed through the MailScanner/SpamAssassin combo here. Is this a known issue or am I experiencing something unusual here? My MailScanner version is 4.51.6 and SpamAssassin version is 2.63. Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: Authentication-Warning: guardian.hartwellcorp.com: mail set sender to using -f Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: from=, size=35586, class=0, nrcpts=3, msgid=<61197E3840D7124D99B8AE6AB0B075101F0F30@mckserver.mckechnie.local>, relay=mail@localhost Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: to=, delay=00:00:20, mailer=esmtp, pri=94833, stat=queued Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: to=, delay=00:00:20, mailer=esmtp, pri=94833, stat=queued Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: to=, delay=00:00:20, mailer=esmtp, pri=94833, stat=queued Mar 31 00:59:18 guardian sendmail[14195]: k2V8lW3W014185: to=,,, delay=00:11:46, xdelay=00:11:01, mailer=esmtp, pri=184833, relay=hart-exchange.hartwellcorp.com. [10.11.10.12], dsn=4.0.0, stat=I/O error -- Michael St. Laurent Hartwell Corporation "That which does not kill me, makes me stranger." -Llewellyn, Ozy and Millie From rcooper at dwford.com Mon Apr 3 19:03:14 2006 From: rcooper at dwford.com (Rick Cooper) Date: Mon Apr 3 19:03:48 2006 Subject: Microsoft Word and Excel documents with embedded harmfull objects Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Adri > Koppes > Sent: Monday, April 03, 2006 9:12 AM > To: mailscanner@lists.mailscanner.info > Subject: Microsoft Word and Excel documents with embedded harmfull > objects > > > Recently some users have discovered a new trick to send blocked and > potentially harmful file through the MailScanner gateway. > They create an email messages with a Microsoft Word or Excel document > attachment, which contains an embedded OLE object or package. > The embedded object can by ANY other file, including executables etc. > When scanned by MailScanner, the executable and other embedded objects > are not detected and the message is passed through to the users mailbox! > Obviously this is not what we would like to happen. > I have found a little program 'ripOLE' on > http://freshmeat.net/projects/ripole/, which will extract all embedded > objects from a Word Document. > Would it be easy to integrate 'ripOLE' or an equivalent program into > MailScanner to be called for attachments? If the embedded objects are > extracted into the normal temp directory, then MailScanner will subject > them to the same file-name/type restrictions as normal attachments. > Probably 'ripOLE' only need to be called when the /usr/bin/file command > has determined the attachment to be some kind of 'Microsoft Office Data' > file. > I looked at this program and it could be called from SafePipe on each attachment after exploding them, as it's quite fast and will return error code 102 when a file is not in OLE format and also returns the string "File 'filename' is not OLE2 format". If called on an OLE file without OLE attachments it returns error code 30 and the string "ripOLE: decoding of filename resulted in error 30". The bad thing I see is there is no way to control the output name of the object. ripole does basic sanitization (removes non-alphanumeric and low/high order chars but that is about that. There wouldn't be any way to tell the program a new name to output to as there may be many files embedded in a single input file. I suppose you could have it output to a safe subdir under the working dir and handle anything found there as non alphanumeric (such as "/" but not ".") is removed in the sanitize function and couldn't escape the MS supplied path name (like /path/../../filename). It would add another layer to the explode as you would have to explode, ripole, make safe names of files found in the ripole attachment dir, move them to the current working dir, explode anything new, etc before scanning. I do believe clamAV catches infected OLE streams but this could be a good way to send bad things. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Apr 3 19:28:04 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 3 19:28:45 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <2bee8e24a3e8b75650b8ebc4d31e3068@ucsc.edu> References: <200604030740.21324.james@grayonline.id.au> <443133C3.1080007@nkpanama.com> <2bee8e24a3e8b75650b8ebc4d31e3068@ucsc.edu> Message-ID: <44316934.3070606@nkpanama.com> I've never built sendmail from source, but it *shouldn't* be too hard. I think I'll give it a whack one of these days and maybe post my experiences to the Wiki. John Rudd wrote: > Or you could run it with sendmail. Sendmail builds just fine on OS > X. (I'm using mimedefang at home, where I'm using OSX as my mail > server, though, so I don't have the mailscanner part of the puzzle > available to help ... but I wouldn't expect it to be _any_ different > than installing it on FreeBSD, except the startup scripting) > > > On Apr 3, 2006, at 7:40 AM, Alex Neuman van der Hans wrote: > >> I once tried getting it to work on OS X Server, but gave up ;) - I >> think it can be done, except I'm not very postfix-savvy. >> >> You *could*, however, run it using any Linux-for-Mac distro; I >> haven't heard of any for the Intel Macs yet (if anybody knows, I'd >> appreciate the heads-up), but if one's not available right now I >> suspect they should be here RSN. >> >> >> Julian Field wrote: >>> >>> On 2 Apr 2006, at 22:40, James Gray wrote: >>> >>>> Hi All, >>>> >>>> I'm hoping I'm not about to "break new ground" :) Has anyone got >>>> any reports >>>> on using MailScanner on Mac OSX (Intel)? I'm simplifying my >>>> network at home >>>> with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. >>> >>> There are a few people (and I mean _very_ few) doing this, after a >>> guy at Sophos got it working on 10.3. >>> >>> It's one of the projects I want to get onto, and may be able to put >>> in some time on it very soon. >>> >>> There are those 2 packaging systems (Fink and the other one I can't >>> remember) which would provide an easy, though cumbersome, solution. >>> >>> Would that be good enough for now? >>> >>> What I really want is a system that uses launchd properly and at >>> least has a system preference for starting and stopping it. >>> Slimserver nearly does this, but in a pre-Tiger form, not using >>> launchd. I would much rather "do it properly" than hack something >>> together. >>> >>> If anyone can point me in the right direction, such as an example >>> package that already does all this that I can plug into, that would >>> be fantastic. >>> >>> But even working out how to program for launchd would be a start. >>> The OSX way of booting appears to be very complicated, involving >>> reams of XML. >>> >>> Sorry that doesn't really answer your question, but.... >>> >>>> >>>> So far I've figured out that OSX is using Perl 5.8.6 and Postfix of >>>> some >>>> flavour. Does anyone have any pre-installation validation tools or >>>> advice on >>>> what to expect? I know OSX is BSD under the hood, but the directory >>>> structure is seriously weird for someone coming from a "pure" >>>> Linux/BSD/Unix >>>> background. >>>> >>>> BTW - where the hell does OSX keep it's cron jobs and services? >>>> I've got >>>> Apache+MySQL running on it but they both came with neato *.dmg >>>> packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's >>>> though I'm >>>> happy to work with Julian to get the bugs sorted and possibly >>>> create a OSX >>>> "port" complete with dmg package etc....now THAT interests me! >>>> >>>> Thanks in advance. >>>> >>>> James >>>> --I've got a bad feeling about this. >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Mon Apr 3 19:28:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 3 19:29:08 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> Message-ID: <4431695E.5060507@nkpanama.com> Kai Schaetzl wrote: > However, how am I supposed to release this stuff if necessary? If I > release it it's immediately caught again by MS. The whitelist works only > for spam. > > How about whitelisting 127.0.0.1? > Kai > > From max at kipness.com Mon Apr 3 20:54:56 2006 From: max at kipness.com (Max Kipness) Date: Mon Apr 3 20:55:12 2006 Subject: Same email processed 268 times! Message-ID: Hello - I've been trying desperately to figure out why my MailScanner queues are so large and cpu is pegged at 100%. When looking through the log I finally figured out what part of the problem might be. Some messages are being processed hundreds of times. I grepped for one messagaes and was processed 268 times, so basically I see this (the repetitive part): Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message k33E61uc020656 actions are store Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found in SBL+XBL Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for message k33E61uc020656 Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from 218.144.251.15 (jonah.rivas_yx@mo en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, required 6, BAYES_99 3.50, DATE_IN_ FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_SORBS_DUL 2. 05) This has repeated 268 times with only an increment of a few seconds in the time. Other messages, including non-spam seem to function just fine and are processed once. I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build from a week ago, so something I guess could be configured wrong. Thanks, Max -- Thanks, Max From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:07:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:08:07 2006 Subject: mqueue and mqueue.in have more files than necessary ... should I worry? In-Reply-To: <1144066008.12412.41.camel@lea.nerc-wallingford.ac.uk> References: <744004DF-2BA0-4120-B65C-E2C5B8F7049B@ecs.soton.ac.uk> <1144066008.12412.41.camel@lea.nerc-wallingford.ac.uk> Message-ID: <44318098.1010401@ecs.soton.ac.uk> It would be better if you either did a "restart" instead of a "start" or else significantly increased the length of time between the stop and the start. It really can take MailScanner 20 or 30 seconds to properly shut down, due to all the cleanup that happens when you close it down. Greg Matthews wrote: > I often get "orphaned" data files lying around. ie those df files > without a corresponding qf envelope file. I use the following script to > clean them up: > > #!/bin/bash > # clean up orphaned df* files in mqueue.in > # no known cause for these files yet. > > /etc/init.d/MailScanner stop > > sleep 2 > dir="/var/spool/mqueue.in" > > file=`find $dir -mtime +1` > for i in ${file} > do m=`basename ${i}` > j=${m:2} > if [ ! -e "${dir}/qf${j}" ]; then > mv ${i} /var/tmp/ > fi > done > echo > df -hl > > /etc/init.d/MailScanner start > > exit 0 > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:13:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:13:25 2006 Subject: Microsoft Word and Excel documents with embedded harmfull objects In-Reply-To: References: Message-ID: <443181D8.1040403@ecs.soton.ac.uk> Wonderful! That sounds like a great idea, I hoped someone would have written something like that, but never found it before (though I haven't searched in a long time). Any ideas what it's written in or anything? It would be most useful to nick the technology inside it and incorporate it. As you say the file command can be used to spot likely candidates unless it's easy to spot files which aren't relevant. I will take a look at this next weekend, I'm away at the JANet Networkshop till Friday. Expect a posting about this next weekend, it's been one of my top hit features I want to implement for quite a long time. Thanks to Adri for finding this, let's hope it isn't a pile of old pony but is actually usable. Regards, Jules. Adri Koppes wrote: > Recently some users have discovered a new trick to send blocked and > potentially harmful file through the MailScanner gateway. > They create an email messages with a Microsoft Word or Excel document > attachment, which contains an embedded OLE object or package. > The embedded object can by ANY other file, including executables etc. > When scanned by MailScanner, the executable and other embedded objects > are not detected and the message is passed through to the users mailbox! > Obviously this is not what we would like to happen. > I have found a little program 'ripOLE' on > http://freshmeat.net/projects/ripole/, which will extract all embedded > objects from a Word Document. > Would it be easy to integrate 'ripOLE' or an equivalent program into > MailScanner to be called for attachments? If the embedded objects are > extracted into the normal temp directory, then MailScanner will subject > them to the same file-name/type restrictions as normal attachments. > Probably 'ripOLE' only need to be called when the /usr/bin/file command > has determined the attachment to be some kind of 'Microsoft Office Data' > file. > > Adri. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:14:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:14:55 2006 Subject: "reports and responses" problems In-Reply-To: <1144070011.12412.78.camel@lea.nerc-wallingford.ac.uk> References: <1144070011.12412.78.camel@lea.nerc-wallingford.ac.uk> Message-ID: <44318234.5000800@ecs.soton.ac.uk> Easy enough to implement in a Custom Function tied to the option that sets the report filename for this. But I will do your corrections to the sender.error.report.txt, thanks for that. Greg Matthews wrote: > If I quarantine messages above a certain size using: > > Maximum Message Size = 15000000 > > and then send a message larger than this, the recipient is sent the > report defined by: > > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > > I've rejigged our stored.virus.message.txt file to be more generic (less > virus orientated) but shouldnt this have its own report? > > also, a small cleanup required for sender.error.report.txt: > > The mail scanner said this about the message: > Report: $report > > should be: > > The mail scanner said this about the message: > $report > > optionally, you might also want to change "virus scanner" to "mail > scanner" or similar in these reports. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Apr 3 21:18:25 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 3 21:18:46 2006 Subject: 4.51.6-1, linux file command mis-diagnosing bodies of messages In-Reply-To: <067001c6573f$f06b2e30$e2000c0a@ratte> References: <067001c6573f$f06b2e30$e2000c0a@ratte> Message-ID: Paul Haldane spake the following on 4/3/2006 9:59 AM: > We had a odd issue today - one of my colleagues sent a plain text message which was flagged as having a disallowed file type ... > > The original e-mail attachment "the entire message" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > After a fair amount of log trawling (which didn't help much) and experimentation we eventually worked out that it was provoked by the 5th to 8th characters of the body of the message being 'free'. This gets picked up by the Linux file command as Apple QuickTime movie file because of the following entry in /usr/share/file/magic (this is RH AS4) ... > > 4 string free Apple QuickTime movie file (free) > > It would have helped if somewhere (either in the logs or in the message sent to the sender) we could show what type of file we thought it was rather than just saying that it's something that's not on our allowed list (if this should be happening already we'll check our configs). > > I'm not sure what we plan to do to fix this here. Obvious kludges that occur to me are taking the entry out of the magic file (and recompiling the version magic uses), doing the same thing but having a separate version of the magic file for use by MailScanner or being less restrictive in the set of file types we let through. > > Paul User sent a message that started with "free". If they don't start a message with the word "free", or even enter a space or a tab before the word "free", I don't think it hits on this. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:21:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:21:59 2006 Subject: MailScanner on Mac OSX? In-Reply-To: <443133C3.1080007@nkpanama.com> References: <200604030740.21324.james@grayonline.id.au> <443133C3.1080007@nkpanama.com> Message-ID: <443183D8.2050201@ecs.soton.ac.uk> Hmmm..... I wouldn't want to run Linux on a Mac, it's quite good enough already. Alex Neuman van der Hans wrote: > I once tried getting it to work on OS X Server, but gave up ;) - I > think it can be done, except I'm not very postfix-savvy. > > You *could*, however, run it using any Linux-for-Mac distro; I haven't > heard of any for the Intel Macs yet (if anybody knows, I'd appreciate > the heads-up), but if one's not available right now I suspect they > should be here RSN. > > > Julian Field wrote: >> >> On 2 Apr 2006, at 22:40, James Gray wrote: >> >>> Hi All, >>> >>> I'm hoping I'm not about to "break new ground" :) Has anyone got >>> any reports >>> on using MailScanner on Mac OSX (Intel)? I'm simplifying my network >>> at home >>> with a Mac Mini (Core Duo thing) replacing 3 old tired PC's. >> >> There are a few people (and I mean _very_ few) doing this, after a >> guy at Sophos got it working on 10.3. >> >> It's one of the projects I want to get onto, and may be able to put >> in some time on it very soon. >> >> There are those 2 packaging systems (Fink and the other one I can't >> remember) which would provide an easy, though cumbersome, solution. >> >> Would that be good enough for now? >> >> What I really want is a system that uses launchd properly and at >> least has a system preference for starting and stopping it. >> Slimserver nearly does this, but in a pre-Tiger form, not using >> launchd. I would much rather "do it properly" than hack something >> together. >> >> If anyone can point me in the right direction, such as an example >> package that already does all this that I can plug into, that would >> be fantastic. >> >> But even working out how to program for launchd would be a start. The >> OSX way of booting appears to be very complicated, involving reams of >> XML. >> >> Sorry that doesn't really answer your question, but.... >> >>> >>> So far I've figured out that OSX is using Perl 5.8.6 and Postfix of >>> some >>> flavour. Does anyone have any pre-installation validation tools or >>> advice on >>> what to expect? I know OSX is BSD under the hood, but the directory >>> structure is seriously weird for someone coming from a "pure" >>> Linux/BSD/Unix >>> background. >>> >>> BTW - where the hell does OSX keep it's cron jobs and services? >>> I've got >>> Apache+MySQL running on it but they both came with neato *.dmg >>> packages....I'm a real OSX n00b I'm afraid :P Unlike most n00b's >>> though I'm >>> happy to work with Julian to get the bugs sorted and possibly create >>> a OSX >>> "port" complete with dmg package etc....now THAT interests me! >>> >>> Thanks in advance. >>> >>> James >>> --I've got a bad feeling about this. >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> --Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Mon Apr 3 21:22:05 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 3 21:22:10 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> Message-ID: <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> On 4/3/06, Kai Schaetzl wrote: > However, how am I supposed to release this stuff if necessary? If I > release it it's immediately caught again by MS. The whitelist works only > for spam. Make a ruleset for Scan Messages where your mail server is a No. -- /peter From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:24:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:24:35 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> Message-ID: <4431846E.2030101@ecs.soton.ac.uk> Kai Schaetzl wrote: > Alex Neuman van der Hans wrote on Mon, 03 Apr 2006 09:37:39 -0500: > > >> You can, if you put it before the double extension rule. Depending on >> the clients' wishes, I either disable it altogether (the double >> extension rule) or I add allow rules at the top for trusted filetypes >> (my preferred choice). I think you can override it with another setting >> introduced a couple of versions ago. >> > > Thanks for the answer. > Some months ago Julian introduced simpler Allow Filenames = \.txt$ \.pdf$ > stuff which can either be used directly in MailScanner or with a ruleset. > That's what I did now for txt and pdf. I added them like "\.txt$ \.pdf$" > to the file and may add more. Can I also put them line after line in that > file? > No, sorry, you can't. > Additionally I also commented out this double extension rule. > > However, how am I supposed to release this stuff if necessary? If I > release it it's immediately caught again by MS. The whitelist works only > for spam. > You can put a ruleset on anything. If it passes "Allow Filenames" then it skips the filename.rules.conf file. You can put a whitelist on any configuration options you like, the whitelist for spam is just a trivial example to get you started. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:28:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:28:32 2006 Subject: 4.51.6-1, linux file command mis-diagnosing bodies of messages In-Reply-To: <067001c6573f$f06b2e30$e2000c0a@ratte> References: <067001c6573f$f06b2e30$e2000c0a@ratte> Message-ID: <44318565.4030207@ecs.soton.ac.uk> Paul Haldane wrote: > We had a odd issue today - one of my colleagues sent a plain text message which was flagged as having a disallowed file type ... > > The original e-mail attachment "the entire message" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > After a fair amount of log trawling (which didn't help much) and experimentation we eventually worked out that it was provoked by the 5th to 8th characters of the body of the message being 'free'. This gets picked up by the Linux file command as Apple QuickTime movie file because of the following entry in /usr/share/file/magic (this is RH AS4) ... > > 4 string free Apple QuickTime movie file (free) > You aren't the first person to suffer this problem. Please file a feature request to the maintainer of the magic file that lists all these checks. I hope it is possible to determine the QuickTime movie files using some other route. This is the main troublemaker in the "file" command at the moment. > It would have helped if somewhere (either in the logs or in the message sent to the sender) we could show what type of file we thought it was rather than just saying that it's something that's not on our allowed list (if this should be happening already we'll check our configs). > > I'm not sure what we plan to do to fix this here. Obvious kludges that occur to me are taking the entry out of the magic file (and recompiling the version magic uses), doing the same thing but having a separate version of the magic file for use by MailScanner or being less restrictive in the set of file types we let through. > To be honest, I would just allow them. Run a sensible max message size (I use 100Mbytes) and let them get on with it. They won't manage to send a whole TV programme very easily with a 100Mbyte max message size (implemented in sendmail and not MailScanner). > Paul > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at vesol.com Mon Apr 3 21:28:31 2006 From: mike at vesol.com (Mike Kercher) Date: Mon Apr 3 21:28:54 2006 Subject: Same email processed 268 times! Message-ID: I've seen the same thing before on ONE of many servers. My solution was to set my High Scoring Spam Action to forward to /dev/null. If I set the action to delete, some messages would get processed over and over again until the system came to it's knees. Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Max Kipness > Sent: Monday, April 03, 2006 2:55 PM > To: mailscanner@lists.mailscanner.info > Subject: Same email processed 268 times! > > > Hello - > > I've been trying desperately to figure out why my MailScanner > queues are so large and cpu is pegged at 100%. When looking > through the log I finally figured out what part of the > problem might be. Some messages are being processed hundreds > of times. I grepped for one messagaes and was processed 268 > times, so basically I see this (the repetitive part): > > Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message > k33E61uc020656 actions are store Apr 3 09:10:11 xxx > MailScanner[21099]: RBL checks: k33E61uc020656 found in > SBL+XBL > Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache > hit for message > k33E61uc020656 > Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from > 218.144.251.15 (jonah.rivas_yx@mo > en.com) to xxx.com is spam, SBL+XBL, SpamAssassin > (score=28.338, required 6, > BAYES_99 3.50, DATE_IN_ > FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, > FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , > MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID > 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 > 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL > 1.95, RCVD_IN_SORBS_DUL 2. > 05) > > This has repeated 268 times with only an increment of a few > seconds in the time. > > Other messages, including non-spam seem to function just fine > and are processed once. > > I'm using the latest MailScanner, SA, DCC, Pyzor. This is a > new build from a week ago, so something I guess could be > configured wrong. > > Thanks, > Max > -- > Thanks, > > Max > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:32:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:32:46 2006 Subject: I/O Errors from sendmail In-Reply-To: <91A5926EFF44D3118B1200104B7276EB03D0849E@hart-exchange.hartwellcorp.com> References: <91A5926EFF44D3118B1200104B7276EB03D0849E@hart-exchange.hartwellcorp.com> Message-ID: <4431865F.3010409@ecs.soton.ac.uk> This is a sendmail problem, and not a MailScanner problem. However I strongly advise you upgrade to the latest SpamAssassin, the version you have is very old. Considering you obviously keep reasonably up to date with MailScanner, why not SpamAssassin? On the MailScanner website downloads page, there is my easy-to-install ClamAV + SpamAssassin package. Download that and just run install.sh. At the end it tells you about a couple of things you need to do by hand (one of which will shortly be automated as the licence has changed). But other than that, it not only installs (along with all the pre-requisites, which aren't obvious) but also sets up ClamAV and SpamAssassin on your system, employing a few tricks which are very hard to accurately find in the documentation for either package. Michael St. Laurent wrote: > I'm seeing a lot of I/O errors from sendmail on messages that have passed > through the MailScanner/SpamAssassin combo here. Is this a known issue or > am I experiencing something unusual here? My MailScanner version is 4.51.6 > and SpamAssassin version is 2.63. > > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > Authentication-Warning: guardian.hartwellcorp.com: mail set sender to > using -f > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > from=, size=35586, class=0, nrcpts=3, > msgid=<61197E3840D7124D99B8AE6AB0B075101F0F30@mckserver.mckechnie.local>, > relay=mail@localhost > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > to=, delay=00:00:20, mailer=esmtp, pri=94833, > stat=queued > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > to=, delay=00:00:20, mailer=esmtp, pri=94833, > stat=queued > Mar 31 00:47:52 guardian sm-mta[14185]: k2V8lW3W014185: > to=, delay=00:00:20, mailer=esmtp, pri=94833, > stat=queued > Mar 31 00:59:18 guardian sendmail[14195]: k2V8lW3W014185: > to=,, ellcorp.com>, delay=00:11:46, xdelay=00:11:01, mailer=esmtp, pri=184833, > relay=hart-exchange.hartwellcorp.com. [10.11.10.12], dsn=4.0.0, stat=I/O > error > > > -- > Michael St. Laurent > Hartwell Corporation > > "That which does not kill me, makes me stranger." -Llewellyn, Ozy and Millie > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:37:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:38:03 2006 Subject: Same email processed 268 times! In-Reply-To: References: Message-ID: <443187A2.1060402@ecs.soton.ac.uk> You need to upgrade, there was a bug in the version you are running (4.51.5?). Max Kipness wrote: > Hello - > > I've been trying desperately to figure out why my MailScanner queues are so > large and cpu is pegged at 100%. When looking through the log I finally figured > out what part of the problem might be. Some messages are being processed > hundreds of times. I grepped for one messagaes and was processed 268 times, so > basically I see this (the repetitive part): > > Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message k33E61uc020656 > actions are store > Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found in > SBL+XBL > Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for message > k33E61uc020656 > Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from > 218.144.251.15 (jonah.rivas_yx@mo > en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, required 6, > BAYES_99 3.50, DATE_IN_ > FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, > MIME_BASE64_NO_NAME 0.22 > , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, > RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ > RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL > 1.95, RCVD_IN_SORBS_DUL 2. > 05) > > This has repeated 268 times with only an increment of a few seconds in the > time. > > Other messages, including non-spam seem to function just fine and are processed > once. > > I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build from a > week ago, so something I guess could be configured wrong. > > Thanks, > Max > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From max at kipness.com Mon Apr 3 21:44:48 2006 From: max at kipness.com (Max Kipness) Date: Mon Apr 3 21:45:07 2006 Subject: Same email processed 268 times! In-Reply-To: References: Message-ID: <8f0832f0110db1e1e95941823f9326a8@localhost> Is this some kind of bug? I have my high-score set to store. As I last resort I guess I could send to /dev/null, but I'm hoping there is some other solution. Thanks, Max On Mon, 3 Apr 2006 15:28:31 -0500, "Mike Kercher" wrote: > I've seen the same thing before on ONE of many servers. My solution was > to set my High Scoring Spam Action to forward to /dev/null. If I set > the action to delete, some messages would get processed over and over > again until the system came to it's knees. > > Mike > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Max Kipness >> Sent: Monday, April 03, 2006 2:55 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Same email processed 268 times! >> >> >> Hello - >> >> I've been trying desperately to figure out why my MailScanner >> queues are so large and cpu is pegged at 100%. When looking >> through the log I finally figured out what part of the >> problem might be. Some messages are being processed hundreds >> of times. I grepped for one messagaes and was processed 268 >> times, so basically I see this (the repetitive part): >> >> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message >> k33E61uc020656 actions are store Apr 3 09:10:11 xxx >> MailScanner[21099]: RBL checks: k33E61uc020656 found in >> SBL+XBL >> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache >> hit for message >> k33E61uc020656 >> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >> 218.144.251.15 (jonah.rivas_yx@mo >> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin >> (score=28.338, required 6, >> BAYES_99 3.50, DATE_IN_ >> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, >> FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , >> MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID >> 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 >> 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL >> 1.95, RCVD_IN_SORBS_DUL 2. >> 05) >> >> This has repeated 268 times with only an increment of a few >> seconds in the time. >> >> Other messages, including non-spam seem to function just fine >> and are processed once. >> >> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a >> new build from a week ago, so something I guess could be >> configured wrong. >> >> Thanks, >> Max >> -- >> Thanks, >> >> Max >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Thanks, Max From MailScanner at ecs.soton.ac.uk Mon Apr 3 21:53:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 3 21:53:53 2006 Subject: Same email processed 268 times! In-Reply-To: <8f0832f0110db1e1e95941823f9326a8@localhost> References: <8f0832f0110db1e1e95941823f9326a8@localhost> Message-ID: <44318B4E.8060407@ecs.soton.ac.uk> If anyone can narrow this down to a particular message, this would _really_ help. I can't reproduce the problem at the moment, so I can't fix it. Though 4.51.5 exhibited this quite badly which 4.51.6 fixed. Max Kipness wrote: > Is this some kind of bug? I have my high-score set to store. As I last resort I guess I could send to /dev/null, but I'm hoping there is some other solution. > > Thanks, > Max > > On Mon, 3 Apr 2006 15:28:31 -0500, "Mike Kercher" wrote: > >> I've seen the same thing before on ONE of many servers. My solution was >> to set my High Scoring Spam Action to forward to /dev/null. If I set >> the action to delete, some messages would get processed over and over >> again until the system came to it's knees. >> >> Mike >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Max Kipness >>> Sent: Monday, April 03, 2006 2:55 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: Same email processed 268 times! >>> >>> >>> Hello - >>> >>> I've been trying desperately to figure out why my MailScanner >>> queues are so large and cpu is pegged at 100%. When looking >>> through the log I finally figured out what part of the >>> problem might be. Some messages are being processed hundreds >>> of times. I grepped for one messagaes and was processed 268 >>> times, so basically I see this (the repetitive part): >>> >>> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message >>> k33E61uc020656 actions are store Apr 3 09:10:11 xxx >>> MailScanner[21099]: RBL checks: k33E61uc020656 found in >>> SBL+XBL >>> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache >>> hit for message >>> k33E61uc020656 >>> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >>> 218.144.251.15 (jonah.rivas_yx@mo >>> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin >>> (score=28.338, required 6, >>> BAYES_99 3.50, DATE_IN_ >>> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, >>> FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , >>> MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID >>> 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 >>> 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL >>> 1.95, RCVD_IN_SORBS_DUL 2. >>> 05) >>> >>> This has repeated 268 times with only an increment of a few >>> seconds in the time. >>> >>> Other messages, including non-spam seem to function just fine >>> and are processed once. >>> >>> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a >>> new build from a week ago, so something I guess could be >>> configured wrong. >>> >>> Thanks, >>> Max >>> -- >>> Thanks, >>> >>> Max >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From max at kipness.com Mon Apr 3 21:55:24 2006 From: max at kipness.com (Max Kipness) Date: Mon Apr 3 21:55:36 2006 Subject: Same email processed 268 times! Message-ID: Thanks for the response, will do. My version is indeed 4.51.5. Max On Mon, 03 Apr 2006 21:37:54 +0100, Julian Field wrote: > You need to upgrade, there was a bug in the version you are running > (4.51.5?). > > Max Kipness wrote: >> Hello - >> >> I've been trying desperately to figure out why my MailScanner queues are > so >> large and cpu is pegged at 100%. When looking through the log I finally > figured >> out what part of the problem might be. Some messages are being processed >> hundreds of times. I grepped for one messagaes and was processed 268 > times, so >> basically I see this (the repetitive part): >> >> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message > k33E61uc020656 >> actions are store >> Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found > in >> SBL+XBL >> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for > message >> k33E61uc020656 >> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >> 218.144.251.15 (jonah.rivas_yx@mo >> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, > required 6, >> BAYES_99 3.50, DATE_IN_ >> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, > FORGED_RCVD_HELO 0.14, >> MIME_BASE64_NO_NAME 0.22 >> , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, >> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ >> RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, > RCVD_IN_NJABL_DUL >> 1.95, RCVD_IN_SORBS_DUL 2. >> 05) >> >> This has repeated 268 times with only an increment of a few seconds in > the >> time. >> >> Other messages, including non-spam seem to function just fine and are > processed >> once. >> >> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build > from a >> week ago, so something I guess could be configured wrong. >> >> Thanks, >> Max >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Regards, Max Kipness AssureData, Inc. -- Thanks, Max From rcooper at dwford.com Mon Apr 3 22:27:13 2006 From: rcooper at dwford.com (Rick Cooper) Date: Mon Apr 3 22:27:37 2006 Subject: Microsoft Word and Excel documents with embedded harmfullobjects In-Reply-To: <443181D8.1040403@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Monday, April 03, 2006 4:13 PM > To: MailScanner discussion > Subject: Re: Microsoft Word and Excel documents with embedded > harmfullobjects > > > Wonderful! > That sounds like a great idea, I hoped someone would have written > something like that, but never found it before (though I haven't > searched in a long time). > > Any ideas what it's written in or anything? It would be most useful to > nick the technology inside it and incorporate it. As you say the file > command can be used to spot likely candidates unless it's easy to spot > files which aren't relevant. > > I will take a look at this next weekend, I'm away at the JANet > Networkshop till Friday. Expect a posting about this next weekend, it's > been one of my top hit features I want to implement for quite a long time. > > Thanks to Adri for finding this, let's hope it isn't a pile of old pony > but is actually usable. > [...] It's written in C, it's under active development and it has only been tested on x86 hardware. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Mon Apr 3 22:29:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 22:29:31 2006 Subject: Bad Content Checks In-Reply-To: <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> References: <44313333.3080603@nkpanama.com> <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> Message-ID: Shuttlebox wrote on Mon, 3 Apr 2006 22:22:05 +0200: > Make a ruleset for Scan Messages where your mail server is a No. Ah, yes, thanks. I remember now I used this quite a while back on another server instead of whitelisting external sources because whitelisting still spam-scans the messages, it just doesn't mark them as spam. Isn't it like that? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Apr 3 22:29:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 22:29:32 2006 Subject: Bad Content Checks In-Reply-To: <4431695E.5060507@nkpanama.com> References: <44313333.3080603@nkpanama.com> <4431695E.5060507@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote on Mon, 03 Apr 2006 13:28:46 -0500: > > However, how am I supposed to release this stuff if necessary? If I > > release it it's immediately caught again by MS. The whitelist works only > > for spam. > > > > > How about whitelisting 127.0.0.1? I was thinking about spam.whitelist.rules only and that doesn't whitelist bad content. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Apr 3 22:29:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 3 22:29:36 2006 Subject: Bad Content Checks In-Reply-To: <4431846E.2030101@ecs.soton.ac.uk> References: <44313333.3080603@nkpanama.com> <4431846E.2030101@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 03 Apr 2006 21:24:14 +0100: > You can put a ruleset on anything. If it passes "Allow Filenames" then > it skips the filename.rules.conf file. You can put a whitelist on any > configuration options you like, the whitelist for spam is just a trivial > example to get you started. Well, I like at the file and I obviously cannot put something like From: 127.0.0.1 no in it, or can I? I now do it as shuttlebox suggested. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From shuttlebox at gmail.com Mon Apr 3 23:10:46 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 3 23:10:49 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> Message-ID: <625385e30604031510j268311ffq2b6a5ad2d3066fc1@mail.gmail.com> On 4/3/06, Kai Schaetzl wrote: > Ah, yes, thanks. I remember now I used this quite a while back on another > server instead of whitelisting external sources because whitelisting still > spam-scans the messages, it just doesn't mark them as spam. Isn't it like > that? If you use Detailed Spam Report it has to call SA to produce it even if it will be whitelisted. -- /peter From maillists at conactive.com Tue Apr 4 11:45:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 11:45:09 2006 Subject: Bad Content Checks In-Reply-To: References: <44313333.3080603@nkpanama.com> <4431846E.2030101@ecs.soton.ac.uk> Message-ID: Kai Schaetzl wrote on Mon, 03 Apr 2006 23:29:21 +0200: > like looked Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Apr 4 13:11:36 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 13:11:48 2006 Subject: Bad Content Checks In-Reply-To: <625385e30604031510j268311ffq2b6a5ad2d3066fc1@mail.gmail.com> References: <44313333.3080603@nkpanama.com> <625385e30604031322q22dd52f4wa4224d29d61011e8@mail.gmail.com> <625385e30604031510j268311ffq2b6a5ad2d3066fc1@mail.gmail.com> Message-ID: Shuttlebox wrote on Tue, 4 Apr 2006 00:10:46 +0200: > If you use Detailed Spam Report it has to call SA to produce it even > if it will be whitelisted. Yeah, I do. However, I don't get that report for whitelisted messages. So, scanning it is mute if I don't get that report. At least, there's nothing getting logged to the mailwatch db. Julian, can you clarify on this? I recall we had a conversation about this quite a while back and I remember that Julian said messages are scanned for spam even if whitelisted, just that the result gets discarded. So, if the reason is only that detailed report, it should either be possible to skip the detailed report and not scan or if we scan nevertheless then add this result to the mailwatch db as information. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From martinh at solid-state-logic.com Tue Apr 4 13:26:31 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 4 13:26:39 2006 Subject: Bad Content Checks In-Reply-To: Message-ID: <01b601c657e3$017efcd0$3004010a@martinhlaptop> Kai Depends where the whitelist is...if it's "Definitely Not Spam" I'm not sure it calls SA at all..if the whitelist is an SA whitelist then it will of course call SA. And if it?s the big "Scan Messages" switch then I guess its just pops around all the tests. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 04 April 2006 13:12 > To: mailscanner@lists.mailscanner.info > Subject: Re: Bad Content Checks > > Shuttlebox wrote on Tue, 4 Apr 2006 00:10:46 +0200: > > > If you use Detailed Spam Report it has to call SA to produce it even > > if it will be whitelisted. > > Yeah, I do. However, I don't get that report for whitelisted messages. So, > scanning it is mute if I don't get that report. At least, there's nothing > getting logged to the mailwatch db. Julian, can you clarify on this? I > recall we had a conversation about this quite a while back and I remember > that Julian said messages are scanned for spam even if whitelisted, just > that the result gets discarded. So, if the reason is only that detailed > report, it should either be possible to skip the detailed report and not > scan or if we scan nevertheless then add this result to the mailwatch db > as information. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jdsmith2816 at bellsouth.net Tue Apr 4 16:05:57 2006 From: jdsmith2816 at bellsouth.net (jdsmith2816@bellsouth.net) Date: Tue Apr 4 16:06:00 2006 Subject: Mail not being sent Message-ID: <20060404150557.MFMC26479.ibm64aec.bellsouth.net@mail.bellsouth.net> Greetings: I am using MailWatch, SpamAssassin, MailScanner, and Postfix all latest versions. I was having issues with mail not being released properly (the mail was being put back into quarantine when released from MailWatch) so I made some suggested rule changes from the mailwatch FAQ at http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq yesterday. After coming back into work today I notice there have been no mails actually going out since yesterday.. They are all stuck in the hold queue. Below is an excerpt from my log as of 10 mins ago or so.. The queue is building and building. Does anyone have any ideas? Stupid me forgot to backup the MailScanner.conf file prior to changing it so I don't recall what the defaults were BEFORE the changes that were made to the rules from that faq page. I'm kind of desperate, I'm sure people are eagerly awaiting those 12000 or so emails. Best regards, JD Smith ----------------------------------snip------------------------------------- Apr 4 14:44:51 stonecrab MailScanner[10928]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Apr 4 14:44:52 stonecrab MailScanner[10928]: Read 710 hostnames from the phishing whitelist Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init function SQLBlackList Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init function MailWatchLogging Apr 4 14:44:52 stonecrab MailScanner[10928]: Started SQL Logging child Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init function SQLWhiteList Apr 4 14:44:52 stonecrab MailScanner[10928]: Using SpamAssassin results cache Apr 4 14:44:52 stonecrab MailScanner[10928]: Connected to SpamAssassin cache database Apr 4 14:44:52 stonecrab MailScanner[10928]: Enabling SpamAssassin auto- whitelist functionality... Apr 4 14:44:52 stonecrab postfix/smtpd[8521]: disconnect from copux. meekermorgan.com[206.131.231.167] Apr 4 14:44:54 stonecrab MailScanner[10928]: Using locktype = flock Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Found 11838 messages waiting Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Scanning 30 messages, 150929 bytes Apr 4 14:44:54 stonecrab MailScanner[10928]: Spam Checks: Starting Apr 4 14:44:55 stonecrab postfix/smtpd[9330]: connect from 65-112-133-10.dia. static.qwest.net[65.112.133.10] Apr 4 14:44:55 stonecrab postfix/smtpd[9173]: connect from 65-112-133-10.dia. static.qwest.net[65.112.133.10] Apr 4 14:44:57 stonecrab postfix/smtpd[9275]: connect from 65-112-133-10.dia. static.qwest.net[65.112.133.10] Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: connect from nvc68.atasylrsi.com [87.253.225.68] Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: D2A2D3F7035: client=nvc68. atasylrsi.com[87.253.225.68] Apr 4 14:44:58 stonecrab postfix/smtpd[8521]: connect from yoho-common.wc09.net [63.214.0.244] Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: 0292F3F7036: client=yoho-common. wc09.net[63.214.0.244] Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header Received: from yoho-common.wc09.net (yoho-common.wc09.net [63.214.0.244])??by stonecrab.interbee.com Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header Received: from hammacher.whatcounts.com (192.168.0.179) by yoho-common.wc09.net (PowerMTA(TM) v3.0r29 Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: message- id=<20060404144459.0292F3F7036@stonecrab.interbee.com> Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: disconnect from yoho-common.wc09. net[63.214.0.244] Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: connect from host38. respond2mail6.com[69.30.233.38] Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: 9D0DA3F7037: client=host38. respond2mail6.com[69.30.233.38] Apr 4 14:45:01 stonecrab postfix/smtpd[9173]: C55BD3F7038: client=65-112-133- 10.dia.static.qwest.net[65.112.133.10] Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: connect from unknown [216.75.15.17] Apr 4 14:45:02 stonecrab postfix/smtpd[9330]: 4C8D13F7039: client=65-112-133- 10.dia.static.qwest.net[65.112.133.10] Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: 655D63F703A: client=unknown [216.75.15.17] Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header Received: from host38.respond2mail6.com (host38.respond2mail6.com [69.30.233.38])??by stonecrab.inter Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header Received: by host38.respond2mail6.com id h6a2o008hj85; Tue, 4 Apr 2006 06:59:38 -0700 (envelope-from Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: message- id=<20060404144501.9D0DA3F7037@stonecrab.interbee.com> Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header Received: from mail.atscafe.com (unknown [216.75.15.17])??by stonecrab.interbee. com (Postfix) with ES Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header Received: by mail.atscafe.com (PowerMTA(TM) v3.0c2) id h6a37o01g74j; Tue, 4 Apr 2006 10:44:18 -0400 ( Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: message- id= Apr 4 14:45:02 stonecrab postfix/smtpd[10943]: connect from unknown[60.52.0.64] Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: disconnect from unknown [216.75.15.17] Apr 4 14:45:02 stonecrab MailScanner[10944]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Apr 4 14:45:03 stonecrab MailScanner[10944]: Read 710 hostnames from the phishing whitelist Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init function SQLBlackList Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init function MailWatchLogging Apr 4 14:45:03 stonecrab MailScanner[10944]: Started SQL Logging child Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init function SQLWhiteList Apr 4 14:45:03 stonecrab MailScanner[10944]: Using SpamAssassin results cache Apr 4 14:45:03 stonecrab MailScanner[10944]: Connected to SpamAssassin cache database Apr 4 14:45:03 stonecrab MailScanner[10944]: Enabling SpamAssassin auto- whitelist functionality... ------------------------snip------------------------- From martinh at solid-state-logic.com Tue Apr 4 16:18:17 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 4 16:18:28 2006 Subject: Mail not being sent In-Reply-To: <20060404150557.MFMC26479.ibm64aec.bellsouth.net@mail.bellsouth.net> Message-ID: <002401c657fb$003d4120$3004010a@martinhlaptop> HI Do a "MailScanner -lint" and see if any of the config options are broken -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of jdsmith2816@bellsouth.net > Sent: 04 April 2006 16:06 > To: mailscanner@lists.mailscanner.info > Subject: Mail not being sent > > Greetings: > > I am using MailWatch, SpamAssassin, MailScanner, and Postfix all latest > versions. I was having issues with mail not being released properly (the > mail was being put back into quarantine when released from MailWatch) so I > made some suggested rule changes from the mailwatch FAQ at > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq yesterday. > After coming back into work today I notice there have been no mails > actually going out since yesterday.. They are all stuck in the hold queue. > Below is an excerpt from my log as of 10 mins ago or so.. The queue is > building and building. > > Does anyone have any ideas? Stupid me forgot to backup the > MailScanner.conf file prior to changing it so I don't recall what the > defaults were BEFORE the changes that were made to the rules from that faq > page. I'm kind of desperate, I'm sure people are eagerly awaiting those > 12000 or so emails. > > Best regards, > > JD Smith > > ----------------------------------snip------------------------------------ > - > Apr 4 14:44:51 stonecrab MailScanner[10928]: MailScanner E-Mail Virus > Scanner > version 4.51.5 starting... > Apr 4 14:44:52 stonecrab MailScanner[10928]: Read 710 hostnames from the > phishing whitelist > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > function SQLBlackList > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > function MailWatchLogging > Apr 4 14:44:52 stonecrab MailScanner[10928]: Started SQL Logging child > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > function SQLWhiteList > Apr 4 14:44:52 stonecrab MailScanner[10928]: Using SpamAssassin results > cache > Apr 4 14:44:52 stonecrab MailScanner[10928]: Connected to SpamAssassin > cache > database > Apr 4 14:44:52 stonecrab MailScanner[10928]: Enabling SpamAssassin auto- > whitelist functionality... > Apr 4 14:44:52 stonecrab postfix/smtpd[8521]: disconnect from copux. > meekermorgan.com[206.131.231.167] > Apr 4 14:44:54 stonecrab MailScanner[10928]: Using locktype = flock > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Found 11838 > messages > waiting > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Scanning 30 > messages, > 150929 bytes > Apr 4 14:44:54 stonecrab MailScanner[10928]: Spam Checks: Starting > Apr 4 14:44:55 stonecrab postfix/smtpd[9330]: connect from 65-112-133- > 10.dia. > static.qwest.net[65.112.133.10] > Apr 4 14:44:55 stonecrab postfix/smtpd[9173]: connect from 65-112-133- > 10.dia. > static.qwest.net[65.112.133.10] > Apr 4 14:44:57 stonecrab postfix/smtpd[9275]: connect from 65-112-133- > 10.dia. > static.qwest.net[65.112.133.10] > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: connect from > nvc68.atasylrsi.com > [87.253.225.68] > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: D2A2D3F7035: client=nvc68. > atasylrsi.com[87.253.225.68] > Apr 4 14:44:58 stonecrab postfix/smtpd[8521]: connect from yoho- > common.wc09.net > [63.214.0.244] > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: 0292F3F7036: client=yoho- > common. > wc09.net[63.214.0.244] > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header > Received: from yoho-common.wc09.net (yoho-common.wc09.net > [63.214.0.244])??by > stonecrab.interbee.com > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header > Received: from hammacher.whatcounts.com (192.168.0.179) by yoho- > common.wc09.net > (PowerMTA(TM) v3.0r29 > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: message- > id=<20060404144459.0292F3F7036@stonecrab.interbee.com> > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: disconnect from yoho- > common.wc09. > net[63.214.0.244] > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: connect from host38. > respond2mail6.com[69.30.233.38] > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: 9D0DA3F7037: client=host38. > respond2mail6.com[69.30.233.38] > Apr 4 14:45:01 stonecrab postfix/smtpd[9173]: C55BD3F7038: client=65-112- > 133- > 10.dia.static.qwest.net[65.112.133.10] > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: connect from unknown > [216.75.15.17] > Apr 4 14:45:02 stonecrab postfix/smtpd[9330]: 4C8D13F7039: client=65-112- > 133- > 10.dia.static.qwest.net[65.112.133.10] > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: 655D63F703A: client=unknown > [216.75.15.17] > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header > Received: from host38.respond2mail6.com (host38.respond2mail6.com > [69.30.233.38])??by stonecrab.inter > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header > Received: by host38.respond2mail6.com id h6a2o008hj85; Tue, 4 Apr 2006 > 06:59:38 > -0700 (envelope-from > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: message- > id=<20060404144501.9D0DA3F7037@stonecrab.interbee.com> > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header > Received: from mail.atscafe.com (unknown [216.75.15.17])??by > stonecrab.interbee. > com (Postfix) with ES > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header > Received: by mail.atscafe.com (PowerMTA(TM) v3.0c2) id h6a37o01g74j; Tue, > 4 Apr > 2006 10:44:18 -0400 ( > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: message- > id= > Apr 4 14:45:02 stonecrab postfix/smtpd[10943]: connect from > unknown[60.52.0.64] > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: disconnect from unknown > [216.75.15.17] > Apr 4 14:45:02 stonecrab MailScanner[10944]: MailScanner E-Mail Virus > Scanner > version 4.51.5 starting... > Apr 4 14:45:03 stonecrab MailScanner[10944]: Read 710 hostnames from the > phishing whitelist > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > function SQLBlackList > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > function MailWatchLogging > Apr 4 14:45:03 stonecrab MailScanner[10944]: Started SQL Logging child > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > function SQLWhiteList > Apr 4 14:45:03 stonecrab MailScanner[10944]: Using SpamAssassin results > cache > Apr 4 14:45:03 stonecrab MailScanner[10944]: Connected to SpamAssassin > cache > database > Apr 4 14:45:03 stonecrab MailScanner[10944]: Enabling SpamAssassin auto- > whitelist functionality... > ------------------------snip------------------------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Tue Apr 4 16:21:18 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 4 16:21:26 2006 Subject: MailScanner --lint Message-ID: <002501c657fb$6baac7c0$3004010a@martinhlaptop> Jules Hope the JANET bash is going well - program looks interesting. Anyway running 4.51.1 on FreeBSD 4.10 (the generic tar.gz installer NOT the ports version) and "MailScanner -lint" reports Can't exec "/bin/false": No such file or directory at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2882. Which is true....../bin/false should be /usr/bin/false in my case.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jdsmith2816 at bellsouth.net Tue Apr 4 16:22:12 2006 From: jdsmith2816 at bellsouth.net (jdsmith2816@bellsouth.net) Date: Tue Apr 4 16:22:21 2006 Subject: Mail not being sent Message-ID: <20060404152212.MSKS26479.ibm64aec.bellsouth.net@mail.bellsouth.net> Results are below: stonecrab:~/MailScanner-install-4.52.2/perl-tar/MailScanner-4.52.2/etc# MailScanner -lint Read 710 hostnames from the phishing whitelist Config: calling custom init function SQLBlackList Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhiteList MailScanner setting GID to (108) MailScanner setting UID to (106) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav bitdefender" Found these virus scanners installed: bitdefender, clamav stonecrab:~/MailScanner-install-4.52.2/perl-tar/MailScanner-4.52.2/etc# > > From: "Martin Hepworth" > Date: 2006/04/04 Tue AM 10:18:17 CDT > To: "'MailScanner discussion'" > Subject: RE: Mail not being sent > > HI > > Do a "MailScanner -lint" and see if any of the config options are broken > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of jdsmith2816@bellsouth.net > > Sent: 04 April 2006 16:06 > > To: mailscanner@lists.mailscanner.info > > Subject: Mail not being sent > > > > Greetings: > > > > I am using MailWatch, SpamAssassin, MailScanner, and Postfix all latest > > versions. I was having issues with mail not being released properly (the > > mail was being put back into quarantine when released from MailWatch) so I > > made some suggested rule changes from the mailwatch FAQ at > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq yesterday. > > After coming back into work today I notice there have been no mails > > actually going out since yesterday.. They are all stuck in the hold queue. > > Below is an excerpt from my log as of 10 mins ago or so.. The queue is > > building and building. > > > > Does anyone have any ideas? Stupid me forgot to backup the > > MailScanner.conf file prior to changing it so I don't recall what the > > defaults were BEFORE the changes that were made to the rules from that faq > > page. I'm kind of desperate, I'm sure people are eagerly awaiting those > > 12000 or so emails. > > > > Best regards, > > > > JD Smith > > > > ----------------------------------snip------------------------------------ > > - > > Apr 4 14:44:51 stonecrab MailScanner[10928]: MailScanner E-Mail Virus > > Scanner > > version 4.51.5 starting... > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Read 710 hostnames from the > > phishing whitelist > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > > function SQLBlackList > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > > function MailWatchLogging > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Started SQL Logging child > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom init > > function SQLWhiteList > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Using SpamAssassin results > > cache > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Connected to SpamAssassin > > cache > > database > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Enabling SpamAssassin auto- > > whitelist functionality... > > Apr 4 14:44:52 stonecrab postfix/smtpd[8521]: disconnect from copux. > > meekermorgan.com[206.131.231.167] > > Apr 4 14:44:54 stonecrab MailScanner[10928]: Using locktype = flock > > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Found 11838 > > messages > > waiting > > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Scanning 30 > > messages, > > 150929 bytes > > Apr 4 14:44:54 stonecrab MailScanner[10928]: Spam Checks: Starting > > Apr 4 14:44:55 stonecrab postfix/smtpd[9330]: connect from 65-112-133- > > 10.dia. > > static.qwest.net[65.112.133.10] > > Apr 4 14:44:55 stonecrab postfix/smtpd[9173]: connect from 65-112-133- > > 10.dia. > > static.qwest.net[65.112.133.10] > > Apr 4 14:44:57 stonecrab postfix/smtpd[9275]: connect from 65-112-133- > > 10.dia. > > static.qwest.net[65.112.133.10] > > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: connect from > > nvc68.atasylrsi.com > > [87.253.225.68] > > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: D2A2D3F7035: client=nvc68. > > atasylrsi.com[87.253.225.68] > > Apr 4 14:44:58 stonecrab postfix/smtpd[8521]: connect from yoho- > > common.wc09.net > > [63.214.0.244] > > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: 0292F3F7036: client=yoho- > > common. > > wc09.net[63.214.0.244] > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header > > Received: from yoho-common.wc09.net (yoho-common.wc09.net > > [63.214.0.244])??by > > stonecrab.interbee.com > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: header > > Received: from hammacher.whatcounts.com (192.168.0.179) by yoho- > > common.wc09.net > > (PowerMTA(TM) v3.0r29 > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: message- > > id=<20060404144459.0292F3F7036@stonecrab.interbee.com> > > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: disconnect from yoho- > > common.wc09. > > net[63.214.0.244] > > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: connect from host38. > > respond2mail6.com[69.30.233.38] > > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: 9D0DA3F7037: client=host38. > > respond2mail6.com[69.30.233.38] > > Apr 4 14:45:01 stonecrab postfix/smtpd[9173]: C55BD3F7038: client=65-112- > > 133- > > 10.dia.static.qwest.net[65.112.133.10] > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: connect from unknown > > [216.75.15.17] > > Apr 4 14:45:02 stonecrab postfix/smtpd[9330]: 4C8D13F7039: client=65-112- > > 133- > > 10.dia.static.qwest.net[65.112.133.10] > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: 655D63F703A: client=unknown > > [216.75.15.17] > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header > > Received: from host38.respond2mail6.com (host38.respond2mail6.com > > [69.30.233.38])??by stonecrab.inter > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: header > > Received: by host38.respond2mail6.com id h6a2o008hj85; Tue, 4 Apr 2006 > > 06:59:38 > > -0700 (envelope-from > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: message- > > id=<20060404144501.9D0DA3F7037@stonecrab.interbee.com> > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header > > Received: from mail.atscafe.com (unknown [216.75.15.17])??by > > stonecrab.interbee. > > com (Postfix) with ES > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: header > > Received: by mail.atscafe.com (PowerMTA(TM) v3.0c2) id h6a37o01g74j; Tue, > > 4 Apr > > 2006 10:44:18 -0400 ( > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: message- > > id= > > Apr 4 14:45:02 stonecrab postfix/smtpd[10943]: connect from > > unknown[60.52.0.64] > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: disconnect from unknown > > [216.75.15.17] > > Apr 4 14:45:02 stonecrab MailScanner[10944]: MailScanner E-Mail Virus > > Scanner > > version 4.51.5 starting... > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Read 710 hostnames from the > > phishing whitelist > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > > function SQLBlackList > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > > function MailWatchLogging > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Started SQL Logging child > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom init > > function SQLWhiteList > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Using SpamAssassin results > > cache > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Connected to SpamAssassin > > cache > > database > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Enabling SpamAssassin auto- > > whitelist functionality... > > ------------------------snip------------------------- > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Tue Apr 4 16:27:08 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 16:27:20 2006 Subject: Bad Content Checks In-Reply-To: <4431846E.2030101@ecs.soton.ac.uk> References: <44313333.3080603@nkpanama.com> <4431846E.2030101@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 03 Apr 2006 21:24:14 +0100: > You can put a ruleset on anything. If it passes "Allow Filenames" then > it skips the filename.rules.conf file. Julian, it doesn't want to do that here. I have: Allow Filenames = %etc-dir%/allow.filename.conf Filename Rules = %etc-dir%/filename.rules.conf with \.txt$ \.pdf$ \.bmp$ in allow.filename.conf The file is found and read by MS. I did a service MailScanner reload after changing it about four hours ago. But still .bmp files are blocked because of this rule deny \.bmp$ Windows bitmap file security vulnerability Possible buffer overflow in Windows It looks like the Deny rule in Filename Rules still is read and takes precedence over Allow Filenames. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From martinh at solid-state-logic.com Tue Apr 4 16:37:52 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 4 16:38:00 2006 Subject: Mail not being sent In-Reply-To: <20060404152212.MSKS26479.ibm64aec.bellsouth.net@mail.bellsouth.net> Message-ID: <002601c657fd$bc52e750$3004010a@martinhlaptop> OK That looks good, now edit the MailScanner.conf and put BOTH debug statements to yes, stop MailScanner (make sure it's stopped with a ps) and run checkmailscanner. This should give debug to the screen and maillog file. Have a look at those and see if anything grabs you as to why things aren't moving out of the hold queue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of jdsmith2816@bellsouth.net > Sent: 04 April 2006 16:22 > To: MailScanner discussion > Subject: Re: RE: Mail not being sent > > Results are below: > > stonecrab:~/MailScanner-install-4.52.2/perl-tar/MailScanner-4.52.2/etc# > MailScanner -lint > Read 710 hostnames from the phishing whitelist > Config: calling custom init function SQLBlackList > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhiteList > MailScanner setting GID to (108) > MailScanner setting UID to (106) > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav bitdefender" > Found these virus scanners installed: bitdefender, clamav > stonecrab:~/MailScanner-install-4.52.2/perl-tar/MailScanner-4.52.2/etc# > > > > > From: "Martin Hepworth" > > Date: 2006/04/04 Tue AM 10:18:17 CDT > > To: "'MailScanner discussion'" > > Subject: RE: Mail not being sent > > > > HI > > > > Do a "MailScanner -lint" and see if any of the config options are broken > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of jdsmith2816@bellsouth.net > > > Sent: 04 April 2006 16:06 > > > To: mailscanner@lists.mailscanner.info > > > Subject: Mail not being sent > > > > > > Greetings: > > > > > > I am using MailWatch, SpamAssassin, MailScanner, and Postfix all > latest > > > versions. I was having issues with mail not being released properly > (the > > > mail was being put back into quarantine when released from MailWatch) > so I > > > made some suggested rule changes from the mailwatch FAQ at > > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq yesterday. > > > After coming back into work today I notice there have been no mails > > > actually going out since yesterday.. They are all stuck in the hold > queue. > > > Below is an excerpt from my log as of 10 mins ago or so.. The queue is > > > building and building. > > > > > > Does anyone have any ideas? Stupid me forgot to backup the > > > MailScanner.conf file prior to changing it so I don't recall what the > > > defaults were BEFORE the changes that were made to the rules from that > faq > > > page. I'm kind of desperate, I'm sure people are eagerly awaiting > those > > > 12000 or so emails. > > > > > > Best regards, > > > > > > JD Smith > > > > > > ----------------------------------snip-------------------------------- > ---- > > > - > > > Apr 4 14:44:51 stonecrab MailScanner[10928]: MailScanner E-Mail Virus > > > Scanner > > > version 4.51.5 starting... > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Read 710 hostnames from > the > > > phishing whitelist > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom > init > > > function SQLBlackList > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom > init > > > function MailWatchLogging > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Started SQL Logging child > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Config: calling custom > init > > > function SQLWhiteList > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Using SpamAssassin > results > > > cache > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Connected to SpamAssassin > > > cache > > > database > > > Apr 4 14:44:52 stonecrab MailScanner[10928]: Enabling SpamAssassin > auto- > > > whitelist functionality... > > > Apr 4 14:44:52 stonecrab postfix/smtpd[8521]: disconnect from copux. > > > meekermorgan.com[206.131.231.167] > > > Apr 4 14:44:54 stonecrab MailScanner[10928]: Using locktype = flock > > > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Found 11838 > > > messages > > > waiting > > > Apr 4 14:44:54 stonecrab MailScanner[10928]: New Batch: Scanning 30 > > > messages, > > > 150929 bytes > > > Apr 4 14:44:54 stonecrab MailScanner[10928]: Spam Checks: Starting > > > Apr 4 14:44:55 stonecrab postfix/smtpd[9330]: connect from 65-112-133- > > > 10.dia. > > > static.qwest.net[65.112.133.10] > > > Apr 4 14:44:55 stonecrab postfix/smtpd[9173]: connect from 65-112-133- > > > 10.dia. > > > static.qwest.net[65.112.133.10] > > > Apr 4 14:44:57 stonecrab postfix/smtpd[9275]: connect from 65-112-133- > > > 10.dia. > > > static.qwest.net[65.112.133.10] > > > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: connect from > > > nvc68.atasylrsi.com > > > [87.253.225.68] > > > Apr 4 14:44:58 stonecrab postfix/smtpd[9312]: D2A2D3F7035: > client=nvc68. > > > atasylrsi.com[87.253.225.68] > > > Apr 4 14:44:58 stonecrab postfix/smtpd[8521]: connect from yoho- > > > common.wc09.net > > > [63.214.0.244] > > > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: 0292F3F7036: > client=yoho- > > > common. > > > wc09.net[63.214.0.244] > > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: > header > > > Received: from yoho-common.wc09.net (yoho-common.wc09.net > > > [63.214.0.244])??by > > > stonecrab.interbee.com > > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: hold: > header > > > Received: from hammacher.whatcounts.com (192.168.0.179) by yoho- > > > common.wc09.net > > > (PowerMTA(TM) v3.0r29 > > > Apr 4 14:44:59 stonecrab postfix/cleanup[9134]: 0292F3F7036: message- > > > id=<20060404144459.0292F3F7036@stonecrab.interbee.com> > > > Apr 4 14:44:59 stonecrab postfix/smtpd[8521]: disconnect from yoho- > > > common.wc09. > > > net[63.214.0.244] > > > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: connect from host38. > > > respond2mail6.com[69.30.233.38] > > > Apr 4 14:45:01 stonecrab postfix/smtpd[8521]: 9D0DA3F7037: > client=host38. > > > respond2mail6.com[69.30.233.38] > > > Apr 4 14:45:01 stonecrab postfix/smtpd[9173]: C55BD3F7038: client=65- > 112- > > > 133- > > > 10.dia.static.qwest.net[65.112.133.10] > > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: connect from unknown > > > [216.75.15.17] > > > Apr 4 14:45:02 stonecrab postfix/smtpd[9330]: 4C8D13F7039: client=65- > 112- > > > 133- > > > 10.dia.static.qwest.net[65.112.133.10] > > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: 655D63F703A: > client=unknown > > > [216.75.15.17] > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: > header > > > Received: from host38.respond2mail6.com (host38.respond2mail6.com > > > [69.30.233.38])??by stonecrab.inter > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: hold: > header > > > Received: by host38.respond2mail6.com id h6a2o008hj85; Tue, 4 Apr 2006 > > > 06:59:38 > > > -0700 (envelope-from > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9084]: 9D0DA3F7037: message- > > > id=<20060404144501.9D0DA3F7037@stonecrab.interbee.com> > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: > header > > > Received: from mail.atscafe.com (unknown [216.75.15.17])??by > > > stonecrab.interbee. > > > com (Postfix) with ES > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: hold: > header > > > Received: by mail.atscafe.com (PowerMTA(TM) v3.0c2) id h6a37o01g74j; > Tue, > > > 4 Apr > > > 2006 10:44:18 -0400 ( > > > Apr 4 14:45:02 stonecrab postfix/cleanup[9134]: 655D63F703A: message- > > > id= > > > Apr 4 14:45:02 stonecrab postfix/smtpd[10943]: connect from > > > unknown[60.52.0.64] > > > Apr 4 14:45:02 stonecrab postfix/smtpd[10941]: disconnect from unknown > > > [216.75.15.17] > > > Apr 4 14:45:02 stonecrab MailScanner[10944]: MailScanner E-Mail Virus > > > Scanner > > > version 4.51.5 starting... > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Read 710 hostnames from > the > > > phishing whitelist > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom > init > > > function SQLBlackList > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom > init > > > function MailWatchLogging > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Started SQL Logging child > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Config: calling custom > init > > > function SQLWhiteList > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Using SpamAssassin > results > > > cache > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Connected to SpamAssassin > > > cache > > > database > > > Apr 4 14:45:03 stonecrab MailScanner[10944]: Enabling SpamAssassin > auto- > > > whitelist functionality... > > > ------------------------snip------------------------- > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Tue Apr 4 18:31:25 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 18:31:37 2006 Subject: Bad Content Checks In-Reply-To: <01b601c657e3$017efcd0$3004010a@martinhlaptop> References: <01b601c657e3$017efcd0$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Tue, 4 Apr 2006 13:26:31 +0100: > Depends where the whitelist is...if it's "Definitely Not Spam" I'm not sure > it calls SA at all. That's what it is. I just remember from two years or so ago, that Julian then told me it scans nevertheless and then discards. Maybe that was only with "detailed report", don't know. But, anyway, I don't get this "detailed report" for whitelisted mail. if the whitelist is an SA whitelist then it will of > course call SA. Not whitelists in SA at all, other than the packaged ones. I think there's really no use for them if you use MailScanner. > > And if it?s the big "Scan Messages" switch then I guess its just pops around > all the tests. I hope so, yes. But this is only set for a very few hosts. I'm talking about the "green" W/L stuff in regard to the detailed report here. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Apr 4 18:31:25 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 18:31:39 2006 Subject: MailScanner and SA auto-learning Message-ID: Is it possible that MailScanner interferes in any way with Bayes auto-learning? I have "bayes_auto_learn_threshold_spam 8" on my new machine and nothing gets learned, not even spam over 20. It's possible that it's not learned because partial scores for header or body or so didn?t reach the required minimum, of course. But I first wanted to make sure that MailScanner doesn't tell SA this value when scanning. There's nothing in the MailScanner.conf that looks like that, so I think MailScanner settings don't matter here at all, correct? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Tue Apr 4 18:46:01 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 4 18:46:10 2006 Subject: MailScanner and SA auto-learning In-Reply-To: References: Message-ID: <4432B0D9.3030906@evi-inc.com> Kai Schaetzl wrote: > Is it possible that MailScanner interferes in any way with Bayes > auto-learning? I have "bayes_auto_learn_threshold_spam 8" on my new > machine and nothing gets learned, not even spam over 20. It's possible > that it's not learned because partial scores for header or body or so > didn?t reach the required minimum, of course. But I first wanted to make > sure that MailScanner doesn't tell SA this value when scanning. There's > nothing in the MailScanner.conf that looks like that, so I think > MailScanner settings don't matter here at all, correct? Bayes autolearning works fine in my system, and MailScanner even reports it in the spamcheck headers: X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=44.262, required 5, autolearn=spam, BAYES_99 3.50, DATE_IN_FUTURE_12_24 2.77, MailScanner 4.50.15, SpamAssassin 3.1.0. From maillists at conactive.com Tue Apr 4 19:19:05 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 4 19:19:16 2006 Subject: MailScanner and SA auto-learning In-Reply-To: <4432B0D9.3030906@evi-inc.com> References: <4432B0D9.3030906@evi-inc.com> Message-ID: Matt Kettler wrote on Tue, 04 Apr 2006 13:46:01 -0400: > Bayes autolearning works fine in my system, and MailScanner even reports it in > the spamcheck headers: Hi Matt, it works fine on my main system as well. However, on this new system it doesn't. I ran the message thru SA -D now, it's clearly SA that doesn't want to learn it. The problem are the header-points, there are always too less, although I have plenty of body-points (mostly from SURBLs). Is that required header score configurable in SA 3.1.1 by chance? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Tue Apr 4 19:34:46 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 4 19:35:57 2006 Subject: MailScanner and SA auto-learning In-Reply-To: References: <4432B0D9.3030906@evi-inc.com> Message-ID: <4432BC46.901@evi-inc.com> Kai Schaetzl wrote: > Matt Kettler wrote on Tue, 04 Apr 2006 13:46:01 -0400: > >> Bayes autolearning works fine in my system, and MailScanner even reports it in >> the spamcheck headers: > > Hi Matt, it works fine on my main system as well. However, on this new system it > doesn't. > > I ran the message thru SA -D now, it's clearly SA that doesn't want to learn it. > The problem are the header-points, there are always too less, although I have > plenty of body-points (mostly from SURBLs). Is that required header score > configurable in SA 3.1.1 by chance? No, it's hard-coded. This is entirely on-purpose, to prevent someone from screwing themselves over by making the autolearner to aggressive. The hard-coding is in AutoLearnThreshold.pm. --------- if ($isspam) { my $required_body_points = 3; my $required_head_points = 3; --------- If you need to pick up header points, usually the conventional RBL tests do a good job. However, since you're using SURBLs I'm assuming you're using those too. You really should be seeing at least some autolearning. Any chance ALL_TRUSTED is misfiring and dragging down the header score? From roger at rudnick.com.br Tue Apr 4 20:41:36 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 4 20:41:43 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk> Message-ID: <06d901c6581f$c9840220$0600a8c0@roger> Regarding to my problem (bellow) I found the following lines in my maillog srv MailScanner[9596]: Failed to link message body between queues (/var/spool/mqueue/dfi8R9KQqf010458 --> /var/spool/mqueue.in/dfi8R9KQqf010458) I think that is related to that problem... And my locktype in MailScanner.conf is set to Posix. Any other place to look for? ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, March 30, 2006 2:43 PM Subject: Re: Sendmail Upgrade, other problem > Can you do this and send the output: > > sendmail -d0.1 -d0.4 -bt > Roger Jochem wrote: >> But it is (and was already) configured as posix. I upgraded from 8.13.1 >> to 8.13.6, and then the problem started to appear. >> >> ----- Original Message ----- From: "Julian Field" >> To: "MailScanner discussion" >> Sent: Friday, March 24, 2006 7:33 AM >> Subject: Re: Sendmail Upgrade, other problem >> >> >>> If you are running on Linux and have upgraded from sendmail 8.12 or >>> earlier to 8.13 then you need to set >>> Lock Type = >>> or >>> Lock Type = posix >>> depending on your version of MailScanner. Setting it to "posix" >>> explicitly is clearer. >>> >>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>> >>>> After the sendmail upgrade to 8.13.6, some of my messages come with no >>>> body, and the text "<<< No Message Collected >>>" in the body... They >>>> appear twice in the users inbox, one with this body, and one ok >>>> message (with the original body). >>>> >>>> In Mailwatch this messages appear with two times the header info. Very >>>> strange... >>>> >>>> Anybody facing the same problem, or maybe could give some ideas of >>>> what's causing that? >>>> >>>> Regards >>>> >>>> Roger Jochem >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> Julian Field >>> jkf@ecs.soton.ac.uk >>> Teaching Systems Manager >>> Electronics & Computer Science >>> University of Southampton >>> SO17 1BJ, UK >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From roger at rudnick.com.br Tue Apr 4 20:47:35 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 4 20:47:39 2006 Subject: Sendmail Upgrade, other problem Message-ID: <070f01c65820$9f137c90$0600a8c0@roger> One more thing, is that correct when MailScanner starts? Apr 4 13:59:19 mail MailScanner[14190]: Using locktype = posix Apr 4 13:59:19 mail MailScanner[14190]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Apr 4 13:59:19 mail MailScanner[14190]: New Batch: Found 31 messages waiting Apr 4 13:59:19 mail MailScanner[14190]: New Batch: Scanning 1 messages, 3502 bytes It says that locktype is posix, and is creating some struct_flock subroutine? Is it correct? ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Tuesday, April 04, 2006 4:41 PM Subject: Re: Sendmail Upgrade, other problem > Regarding to my problem (bellow) I found the following lines in my maillog > > srv MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > > I think that is related to that problem... And my locktype in > MailScanner.conf is set to Posix. Any other place to look for? > > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Thursday, March 30, 2006 2:43 PM > Subject: Re: Sendmail Upgrade, other problem > > >> Can you do this and send the output: >> >> sendmail -d0.1 -d0.4 -bt > >> Roger Jochem wrote: >>> But it is (and was already) configured as posix. I upgraded from 8.13.1 >>> to 8.13.6, and then the problem started to appear. >>> >>> ----- Original Message ----- From: "Julian Field" >>> To: "MailScanner discussion" >>> Sent: Friday, March 24, 2006 7:33 AM >>> Subject: Re: Sendmail Upgrade, other problem >>> >>> >>>> If you are running on Linux and have upgraded from sendmail 8.12 or >>>> earlier to 8.13 then you need to set >>>> Lock Type = >>>> or >>>> Lock Type = posix >>>> depending on your version of MailScanner. Setting it to "posix" >>>> explicitly is clearer. >>>> >>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>> >>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>> They appear twice in the users inbox, one with this body, and one ok >>>>> message (with the original body). >>>>> >>>>> In Mailwatch this messages appear with two times the header info. >>>>> Very strange... >>>>> >>>>> Anybody facing the same problem, or maybe could give some ideas of >>>>> what's causing that? >>>>> >>>>> Regards >>>>> >>>>> Roger Jochem >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> Julian Field >>>> jkf@ecs.soton.ac.uk >>>> Teaching Systems Manager >>>> Electronics & Computer Science >>>> University of Southampton >>>> SO17 1BJ, UK >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > From shrek-m at gmx.de Tue Apr 4 21:09:26 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue Apr 4 21:09:34 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <06d901c6581f$c9840220$0600a8c0@roger> References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk> <06d901c6581f$c9840220$0600a8c0@roger> Message-ID: <4432D276.3060707@gmx.de> On 04.04.2006 21:41, Roger Jochem wrote: > Regarding to my problem (bellow) I found the following lines in my > maillog > srv MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > >>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>> >>>>> After the sendmail upgrade to 8.13.6, some of my messages come >>>>> with no body, and the text "<<< No Message Collected >>>" in the >>>>> body... They appear twice in the users inbox, one with this body, >>>>> and one ok message (with the original body). >>>> google http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.html *Author: *Ryan *Date: * 2004-10-25 06:21 +200 *To: *plug *Subject: *[plug] MailScanner children fighting Hi PLUG, I've just upgraded my MailScanner to v4.34.8. Before I knock on their door about this problem I was wondering if anyone has seen it? With the default 5 children running, it appear that sometimes two childen pick up the same message and then whichever finishes last reports an error about it. Below is the output, you can see that two MailScanner processes detect the email waiting, both scan it, then one delivers it and the other one wonders where it went. The leads to 2 messages being sent to the recipient, one with the full message, and the other empty saying "<<< No Message Collected >>>" If I reduce the max children to one, things obviously are a touch slower off the mark, but it stops the children fighting over the messages. -- shrek-m From jstork at pbco.ca Tue Apr 4 21:34:51 2006 From: jstork at pbco.ca (Johnny Stork) Date: Tue Apr 4 21:36:42 2006 Subject: SPF Rules? Message-ID: <4102180.1144182891614.JavaMail.root@pbco-server3.pbco.ca> I finally got around to upgrading our MailScanner setup running on RHES4, I first used the tarball for the clam/SA packages and then the MailScanner rpm upgrade tarball. All seems fine and I am now trying to go through and address various issues that I have not fully configured yet. For now I am trying to understand how the SPF rules work. I know very little about SPF or how it is implemented in mailscanner, but it seems that almost all messages trigger this rule below? Is this normal Score?? Rule? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? Description 2.08SPF_HELO_SOFTFAILSPF: HELO does not match SPF record (softfail) Also, when I go to the Bayes Database Info section on MailWatch, I see that the count for SPAM has been at 198 and even if I go to "Message Operations" locate a definite SPAM message, click the SPAM box and the "Learn" the SPAM count does not increase? But this is probably a question for the MailWatch list _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 l -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060404/0bc2bcbb/attachment.html From marlo at raidbr.com.br Tue Apr 4 21:45:23 2006 From: marlo at raidbr.com.br (marlo - raidbr) Date: Tue Apr 4 21:45:29 2006 Subject: SPAM USER Message-ID: <1144183523.14934.8.camel@localhost.localdomain> I want to know if there is any way to configure the mailscanner to blocking the spam by user. From Kevin_Miller at ci.juneau.ak.us Tue Apr 4 22:02:05 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Apr 4 22:02:11 2006 Subject: SPF Rules? Message-ID: There's two aspects of SPF. The first is your SPF records which are in your DNS. The specify which domains are permitted to send mail claiming to be from your domain. Essentially it's a list of computers authorized to send on your behalf. The other aspect is SPF records in other folks domains. For instance, I have specific servers listed in my dns with SPF records. If someone out in spam-land tries to send a message from bogus-server.ci.juneau.ak.us, your server will look at the address, do a lookup on my dns servers for the corresponding SPF record, note that the sending server isn't one of the authorized servers and it will fail. In my case it's a hard fail but many people set it to soft fail initially. What you're seeing is spammers pretending to send from a domain that isn't theirs. It appears to be working as advertised. Not sure about the spam count question... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Johnny Stork Sent: Tuesday, April 04, 2006 12:35 PM To: mailscanner@lists.mailscanner.info Subject: SPF Rules? I finally got around to upgrading our MailScanner setup running on RHES4, I first used the tarball for the clam/SA packages and then the MailScanner rpm upgrade tarball. All seems fine and I am now trying to go through and address various issues that I have not fully configured yet. For now I am trying to understand how the SPF rules work. I know very little about SPF or how it is implemented in mailscanner, but it seems that almost all messages trigger this rule below? Is this normal Score Rule Description 2.08 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) Also, when I go to the Bayes Database Info section on MailWatch, I see that the count for SPAM has been at 198 and even if I go to "Message Operations" locate a definite SPAM message, click the SPAM box and the "Learn" the SPAM count does not increase? But this is probably a question for the MailWatch list _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 l -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060404/747970f8/attachment-0001.html From mkettler at evi-inc.com Tue Apr 4 22:08:32 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 4 22:09:10 2006 Subject: SPF Rules? In-Reply-To: <4102180.1144182891614.JavaMail.root@pbco-server3.pbco.ca> References: <4102180.1144182891614.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <4432E050.3080002@evi-inc.com> Johnny Stork wrote: > I finally got around to upgrading our MailScanner setup running on > RHES4, I first used the tarball for the clam/SA packages and then the > MailScanner rpm upgrade tarball. All seems fine and I am now trying to > go through and address various issues that I have not fully configured > yet. For now I am trying to understand how the SPF rules work. I know > very little about SPF or how it is implemented in mailscanner, but it > seems that almost all messages trigger this rule below? Is this normal > > Score Rule Description > 2.08 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) > No, it's not normal. However, this is NOT a MailScanner issue. It's a SpamAssassin issue, as that's a SpamAssassin rule. My guess is that you've got a broken trust path, and SA is confused about which host is dropping off the mail to your network. http://wiki.apache.org/spamassassin/TrustPath From alex at nkpanama.com Tue Apr 4 22:21:11 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 4 22:21:38 2006 Subject: SPAM USER In-Reply-To: <1144183523.14934.8.camel@localhost.localdomain> References: <1144183523.14934.8.camel@localhost.localdomain> Message-ID: <4432E347.3080303@nkpanama.com> marlo - raidbr wrote: > I want to know if there is any way to configure the mailscanner to > blocking the spam by user. > > > > Yes, there is. From alex at nkpanama.com Tue Apr 4 22:21:58 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 4 22:22:50 2006 Subject: SPAM USER In-Reply-To: <1144183523.14934.8.camel@localhost.localdomain> References: <1144183523.14934.8.camel@localhost.localdomain> Message-ID: <4432E376.4030908@nkpanama.com> marlo - raidbr wrote: > I want to know if there is any way to configure the mailscanner to > blocking the spam by user. > > > > Seriously, look into rulesets. Read the config file. It's all there. Buy the book. :D From jstork at pbco.ca Tue Apr 4 22:32:56 2006 From: jstork at pbco.ca (Johnny Stork) Date: Tue Apr 4 22:34:47 2006 Subject: SPF Rules? In-Reply-To: <4432E050.3080002@evi-inc.com> Message-ID: <17577576.1144186376819.JavaMail.root@pbco-server3.pbco.ca> Should the suggestions below (from the SA wiki) go into the /etc/MailScanner/spam.assassin.prefs.conf file, or elsewhere? If you want to configure SpamAssassin with more information, you can: set 'internal_networks' to include the hosts that act as MX for your domains, or that may deliver mail internally in your organisation. set 'trusted_networks' to include the same hosts and networks as 'internal_networks', with the addition of some hosts that are external to your organisation which you trust to not be under the control of spammers. For example, very high-volume mail relays at other ISPs, or mailing list servers. _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Matt Kettler Sent: Tue, 4/4/2006 2:12pm To: MailScanner discussion Subject: Re: SPF Rules? Johnny Stork wrote: > I finally got around to upgrading our MailScanner setup running on > RHES4, I first used the tarball for the clam/SA packages and then the > MailScanner rpm upgrade tarball. All seems fine and I am now trying to > go through and address various issues that I have not fully configured > yet. For now I am trying to understand how the SPF rules work. I know > very little about SPF or how it is implemented in mailscanner, but it > seems that almost all messages trigger this rule below? Is this normal > > Score?? Rule?????????????????????????????????? Description > 2.08????SPF_HELO_SOFTFAIL????SPF: HELO does not match SPF record (softfail) > No, it's not normal. However, this is NOT a MailScanner issue. It's a SpamAssassin issue, as that's a SpamAssassin rule. My guess is that you've got a broken trust path, and SA is confused about which host is dropping off the mail to your network. http://wiki.apache.org/spamassassin/TrustPath -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jstork at pbco.ca Tue Apr 4 23:50:00 2006 From: jstork at pbco.ca (Johnny Stork) Date: Tue Apr 4 23:51:43 2006 Subject: SPF Rules? In-Reply-To: <17577576.1144186376819.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> Also, would adding a "trusted_networks" setting, address this message from the SA lint test? [18569] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks 0.00078 [18569] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Johnny Stork Sent: Tue, 4/4/2006 2:37pm To: MailScanner discussion Subject: RE: SPF Rules? Should the suggestions below (from the SA wiki) go into the /etc/MailScanner/spam.assassin.prefs.conf file, or elsewhere? If you want to configure SpamAssassin with more information, you can: set 'internal_networks' to include the hosts that act as MX for your domains, or that may deliver mail internally in your organisation. set 'trusted_networks' to include the same hosts and networks as 'internal_networks', with the addition of some hosts that are external to your organisation which you trust to not be under the control of spammers. For example, very high-volume mail relays at other ISPs, or mailing list servers. _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Matt Kettler Sent: Tue, 4/4/2006 2:12pm To: MailScanner discussion Subject: Re: SPF Rules? Johnny Stork wrote: > I finally got around to upgrading our MailScanner setup running on > RHES4, I first used the tarball for the clam/SA packages and then the > MailScanner rpm upgrade tarball. All seems fine and I am now trying to > go through and address various issues that I have not fully configured > yet. For now I am trying to understand how the SPF rules work. I know > very little about SPF or how it is implemented in mailscanner, but it > seems that almost all messages trigger this rule below? Is this normal > > Score?? Rule?????????????????????????????????? Description > 2.08????SPF_HELO_SOFTFAIL????SPF: HELO does not match SPF record (softfail) > No, it's not normal. However, this is NOT a MailScanner issue. It's a SpamAssassin issue, as that's a SpamAssassin rule. My guess is that you've got a broken trust path, and SA is confused about which host is dropping off the mail to your network. http://wiki.apache.org/spamassassin/TrustPath -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From KGoods at AIAInsurance.com Tue Apr 4 23:52:24 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Tue Apr 4 23:57:01 2006 Subject: OT: New MailScanner machine Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> I'm putting together a new machine to replace the one currently filtering our mail and delivering to an exchange server. The load increased back in December due to an update of MailScanner, Spamassassin, ClamAV, (and adding bitdefender). Spamassassin is timing out regularly and the machine is in heavy swap. (P233 with 196MB, processing ~8k emails per day). I have found another machine in the boneyard that has a little more horsepower (550 PIII with 384MB) and would like to build a new box running the same configuration, plus it gives me a chance to add some "legs" to the old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with everything else as it suits my comfort level. My question is this... I want to load the least services to support MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and Mailscanner-Mrtg. I noticed that there are three ISO's for Centos and another for Centos Server. Can I get away with just the Server ISO and use a minimal install or do I need to get all four and use a combination of them? Sorry if this is noob but I've looked around and can't find much information on the difference between the server ISO and the others and thought someone here may have some experience. Any help would be appreciated much. TIA Ken From michele at blacknight.ie Wed Apr 5 00:08:34 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Wed Apr 5 00:08:38 2006 Subject: OT: New MailScanner machine In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> Message-ID: <4432FC72.8000204@blacknight.ie> Ken Someone else will probably correct me... >From what I recall you can do a minimal server install with just the daemons that you need to run the software You may need to have all the discs, but you wouldn't need to load all their contents... -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From maillists at conactive.com Wed Apr 5 00:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 00:31:31 2006 Subject: MailScanner and SA auto-learning In-Reply-To: <4432BC46.901@evi-inc.com> References: <4432B0D9.3030906@evi-inc.com> <4432BC46.901@evi-inc.com> Message-ID: Matt Kettler wrote on Tue, 04 Apr 2006 14:34:46 -0400: > No, it's hard-coded. This is entirely on-purpose, to prevent someone from > screwing themselves over by making the autolearner to aggressive. Yeah, I know. They said the same thing about the normal autolearning score but then added local.cf options for it, anyway. > > The hard-coding is in AutoLearnThreshold.pm. > --------- > if ($isspam) { > my $required_body_points = 3; > my $required_head_points = 3; > --------- Yeah, I remember those. Most of my spam gets around 2 for header when the whole score is 10-20 and most of the rest is bayes_99, URIBL or some SARE rule and most of them hit on the body. Since most of the spam is caught before spamassassin only a small percentage makes it into SA, anyway. I would at least like to train on these. At the moment no training seems to take place. I suppose that minimal score system for header and body is meant to countermeasure very high scores put manually in the local.cf f.i. for whitelisting certain hosts. I don't do this stuff. It would be nice if SA could rethink it's decision based on the other score. So, if the header score is less than 3 than require a body score of 10 for autolearning or so. Well, maybe I suggest this on satalk. > > If you need to pick up header points, usually the conventional RBL tests do a > good job. However, since you're using SURBLs I'm assuming you're using those > too. You really should be seeing at least some autolearning. No, I use SURBLs because they work great, but I don't use any RBLs in MS or SA. My opinion is that I trust in one I can just use it on MTA level. I trust in three RBLs and results are very very good. > Any chance ALL_TRUSTED is misfiring and dragging down the header score? No, that's working actually very nicely. F.i. it detects the mail that gets submitted by clients directly to the machine for relaying and helps to make them "non-spammy". Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Apr 5 00:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 00:31:32 2006 Subject: SPF Rules? In-Reply-To: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> References: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> Message-ID: Johnny Stork wrote on Tue, 4 Apr 2006 15:50:00 -0700: > Also, would adding a "trusted_networks" setting, address this message > from the SA lint test? > > [18569] dbg: spf: no trusted relays found, > using first (untrusted) relay (if present) for SPF checks > 0.00078 It depends. This works only if there *are* trusted hosts in the Received chain. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Apr 5 00:31:19 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 00:31:33 2006 Subject: SPF Rules? In-Reply-To: <17577576.1144186376819.JavaMail.root@pbco-server3.pbco.ca> References: <17577576.1144186376819.JavaMail.root@pbco-server3.pbco.ca> Message-ID: Johnny Stork wrote on Tue, 4 Apr 2006 14:32:56 -0700: > set 'internal_networks' to include the hosts that act as MX for > your domains, or that may deliver mail internally in your organisation. Thanks, I missed that one. I'm going to change my trusted_networks to internal_networks now :-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From alex at nkpanama.com Wed Apr 5 01:14:23 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 5 01:15:16 2006 Subject: OT: New MailScanner machine In-Reply-To: <4432FC72.8000204@blacknight.ie> References: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> <4432FC72.8000204@blacknight.ie> Message-ID: <44330BDF.6090706@nkpanama.com> Michele Neylon:: Blacknight.ie wrote: > Ken > > Someone else will probably correct me... > > >From what I recall you can do a minimal server install with just the > daemons that you need to run the software > You may need to have all the discs, but you wouldn't need to load all > their contents... > > > > Actually all you will really need is the server CD if you're not interested in things like X, GNOME, KDE, etc. - and you can always "yum install" whatever else you need after you've finished. I've only had problems with bashphobic admins who insist everything must have a spiffy graphical interface; I usually calm them down by introducing them to Webmin. From dickenson at cfmc.com Wed Apr 5 03:34:54 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 5 03:35:03 2006 Subject: Question about from address Message-ID: In my mail log file I have these two lines related to an email message: sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> MailScanner[27857]: Message k34KuiHl012558 from 63.119.50.102 (frame< @ > scrappy.sampling.com) to cfmc.com is spam, SpamAssassin (score=5.56, required 5 Tow of the headers in the email show: MailScanner-SpamCheck: spam, SpamAssassin (score=5.56, required 5, MailScanner-From: frame< @ >scrappy.surveyspot.com I thought the email address in the MailScanner-From line was the email address that is to be white-listed. I have that address white-listed but it does not white-list this email. What is going on? It looks to me like the MailScanner-From line does not have the correct email address. I have change the @ in the email addresses to < @ > -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ From mauriciopcavalcanti at hotmail.com Wed Apr 5 08:52:41 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Wed Apr 5 08:53:19 2006 Subject: RES: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! In-Reply-To: <200602121446.k1CEkdsa002622@smtp30.hccnet.nl> Message-ID: Helo, I have the same warning: ?You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed!? It?s working well, but I had to disable the spamassassin cache results feature. MS 4.35 was upgraded to 4.52 in RH 8.0, but I saw that install.sh could not upgrade/install perl-DBI-1.50-2.noarch.rpm and perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm Problem with perl-DBI: perl(Net::Daemon) perl(RPC::PlClient) perl(Win32::ODBC) I?ve downloaded and installed perl-Net-Daemon and perl-PlRPC (with no problem), but I could not find package for perl(Win32::ODBC). Problem with perl-ExtUtils-MakeMaker: Many files conflicts with files from package perl-5.8.0-88.3 Anyone can help to solve this? Thanks in advance, Mauricio _____ De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Herman Swensson Enviada em: domingo, 12 de fevereiro de 2006 12:47 Para: mailscanner@lists.mailscanner.info Assunto: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! Hi, I have upgraded MailScanner to version 4.50.15 and I am getting the next new Messages: MailScanner: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed MailScanner setting GID to postfix (89) MailScanner setting UID to postfix (89) What does this mean cpan> install DBI CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Mon, 16 Jan 2006 10:10:45 GMT DBI is up to date (1.50). cpan> install DBD::SQLite CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Mon, 16 Jan 2006 10:10:45 GMT DBD::SQLite is up to date (1.11). Linux version is 2.6.9-19 Greetings Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10-2-2006 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060405/5140968b/attachment.html From res at ausics.net Wed Apr 5 08:54:55 2006 From: res at ausics.net (Res) Date: Wed Apr 5 08:55:03 2006 Subject: No SYSLOG No Mail Scanned Message-ID: Is it correct that should syslog die that MS ceases to process mail???? should it not continue on, on such a trivial error state? Current version MS, all MS process defunct, I know it was working two nights ago... Anyway after scratching my head for 10 mins i threw it into debug mode and the problem was instantly evident, cant connect to syslog. OK so it brought to my notice syslog died on our secondary MX :) but none the less I think it's bad that it just queues the mail and dies off this way. -- Cheers Res From martinh at solid-state-logic.com Wed Apr 5 09:00:44 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 09:00:52 2006 Subject: New MailScanner machine In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> Message-ID: <004a01c65887$0aba7960$3004010a@martinhlaptop> Ken One other small point unrelated to your question but I'd get more RAM for the new system. Julian recommends 1GB per CPU and I gotta say I agree with him, even for you small amount of emails per day (which BTW is about the same as me..).. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ken Goods > Sent: 04 April 2006 23:52 > To: MailScanner Mailing List (E-mail) > Subject: OT: New MailScanner machine > > I'm putting together a new machine to replace the one currently filtering > our mail and delivering to an exchange server. The load increased back in > December due to an update of MailScanner, Spamassassin, ClamAV, (and > adding > bitdefender). Spamassassin is timing out regularly and the machine is in > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > I have found another machine in the boneyard that has a little more > horsepower (550 PIII with 384MB) and would like to build a new box running > the same configuration, plus it gives me a chance to add some "legs" to > the > old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with > everything else as it suits my comfort level. > > My question is this... I want to load the least services to support > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and Mailscanner- > Mrtg. > I noticed that there are three ISO's for Centos and another for Centos > Server. Can I get away with just the Server ISO and use a minimal install > or > do I need to get all four and use a combination of them? Sorry if this is > noob but I've looked around and can't find much information on the > difference between the server ISO and the others and thought someone here > may have some experience. > > Any help would be appreciated much. > > TIA > Ken > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Apr 5 09:02:09 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 09:02:16 2006 Subject: MailScanner and SA auto-learning In-Reply-To: Message-ID: <004b01c65887$3cf20100$3004010a@martinhlaptop> Kai Has your bayes DB got the required 200 ham AND spam messages? I'm not sure the bayes functions work at all without the required 400 seed emails.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 04 April 2006 18:31 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner and SA auto-learning > > Is it possible that MailScanner interferes in any way with Bayes > auto-learning? I have "bayes_auto_learn_threshold_spam 8" on my new > machine and nothing gets learned, not even spam over 20. It's possible > that it's not learned because partial scores for header or body or so > didn?t reach the required minimum, of course. But I first wanted to make > sure that MailScanner doesn't tell SA this value when scanning. There's > nothing in the MailScanner.conf that looks like that, so I think > MailScanner settings don't matter here at all, correct? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From prandal at herefordshire.gov.uk Wed Apr 5 10:19:49 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Apr 5 10:20:06 2006 Subject: New MailScanner machine Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C074F5F@isabella.herefordshire.gov.uk> Installing MailScanner on Centos 4.2 (my notes are old so some versioning is incorrect) 1: Install Centos 4.2 Download the CentOS server CD from one of www.centos.org's mirrors and burn to a CD. Boot from that CD press enter at the first text prompt perform the media check welcome: click next language selection: select English (English) keyboard: United Kingdom mouse: choose it automatic partition: accept remove all partitions say yes when warned Partitioning: accept default scheme Boot Loader: accept default network config: Unselect "Configure using DHCP" and enter appropriate values Firewall: no firewall Additional Languages: English GB (set as default) Time Zone - select Europe/London root password: do not lose this and make it non-trivial Package Defaults: Customize Package Group selection: Conf Tools accept defaults Web Server add php-mysql add php-pgsql remove squid remove webalyzer Mail Server add sendmail-cf remove dovecot remove spamassassin (we'll install it ourselves later) Windows File Server do not select DNS accept defaults FTP do not select PostgreSQL accept defaults add postgresql add postgresql-server MySQL defaults add mysql-server add php-mysql Admin Tools defaults System Tools do not select Printing do not select install that lot, then reboot (ejecting CD during reboot) and log in as root reinsert Centos Server CD in CDROM drive rpm --import /media/cdrom/RPM-GPG-KEY-centos4 then "yum install" the following (I'm not sure ALL are necessary but most are for MailScanner/MailWatch/Mailscanner-mrtg) bzip2-devel db4-devel compat-libstdc++* curl-devel elinks emacs gcc-c++-3.4.4 gmp-devel lynx mrtg net-snmp-utils openldap-devel php-gd python-devel rpm-build sendmail-devel then do a "yum update" to get everything up to date. chkconfig --level 2345 cups off chkconfig --level 2345 httpd on chkconfig --level 2345 mysqld on chkconfig --level 2345 named on chkconfig --level 2345 snmpd on edit /etc/resolv.conf adding at front nameserver 127.0.0.1 reboot (again ejecting CD so we don't boot from it by mistake) login as root (well, as you and su where appropriate) Install Unrar Unrar is an archive unpacker available from freshrpms.net. It is used to unpack .rar archives so we can virus scan them. We'll use the package from Dag Wieers' RPM repository for RHEL 4 create the file /etc/yum.repos.d/dag.repo -------- [dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag gpgcheck=1 gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt enabled=1 includepkgs=unrar ------- yum install unrar Install clamav 0.88 and spamassassin 3.11 from Julian's tarball cd /usr/src wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.g z tar zxvf install-Clam-SA.tar.gz cd install-Clam-SA ./install.sh edit /usr/local/etc/freshclam.conf to set "uk" database location. freshclam this should retrieve the current virus patterns without giving any warnings. If you get warnings about digital signatures not being supported you've failed to install gmp-devel earlier. edit /etc/mail/spamassassin/v310.pre to make sure dcc and razor2 plugins are enabled Then install MailScanner cd /usr/src wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.51. 5-1.rpm.tar.gz tar zxvf MailScanner-4.51.5-1.rpm.tar.gz cd MailScanner-4.50.10-1 ./install.sh follow the instructions given at end of install to the letter service sendmail stop chkconfig --level 2345 sendmail off chkconfig --level 2345 MailScanner on Performance tuning MailScanner add the following line to /etc/fstab none /var/spool/MailScanner/incoming tmpfs defaults 0 0 service MailScanner stop mount /var/spool/MailScanner/incoming etc... My notes are in a state of flux, so I'll stop there for the moment. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ken Goods > Sent: 04 April 2006 23:52 > To: MailScanner Mailing List (E-mail) > Subject: OT: New MailScanner machine > > I'm putting together a new machine to replace the one > currently filtering > our mail and delivering to an exchange server. The load > increased back in > December due to an update of MailScanner, Spamassassin, > ClamAV, (and adding > bitdefender). Spamassassin is timing out regularly and the > machine is in > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > I have found another machine in the boneyard that has a little more > horsepower (550 PIII with 384MB) and would like to build a > new box running > the same configuration, plus it gives me a chance to add some > "legs" to the > old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with > everything else as it suits my comfort level. > > My question is this... I want to load the least services to support > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and > Mailscanner-Mrtg. > I noticed that there are three ISO's for Centos and another for Centos > Server. Can I get away with just the Server ISO and use a > minimal install or > do I need to get all four and use a combination of them? > Sorry if this is > noob but I've looked around and can't find much information on the > difference between the server ISO and the others and thought > someone here > may have some experience. > > Any help would be appreciated much. > > TIA > Ken > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Wed Apr 5 10:32:32 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 10:32:39 2006 Subject: New MailScanner machine In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580C074F5F@isabella.herefordshire.gov.uk> Message-ID: <006601c65893$dd851100$3004010a@martinhlaptop> Phil Ooo shiney Have you got some time to add this to the wiki...?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: 05 April 2006 10:20 > To: MailScanner discussion > Subject: RE: New MailScanner machine > > Installing MailScanner on Centos 4.2 (my notes are old so some > versioning is incorrect) > > 1: Install Centos 4.2 > > Download the CentOS server CD from one of www.centos.org's mirrors > and burn to a CD. > > Boot from that CD > press enter at the first text prompt > perform the media check > welcome: click next > language selection: select English (English) > keyboard: United Kingdom > mouse: choose it > automatic partition: accept > remove all partitions > say yes when warned > Partitioning: accept default scheme > Boot Loader: accept default > network config: Unselect "Configure using DHCP" and enter > appropriate values > Firewall: no firewall > Additional Languages: English GB (set as default) > Time Zone - select Europe/London > root password: do not lose this and make it non-trivial > Package Defaults: Customize > Package Group selection: > Conf Tools > accept defaults > Web Server > add php-mysql > add php-pgsql > remove squid > remove webalyzer > Mail Server > add sendmail-cf > remove dovecot > remove spamassassin (we'll install it ourselves > later) > Windows File Server > do not select > DNS > accept defaults > FTP > do not select > PostgreSQL > accept defaults > add postgresql > add postgresql-server > MySQL > defaults > add mysql-server > add php-mysql > Admin Tools > defaults > System Tools > do not select > Printing > do not select > > install that lot, then reboot (ejecting CD during reboot) and > log in as root > > reinsert Centos Server CD in CDROM drive > rpm --import /media/cdrom/RPM-GPG-KEY-centos4 > > then "yum install" the following (I'm not sure ALL are necessary > but most > are for MailScanner/MailWatch/Mailscanner-mrtg) > > bzip2-devel > db4-devel > compat-libstdc++* > curl-devel > elinks > emacs > gcc-c++-3.4.4 > gmp-devel > lynx > mrtg > net-snmp-utils > openldap-devel > php-gd > python-devel > rpm-build > sendmail-devel > > then do a "yum update" to get everything up to date. > > chkconfig --level 2345 cups off > chkconfig --level 2345 httpd on > chkconfig --level 2345 mysqld on > chkconfig --level 2345 named on > chkconfig --level 2345 snmpd on > > edit /etc/resolv.conf adding at front > nameserver 127.0.0.1 > > reboot (again ejecting CD so we don't boot from it by mistake) > > login as root (well, as you and su where appropriate) > > Install Unrar > > Unrar is an archive unpacker available from freshrpms.net. > It is used to unpack .rar archives so we can virus scan them. > > We'll use the package from Dag Wieers' RPM repository for RHEL 4 > > create the file /etc/yum.repos.d/dag.repo > -------- > [dag] > name=Dag RPM Repository for Red Hat Enterprise Linux > baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag > gpgcheck=1 > gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt > enabled=1 > includepkgs=unrar > ------- > > yum install unrar > > > Install clamav 0.88 and spamassassin 3.11 from Julian's tarball > > cd /usr/src > wget > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.g > z > tar zxvf install-Clam-SA.tar.gz > cd install-Clam-SA > ./install.sh > > edit /usr/local/etc/freshclam.conf > > to set "uk" database location. > > freshclam > > this should retrieve the current virus patterns without > giving any > warnings. If you get warnings about digital signatures > not being > supported you've failed to install gmp-devel earlier. > > edit /etc/mail/spamassassin/v310.pre to make sure dcc and razor2 > plugins are enabled > > Then install MailScanner > > cd /usr/src > wget > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.51. > 5-1.rpm.tar.gz > tar zxvf MailScanner-4.51.5-1.rpm.tar.gz > cd MailScanner-4.50.10-1 > ./install.sh > > follow the instructions given at end of install to the letter > > service sendmail stop > chkconfig --level 2345 sendmail off > chkconfig --level 2345 MailScanner on > > Performance tuning MailScanner > > add the following line to /etc/fstab > none /var/spool/MailScanner/incoming tmpfs defaults 0 0 > service MailScanner stop > mount /var/spool/MailScanner/incoming > > etc... > > My notes are in a state of flux, so I'll stop there for the moment. > > Cheers, > > Phil > > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Ken Goods > > Sent: 04 April 2006 23:52 > > To: MailScanner Mailing List (E-mail) > > Subject: OT: New MailScanner machine > > > > I'm putting together a new machine to replace the one > > currently filtering > > our mail and delivering to an exchange server. The load > > increased back in > > December due to an update of MailScanner, Spamassassin, > > ClamAV, (and adding > > bitdefender). Spamassassin is timing out regularly and the > > machine is in > > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > > > I have found another machine in the boneyard that has a little more > > horsepower (550 PIII with 384MB) and would like to build a > > new box running > > the same configuration, plus it gives me a chance to add some > > "legs" to the > > old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with > > everything else as it suits my comfort level. > > > > My question is this... I want to load the least services to support > > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and > > Mailscanner-Mrtg. > > I noticed that there are three ISO's for Centos and another for Centos > > Server. Can I get away with just the Server ISO and use a > > minimal install or > > do I need to get all four and use a combination of them? > > Sorry if this is > > noob but I've looked around and can't find much information on the > > difference between the server ISO and the others and thought > > someone here > > may have some experience. > > > > Any help would be appreciated much. > > > > TIA > > Ken > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From roger at rudnick.com.br Wed Apr 5 10:52:32 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Apr 5 10:52:34 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk><06d901c6581f$c9840220$0600a8c0@roger> <4432D276.3060707@gmx.de> Message-ID: <00d901c65896$a8e35fd0$0600a8c0@roger> Thanks! I really could do that, but I think this would make thinks too slow here... Normaly there are 4 or 5 childrens running, some times even more. But if there is no other solution to that case, I will give that a try. Regards Roger Jochem ----- Original Message ----- From: To: "MailScanner discussion" Sent: Tuesday, April 04, 2006 5:09 PM Subject: Re: Sendmail Upgrade, other problem > On 04.04.2006 21:41, Roger Jochem wrote: > >> Regarding to my problem (bellow) I found the following lines in my >> maillog >> srv MailScanner[9596]: Failed to link message body between queues >> (/var/spool/mqueue/dfi8R9KQqf010458 --> >> /var/spool/mqueue.in/dfi8R9KQqf010458) >> >>>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>>> >>>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>>> They appear twice in the users inbox, one with this body, and one ok >>>>>> message (with the original body). >>>>> > > google > > http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.html > > *Author: *Ryan > *Date: * 2004-10-25 06:21 +200 > *To: *plug > *Subject: *[plug] MailScanner children fighting > > Hi PLUG, > > I've just upgraded my MailScanner to v4.34.8. Before I knock on their > door about this problem I was wondering if anyone has seen it? > > With the default 5 children running, it appear that sometimes two > childen pick up the same message and then whichever finishes last > reports an error about it. Below is the output, you can see that two > MailScanner processes detect the email waiting, both scan it, then one > delivers it and the other one wonders where it went. The leads to 2 > messages being sent to the recipient, one with the full message, and the > other empty saying "<<< No Message Collected >>>" > > If I reduce the max children to one, things obviously are a touch slower > off the mark, but it stops the children fighting over the messages. > > > -- > shrek-m > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Wed Apr 5 11:00:32 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Apr 5 11:01:39 2006 Subject: New MailScanner machine Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C074F73@isabella.herefordshire.gov.uk> No time at all, alas, and it will doubtless be rewritten when I build my next MailScanner box in a week or two. Half my notes say to copy a whole host of my own pre-prepared config files here and there, so they need massaging. One day I'll get it sorted. At the moment I'm busy trialling server virtualisation. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: 05 April 2006 10:33 > To: 'MailScanner discussion' > Subject: RE: New MailScanner machine > > Phil > > Ooo shiney > > Have you got some time to add this to the wiki...?? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > > Sent: 05 April 2006 10:20 > > To: MailScanner discussion > > Subject: RE: New MailScanner machine > > > > Installing MailScanner on Centos 4.2 (my notes are old so some > > versioning is incorrect) > > > > 1: Install Centos 4.2 > > > > Download the CentOS server CD from one of > www.centos.org's mirrors > > and burn to a CD. > > > > Boot from that CD > > press enter at the first text prompt > > perform the media check > > welcome: click next > > language selection: select English (English) > > keyboard: United Kingdom > > mouse: choose it > > automatic partition: accept > > remove all partitions > > say yes when warned > > Partitioning: accept default scheme > > Boot Loader: accept default > > network config: Unselect "Configure using DHCP" and enter > > appropriate values > > Firewall: no firewall > > Additional Languages: English GB (set as default) > > Time Zone - select Europe/London > > root password: do not lose this and make it non-trivial > > Package Defaults: Customize > > Package Group selection: > > Conf Tools > > accept defaults > > Web Server > > add php-mysql > > add php-pgsql > > remove squid > > remove webalyzer > > Mail Server > > add sendmail-cf > > remove dovecot > > remove spamassassin (we'll install it ourselves > > later) > > Windows File Server > > do not select > > DNS > > accept defaults > > FTP > > do not select > > PostgreSQL > > accept defaults > > add postgresql > > add postgresql-server > > MySQL > > defaults > > add mysql-server > > add php-mysql > > Admin Tools > > defaults > > System Tools > > do not select > > Printing > > do not select > > > > install that lot, then reboot (ejecting CD during reboot) and > > log in as root > > > > reinsert Centos Server CD in CDROM drive > > rpm --import /media/cdrom/RPM-GPG-KEY-centos4 > > > > then "yum install" the following (I'm not sure ALL are necessary > > but most > > are for MailScanner/MailWatch/Mailscanner-mrtg) > > > > bzip2-devel > > db4-devel > > compat-libstdc++* > > curl-devel > > elinks > > emacs > > gcc-c++-3.4.4 > > gmp-devel > > lynx > > mrtg > > net-snmp-utils > > openldap-devel > > php-gd > > python-devel > > rpm-build > > sendmail-devel > > > > then do a "yum update" to get everything up to date. > > > > chkconfig --level 2345 cups off > > chkconfig --level 2345 httpd on > > chkconfig --level 2345 mysqld on > > chkconfig --level 2345 named on > > chkconfig --level 2345 snmpd on > > > > edit /etc/resolv.conf adding at front > > nameserver 127.0.0.1 > > > > reboot (again ejecting CD so we don't boot from it by mistake) > > > > login as root (well, as you and su where appropriate) > > > > Install Unrar > > > > Unrar is an archive unpacker available from freshrpms.net. > > It is used to unpack .rar archives so we can virus scan them. > > > > We'll use the package from Dag Wieers' RPM repository for RHEL 4 > > > > create the file /etc/yum.repos.d/dag.repo > > -------- > > [dag] > > name=Dag RPM Repository for Red Hat Enterprise Linux > > baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag > > gpgcheck=1 > > gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt > > enabled=1 > > includepkgs=unrar > > ------- > > > > yum install unrar > > > > > > Install clamav 0.88 and spamassassin 3.11 from Julian's tarball > > > > cd /usr/src > > wget > > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Cla > m-SA.tar.g > > z > > tar zxvf install-Clam-SA.tar.gz > > cd install-Clam-SA > > ./install.sh > > > > edit /usr/local/etc/freshclam.conf > > > > to set "uk" database location. > > > > freshclam > > > > this should retrieve the current virus patterns without > > giving any > > warnings. If you get warnings about digital signatures > > not being > > supported you've failed to install gmp-devel earlier. > > > > edit /etc/mail/spamassassin/v310.pre to make sure dcc and razor2 > > plugins are enabled > > > > Then install MailScanner > > > > cd /usr/src > > wget > > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailSca > nner-4.51. > > 5-1.rpm.tar.gz > > tar zxvf MailScanner-4.51.5-1.rpm.tar.gz > > cd MailScanner-4.50.10-1 > > ./install.sh > > > > follow the instructions given at end of install to the letter > > > > service sendmail stop > > chkconfig --level 2345 sendmail off > > chkconfig --level 2345 MailScanner on > > > > Performance tuning MailScanner > > > > add the following line to /etc/fstab > > none /var/spool/MailScanner/incoming tmpfs defaults 0 0 > > service MailScanner stop > > mount /var/spool/MailScanner/incoming > > > > etc... > > > > My notes are in a state of flux, so I'll stop there for the moment. > > > > Cheers, > > > > Phil > > > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > Of Ken Goods > > > Sent: 04 April 2006 23:52 > > > To: MailScanner Mailing List (E-mail) > > > Subject: OT: New MailScanner machine > > > > > > I'm putting together a new machine to replace the one > > > currently filtering > > > our mail and delivering to an exchange server. The load > > > increased back in > > > December due to an update of MailScanner, Spamassassin, > > > ClamAV, (and adding > > > bitdefender). Spamassassin is timing out regularly and the > > > machine is in > > > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > > > > > I have found another machine in the boneyard that has a > little more > > > horsepower (550 PIII with 384MB) and would like to build a > > > new box running > > > the same configuration, plus it gives me a chance to add some > > > "legs" to the > > > old OS (Redhat 9). My plan is Centos 4.0 for the OS and > sticking with > > > everything else as it suits my comfort level. > > > > > > My question is this... I want to load the least services > to support > > > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and > > > Mailscanner-Mrtg. > > > I noticed that there are three ISO's for Centos and > another for Centos > > > Server. Can I get away with just the Server ISO and use a > > > minimal install or > > > do I need to get all four and use a combination of them? > > > Sorry if this is > > > noob but I've looked around and can't find much information on the > > > difference between the server ISO and the others and thought > > > someone here > > > may have some experience. > > > > > > Any help would be appreciated much. > > > > > > TIA > > > Ken > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dean.plant at roke.co.uk Wed Apr 5 11:43:37 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Wed Apr 5 11:43:55 2006 Subject: New MailScanner machine Message-ID: <2181C5F19DD0254692452BFF3EAF1D6801527B66@rsys005a.comm.ad.roke.co.uk> If it helps anyone, this is the package list from my minimal MailScanner Kickstart. Inspired from http://www.owlriver.com/tips/tiny-centos/ with packages added for MailScanner/MailWatch/Mailscanner-mrtg. %packages sudo kernel grub openssh-server openssh openssh-clients yum # Added for MailScanner sendmail-cf sendmail-devel compat-libstdc++-33 mysql mrtg perl-DBD-MySQL mysql-server sysstat apr apr-util httpd httpd-suexec php php-mysql php-gd php-pear bind bind-chroot caching-nameserver lm_sensors net-snmp net-snmp-utils ntp @ development-tools # -anacron -apmd -autofs -bluez-libs -bluez-bluefw -bluez-hcidump -bluez-utils -comps -cups -cups-libs -desktop-file-utils -dhcpv6_client -diskdumputils -dmraid -eject -finger -lftp -logwatch -rpmdb-CentOS -fbset -freetype -fontconfig -htmlview -ipsec-tools -iptables -irda-utils -isdn4k-utils -lockdev -mailcap -mdadm -mgetty -minicom -mt-st -nano -nc -netdump -nfs-utils -quota -pcmcia-cs -pinfo -portmap -rdist -rmt -rp-pppoe -rsh -statserial -setserial -slocate -specspo -stunnel -sysreport -system-config-securitylevel-tui -system-config-network-tui -talk -tcpdump -vconfig -wvdial -wireless-tools -ypbind -yp-tools -redhat-lsb -xorg-x11-Mesa-libGL -xorg-x11-libs system-config-mouse -pyxf86config -rhpl -libwvstreams -ppp -utemper -wireless-tools -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 05 April 2006 10:20 To: MailScanner discussion Subject: RE: New MailScanner machine Installing MailScanner on Centos 4.2 (my notes are old so some versioning is incorrect) 1: Install Centos 4.2 Download the CentOS server CD from one of www.centos.org's mirrors and burn to a CD. Boot from that CD press enter at the first text prompt perform the media check welcome: click next language selection: select English (English) keyboard: United Kingdom mouse: choose it automatic partition: accept remove all partitions say yes when warned Partitioning: accept default scheme Boot Loader: accept default network config: Unselect "Configure using DHCP" and enter appropriate values Firewall: no firewall Additional Languages: English GB (set as default) Time Zone - select Europe/London root password: do not lose this and make it non-trivial Package Defaults: Customize Package Group selection: Conf Tools accept defaults Web Server add php-mysql add php-pgsql remove squid remove webalyzer Mail Server add sendmail-cf remove dovecot remove spamassassin (we'll install it ourselves later) Windows File Server do not select DNS accept defaults FTP do not select PostgreSQL accept defaults add postgresql add postgresql-server MySQL defaults add mysql-server add php-mysql Admin Tools defaults System Tools do not select Printing do not select install that lot, then reboot (ejecting CD during reboot) and log in as root reinsert Centos Server CD in CDROM drive rpm --import /media/cdrom/RPM-GPG-KEY-centos4 then "yum install" the following (I'm not sure ALL are necessary but most are for MailScanner/MailWatch/Mailscanner-mrtg) bzip2-devel db4-devel compat-libstdc++* curl-devel elinks emacs gcc-c++-3.4.4 gmp-devel lynx mrtg net-snmp-utils openldap-devel php-gd python-devel rpm-build sendmail-devel then do a "yum update" to get everything up to date. chkconfig --level 2345 cups off chkconfig --level 2345 httpd on chkconfig --level 2345 mysqld on chkconfig --level 2345 named on chkconfig --level 2345 snmpd on edit /etc/resolv.conf adding at front nameserver 127.0.0.1 reboot (again ejecting CD so we don't boot from it by mistake) login as root (well, as you and su where appropriate) Install Unrar Unrar is an archive unpacker available from freshrpms.net. It is used to unpack .rar archives so we can virus scan them. We'll use the package from Dag Wieers' RPM repository for RHEL 4 create the file /etc/yum.repos.d/dag.repo -------- [dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag gpgcheck=1 gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt enabled=1 includepkgs=unrar ------- yum install unrar Install clamav 0.88 and spamassassin 3.11 from Julian's tarball cd /usr/src wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.g z tar zxvf install-Clam-SA.tar.gz cd install-Clam-SA ./install.sh edit /usr/local/etc/freshclam.conf to set "uk" database location. freshclam this should retrieve the current virus patterns without giving any warnings. If you get warnings about digital signatures not being supported you've failed to install gmp-devel earlier. edit /etc/mail/spamassassin/v310.pre to make sure dcc and razor2 plugins are enabled Then install MailScanner cd /usr/src wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.51. 5-1.rpm.tar.gz tar zxvf MailScanner-4.51.5-1.rpm.tar.gz cd MailScanner-4.50.10-1 ./install.sh follow the instructions given at end of install to the letter service sendmail stop chkconfig --level 2345 sendmail off chkconfig --level 2345 MailScanner on Performance tuning MailScanner add the following line to /etc/fstab none /var/spool/MailScanner/incoming tmpfs defaults 0 0 service MailScanner stop mount /var/spool/MailScanner/incoming etc... My notes are in a state of flux, so I'll stop there for the moment. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ken Goods > Sent: 04 April 2006 23:52 > To: MailScanner Mailing List (E-mail) > Subject: OT: New MailScanner machine > > I'm putting together a new machine to replace the one > currently filtering > our mail and delivering to an exchange server. The load > increased back in > December due to an update of MailScanner, Spamassassin, > ClamAV, (and adding > bitdefender). Spamassassin is timing out regularly and the > machine is in > heavy swap. (P233 with 196MB, processing ~8k emails per day). > > I have found another machine in the boneyard that has a little more > horsepower (550 PIII with 384MB) and would like to build a > new box running > the same configuration, plus it gives me a chance to add some > "legs" to the > old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with > everything else as it suits my comfort level. > > My question is this... I want to load the least services to support > MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and > Mailscanner-Mrtg. > I noticed that there are three ISO's for Centos and another for Centos > Server. Can I get away with just the Server ISO and use a > minimal install or > do I need to get all four and use a combination of them? > Sorry if this is > noob but I've looked around and can't find much information on the > difference between the server ISO and the others and thought > someone here > may have some experience. > > Any help would be appreciated much. > > TIA > Ken > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Apr 5 11:47:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 5 11:48:04 2006 Subject: MailScanner --lint In-Reply-To: <002501c657fb$6baac7c0$3004010a@martinhlaptop> References: <002501c657fb$6baac7c0$3004010a@martinhlaptop> Message-ID: <4433A04B.2050101@ecs.soton.ac.uk> Martin Hepworth wrote: > Jules > > Hope the JANET bash is going well - program looks interesting. > Yes it is thanks. Very very good talk from the professor of security engineering at Cambridge University's computer lab. I would really like to go and work for him :-) Also a good talk from the head of security at SLAC (Stanford Linear Accelerator Centre) who gave a very good overview of computer security in different contexts, and how poor a lot of security systems are. > Anyway running 4.51.1 on FreeBSD 4.10 (the generic tar.gz installer NOT the > ports version) and "MailScanner -lint" reports > > Can't exec "/bin/false": No such file or directory at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2882. > > > Which is true....../bin/false should be /usr/bin/false in my case.... > On 99% of systems it's in /bin, so that's where I put it by default. Don't forget that you area allowed to edit these .conf files, and occasionally you will need to do so for your systems. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Apr 5 11:56:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 5 11:57:02 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: References: Message-ID: <4433A275.3050907@ecs.soton.ac.uk> Run MailScanner --lint and MailScanner --debug and see if they produce any error messages. Res wrote: > Is it correct that should syslog die that MS ceases to process mail???? > should it not continue on, on such a trivial error state? > > Current version MS, all MS process defunct, I know it was working two > nights ago... Anyway after scratching my head for 10 mins i threw it into > debug mode and the problem was instantly evident, cant connect to syslog. > > OK so it brought to my notice syslog died on our secondary MX :) but > none the less I think it's bad that it just queues the mail and dies > off this way. > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Apr 5 12:00:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 5 12:00:28 2006 Subject: RES: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! In-Reply-To: References: Message-ID: <4433A33E.2020200@ecs.soton.ac.uk> Mauricio wrote: > > Helo, > > I have the same warning: ?You are trying to use the SpamAssassin cache > but your DBI and/or DBD::SQLite Perl modules are not properly > installed!? . It?s working well, but I had to disable the spamassassin > cache results feature. > Look for the word "Cache" in MailScanner.conf and you will easily find it. > > MS 4.35 was upgraded to 4.52 in RH 8.0, but I saw that install.sh > could not upgrade/install perl-DBI-1.50-2.noarch.rpm and > perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > > Problem with perl-DBI: > > **perl(Net::Daemon)**** > > **perl(RPC::PlClient)**** > > perl(Win32::ODBC) > As the output from the build of perl-DBI says, these are not critical (and it is right, you don't need to install them for perl-DBI to install). > > I?ve downloaded and installed perl-Net-Daemon and perl-PlRPC (with no > problem), but I could not find package for perl(Win32::ODBC). > You don't need it. > > Problem with perl-ExtUtils-MakeMaker: > > Many files conflicts with files from package perl-5.8.0-88.3 > That's because you already have a modern ExtUtils::MakeMaker installed, you can ignore this too. Hope that helps a bit. > > Anyone can help to solve this? > > Thanks in advance, > > Mauricio > > ------------------------------------------------------------------------ > > *De:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *Em nome de > *Herman Swensson > *Enviada em:* domingo, 12 de fevereiro de 2006 12:47 > *Para**:* mailscanner@lists.mailscanner.info > *Assunto:* MailScanner: WARNING: You are trying to use the > SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not > properlyinstalled! > > Hi, > > I have upgraded MailScanner to version 4.50.15 and I am getting the > next new > > Messages: > > MailScanner: WARNING: You are trying to use the SpamAssassin cache but > your DBI and/or DBD::SQLite Perl modules are not properly installed > > MailScanner setting GID to postfix (89) > > MailScanner setting UID to postfix (89) > > What does this mean > > cpan> install DBI > > CPAN: Storable loaded ok > > Going to read /root/.cpan/Metadata > > Database was generated on Mon, 16 Jan 2006 10:10:45 GMT > > DBI is up to date (1.50). > > cpan> install DBD::SQLite > > CPAN: Storable loaded ok > > Going to read /root/.cpan/Metadata > > Database was generated on Mon, 16 Jan 2006 10:10:45 GMT > > DBD::SQLite is up to date (1.11). > > Linux version is 2.6.9-19 > > Greetings > > Herman > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10-2-2006 > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Wed Apr 5 12:01:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 12:01:26 2006 Subject: MailScanner --lint In-Reply-To: <4433A04B.2050101@ecs.soton.ac.uk> Message-ID: <007c01c658a0$456052b0$3004010a@martinhlaptop> Jules Ah yes Ross Anderson is indeed a very good speaker (amongst other things!). As to the .conf file you mention I presume you mean the virus.scanners.conf in this case. I guess I could just sym link /bin/false to /usr/bin/false so I have to meddle with when I upgrade.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 05 April 2006 11:48 > To: MailScanner discussion > Subject: Re: MailScanner --lint > > > > Martin Hepworth wrote: > > Jules > > > > Hope the JANET bash is going well - program looks interesting. > > > Yes it is thanks. Very very good talk from the professor of security > engineering at Cambridge University's computer lab. I would really like > to go and work for him :-) > > Also a good talk from the head of security at SLAC (Stanford Linear > Accelerator Centre) who gave a very good overview of computer security > in different contexts, and how poor a lot of security systems are. > > Anyway running 4.51.1 on FreeBSD 4.10 (the generic tar.gz installer NOT > the > > ports version) and "MailScanner -lint" reports > > > > Can't exec "/bin/false": No such file or directory at > > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2882. > > > > > > Which is true....../bin/false should be /usr/bin/false in my case.... > > > On 99% of systems it's in /bin, so that's where I put it by default. > Don't forget that you area allowed to edit these .conf files, and > occasionally you will need to do so for your systems. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Wed Apr 5 12:03:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 5 12:03:39 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: References: Message-ID: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> On 05/04/06, Res wrote: > Is it correct that should syslog die that MS ceases to process mail???? > should it not continue on, on such a trivial error state? > > Current version MS, all MS process defunct, I know it was working two > nights ago... Anyway after scratching my head for 10 mins i threw it into > debug mode and the problem was instantly evident, cant connect to syslog. > > OK so it brought to my notice syslog died on our secondary MX :) but none > the less I think it's bad that it just queues the mail and dies off this > way. > > > -- > Cheers > Res That's one of the classics.... What to do when logging dies on you: Create another log entry to that effect? An system/program I used to work with c:a 15 years ago had this "nifty" feature of logging a trace continually, and going into "verbose mode" once a problem was detected... Imagine the idiocy by which one of the "programmers" made the logging be extra verbose on a full disk condition (for the hdd/partition the log file resided on, no less). That was obviously the wrong thing to do:-). So what do you expect MS to do? Just blithely move on? I'm not sure that's a good idea... As it is, you a) notice that mail has "stopped flowing", and b) can rather trivially discover why. What made syslog die? There are a fair amount of things depending on syslog being there, apart from MS:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Wed Apr 5 12:23:34 2006 From: res at ausics.net (Res) Date: Wed Apr 5 12:23:44 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> Message-ID: On Wed, 5 Apr 2006, Glenn Steen wrote: > That's one of the classics.... What to do when logging dies on you: > Create another log entry to that effect? That is silly, i dont give a toss about syslog running or not, at 100 megs a day I sure as hell have better things to do then look at logs lol, but coz syslog dies, why the hell should mail cease to be processed because of it. > So what do you expect MS to do? Just blithely move on? I'm not sure keep processing mail > that's a good idea... As it is, you a) notice that mail has "stopped > flowing", and b) can rather trivially discover why. This creates problems, maybe on a MS box that processes 2-300 emails a day thats fine, but when you do that much every minute thats just not acceptable. > What made syslog die? There are a fair amount of things depending on unknown at this time > syslog being there, apart from MS:-). dedicated mail server (sendmail, MS and clamav) , nothing else died :) -- Cheers Res From maillists at conactive.com Wed Apr 5 12:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 12:31:36 2006 Subject: MailScanner and SA auto-learning In-Reply-To: <004b01c65887$3cf20100$3004010a@martinhlaptop> References: <004b01c65887$3cf20100$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Wed, 5 Apr 2006 09:02:09 +0100: > Has your bayes DB got the required 200 ham AND spam messages? I'm not sure > the bayes functions work at all without the required 400 seed emails.. Bayes works, autolearning doesn't. See my last posting. All the high scoring spam has too few header hits. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From res at ausics.net Wed Apr 5 12:32:01 2006 From: res at ausics.net (Res) Date: Wed Apr 5 12:32:10 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: <4433A275.3050907@ecs.soton.ac.uk> References: <4433A275.3050907@ecs.soton.ac.uk> Message-ID: Julian, As it is running now (syslog) there are no real issues. > Run > MailScanner --lint Only 1 error: config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc SpamAssassin reported an error. > and > MailScanner --debug In Debugging mode, not forking... Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 322, line 442. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 323, line 442. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 322, line 442. Use of uninitialized value in hash element at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 323, line 442. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 225, line 442. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 227, line 442. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm line 228, line 442. Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at ./MailScanner line 780 format error: can't find EOCD signature at ./MailScanner line 780 format error: can't find EOCD signature at ./MailScanner line 780 Stopping now as you are debugging me. > -- Cheers Res From martinh at solid-state-logic.com Wed Apr 5 12:41:05 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 12:41:26 2006 Subject: MailScanner and SA auto-learning In-Reply-To: Message-ID: <008601c658a5$d2b6c7c0$3004010a@martinhlaptop> Kai Hmm is MailScanner running as a non-root user and can that user write to all bayes files/directory? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 05 April 2006 12:31 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner and SA auto-learning > > Martin Hepworth wrote on Wed, 5 Apr 2006 09:02:09 +0100: > > > Has your bayes DB got the required 200 ham AND spam messages? I'm not > sure > > the bayes functions work at all without the required 400 seed emails.. > > Bayes works, autolearning doesn't. See my last posting. All the high > scoring > spam has too few header hits. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Wed Apr 5 14:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 14:31:34 2006 Subject: MailScanner and SA auto-learning In-Reply-To: <008601c658a5$d2b6c7c0$3004010a@martinhlaptop> References: <008601c658a5$d2b6c7c0$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote on Wed, 5 Apr 2006 12:41:05 +0100: > Hmm is MailScanner running as a non-root user and can that user write to all > bayes files/directory? Martin, thanks for your help, but you are really following the wrong course ;-) I get too few header hits. So, SA is working by design. It's not many spam that gets thru to SA and most of those are caught my numerous SURBL, SARE hits and Bayes, but too few header hits. Lets see if I can find an example. Ok, that one just arrived, these are the hits. As you see there's only 0.53 for header hits. There's nothing I can do to change this unless I change the SA code. Learning it would actually be quite nice and I do it manually for this one now. As you see BAYES wasn't clear about it. 0.53 ADDRESS_IN_SUBJECT To: address appears in Subject 0.00 BAYES_50 Bayesian spam probability is 40 to 60% 1.16 HTML_IMAGE_ONLY_20 HTML: images with 1600-2000 bytes of words 0.46 HTML_IMAGE_RATIO_02 HTML has a low ratio of text to image area 0.00 HTML_MESSAGE HTML included in message 0.88 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image 0.12 HTML_TEXT_AFTER_BODY HTML contains text after BODY close tag 0.38 MAILTO_TO_REMOVE Includes a 'remove' email address 0.00 MIME_HTML_ONLY Message only has text/html MIME parts -0.00 SPF_HELO_PASS SPF: HELO matches SPF record -0.00 SPF_PASS SPF: sender matches SPF record 3.00 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 3.21 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 1.50 URIBL_SBL Contains an URL listed in the SBL blocklist 4.00 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist 2.00 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From heath at agdog.com Wed Apr 5 15:03:55 2006 From: heath at agdog.com (Heath Carson) Date: Wed Apr 5 15:04:10 2006 Subject: Inline attachment not inline In-Reply-To: <200604011100.k31B0MoZ010828@bkserver.blacknight.ie> References: <200604011100.k31B0MoZ010828@bkserver.blacknight.ie> Message-ID: On Fri, 31 Mar 2006, Heath writes: >I set "Warning Is Attachment = no", but MailScanner will only put the >warning inline if the original message body is empty. If there is any text >in the original message body, the warning is always made an attachment >rather than being inserted inline at the top of the message body. > >Is this normal behavior? I can't find anything saying it is or isn't. Does anyone know if this is normal behavior or a bug? Thanks. -Heath From glenn.steen at gmail.com Wed Apr 5 15:07:51 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 5 15:07:55 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> Message-ID: <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> On 05/04/06, Res wrote: > On Wed, 5 Apr 2006, Glenn Steen wrote: > > > That's one of the classics.... What to do when logging dies on you: > > Create another log entry to that effect? > > That is silly, i dont give a toss about syslog running or not, at 100 Exactly. > megs a day I sure as hell have better things to do then look at logs lol, > but coz syslog dies, why the hell should mail cease to be processed because > of it. Why not? It got your attention;-):-). > > So what do you expect MS to do? Just blithely move on? I'm not sure > > keep processing mail > > > that's a good idea... As it is, you a) notice that mail has "stopped > > flowing", and b) can rather trivially discover why. > > This creates problems, maybe on a MS box that processes 2-300 emails a > day thats fine, but when you do that much every minute thats just not > acceptable. Syslog is pretty stable usually, so something making it die would (in my experience) be an indication that you have a "serious" problem. I'm sure it's acceptable to you to not keep very good track of individual messages, nor of errors etc... But to some (like me) it really matters... No matter if the throughput is 200 messages per day, hour or minute. But that's just me, I guess:-) > > What made syslog die? There are a fair amount of things depending on > > unknown at this time > > > syslog being there, apart from MS:-). > > dedicated mail server (sendmail, MS and clamav) , nothing else died :) > > > -- > Cheers > Res > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rpoe at plattesheriff.org Wed Apr 5 15:28:03 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Apr 5 15:28:31 2006 Subject: OT: New MailScanner machine In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> Message-ID: <44338DA3.65ED.00A2.0@plattesheriff.org> When I install CentOS I generally end up using discs 1 and 2, and usually #3 too. Never got into disc 4. But I don't install the X, OOo, graphics packages, etc... >>> KGoods@AIAInsurance.com 4/4/2006 5:52:24 PM >>> I'm putting together a new machine to replace the one currently filtering our mail and delivering to an exchange server. The load increased back in December due to an update of MailScanner, Spamassassin, ClamAV, (and adding bitdefender). Spamassassin is timing out regularly and the machine is in heavy swap. (P233 with 196MB, processing ~8k emails per day). I have found another machine in the boneyard that has a little more horsepower (550 PIII with 384MB) and would like to build a new box running the same configuration, plus it gives me a chance to add some "legs" to the old OS (Redhat 9). My plan is Centos 4.0 for the OS and sticking with everything else as it suits my comfort level. My question is this... I want to load the least services to support MailScanner, Spamassassin, Clam, Bitdefender, Webmin, and Mailscanner-Mrtg. I noticed that there are three ISO's for Centos and another for Centos Server. Can I get away with just the Server ISO and use a minimal install or do I need to get all four and use a combination of them? Sorry if this is noob but I've looked around and can't find much information on the difference between the server ISO and the others and thought someone here may have some experience. Any help would be appreciated much. TIA Ken -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From matt at coders.co.uk Wed Apr 5 16:18:25 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed Apr 5 16:18:36 2006 Subject: OT: New MailScanner machine In-Reply-To: <44338DA3.65ED.00A2.0@plattesheriff.org> References: <13C0059880FDD3118DC600508B6D4A6D013D880A@aiainsurance.com> <44338DA3.65ED.00A2.0@plattesheriff.org> Message-ID: <4433DFC1.8030107@coders.co.uk> > I noticed that there are three ISO's for Centos and another for Centos > Server. Can I get away with just the Server ISO and use a minimal > install or > do I need to get all four and use a combination of them? Sorry if this > is > noob but I've looked around and can't find much information on the > difference between the server ISO and the others and thought someone > here > may have some experience. I tend to use the Server CD and then install anything else via yum. matt From KGoods at AIAInsurance.com Wed Apr 5 16:20:16 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Apr 5 16:24:54 2006 Subject: OT: New MailScanner machine Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8810@aiainsurance.com> Alex Neuman van der Hans wrote: > Michele Neylon:: Blacknight.ie wrote: >> Ken >> >> Someone else will probably correct me... >> >>> From what I recall you can do a minimal server install with just the >> daemons that you need to run the software >> You may need to have all the discs, but you wouldn't need to load >> all their contents... >> >> >> >> > Actually all you will really need is the server CD if you're not > interested in things like X, GNOME, KDE, etc. - and you can always > "yum install" whatever else you need after you've finished. I've only > had problems with bashphobic admins who insist everything must have a > spiffy graphical interface; I usually calm them down by introducing > them to Webmin. Thanks to all who responded, and a special thanks to Alex, that's the answer I was looking for. I never use graphical interfaces on *nix boxes... webmin is only for my PHB (who doesn't use it anyway but feels warm and fuzzy that it's there) :) Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From Rob at thehostmasters.com Wed Apr 5 16:29:39 2006 From: Rob at thehostmasters.com (Rob Morin) Date: Wed Apr 5 16:29:42 2006 Subject: Email rejected, what reason to give client?? Message-ID: <4433E263.6060906@thehostmasters.com> Hello all.... I have a few clients that receive email from Asia quite a bit, and they are legitimate emails with no spam, just business talk in them... but they get tagged as spam.... now i know it gives the reason in the logs, but how do i actually tell what the reason was to the user? Here is a sample mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to thedomainname.com is spam, SpamAssassin (score=7.208, required 4, BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) So ok, there the info, so do i look up each rule to see what it means? Is ther ean table or an easy way to let a client know why?? Also i have a friend of mine that has his own mail server and he says he does a white list by adding to the white list any email address that the server sends email to... IE any of his clients that send email via that server to a person, that email is put itn the white list automatically... is this safe? is it possible? Thanks and have a great day! -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From maillists at conactive.com Wed Apr 5 16:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 16:31:37 2006 Subject: Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Tue, 04 Apr 2006 19:34:54 -0700: > from=scrappy.surveysampling.com> this is not a valid email address Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From martinh at solid-state-logic.com Wed Apr 5 16:41:12 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 16:41:27 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E263.6060906@thehostmasters.com> Message-ID: <011e01c658c7$5fada6f0$3004010a@martinhlaptop> Rob I'd put the all SA rules the fired in the email headers themselves for spam, as well as being in the log files.. Here's what I use in my MailScanner.conf... Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Spam Score = yes Spam Score Number Format = %5.2f SpamScore Number Instead Of Stars = yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 05 April 2006 16:30 > To: mailscanner@lists.mailscanner.info > Subject: Email rejected, what reason to give client?? > > Hello all.... > > I have a few clients that receive email from Asia quite a bit, and they > are legitimate emails with no spam, just business talk in them... but > they get tagged as spam.... now i know it gives the reason in the logs, > but how do i actually tell what the reason was to the user? > Here is a sample > > mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > > So ok, there the info, so do i look up each rule to see what it means? > Is ther ean table or an easy way to let a client know why?? > > Also i have a friend of mine that has his own mail server and he says he > does a white list by adding to the white list any email address that the > server sends email to... IE any of his clients that send email via that > server to a person, that email is put itn the white list > automatically... is this safe? is it possible? > > > > Thanks and have a great day! > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dickenson at cfmc.com Wed Apr 5 16:44:50 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 5 16:44:59 2006 Subject: *CfMC-Spam= 5.53* Re: Question about from address In-Reply-To: Message-ID: As I mentioned in the original email I changed the @ to < @ > so the email address could not be harvested. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Kai Schaetzl > Reply-To: MailScanner discussion > Date: Wed, 05 Apr 2006 17:31:23 +0200 > To: > Subject: *CfMC-Spam= 5.53* Re: Question about from address > > Jim Dickenson wrote on Tue, 04 Apr 2006 19:34:54 -0700: > >> from=scrappy.surveysampling.com> > > this is not a valid email address > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Wed Apr 5 16:47:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Apr 5 16:47:34 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E263.6060906@thehostmasters.com> Message-ID: <0ae601c658c8$3f49ea30$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: Wednesday, April 05, 2006 11:30 AM > To: mailscanner@lists.mailscanner.info > Subject: Email rejected, what reason to give client?? > > Hello all.... > > I have a few clients that receive email from Asia quite a bit, and they > are legitimate emails with no spam, just business talk in them... but > they get tagged as spam.... now i know it gives the reason in the logs, > but how do i actually tell what the reason was to the user? > Here is a sample > > mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > > So ok, there the info, so do i look up each rule to see what it means? > Is ther ean table or an easy way to let a client know why?? > > Also i have a friend of mine that has his own mail server and he says he > does a white list by adding to the white list any email address that the > server sends email to... IE any of his clients that send email via that > server to a person, that email is put itn the white list > automatically... is this safe? is it possible? > > > > Thanks and have a great day! > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > The translation from the short names listed in the logs, i.e. DNS_FROM_RFC_ABUSE, and the scores assigned to the rule hit can be found at: http://spamassassin.apache.org/tests_3_1_x.html There are another pages listed in the Wiki if you're using an older version of SA. Searching the page for DNS_FROM_RFC_ABUSE finds: Envelope sender in abuse.rfc-ignorant.org Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From KGoods at AIAInsurance.com Wed Apr 5 16:48:52 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Apr 5 16:53:34 2006 Subject: New MailScanner machine Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8811@aiainsurance.com> Randal, Phil wrote: > Installing MailScanner on Centos 4.2 (my notes are old so some > versioning is incorrect) > > 1: Install Centos 4.2 > > Download the CentOS server CD from one of www.centos.org's mirrors > and burn to a CD. > > Boot from that CD > press enter at the first text prompt > perform the media check Wow! Thanks Phil! I have similar notes for RH 9.0 but they don't really do me much good for Centos. Much appreciated! Kind regards, ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From Rob at thehostmasters.com Wed Apr 5 16:59:32 2006 From: Rob at thehostmasters.com (Rob Morin) Date: Wed Apr 5 16:59:40 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <011e01c658c7$5fada6f0$3004010a@martinhlaptop> References: <011e01c658c7$5fada6f0$3004010a@martinhlaptop> Message-ID: <4433E964.7000001@thehostmasters.com> But if the email gets deleted how do i look in the headers? :) Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Martin Hepworth wrote: > Rob > > I'd put the all SA rules the fired in the email headers themselves for spam, > as well as being in the log files.. > > Here's what I use in my MailScanner.conf... > > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Spam Score = yes > Spam Score Number Format = %5.2f > SpamScore Number Instead Of Stars = yes > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >> Sent: 05 April 2006 16:30 >> To: mailscanner@lists.mailscanner.info >> Subject: Email rejected, what reason to give client?? >> >> Hello all.... >> >> I have a few clients that receive email from Asia quite a bit, and they >> are legitimate emails with no spam, just business talk in them... but >> they get tagged as spam.... now i know it gives the reason in the logs, >> but how do i actually tell what the reason was to the user? >> Here is a sample >> >> mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message >> 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to >> thedomainname.com is spam, SpamAssassin (score=7.208, required 4, >> BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, >> FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, >> NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) >> >> So ok, there the info, so do i look up each rule to see what it means? >> Is ther ean table or an easy way to let a client know why?? >> >> Also i have a friend of mine that has his own mail server and he says he >> does a white list by adding to the white list any email address that the >> server sends email to... IE any of his clients that send email via that >> server to a person, that email is put itn the white list >> automatically... is this safe? is it possible? >> >> >> >> Thanks and have a great day! >> >> -- >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From KGoods at AIAInsurance.com Wed Apr 5 16:55:11 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Apr 5 16:59:51 2006 Subject: New MailScanner machine Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8812@aiainsurance.com> Plant, Dean wrote: > If it helps anyone, this is the package list from my minimal > MailScanner Kickstart. Inspired from > http://www.owlriver.com/tips/tiny-centos/ with packages added for > MailScanner/MailWatch/Mailscanner-mrtg. > > %packages > sudo > kernel > grub > openssh-server > openssh > openssh-clients > yum > # Added for MailScanner This is also a great help Dean. Great way to double check my packages. Thanks so much.... Ken From martinh at solid-state-logic.com Wed Apr 5 17:05:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 5 17:05:28 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E964.7000001@thehostmasters.com> Message-ID: <013301c658ca$bd45e3b0$3004010a@martinhlaptop> Archive all the emails using something lovely like MailWatch.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 05 April 2006 17:00 > To: MailScanner discussion > Subject: Re: Email rejected, what reason to give client?? > > But if the email gets deleted how do i look in the headers? > > :) > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Martin Hepworth wrote: > > Rob > > > > I'd put the all SA rules the fired in the email headers themselves for > spam, > > as well as being in the log files.. > > > > Here's what I use in my MailScanner.conf... > > > > Detailed Spam Report = yes > > Include Scores In SpamAssassin Report = yes > > Spam Score = yes > > Spam Score Number Format = %5.2f > > SpamScore Number Instead Of Stars = yes > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin > >> Sent: 05 April 2006 16:30 > >> To: mailscanner@lists.mailscanner.info > >> Subject: Email rejected, what reason to give client?? > >> > >> Hello all.... > >> > >> I have a few clients that receive email from Asia quite a bit, and they > >> are legitimate emails with no spam, just business talk in them... but > >> they get tagged as spam.... now i know it gives the reason in the logs, > >> but how do i actually tell what the reason was to the user? > >> Here is a sample > >> > >> mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > >> 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > >> thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > >> BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > >> FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > >> NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > >> > >> So ok, there the info, so do i look up each rule to see what it means? > >> Is ther ean table or an easy way to let a client know why?? > >> > >> Also i have a friend of mine that has his own mail server and he says > he > >> does a white list by adding to the white list any email address that > the > >> server sends email to... IE any of his clients that send email via > that > >> server to a person, that email is put itn the white list > >> automatically... is this safe? is it possible? > >> > >> > >> > >> Thanks and have a great day! > >> > >> -- > >> > >> Rob Morin > >> Dido InterNet Inc. > >> Montreal, Canada > >> Http://www.dido.ca > >> 514-990-4444 > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Wed Apr 5 17:31:26 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 17:31:41 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E263.6060906@thehostmasters.com> References: <4433E263.6060906@thehostmasters.com> Message-ID: Rob Morin wrote on Wed, 05 Apr 2006 11:29:39 -0400: > mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > > So ok, there the info, so do i look up each rule to see what it means? > Is ther ean table or an easy way to let a client know why?? First, your score is too low. It's mute to complain about non-spam getting caught by deliberately lowered score. Set it back to 5. Yes, I see that it scored above 5. Nevertheless, sorry, and please don't take it as an offense; lowering score from default is very stupid, especially if mail from clients goes over it. If you have a problem with too much spam getting thru then get better rulesets from SARE. On the problem about description etc. Use Mailwatch, that shows descriptions for all rules and much more and your clients have plenty to play around and will be happy. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Wed Apr 5 17:36:37 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Apr 5 17:36:45 2006 Subject: SPF Rules? In-Reply-To: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> References: <32259592.1144191000231.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <4433F215.5050901@evi-inc.com> Johnny Stork wrote: > Also, would adding a "trusted_networks" setting, address this message from the SA lint test? > > [18569] dbg: spf: no trusted relays found, using first (untrusted) relay (if present) for SPF checks > 0.00078 Yes. From Rob at thehostmasters.com Wed Apr 5 18:00:39 2006 From: Rob at thehostmasters.com (Rob Morin) Date: Wed Apr 5 18:00:46 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: References: <4433E263.6060906@thehostmasters.com> Message-ID: <4433F7B7.6060900@thehostmasters.com> OK, cool thanks for the info i appreciate it, and do not take offense.... i just do not have the time i would like to have to get to know MS and SA... so i do things to help me out that might not be kosher, so to speak.... I will up it to 5 right away and get Mailwatch and see what i come up with.... Thanks... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Kai Schaetzl wrote: > Rob Morin wrote on Wed, 05 Apr 2006 11:29:39 -0400: > > >> mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message >> 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to >> thedomainname.com is spam, SpamAssassin (score=7.208, required 4, >> BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, >> FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, >> NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) >> >> So ok, there the info, so do i look up each rule to see what it means? >> Is ther ean table or an easy way to let a client know why?? >> > > First, your score is too low. It's mute to complain about non-spam getting > caught by deliberately lowered score. Set it back to 5. Yes, I see that it > scored above 5. Nevertheless, sorry, and please don't take it as an > offense; lowering score from default is very stupid, especially if mail > from clients goes over it. If you have a problem with too much spam > getting thru then get better rulesets from SARE. On the problem about > description etc. Use Mailwatch, that shows descriptions for all rules and > much more and your clients have plenty to play around and will be happy. > > Kai > > From bob.jones at usg.edu Wed Apr 5 18:48:39 2006 From: bob.jones at usg.edu (Bob Jones) Date: Wed Apr 5 18:48:55 2006 Subject: Location of perl in #! of Mailscanner scripts Message-ID: <443402F7.6020907@usg.edu> Hey all, So, a little issue here with the install.sh script of the distribution for Solaris/BSD/Other Linux/Other Unix. We have installed a new distribution of perl in a nonstandard location (let's say /opt/perl for this discussion). So, when I go to install Mailscanner with the install.sh script I give it the flag --perl=/opt/perl and everything installs fine. Next I go to run Mailscanner and it goes kablooey. I get to looking around and I see why. Even though I specified an alternate location of perl in the install script, all the Mailscanner perl scripts (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. Shouldn't the install script change these headings to the specified perl or am I missing something? I can't just put a link in /usr/bin as the legacy perl is needed for other things. Thanks! -- Bob Jones bob.jones@usg.edu OIIT, The Board of Regents The University System of Georgia From alex at nkpanama.com Wed Apr 5 19:41:57 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 5 19:42:30 2006 Subject: OT: New MailScanner machine In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D8810@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D8810@aiainsurance.com> Message-ID: <44340F75.8010204@nkpanama.com> Ken Goods wrote: > Thanks to all who responded, and a special thanks to Alex, that's the answer > I was looking for. I never use graphical interfaces on *nix boxes... webmin > is only for my PHB (who doesn't use it anyway but feels warm and fuzzy that > it's there) :) > > You're welcome. It makes *me* warm and fuzzy when people take the time to say thanks. I'm a regular on a few radio/tv shows here in my country (sorta like the San Diego Zoo guy on the tonight show), and I write for a few local magazines from time to time, solving people's tech problems. Even though I usually don't make a dime out of it the phonecalls/emails/shows of gratitude are what makes all the effort worthwhile. From alex at nkpanama.com Wed Apr 5 19:51:51 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 5 19:53:52 2006 Subject: SEMI-OT: Book Translation Message-ID: <443411C7.5020009@nkpanama.com> I'd like to translate "the book" into Spanish, or write "el libro" from scratch. I don't want to step on anybody's toes (or patents, or copyrights), so I thought I'd ask here about what I could use (or not) from "the book" to write "el libro". Any recommendations on what to use to create/edit it (short of a tetex-latex-vi-emacs-edlin-wordstar flame war) would also be appreciated. Any info on reporting typos (for example, "Thankyou" on p.375 should read "Thank you") would also be appreciated. Thanks in advance, Alex From maillists at conactive.com Wed Apr 5 20:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 20:31:38 2006 Subject: *CfMC-Spam= 5.53* Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Wed, 05 Apr 2006 08:44:50 -0700: > As I mentioned in the original email I changed the @ to < @ > so the email > address could not be harvested. I read this, but it wasn't clear at all what you meant. Adresses are mute, if you want to present an example, just change the original to something which resembles the original. Where did you whitelist this address and how? Did you reload MailScanner? I also notice that all quotes of that mail address (3) you make show a slightly different domain name. Frankly, your mail is confusing as to what is what etc. Yes, the envelope-from is the one that MailScanner's whitelist acts on, that is the one shown in the sendmail log. Are you sure that those extra headers were added by *your* MailScanner? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Apr 5 20:31:23 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 5 20:31:39 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433F7B7.6060900@thehostmasters.com> References: <4433E263.6060906@thehostmasters.com> <4433F7B7.6060900@thehostmasters.com> Message-ID: Rob Morin wrote on Wed, 05 Apr 2006 13:00:39 -0400: > so i do things to help me out that might not be > kosher, so to speak.... > > I will up it to 5 right away Go to www.rulesemporium.org, it's a very good resource. Grab a few rulesets, not *all* of them! If you are satisfied, get rulesdujour and they will autoupdate from then on. You have to invest an hour of work into this or maybe two, but then you get forget for a year. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From alex at nkpanama.com Wed Apr 5 20:40:55 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 5 20:41:35 2006 Subject: *CfMC-Spam= 5.53* Question about from address In-Reply-To: References: Message-ID: <44341D47.20006@nkpanama.com> Kai Schaetzl wrote: > ...Adresses are mute, if > Kai > > It's "moot". Moot means pointless or meaningless, mute means silent. Sorry to be a vocabulary nazi, but it's been like the third time this week ;) IIRC in an episode of "Friends" I remember Joey Tribbiani got it wrong and said something about a "moo point". When Chandler tried to correct him (moot point), he said it means "like a cow's opinion, it doesn't matter" - from the "moo" part :D Regards, Alex From benjsh at ofir.dk Wed Apr 5 21:47:32 2006 From: benjsh at ofir.dk (=?iso-8859-1?B?QmVuIGpzaA==?=) Date: Wed Apr 5 21:47:35 2006 Subject: Mail Scanner Crashing when receiving special spam mails Message-ID: <1144270052_1085495@mailout.ofir.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060405/a0223939/attachment.html From mauriciopcavalcanti at hotmail.com Wed Apr 5 22:48:12 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Wed Apr 5 22:48:30 2006 Subject: RES: RES: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! In-Reply-To: <4433A33E.2020200@ecs.soton.ac.uk> Message-ID: So, I don?t have install problems... I can uninstall perl-Net-Daemon and perl-PlRPC packages and stay using perl-DBI-1.30-1. What about my maillog boring me with ?You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed!? if I enable spamassassin cache results feature? What can I do to use this new feature? Thanks in advance, Mauricio -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Julian Field Enviada em: quarta-feira, 5 de abril de 2006 08:00 Para: MailScanner discussion Assunto: Re: RES: MailScanner: WARNING: You are trying to use the SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not properlyinstalled! Mauricio wrote: > > Helo, > > I have the same warning: ?You are trying to use the SpamAssassin cache > but your DBI and/or DBD::SQLite Perl modules are not properly > installed!? . It?s working well, but I had to disable the spamassassin > cache results feature. > Look for the word "Cache" in MailScanner.conf and you will easily find it. > > MS 4.35 was upgraded to 4.52 in RH 8.0, but I saw that install.sh > could not upgrade/install perl-DBI-1.50-2.noarch.rpm and > perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm > > Problem with perl-DBI: > > **perl(Net::Daemon)**** > > **perl(RPC::PlClient)**** > > perl(Win32::ODBC) > As the output from the build of perl-DBI says, these are not critical (and it is right, you don't need to install them for perl-DBI to install). > > I?ve downloaded and installed perl-Net-Daemon and perl-PlRPC (with no > problem), but I could not find package for perl(Win32::ODBC). > You don't need it. > > Problem with perl-ExtUtils-MakeMaker: > > Many files conflicts with files from package perl-5.8.0-88.3 > That's because you already have a modern ExtUtils::MakeMaker installed, you can ignore this too. Hope that helps a bit. > > Anyone can help to solve this? > > Thanks in advance, > > Mauricio > > ------------------------------------------------------------------------ > > *De:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *Em nome de > *Herman Swensson > *Enviada em:* domingo, 12 de fevereiro de 2006 12:47 > *Para**:* mailscanner@lists.mailscanner.info > *Assunto:* MailScanner: WARNING: You are trying to use the > SpamAssassin cachebut your DBI and/or DBD::SQLite Perl modules are not > properlyinstalled! > > Hi, > > I have upgraded MailScanner to version 4.50.15 and I am getting the > next new > > Messages: > > MailScanner: WARNING: You are trying to use the SpamAssassin cache but > your DBI and/or DBD::SQLite Perl modules are not properly installed > > MailScanner setting GID to postfix (89) > > MailScanner setting UID to postfix (89) > > What does this mean > > cpan> install DBI > > CPAN: Storable loaded ok > > Going to read /root/.cpan/Metadata > > Database was generated on Mon, 16 Jan 2006 10:10:45 GMT > > DBI is up to date (1.50). > > cpan> install DBD::SQLite > > CPAN: Storable loaded ok > > Going to read /root/.cpan/Metadata > > Database was generated on Mon, 16 Jan 2006 10:10:45 GMT > > DBD::SQLite is up to date (1.11). > > Linux version is 2.6.9-19 > > Greetings > > Herman > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10-2-2006 > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dickenson at cfmc.com Wed Apr 5 23:37:31 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 5 23:37:45 2006 Subject: *CfMC-Spam= 5.73* Re: *CfMC-Spam= 5.53* Question about from address In-Reply-To: Message-ID: Sorry that my first email was not clear. The address shown in the sendmail log: sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> Does not match the address shown on the MailScanner-From header: MailScanner-From: frame< @ >scrappy.surveyspot.com This is what looks wrong to me. I thought both of these should be the envelope email address. I did not want to change the email addresses too much because that does not accurately show the problem I am try to show. I use a MS rule to do the white-listing. That is not the real problem. The problem is that the MailScanner-From header does not have the envelope email address. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Kai Schaetzl > Reply-To: MailScanner discussion > Date: Wed, 05 Apr 2006 21:31:23 +0200 > To: > Subject: *CfMC-Spam= 5.73* Re: *CfMC-Spam= 5.53* Question about from address > > Jim Dickenson wrote on Wed, 05 Apr 2006 08:44:50 -0700: > >> As I mentioned in the original email I changed the @ to < @ > so the email >> address could not be harvested. > > I read this, but it wasn't clear at all what you meant. Adresses are mute, if > you want to present an example, just change the original to something which > resembles the original. > > Where did you whitelist this address and how? Did you reload MailScanner? > I also notice that all quotes of that mail address (3) you make show a > slightly different domain name. Frankly, your mail is confusing as to what is > what etc. Yes, the envelope-from is the one that MailScanner's whitelist acts > on, that is the one shown in the sendmail log. Are you sure that those extra > headers were added by *your* MailScanner? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From devonharding at gmail.com Thu Apr 6 00:18:22 2006 From: devonharding at gmail.com (Devon Harding) Date: Thu Apr 6 00:18:25 2006 Subject: SURBL Working? Message-ID: <2baac6140604051618i5d5b4114y29ab2f9d8d18a978@mail.gmail.com> How can I tell if I have SURBL working or not? I'm using SA 3.11. Any tests? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060405/cdabcb52/attachment.html From mkettler at evi-inc.com Thu Apr 6 00:27:04 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Apr 6 00:27:23 2006 Subject: SURBL Working? In-Reply-To: <2baac6140604051618i5d5b4114y29ab2f9d8d18a978@mail.gmail.com> References: <2baac6140604051618i5d5b4114y29ab2f9d8d18a978@mail.gmail.com> Message-ID: <44345248.8080807@evi-inc.com> Devon Harding wrote: > How can I tell if I have SURBL working or not? I'm using SA 3.11. Any > tests? http://www.surbl.org/faq.html#test-uris From maillists at conactive.com Thu Apr 6 02:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 02:31:36 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: References: <4433E263.6060906@thehostmasters.com> <4433F7B7.6060900@thehostmasters.com> Message-ID: Kai Schaetzl wrote on Wed, 05 Apr 2006 21:31:23 +0200: > www.rulesemporium.org com at the end, sorry. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 6 02:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 02:31:37 2006 Subject: *CfMC-Spam= 5.53* Question about from address In-Reply-To: <44341D47.20006@nkpanama.com> References: <44341D47.20006@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote on Wed, 05 Apr 2006 14:40:55 -0500: > It's "moot". Moot means pointless or meaningless, mute means silent. Ah, yeah, thanks! I was pronouncing it in mind like "moot", but didn't write it that way. When I write English I think in English. However, sometimes when I reread what I just wrote I find that a German word got smuggled in (either the German equivalent or a word which sounds similar) without me even realizing I typed it. In this case I just replaced one English word against another one. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 6 02:31:21 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 02:31:39 2006 Subject: *CfMC-Spam= 5.73* *CfMC-Spam= 5.53* Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Wed, 05 Apr 2006 15:37:31 -0700: > This is what looks wrong to me. I thought both of these should be the > envelope email address. Sorry, I haven't enabled logging that much, so I don't know what MailScanner will show there. Do you let MailScanner add an Envelope-From? If so, what do you get there? > I use a MS rule to do the white-listing. That is not the real problem. The > problem is that the MailScanner-From header does not have the envelope email > address. And that is the From from the header of the message or where does it come from? As I said I don't know if it should match the Envelope-From since it's only informational. Do your other whitelists work? I mean you could just have an error in your whitelist entry? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Thu Apr 6 08:09:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 6 08:09:24 2006 Subject: SEMI-OT: Book Translation In-Reply-To: <443411C7.5020009@nkpanama.com> References: <443411C7.5020009@nkpanama.com> Message-ID: <4434BE94.9060704@ecs.soton.ac.uk> Alex Neuman van der Hans wrote: > I'd like to translate "the book" into Spanish, or write "el libro" > from scratch. That would be great! > > I don't want to step on anybody's toes (or patents, or copyrights), so > I thought I'd ask here about what I could use (or not) from "the book" > to write "el libro". > > Any recommendations on what to use to create/edit it (short of a > tetex-latex-vi-emacs-edlin-wordstar flame war) would also be appreciated. I just used Word, though I hate to say it. It's currently a 250Mbyte Word document, and Word handles it absolutely fine. > > Any info on reporting typos (for example, "Thankyou" on p.375 should > read "Thank you") would also be appreciated. > > Thanks in advance, > > Alex Let me know how you get on, and if there's anything I can to do help you. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From shuttlebox at gmail.com Thu Apr 6 08:32:06 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Apr 6 08:32:09 2006 Subject: Location of perl in #! of Mailscanner scripts In-Reply-To: <443402F7.6020907@usg.edu> References: <443402F7.6020907@usg.edu> Message-ID: <625385e30604060032j40edfeaepe762542156215e3f@mail.gmail.com> On 4/5/06, Bob Jones wrote: > Next I go to run Mailscanner and it goes kablooey. I get to > looking around and I see why. Even though I specified an alternate > location of perl in the install script, all the Mailscanner perl scripts > (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. > Shouldn't the install script change these headings to the specified perl > or am I missing something? I can't just put a link in /usr/bin as the > legacy perl is needed for other things. I use a symbolic link on my Solaris systems, the legacy stuff uses hard coded paths so it doesn't depend on /usr/bin/perl. -- /peter From res at ausics.net Thu Apr 6 08:48:17 2006 From: res at ausics.net (Res) Date: Thu Apr 6 08:48:29 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> Message-ID: On Wed, 5 Apr 2006, Glenn Steen wrote: >> >> That is silly, i dont give a toss about syslog running or not, at 100 > > Exactly. > >> megs a day I sure as hell have better things to do then look at logs lol, >> but coz syslog dies, why the hell should mail cease to be processed because >> of it. > > Why not? It got your attention;-):-). No, it got my customers attention :P yahoo have facination of sending to sec MX only around here and a lot of whingers|crybabies were not getting their yahoo groups spam, thats how we originally found it, somethign amiss with 300 sendmail copies running and a number of mailscanner :) > Syslog is pretty stable usually, so something making it die would (in > my experience) be an indication that you have a "serious" problem. yeah, it did it a few times since this post as well, the problem appeared that our scsi drive mounted for swap was flakey, swap was non existent, then it was there, I thought id had a few too many bourbons, no out ofordinary messages anywhere, replaced it and it hasnt died yet (almost 18 hours) I think thats whats caused it, there seems to be no other issues > I'm sure it's acceptable to you to not keep very good track of > individual messages, nor of errors etc... But to some (like me) it bloody oath, not at the rate it turns over, and thats not counting the fact sendmail rejects 80% more mail for RBL/no dns records etc :) It also pleased me to see it clear out all the 2 days of mail it kept in a small time frame with no real killing of the machine load wise, in fact procesing new mail and doing the stored stuff as well and the load was still less than our primary servers which can not run mailscanner because they are all qmail (and qmailscan), and before you ask, no we cant change, as a wholesaler to over a hundred VISPs and thousands and thousands of hosting domains, qmail/vpopmail combo is far superior to anything for this tyupe of operation (and thats from a staunch sendmail supporter :P ) Kinda why al lthe stand alones run sendmail :) > -- Cheers Res From adrik at salesmanager.nl Thu Apr 6 09:02:32 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 09:02:35 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: I am running the MailScanner port on FreeBSD 5.4 with sendmail as my MTA and SpamAssassin 3.1.1. I recently ran the 'sa-update' program included in SpamAssassin to pick up newly added and changed rules. The sa-update program correctly downloads the updated rules to the default location of '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when running spamassassin -D --lint, I can see the new rules being used. However the new rules are NOT being used by SpamAssassin when called from inside MailScanner. I believe this is due to an omission in SA.pm when creating a new instance of Mail::SpamAssassin. The LOCAL_STATE_DIR config option, which is normally '/var/lib' is not included in the $settings. Adri. From martinh at solid-state-logic.com Thu Apr 6 09:34:46 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 09:35:04 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <008101c65954$f810e6e0$3004010a@martinhlaptop> Adri Have a look in MailScanner.conf and the Advanced SpamAssassin Settings section. You can put extra things into the SA rules path there, Also I presume you're restarting MS after the update and not just waiting for the children to die? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 09:03 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner 4.50.15 not picking up new rules from sa-update > > I am running the MailScanner port on FreeBSD 5.4 with sendmail as my MTA > and SpamAssassin 3.1.1. > I recently ran the 'sa-update' program included in SpamAssassin to pick > up newly added and changed rules. > The sa-update program correctly downloads the updated rules to the > default location of > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > running spamassassin -D --lint, I can see the new rules being used. > However the new rules are NOT being used by SpamAssassin when called > from inside MailScanner. > I believe this is due to an omission in SA.pm when creating a new > instance of Mail::SpamAssassin. > The LOCAL_STATE_DIR config option, which is normally '/var/lib' is not > included in the $settings. > > Adri. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Thu Apr 6 10:22:09 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 10:22:15 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> Message-ID: <223f97700604060222j1e999010k8a4fa4aaceebe553@mail.gmail.com> On 06/04/06, Res wrote: > On Wed, 5 Apr 2006, Glenn Steen wrote: > >> > >> That is silly, i dont give a toss about syslog running or not, at 100 > > > > Exactly. > > > >> megs a day I sure as hell have better things to do then look at logs lol, > >> but coz syslog dies, why the hell should mail cease to be processed because > >> of it. > > > > Why not? It got your attention;-):-). > > No, it got my customers attention :P yahoo have facination of sending to > sec MX only around here and a lot of whingers|crybabies were not getting > their yahoo groups spam, thats how we originally found it, somethign amiss > with 300 sendmail copies running and a number of mailscanner :) > See your point... Might be nasty:-). > > Syslog is pretty stable usually, so something making it die would (in > > my experience) be an indication that you have a "serious" problem. > > yeah, it did it a few times since this post as well, the problem appeared > that our scsi drive mounted for swap was flakey, swap was non existent, > then it was there, I thought id had a few too many bourbons, no out > ofordinary messages anywhere, replaced it and it hasnt died yet (almost 18 > hours) I think thats whats caused it, there seems to be no other issues .... Ah. Never seen that exact behaviour (with or without whiskey:), but then a flakey HDD would (in my case) be killing filesystems too, so that would probably get my attention:-). And all the while dmesg was silent? Spooky... > > I'm sure it's acceptable to you to not keep very good track of > > individual messages, nor of errors etc... But to some (like me) it > > bloody oath, not at the rate it turns over, and thats not counting the > fact sendmail rejects 80% more mail for RBL/no dns records etc :) > I definitely see your point... I'm at a .gov-ish site here, and have regulations in place that make logging almost as paramount as the actual messages ("availability to the public" type of thing), So I don't have the "luxury" of not logging everything. Sigh. > > It also pleased me to see it clear out all the 2 days of mail it kept in a > small time frame with no real killing of the machine load wise, in fact > procesing new mail and doing the stored stuff as well and the load was > still less than our primary servers which can not run mailscanner because > they are all qmail (and qmailscan), and before you ask, no we cant change, > as a wholesaler to over a hundred VISPs and thousands and thousands > of hosting domains, qmail/vpopmail combo is far superior to anything for > this tyupe of operation (and thats from a staunch sendmail supporter :P ) > Kinda why al lthe stand alones run sendmail :) > > Ah yes, don't we just love MailScanner for it! (I suppose mentioning postfix here is tantamount to swearing, so...:-) Anyway, glad to hear you have it sorted. Sounds like you've earned yourself some more bourbon;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 6 10:36:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 10:36:30 2006 Subject: Mail Scanner Crashing when receiving special spam mails In-Reply-To: <1144270052_1085495@mailout.ofir.com> References: <1144270052_1085495@mailout.ofir.com> Message-ID: <223f97700604060236n2f965ca6w75817a0afc6612f3@mail.gmail.com> On 05/04/06, Ben jsh wrote: > Hi All, > I am running SpamAssassin 3.1.1 Sendmail 8.13.6 MailScanner 4.52.2 and it > crashes when I receive emails with no sender address to invalid users at my > domain. And there is suddenly coming tons of those emails in crashing > everything. > > Please help > Logs: > http://pastebin.com/642842 > http://pastebin.com/642730 > > Ben Do I read that right as an error in MailWatch? Database OK? Anyway, why are you accepting (at MTA level) non-existant recipients? Fix that and this particular problem will likely go away:). IANASG, but I suppose there has been a lot of mention on this list on how to do this with sendmail (access file or milter-ahead or ... wasn't there a "more free" reimplementation of milter-ahead mentioned just this week... RALM setting in here, someone with better memory will know...:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From adrik at salesmanager.nl Thu Apr 6 10:52:21 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 10:52:24 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, The Advanced SpamAssassin Section does not have an option for the SpamAssassin LOCAL_STATE_DIR option. Also in SA.pm, there is no place where this option is read or passed on to SpamAssassin. I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to work with sa-update. I am restarting MailScanner after making config changes, before checking if they function properly. I think Julian probably has to add the option to SA.pm and the Advanced SpamAssassin Section in MailScanner.conf. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 10:35 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > Have a look in MailScanner.conf and the Advanced SpamAssassin > Settings section. You can put extra things into the SA rules > path there, > > Also I presume you're restarting MS after the update and not > just waiting for the children to die? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 09:03 > > To: mailscanner@lists.mailscanner.info > > Subject: MailScanner 4.50.15 not picking up new rules from sa-update > > > > I am running the MailScanner port on FreeBSD 5.4 with > sendmail as my > > MTA and SpamAssassin 3.1.1. > > I recently ran the 'sa-update' program included in SpamAssassin to > > pick up newly added and changed rules. > > The sa-update program correctly downloads the updated rules to the > > default location of > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > running spamassassin -D --lint, I can see the new rules being used. > > However the new rules are NOT being used by SpamAssassin > when called > > from inside MailScanner. > > I believe this is due to an omission in SA.pm when creating a new > > instance of Mail::SpamAssassin. > > The LOCAL_STATE_DIR config option, which is normally > '/var/lib' is not > > included in the $settings. > > > > Adri. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Thu Apr 6 10:57:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 10:57:06 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: <4433E263.6060906@thehostmasters.com> References: <4433E263.6060906@thehostmasters.com> Message-ID: <223f97700604060257l175e2d61kc32fd1b43583ec96@mail.gmail.com> On 05/04/06, Rob Morin wrote: > Hello all.... > (snip, since others covered this nicely) > Also i have a friend of mine that has his own mail server and he says he > does a white list by adding to the white list any email address that the > server sends email to... IE any of his clients that send email via that > server to a person, that email is put itn the white list > automatically... is this safe? is it possible? If he is whitelisting the email addresses, then he's opening himself to badness, yes. This means that all those "autowhitelists" are open to address-forgery. Not good. It's safer to whitelist IP addresses, but then, the receiving MTA of an organization is not necessarily the sending MTA, and there is no mandate (in RFC or otherwise) that the sending MTA even has a DNS record, so... Not easy to go that route. My PHB forced me to WL all "business associates" by address when we started out with MS, but after a few forgeries slipping through he has "seen the light", so now we aim at having a well-tuned SA/MS instead of massive whitelists... So far (couple of years) this has been a much better approach. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Thu Apr 6 10:59:47 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 10:59:55 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00ad01c65960$d6759380$3004010a@martinhlaptop> Adri Hmm what version of MS is this???? "mailscanner -v" Freshports shows the latest is 4.50.1 which should have these settings. You may have to upgrade your ports tree.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 10:52 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > The Advanced SpamAssassin Section does not have an option for the > SpamAssassin LOCAL_STATE_DIR option. > Also in SA.pm, there is no place where this option is read or passed on > to SpamAssassin. > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to work with > sa-update. > > I am restarting MailScanner after making config changes, before checking > if they function properly. > I think Julian probably has to add the option to SA.pm and the Advanced > SpamAssassin Section in MailScanner.conf. > > Adri. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 10:35 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > Settings section. You can put extra things into the SA rules > > path there, > > > > Also I presume you're restarting MS after the update and not > > just waiting for the children to die? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 09:03 > > > To: mailscanner@lists.mailscanner.info > > > Subject: MailScanner 4.50.15 not picking up new rules from sa-update > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > sendmail as my > > > MTA and SpamAssassin 3.1.1. > > > I recently ran the 'sa-update' program included in SpamAssassin to > > > pick up newly added and changed rules. > > > The sa-update program correctly downloads the updated rules to the > > > default location of > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > running spamassassin -D --lint, I can see the new rules being used. > > > However the new rules are NOT being used by SpamAssassin > > when called > > > from inside MailScanner. > > > I believe this is due to an omission in SA.pm when creating a new > > > instance of Mail::SpamAssassin. > > > The LOCAL_STATE_DIR config option, which is normally > > '/var/lib' is not > > > included in the $settings. > > > > > > Adri. > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From adrik at salesmanager.nl Thu Apr 6 11:11:11 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 11:11:17 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, Using MailScanner 4.50.15 from www.freebsd.ord/ports. SpamAssassin 3.1.1 from www.freebsd.org/ports. Which setting should I look for in MailScanner.conf or SA.pm for setting the SpamAssassin LOCAL_STATE_DIR? Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 12:00 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > Hmm what version of MS is this???? "mailscanner -v" > > Freshports shows the latest is 4.50.1 which should have these > settings. > > You may have to upgrade your ports tree.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 10:52 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > The Advanced SpamAssassin Section does not have an option for the > > SpamAssassin LOCAL_STATE_DIR option. > > Also in SA.pm, there is no place where this option is read > or passed > > on to SpamAssassin. > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > work with > > sa-update. > > > > I am restarting MailScanner after making config changes, before > > checking if they function properly. > > I think Julian probably has to add the option to SA.pm and the > > Advanced SpamAssassin Section in MailScanner.conf. > > > > Adri. > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin Hepworth > > > Sent: donderdag 6 april 2006 10:35 > > > To: 'MailScanner discussion' > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Adri > > > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > > Settings section. You can put extra things into the SA rules path > > > there, > > > > > > Also I presume you're restarting MS after the update and not just > > > waiting for the children to die? > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > Sent: 06 April 2006 09:03 > > > > To: mailscanner@lists.mailscanner.info > > > > Subject: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > sendmail as my > > > > MTA and SpamAssassin 3.1.1. > > > > I recently ran the 'sa-update' program included in > SpamAssassin to > > > > pick up newly added and changed rules. > > > > The sa-update program correctly downloads the updated > rules to the > > > > default location of > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > > running spamassassin -D --lint, I can see the new rules > being used. > > > > However the new rules are NOT being used by SpamAssassin > > > when called > > > > from inside MailScanner. > > > > I believe this is due to an omission in SA.pm when > creating a new > > > > instance of Mail::SpamAssassin. > > > > The LOCAL_STATE_DIR config option, which is normally > > > '/var/lib' is not > > > > included in the $settings. > > > > > > > > Adri. > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ******************************************************************** > > > ** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error please > > > notify the system manager. > > > > > > This footnote confirms that this email message has been swept for > > > the presence of computer viruses and is believed to be clean. > > > > > > > ******************************************************************** > > > ** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Thu Apr 6 11:18:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 11:18:17 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00b101c65963$67af3d90$3004010a@martinhlaptop> Adri Should be in MailScanner.conf in the Advanced SpamAssassin section - its around line 1850 in my setup. Was this a fresh install of 4.50.15 or did you upgrade from an earlier version??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 11:11 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > Using MailScanner 4.50.15 from www.freebsd.ord/ports. > SpamAssassin 3.1.1 from www.freebsd.org/ports. > > Which setting should I look for in MailScanner.conf or SA.pm for setting > the SpamAssassin LOCAL_STATE_DIR? > > Adri. > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 12:00 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > Hmm what version of MS is this???? "mailscanner -v" > > > > Freshports shows the latest is 4.50.1 which should have these > > settings. > > > > You may have to upgrade your ports tree.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 10:52 > > > To: MailScanner discussion > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Martin, > > > > > > The Advanced SpamAssassin Section does not have an option for the > > > SpamAssassin LOCAL_STATE_DIR option. > > > Also in SA.pm, there is no place where this option is read > > or passed > > > on to SpamAssassin. > > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > > work with > > > sa-update. > > > > > > I am restarting MailScanner after making config changes, before > > > checking if they function properly. > > > I think Julian probably has to add the option to SA.pm and the > > > Advanced SpamAssassin Section in MailScanner.conf. > > > > > > Adri. > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > > Martin Hepworth > > > > Sent: donderdag 6 april 2006 10:35 > > > > To: 'MailScanner discussion' > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Adri > > > > > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > > > Settings section. You can put extra things into the SA rules path > > > > there, > > > > > > > > Also I presume you're restarting MS after the update and not just > > > > waiting for the children to die? > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > Sent: 06 April 2006 09:03 > > > > > To: mailscanner@lists.mailscanner.info > > > > > Subject: MailScanner 4.50.15 not picking up new rules from > > > > > sa-update > > > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > > sendmail as my > > > > > MTA and SpamAssassin 3.1.1. > > > > > I recently ran the 'sa-update' program included in > > SpamAssassin to > > > > > pick up newly added and changed rules. > > > > > The sa-update program correctly downloads the updated > > rules to the > > > > > default location of > > > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > > > running spamassassin -D --lint, I can see the new rules > > being used. > > > > > However the new rules are NOT being used by SpamAssassin > > > > when called > > > > > from inside MailScanner. > > > > > I believe this is due to an omission in SA.pm when > > creating a new > > > > > instance of Mail::SpamAssassin. > > > > > The LOCAL_STATE_DIR config option, which is normally > > > > '/var/lib' is not > > > > > included in the $settings. > > > > > > > > > > Adri. > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity > > to whom they > > > > are addressed. If you have received this email in error please > > > > notify the system manager. > > > > > > > > This footnote confirms that this email message has been swept for > > > > the presence of computer viruses and is believed to be clean. > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From adrik at salesmanager.nl Thu Apr 6 11:31:20 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 11:31:22 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, This was an upgrade from 4.49, but the MailScanner.conf has been updated also. My MailScanner.conf has the following entries: MailScanner Version Number = 4.50.15 SpamAssassin User State Dir = /usr/local/etc/mail/spamassassin SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /usr/local/etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = I do NOT see anything for the LOCAL_STATE_DIR in either MailScanner.conf or SA.pm! Since the option is not in SA.pm, it won't matter if I add it to MailScanner.conf! I have manually set the option in SA.pm and now the updated rules are recognised and used. Here's a context diff: *** SA.pm Thu Apr 6 12:29:42 2006 --- SA.pm.orig Thu Apr 6 12:30:12 2006 *************** *** 106,112 **** $settings{LOCAL_RULES_DIR} = $val if $val ne ""; $val = MailScanner::Config::Value('spamassassindefaultrulesdir'); $settings{DEF_RULES_DIR} = $val if $val ne ""; - $settings{LOCAL_STATE_DIR} = "/var/lib"; $val = MailScanner::Config::Value('spamassassininstallprefix'); # For version 3 onwards, shouldn't cause problems with earlier code --- 106,111 ---- Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 12:18 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > Should be in MailScanner.conf in the Advanced SpamAssassin > section - its around line 1850 in my setup. > > > Was this a fresh install of 4.50.15 or did you upgrade from > an earlier version??? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 11:11 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > Using MailScanner 4.50.15 from www.freebsd.ord/ports. > > SpamAssassin 3.1.1 from www.freebsd.org/ports. > > > > Which setting should I look for in MailScanner.conf or SA.pm for > > setting the SpamAssassin LOCAL_STATE_DIR? > > > > Adri. > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin Hepworth > > > Sent: donderdag 6 april 2006 12:00 > > > To: 'MailScanner discussion' > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Adri > > > > > > Hmm what version of MS is this???? "mailscanner -v" > > > > > > Freshports shows the latest is 4.50.1 which should have these > > > settings. > > > > > > You may have to upgrade your ports tree.. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > Sent: 06 April 2006 10:52 > > > > To: MailScanner discussion > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Martin, > > > > > > > > The Advanced SpamAssassin Section does not have an > option for the > > > > SpamAssassin LOCAL_STATE_DIR option. > > > > Also in SA.pm, there is no place where this option is read > > > or passed > > > > on to SpamAssassin. > > > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > > > work with > > > > sa-update. > > > > > > > > I am restarting MailScanner after making config changes, before > > > > checking if they function properly. > > > > I think Julian probably has to add the option to SA.pm and the > > > > Advanced SpamAssassin Section in MailScanner.conf. > > > > > > > > Adri. > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > On Behalf Of > > > > > Martin Hepworth > > > > > Sent: donderdag 6 april 2006 10:35 > > > > > To: 'MailScanner discussion' > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > rules from > > > > > sa-update > > > > > > > > > > Adri > > > > > > > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > > > > Settings section. You can put extra things into the SA rules > > > > > path there, > > > > > > > > > > Also I presume you're restarting MS after the update and not > > > > > just waiting for the children to die? > > > > > > > > > > -- > > > > > Martin Hepworth > > > > > Snr Systems Administrator > > > > > Solid State Logic > > > > > Tel: +44 (0)1865 842300 > > > > > > > > > > > -----Original Message----- > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner- > > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > > Sent: 06 April 2006 09:03 > > > > > > To: mailscanner@lists.mailscanner.info > > > > > > Subject: MailScanner 4.50.15 not picking up new rules from > > > > > > sa-update > > > > > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > > > sendmail as my > > > > > > MTA and SpamAssassin 3.1.1. > > > > > > I recently ran the 'sa-update' program included in > > > SpamAssassin to > > > > > > pick up newly added and changed rules. > > > > > > The sa-update program correctly downloads the updated > > > rules to the > > > > > > default location of > > > > > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > > > > running spamassassin -D --lint, I can see the new rules > > > being used. > > > > > > However the new rules are NOT being used by SpamAssassin > > > > > when called > > > > > > from inside MailScanner. > > > > > > I believe this is due to an omission in SA.pm when > > > creating a new > > > > > > instance of Mail::SpamAssassin. > > > > > > The LOCAL_STATE_DIR config option, which is normally > > > > > '/var/lib' is not > > > > > > included in the $settings. > > > > > > > > > > > > Adri. > > > > > > -- > > > > > > MailScanner mailing list > > > > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > ** > > > > > > > > > > This email and any files transmitted with it are confidential > > > > > and intended solely for the use of the individual or entity > > > to whom they > > > > > are addressed. If you have received this email in > error please > > > > > notify the system manager. > > > > > > > > > > This footnote confirms that this email message has been swept > > > > > for the presence of computer viruses and is believed > to be clean. > > > > > > > > > > > > > > ******************************************************************** > > > > > ** > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ******************************************************************** > > > ** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error please > > > notify the system manager. > > > > > > This footnote confirms that this email message has been swept for > > > the presence of computer viruses and is believed to be clean. > > > > > > > ******************************************************************** > > > ** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gmatt at nerc.ac.uk Thu Apr 6 11:31:23 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Apr 6 11:31:32 2006 Subject: Sophos v5 Message-ID: <1144319483.27368.6.camel@lea.nerc-wallingford.ac.uk> Just a data point following someones question about sophos v5... this will not even install on CentOS v4. the sophos provided install.sh script dies very quickly with: # ./install.sh -v -d /usr/local/Sophos/ 'import site' failed; use -v for traceback Traceback (most recent call last): File "", line 1, in ? zipimport.ZipImportError: can't decompress data; zlib not available even tho # rpm -qa | grep zlib zlib-devel-1.2.1.2-1.2 zlib-1.2.1.2-1.2 In fact Sophos will not even support RHELv4. The product is supported on ancient versions of redhat up to rhel3. But they do appear to support its installation on suse with a 2.6 kernel... This seems like a pretty poor show given how long RHEL4 has been out, and that v5 is due out this year. less surprisingly, they still dont support 64bit architectures. Not sure how they expect to be taken seriously as a server based solution with such poor support for server architectures. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From martinh at solid-state-logic.com Thu Apr 6 11:46:48 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 11:46:56 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00bb01c65967$68096eb0$3004010a@martinhlaptop> Adri >From my MailScanner.conf... # Advanced SpamAssassin Settings # ------------------------------ # # If you are using Postfix you may well need to use some of the settings # below, as the home directory for the "postfix" user cannot be written # to by the "postfix" user. # You may also need to use these if you have installed SpamAssassin # somewhere other than the default location. # # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. # If this is unset then no extra places are searched for. # If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do # mkdir /var/spool/MailScanner/spamassassin # chown postfix.postfix /var/spool/MailScanner/spamassassin # NOTE: SpamAssassin is always called from MailScanner as the same user, # and that is the "Run As" user specified above. So you can only # have 1 set of "per-user" files, it's just that you might possibly # need to modify this location. # You should not normally need to set this at all. #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin User State Dir = /var/spool/spamassassin # This setting is useful if SpamAssassin is installed in an unusual place, # e.g. /opt/MailScanner. The install prefix is used to find some fallback # directories if neither of the following two settings work. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin Install Prefix = /opt/MailScanner # The site rules are searched for here. # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. # If this is unset then no extra places are searched for. # If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do # mkdir /var/spool/MailScanner/spamassassin # chown postfix.postfix /var/spool/MailScanner/spamassassin # NOTE: SpamAssassin is always called from MailScanner as the same user, # and that is the "Run As" user specified above. So you can only # have 1 set of "per-user" files, it's just that you might possibly # need to modify this location. # You should not normally need to set this at all. #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin User State Dir = /var/spool/spamassassin # This setting is useful if SpamAssassin is installed in an unusual place, # e.g. /opt/MailScanner. The install prefix is used to find some fallback # directories if neither of the following two settings work. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin Install Prefix = /opt/MailScanner # The site rules are searched for here. # Normal location on most systems is /etc/mail/spamassassin. SpamAssassin Site Rules Dir = /etc/mail/spamassassin # The site-local rules are searched for here, and in prefix/etc/spamassassin, # prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, # /etc/mail/spamassassin, and maybe others. # Be careful of setting this: it may mean the spam.assassin.prefs.conf file # is missed out, you will need to insert a soft-link with "ln -s" to link # the file into mailscanner.cf in the new directory. # If this is set then it replaces the list of places that are searched; # otherwise it has no effect. #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin SpamAssassin Local Rules Dir = # The default rules are searched for here, and in prefix/share/spamassassin, # /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. # If this is set then it adds to the list of places that are searched; # otherwise it has no effect. #SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin SpamAssassin Default Rules Dir = -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 11:31 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > This was an upgrade from 4.49, but the MailScanner.conf has been updated > also. > My MailScanner.conf has the following entries: > > MailScanner Version Number = 4.50.15 > SpamAssassin User State Dir = /usr/local/etc/mail/spamassassin > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /usr/local/etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > > I do NOT see anything for the LOCAL_STATE_DIR in either MailScanner.conf > or SA.pm! > Since the option is not in SA.pm, it won't matter if I add it to > MailScanner.conf! > > I have manually set the option in SA.pm and now the updated rules are > recognised and used. > Here's a context diff: > > *** SA.pm Thu Apr 6 12:29:42 2006 > --- SA.pm.orig Thu Apr 6 12:30:12 2006 > *************** > *** 106,112 **** > $settings{LOCAL_RULES_DIR} = $val if $val ne ""; > $val = MailScanner::Config::Value('spamassassindefaultrulesdir'); > $settings{DEF_RULES_DIR} = $val if $val ne ""; > - $settings{LOCAL_STATE_DIR} = "/var/lib"; > $val = MailScanner::Config::Value('spamassassininstallprefix'); > > # For version 3 onwards, shouldn't cause problems with earlier > code > --- 106,111 ---- > > Adri. > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 12:18 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > Should be in MailScanner.conf in the Advanced SpamAssassin > > section - its around line 1850 in my setup. > > > > > > Was this a fresh install of 4.50.15 or did you upgrade from > > an earlier version??? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 11:11 > > > To: MailScanner discussion > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Martin, > > > > > > Using MailScanner 4.50.15 from www.freebsd.ord/ports. > > > SpamAssassin 3.1.1 from www.freebsd.org/ports. > > > > > > Which setting should I look for in MailScanner.conf or SA.pm for > > > setting the SpamAssassin LOCAL_STATE_DIR? > > > > > > Adri. > > > > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > > Martin Hepworth > > > > Sent: donderdag 6 april 2006 12:00 > > > > To: 'MailScanner discussion' > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Adri > > > > > > > > Hmm what version of MS is this???? "mailscanner -v" > > > > > > > > Freshports shows the latest is 4.50.1 which should have these > > > > settings. > > > > > > > > You may have to upgrade your ports tree.. > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > Sent: 06 April 2006 10:52 > > > > > To: MailScanner discussion > > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > > sa-update > > > > > > > > > > Martin, > > > > > > > > > > The Advanced SpamAssassin Section does not have an > > option for the > > > > > SpamAssassin LOCAL_STATE_DIR option. > > > > > Also in SA.pm, there is no place where this option is read > > > > or passed > > > > > on to SpamAssassin. > > > > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > > > > work with > > > > > sa-update. > > > > > > > > > > I am restarting MailScanner after making config changes, before > > > > > checking if they function properly. > > > > > I think Julian probably has to add the option to SA.pm and the > > > > > Advanced SpamAssassin Section in MailScanner.conf. > > > > > > > > > > Adri. > > > > > > > > > > > -----Original Message----- > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > > On Behalf Of > > > > > > Martin Hepworth > > > > > > Sent: donderdag 6 april 2006 10:35 > > > > > > To: 'MailScanner discussion' > > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > > rules from > > > > > > sa-update > > > > > > > > > > > > Adri > > > > > > > > > > > > Have a look in MailScanner.conf and the Advanced SpamAssassin > > > > > > Settings section. You can put extra things into the SA rules > > > > > > path there, > > > > > > > > > > > > Also I presume you're restarting MS after the update and not > > > > > > just waiting for the children to die? > > > > > > > > > > > > -- > > > > > > Martin Hepworth > > > > > > Snr Systems Administrator > > > > > > Solid State Logic > > > > > > Tel: +44 (0)1865 842300 > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > > [mailto:mailscanner- > > > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > > > Sent: 06 April 2006 09:03 > > > > > > > To: mailscanner@lists.mailscanner.info > > > > > > > Subject: MailScanner 4.50.15 not picking up new rules from > > > > > > > sa-update > > > > > > > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > > > > sendmail as my > > > > > > > MTA and SpamAssassin 3.1.1. > > > > > > > I recently ran the 'sa-update' program included in > > > > SpamAssassin to > > > > > > > pick up newly added and changed rules. > > > > > > > The sa-update program correctly downloads the updated > > > > rules to the > > > > > > > default location of > > > > > > > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > > > > > > > running spamassassin -D --lint, I can see the new rules > > > > being used. > > > > > > > However the new rules are NOT being used by SpamAssassin > > > > > > when called > > > > > > > from inside MailScanner. > > > > > > > I believe this is due to an omission in SA.pm when > > > > creating a new > > > > > > > instance of Mail::SpamAssassin. > > > > > > > The LOCAL_STATE_DIR config option, which is normally > > > > > > '/var/lib' is not > > > > > > > included in the $settings. > > > > > > > > > > > > > > Adri. > > > > > > > -- > > > > > > > MailScanner mailing list > > > > > > > mailscanner@lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > > ** > > > > > > > > > > > > This email and any files transmitted with it are confidential > > > > > > and intended solely for the use of the individual or entity > > > > to whom they > > > > > > are addressed. If you have received this email in > > error please > > > > > > notify the system manager. > > > > > > > > > > > > This footnote confirms that this email message has been swept > > > > > > for the presence of computer viruses and is believed > > to be clean. > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > > ** > > > > > > > > > > > > -- > > > > > > MailScanner mailing list > > > > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity > > to whom they > > > > are addressed. If you have received this email in error please > > > > notify the system manager. > > > > > > > > This footnote confirms that this email message has been swept for > > > > the presence of computer viruses and is believed to be clean. > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From adrik at salesmanager.nl Thu Apr 6 11:53:08 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 11:53:15 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, Your MailScanner.conf Advanced SpamAssassin Settings looks the same as mine. No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a default of '/var/lib'. Adding options to MailScanner.conf alone isn't going to work, since they also need to be read and passed on to SpamAssassin in SA.pm. I reported this to the list, since I think Julian has to add it to the next version of MailScanner. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 12:47 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > >From my MailScanner.conf... > > # Advanced SpamAssassin Settings > # ------------------------------ > # > # If you are using Postfix you may well need to use some of > the settings # below, as the home directory for the "postfix" > user cannot be written # to by the "postfix" user. > # You may also need to use these if you have installed > SpamAssassin # somewhere other than the default location. > # > > # The per-user files (bayes, auto-whitelist, user_prefs) are > looked # for here and in ~/.spamassassin/. Note the files are mutable. > # If this is unset then no extra places are searched for. > # If using Postfix, you probably want to set this as shown in > the example # line at the end of this comment, and do > # mkdir /var/spool/MailScanner/spamassassin > # chown postfix.postfix /var/spool/MailScanner/spamassassin > # NOTE: SpamAssassin is always called from MailScanner as the > same user, > # and that is the "Run As" user specified above. So you can only > # have 1 set of "per-user" files, it's just that you > might possibly > # need to modify this location. > # You should not normally need to set this at all. > #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > SpamAssassin User State Dir = /var/spool/spamassassin > > # This setting is useful if SpamAssassin is installed in an > unusual place, # e.g. /opt/MailScanner. The install prefix is > used to find some fallback # directories if neither of the > following two settings work. > # If this is set then it adds to the list of places that are > searched; # otherwise it has no effect. > #SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin > Install Prefix = /opt/MailScanner > > # The site rules are searched for here. > # The per-user files (bayes, auto-whitelist, user_prefs) are > looked # for here and in ~/.spamassassin/. Note the files are mutable. > # If this is unset then no extra places are searched for. > # If using Postfix, you probably want to set this as shown in > the example # line at the end of this comment, and do > # mkdir /var/spool/MailScanner/spamassassin > # chown postfix.postfix /var/spool/MailScanner/spamassassin > # NOTE: SpamAssassin is always called from MailScanner as the > same user, > # and that is the "Run As" user specified above. So you can only > # have 1 set of "per-user" files, it's just that you > might possibly > # need to modify this location. > # You should not normally need to set this at all. > #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > SpamAssassin User State Dir = /var/spool/spamassassin > > # This setting is useful if SpamAssassin is installed in an > unusual place, # e.g. /opt/MailScanner. The install prefix is > used to find some fallback # directories if neither of the > following two settings work. > # If this is set then it adds to the list of places that are > searched; # otherwise it has no effect. > #SpamAssassin Install Prefix = /opt/MailScanner SpamAssassin > Install Prefix = /opt/MailScanner > > # The site rules are searched for here. > # Normal location on most systems is /etc/mail/spamassassin. > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > # The site-local rules are searched for here, and in > prefix/etc/spamassassin, # prefix/etc/mail/spamassassin, > /usr/local/etc/spamassassin, /etc/spamassassin, # > /etc/mail/spamassassin, and maybe others. > # Be careful of setting this: it may mean the > spam.assassin.prefs.conf file # is missed out, you will need > to insert a soft-link with "ln -s" to link # the file into > mailscanner.cf in the new directory. > # If this is set then it replaces the list of places that are > searched; # otherwise it has no effect. > #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin > SpamAssassin Local Rules Dir = > > # The default rules are searched for here, and in > prefix/share/spamassassin, # /usr/local/share/spamassassin, > /usr/share/spamassassin, and maybe others. > # If this is set then it adds to the list of places that are > searched; # otherwise it has no effect. > #SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin > SpamAssassin Default Rules Dir = > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 11:31 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > This was an upgrade from 4.49, but the MailScanner.conf has been > > updated also. > > My MailScanner.conf has the following entries: > > > > MailScanner Version Number = 4.50.15 > > SpamAssassin User State Dir = /usr/local/etc/mail/spamassassin > > SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = > > /usr/local/etc/mail/spamassassin SpamAssassin Local Rules Dir = > > SpamAssassin Default Rules Dir = > > > > I do NOT see anything for the LOCAL_STATE_DIR in either > > MailScanner.conf or SA.pm! > > Since the option is not in SA.pm, it won't matter if I add it to > > MailScanner.conf! > > > > I have manually set the option in SA.pm and now the updated > rules are > > recognised and used. > > Here's a context diff: > > > > *** SA.pm Thu Apr 6 12:29:42 2006 > > --- SA.pm.orig Thu Apr 6 12:30:12 2006 > > *************** > > *** 106,112 **** > > $settings{LOCAL_RULES_DIR} = $val if $val ne ""; > > $val = > MailScanner::Config::Value('spamassassindefaultrulesdir'); > > $settings{DEF_RULES_DIR} = $val if $val ne ""; > > - $settings{LOCAL_STATE_DIR} = "/var/lib"; > > $val = > MailScanner::Config::Value('spamassassininstallprefix'); > > > > # For version 3 onwards, shouldn't cause problems > with earlier > > code > > --- 106,111 ---- > > > > Adri. > > > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin Hepworth > > > Sent: donderdag 6 april 2006 12:18 > > > To: 'MailScanner discussion' > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Adri > > > > > > Should be in MailScanner.conf in the Advanced > SpamAssassin section - > > > its around line 1850 in my setup. > > > > > > > > > Was this a fresh install of 4.50.15 or did you upgrade from an > > > earlier version??? > > > > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > Sent: 06 April 2006 11:11 > > > > To: MailScanner discussion > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Martin, > > > > > > > > Using MailScanner 4.50.15 from www.freebsd.ord/ports. > > > > SpamAssassin 3.1.1 from www.freebsd.org/ports. > > > > > > > > Which setting should I look for in MailScanner.conf or > SA.pm for > > > > setting the SpamAssassin LOCAL_STATE_DIR? > > > > > > > > Adri. > > > > > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > On Behalf Of > > > > > Martin Hepworth > > > > > Sent: donderdag 6 april 2006 12:00 > > > > > To: 'MailScanner discussion' > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > rules from > > > > > sa-update > > > > > > > > > > Adri > > > > > > > > > > Hmm what version of MS is this???? "mailscanner -v" > > > > > > > > > > Freshports shows the latest is 4.50.1 which should have these > > > > > settings. > > > > > > > > > > You may have to upgrade your ports tree.. > > > > > > > > > > -- > > > > > Martin Hepworth > > > > > Snr Systems Administrator > > > > > Solid State Logic > > > > > Tel: +44 (0)1865 842300 > > > > > > > > > > > -----Original Message----- > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner- > > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > > Sent: 06 April 2006 10:52 > > > > > > To: MailScanner discussion > > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > rules from > > > > > > sa-update > > > > > > > > > > > > Martin, > > > > > > > > > > > > The Advanced SpamAssassin Section does not have an > > > option for the > > > > > > SpamAssassin LOCAL_STATE_DIR option. > > > > > > Also in SA.pm, there is no place where this option is read > > > > > or passed > > > > > > on to SpamAssassin. > > > > > > I think the LOCAL_STATE_DIR option is new for SA 3.1.1, to > > > > > work with > > > > > > sa-update. > > > > > > > > > > > > I am restarting MailScanner after making config changes, > > > > > > before checking if they function properly. > > > > > > I think Julian probably has to add the option to > SA.pm and the > > > > > > Advanced SpamAssassin Section in MailScanner.conf. > > > > > > > > > > > > Adri. > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > > > On Behalf Of > > > > > > > Martin Hepworth > > > > > > > Sent: donderdag 6 april 2006 10:35 > > > > > > > To: 'MailScanner discussion' > > > > > > > Subject: RE: MailScanner 4.50.15 not picking up new > > > rules from > > > > > > > sa-update > > > > > > > > > > > > > > Adri > > > > > > > > > > > > > > Have a look in MailScanner.conf and the Advanced > > > > > > > SpamAssassin Settings section. You can put extra > things into > > > > > > > the SA rules path there, > > > > > > > > > > > > > > Also I presume you're restarting MS after the > update and not > > > > > > > just waiting for the children to die? > > > > > > > > > > > > > > -- > > > > > > > Martin Hepworth > > > > > > > Snr Systems Administrator > > > > > > > Solid State Logic > > > > > > > Tel: +44 (0)1865 842300 > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > > > [mailto:mailscanner- > > > > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > > > > Sent: 06 April 2006 09:03 > > > > > > > > To: mailscanner@lists.mailscanner.info > > > > > > > > Subject: MailScanner 4.50.15 not picking up new > rules from > > > > > > > > sa-update > > > > > > > > > > > > > > > > I am running the MailScanner port on FreeBSD 5.4 with > > > > > > > sendmail as my > > > > > > > > MTA and SpamAssassin 3.1.1. > > > > > > > > I recently ran the 'sa-update' program included in > > > > > SpamAssassin to > > > > > > > > pick up newly added and changed rules. > > > > > > > > The sa-update program correctly downloads the updated > > > > > rules to the > > > > > > > > default location of > > > > > > > > > > > > > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and > > > > > when > > > > > > > > running spamassassin -D --lint, I can see the new rules > > > > > being used. > > > > > > > > However the new rules are NOT being used by SpamAssassin > > > > > > > when called > > > > > > > > from inside MailScanner. > > > > > > > > I believe this is due to an omission in SA.pm when > > > > > creating a new > > > > > > > > instance of Mail::SpamAssassin. > > > > > > > > The LOCAL_STATE_DIR config option, which is normally > > > > > > > '/var/lib' is not > > > > > > > > included in the $settings. > > > > > > > > > > > > > > > > Adri. > > > > > > > > -- > > > > > > > > MailScanner mailing list > > > > > > > > mailscanner@lists.mailscanner.info > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > > > > > > > > > > > > > Support MailScanner development - buy the book off > > > the website! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > > > ** > > > > > > > > > > > > > > This email and any files transmitted with it are > > > > > > > confidential and intended solely for the use of the > > > > > > > individual or entity > > > > > to whom they > > > > > > > are addressed. If you have received this email in > > > error please > > > > > > > notify the system manager. > > > > > > > > > > > > > > This footnote confirms that this email message has been > > > > > > > swept for the presence of computer viruses and is believed > > > to be clean. > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > > > ** > > > > > > > > > > > > > > -- > > > > > > > MailScanner mailing list > > > > > > > mailscanner@lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > > > Support MailScanner development - buy the book off > > > the website! > > > > > > > > > > > > > -- > > > > > > MailScanner mailing list > > > > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > > ** > > > > > > > > > > This email and any files transmitted with it are confidential > > > > > and intended solely for the use of the individual or entity > > > to whom they > > > > > are addressed. If you have received this email in > error please > > > > > notify the system manager. > > > > > > > > > > This footnote confirms that this email message has been swept > > > > > for the presence of computer viruses and is believed > to be clean. > > > > > > > > > > > > > > ******************************************************************** > > > > > ** > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ******************************************************************** > > > ** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error please > > > notify the system manager. > > > > > > This footnote confirms that this email message has been swept for > > > the presence of computer viruses and is believed to be clean. > > > > > > > ******************************************************************** > > > ** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Thu Apr 6 12:00:58 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 12:01:08 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00bc01c65969$62c4f170$3004010a@martinhlaptop> Adri Ah I get you ---- put this into your spam.assassin.prefs.conf. Appologies for the confusion -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 11:53 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > Your MailScanner.conf Advanced SpamAssassin Settings looks the same as > mine. > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a default > of '/var/lib'. > Adding options to MailScanner.conf alone isn't going to work, since they > also need to be read and passed on to SpamAssassin in SA.pm. > I reported this to the list, since I think Julian has to add it to the > next version of MailScanner. > > Adri. > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From roger at rudnick.com.br Thu Apr 6 12:07:08 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 12:09:29 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk><06d901c6581f$c9840220$0600a8c0@roger><4432D276.3060707@gmx.de> <00d901c65896$a8e35fd0$0600a8c0@roger> Message-ID: <01f001c6596a$3f0fbfc0$0600a8c0@roger> Just for the record, I changed the Max Children configuration to 1 (one) yesterday, and now all is working fine. I don't know why that happened, but started with Sendmail 8.13.6. Really strange... Thanks for all the help! Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Wednesday, April 05, 2006 6:52 AM Subject: Re: Sendmail Upgrade, other problem > Thanks! > > I really could do that, but I think this would make thinks too slow > here... Normaly there are 4 or 5 childrens running, some times even more. > But if there is no other solution to that case, I will give that a try. > > Regards > > Roger Jochem > > ----- Original Message ----- > From: > To: "MailScanner discussion" > Sent: Tuesday, April 04, 2006 5:09 PM > Subject: Re: Sendmail Upgrade, other problem > > >> On 04.04.2006 21:41, Roger Jochem wrote: >> >>> Regarding to my problem (bellow) I found the following lines in my >>> maillog >>> srv MailScanner[9596]: Failed to link message body between queues >>> (/var/spool/mqueue/dfi8R9KQqf010458 --> >>> /var/spool/mqueue.in/dfi8R9KQqf010458) >>> >>>>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>>>> >>>>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>>>> They appear twice in the users inbox, one with this body, and one >>>>>>> ok message (with the original body). >>>>>> >> >> google >> >> http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.html >> >> *Author: *Ryan >> *Date: * 2004-10-25 06:21 +200 >> *To: *plug >> *Subject: *[plug] MailScanner children fighting >> >> Hi PLUG, >> >> I've just upgraded my MailScanner to v4.34.8. Before I knock on their >> door about this problem I was wondering if anyone has seen it? >> >> With the default 5 children running, it appear that sometimes two >> childen pick up the same message and then whichever finishes last >> reports an error about it. Below is the output, you can see that two >> MailScanner processes detect the email waiting, both scan it, then one >> delivers it and the other one wonders where it went. The leads to 2 >> messages being sent to the recipient, one with the full message, and the >> other empty saying "<<< No Message Collected >>>" >> >> If I reduce the max children to one, things obviously are a touch slower >> off the mark, but it stops the children fighting over the messages. >> >> >> -- >> shrek-m >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From res at ausics.net Thu Apr 6 12:18:33 2006 From: res at ausics.net (Res) Date: Thu Apr 6 12:18:45 2006 Subject: No SYSLOG No Mail Scanned In-Reply-To: <223f97700604060222j1e999010k8a4fa4aaceebe553@mail.gmail.com> References: <223f97700604050403m60d8cfa0h422d4f0516cf64b5@mail.gmail.com> <223f97700604050707u7fccd175ncc4fe625e7f6022f@mail.gmail.com> <223f97700604060222j1e999010k8a4fa4aaceebe553@mail.gmail.com> Message-ID: On Thu, 6 Apr 2006, Glenn Steen wrote: > .... Ah. Never seen that exact behaviour (with or without whiskey:), > but then a flakey HDD would (in my case) be killing filesystems too, > so that would probably get my attention:-). > And all the while dmesg was silent? Spooky... Yeah, I would have thought syslog would still run for a few mins after swap went away, but it must be die at the same time, else i'd expect to see some sort of hint. > I definitely see your point... I'm at a .gov-ish site here, and have > regulations in place that make logging almost as paramount as the > actual messages ("availability to the public" type of thing), So I > don't have the "luxury" of not logging everything. Sigh. Heh its so bad that I actually comment out several of the MS log statements that I find are not needed Apr 6 21:08:36 sprint MailScanner[5707]: New Batch: Found 1489 messages waiting Apr 6 21:08:36 sprint MailScanner[5707]: New Batch: Scanning 100 messages, 3647604 bytes Apr 6 21:09:09 sprint MailScanner[5507]: Uninfected: Delivered 93 messages note the lines missing :) i deem them as duplicating info, like what was it ummmm..... virus content scanning starting or somthing? thats kind of moot since it already logs "scanning 100 messages" might not seem much to those who have low traffic, but on high traffic machines its overkill, also as we all know on high loaded machines every bit of logging adds to the resource hogging. Oh and before you ask.... yes I did pop back in Julians default messagebatch.pm to see if I screwed up my hacking, but nope, still broken. > Ah yes, don't we just love MailScanner for it! (I suppose mentioning > postfix here is tantamount to swearing, so...:-) Thats blasphemy! ;) -- Cheers Res From max at kipness.com Thu Apr 6 12:48:29 2006 From: max at kipness.com (Max Kipness) Date: Thu Apr 6 12:48:45 2006 Subject: Still stuck in queue, version 4.52.2 Message-ID: <80fb9c4e63217eef83a3e739939225c8@localhost> I've since upgraded to version 4.52.2, and I'm getting better performance (probably less getting stuck in the queue), yet yesterday there was one message that got processed over 6000 times! Here is a sample of one that is stuck right now. It's been processed 512 times. Any clue to what else I can do to remedy this issue? Apr 6 06:42:03 xxx MailScanner[12537]: SpamAssassin cache hit for message k36BOeGt011418 Apr 6 06:42:03 xxx MailScanner[12537]: Message k36BOeGt011418 from 86.202.15.121 (sdouhbhj@yahoo.com) to xxx.com is spam, SpamAssassin (score=26.748, required 6, autolearn=spam, BAYES_99 3.50, FORGED_YAHOO_RCVD 1.85, HELO_DYNAMIC_IPADDR 4.20, HTML_FONT_LOW_CONTRAST 0.19, HTML_IMAGE_ONLY_20 1.16, HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_3 0.88, LONGWORDS 3.79, MIME_BOUND_DIGITS_15 2.95, MIME_HTML_ONLY 0.00, MSGID_FROM_MTA_HEADER 0.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, UNPARSEABLE_RELAY 0.00, URIBL_JP_SURBL 4.09, URIBL_SBL 1.64) Apr 6 06:42:04 xxx MailScanner[12537]: Spam Actions: message k36BOeGt011418 actions are store Apr 6 06:42:07 sxxx MailScanner[12537]: Filename Checks: Very long filename, possible OE attack (k36BOeGt011418 dinah deprave annoyance tribesmen five stepson convince barnstorm assistant given forsaken rhetoric jugate carabao meteor abelian sophia frisky vulnerable debug pottery capetown hollyhock tor crusty .gif) Apr 6 06:42:07 xxx MailScanner[12537]: Saved entire message to /var/spool/MailScanner/quarantine/20060406/k36BOeGt011418 Apr 6 06:42:07 xxx MailScanner[12537]: Saved infected "dinah deprave .gif" to /var/spool/MailScanner/quarantine/20060406/k36BOeGt011418 -- Thanks, Max From adrik at salesmanager.nl Thu Apr 6 13:12:51 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 13:12:53 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, Thanks, but which option do I have to put in spam.assassin.prefs.conf? I have not found an configurable option for this in the SA docs. Normally the LOCAL_STATE_DIR option is hardcoded in /usr/local/bin/spammassassin (dynamically determined by make at compile/installation time) and there does not seem to be an option to overrride. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 13:01 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > Ah I get you ---- put this into your spam.assassin.prefs.conf. > > > Appologies for the confusion > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 11:53 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > Your MailScanner.conf Advanced SpamAssassin Settings looks > the same as > > mine. > > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a > > default of '/var/lib'. > > Adding options to MailScanner.conf alone isn't going to work, since > > they also need to be read and passed on to SpamAssassin in SA.pm. > > I reported this to the list, since I think Julian has to > add it to the > > next version of MailScanner. > > > > Adri. > > > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From steve.swaney at fsl.com Thu Apr 6 13:18:34 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Apr 6 13:18:39 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.88.1 Message-ID: <0ef401c65974$3a0b8630$2901010a@office.fsl> FYI. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -----Original Message----- From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli Sent: Tuesday, April 04, 2006 11:12 AM To: ClamAV Announce Subject: [Clamav-announce] announcing ClamAV 0.88.1 Dear ClamAV users, this version fixes a number of minor bugs and provides code updates to improve virus detection. Here is the full ChangeLog: Tue Apr 4 12:04:07 CEST 2006 ----------------------------- V 0.88.1 * Bugfixes: - libclamav/matcher.c: properly handle partial reads in cli_scandesc() - libclamav/mbox.c: sync with CVS, fixes detection of Worm.Bagle.CT - freshclam: fix support for LocalIPAddress Patch by Anton Yuzhaninov - docs/man: multiple manpage typo fixes Patch by A. Costa ) - shared/output.c: properly handle return value of vsnprintf Thanks to Anton Yuzhaninov - libclamav/htmlnorm.c: fix typo spotted by Gianluigi Tiesi - sigtool/sigtool.c: fix possible crash in build(), thanks to Sven - clamd/session.c: remove static timeout (5s) for SESSION Pointed out by Joseph Benden - libclamav/pe.c: fix possible integer overflow reported by Damian Put Note: only exploitable if file size limit (ArchiveMaxFileSize) disabled - libclamav/scanners.c: properly report archive unpacking errors Problem spotted by David F. Skoll - libclamav/others.c: fix possible crash in cli_bitset_test() Reported by David Luyer - libclamav/zziplib: fix possible crash on FreeBSD Reported by Robert Rebbun - clamav-milter: fall back if sendfile() fails -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce From martinh at solid-state-logic.com Thu Apr 6 13:37:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 13:37:18 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00c301c65976$d072df40$3004010a@martinhlaptop> Adri This a normal SA config/rules file so any rule/config that's valid you can place in there.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 13:13 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > Thanks, but which option do I have to put in spam.assassin.prefs.conf? > I have not found an configurable option for this in the SA docs. > Normally the LOCAL_STATE_DIR option is hardcoded in > /usr/local/bin/spammassassin (dynamically determined by make at > compile/installation time) and there does not seem to be an option to > overrride. > > Adri. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 13:01 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > Ah I get you ---- put this into your spam.assassin.prefs.conf. > > > > > > Appologies for the confusion > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 11:53 > > > To: MailScanner discussion > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Martin, > > > > > > Your MailScanner.conf Advanced SpamAssassin Settings looks > > the same as > > > mine. > > > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a > > > default of '/var/lib'. > > > Adding options to MailScanner.conf alone isn't going to work, since > > > they also need to be read and passed on to SpamAssassin in SA.pm. > > > I reported this to the list, since I think Julian has to > > add it to the > > > next version of MailScanner. > > > > > > Adri. > > > > > > > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Apr 6 13:37:32 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 13:37:40 2006 Subject: [Clamav-announce] announcing ClamAV 0.88.1 In-Reply-To: <0ef401c65974$3a0b8630$2901010a@office.fsl> Message-ID: <00c401c65976$e040e480$3004010a@martinhlaptop> Been running for last couple of hours no problems noted far. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: 06 April 2006 13:19 > To: 'MailScanner discussion' > Subject: FW: [Clamav-announce] announcing ClamAV 0.88.1 > > FYI. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca > Gibelli > Sent: Tuesday, April 04, 2006 11:12 AM > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.88.1 > > Dear ClamAV users, > > this version fixes a number of minor bugs and provides code updates > to improve virus detection. > > Here is the full ChangeLog: > > Tue Apr 4 12:04:07 CEST 2006 > ----------------------------- > V 0.88.1 > * Bugfixes: > - libclamav/matcher.c: properly handle partial reads in cli_scandesc() > - libclamav/mbox.c: sync with CVS, fixes detection of Worm.Bagle.CT > - freshclam: fix support for LocalIPAddress > Patch by Anton Yuzhaninov > - docs/man: multiple manpage typo fixes > Patch by A. Costa ) > - shared/output.c: properly handle return value of vsnprintf > Thanks to Anton Yuzhaninov > - libclamav/htmlnorm.c: fix typo spotted by Gianluigi Tiesi > > - sigtool/sigtool.c: fix possible crash in build(), thanks to Sven > - clamd/session.c: remove static timeout (5s) for SESSION > Pointed out by Joseph Benden > - libclamav/pe.c: fix possible integer overflow reported by Damian Put > Note: only exploitable if file size limit (ArchiveMaxFileSize) > disabled > - libclamav/scanners.c: properly report archive unpacking errors > Problem spotted by David F. Skoll > - libclamav/others.c: fix possible crash in cli_bitset_test() > Reported by David Luyer > - libclamav/zziplib: fix possible crash on FreeBSD > Reported by Robert Rebbun > - clamav-milter: fall back if sendfile() fails > > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL anti-virus toolkit > [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it > PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From adrik at salesmanager.nl Thu Apr 6 13:45:40 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Thu Apr 6 13:45:41 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Martin, And if there is NO config option for it in SA? I can't find any documented SA rule/config to set the LOCAL_STATE_DIR. It's supposed to be passed from the Perl code, creating a new Mail::SpamAssassin instance. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin Hepworth > Sent: donderdag 6 april 2006 14:37 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri > > This a normal SA config/rules file so any rule/config that's > valid you can place in there.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > Sent: 06 April 2006 13:13 > > To: MailScanner discussion > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > sa-update > > > > Martin, > > > > Thanks, but which option do I have to put in > spam.assassin.prefs.conf? > > I have not found an configurable option for this in the SA docs. > > Normally the LOCAL_STATE_DIR option is hardcoded in > > /usr/local/bin/spammassassin (dynamically determined by make at > > compile/installation time) and there does not seem to be an > option to > > overrride. > > > > Adri. > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin Hepworth > > > Sent: donderdag 6 april 2006 13:01 > > > To: 'MailScanner discussion' > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Adri > > > > > > Ah I get you ---- put this into your spam.assassin.prefs.conf. > > > > > > > > > Appologies for the confusion > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > Sent: 06 April 2006 11:53 > > > > To: MailScanner discussion > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Martin, > > > > > > > > Your MailScanner.conf Advanced SpamAssassin Settings looks > > > the same as > > > > mine. > > > > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a > > > > default of '/var/lib'. > > > > Adding options to MailScanner.conf alone isn't going to work, > > > > since they also need to be read and passed on to > SpamAssassin in SA.pm. > > > > I reported this to the list, since I think Julian has to > > > add it to the > > > > next version of MailScanner. > > > > > > > > Adri. > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > ** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity > to whom they > > > are addressed. If you have received this email in error please > > > notify the system manager. > > > > > > This footnote confirms that this email message has been swept for > > > the presence of computer viruses and is believed to be clean. > > > > > > > ******************************************************************** > > > ** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From roger at rudnick.com.br Thu Apr 6 13:51:12 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 13:57:56 2006 Subject: Sendmail Upgrade, other problem References: <00c201c64f2c$ef3e2320$0600a8c0@roger> <0A0B9F68-5083-44E0-8DBF-B80196E9439F@ecs.soton.ac.uk><055101c65420$1fa34c00$0600a8c0@roger> <442C18DE.5010102@ecs.soton.ac.uk><06d901c6581f$c9840220$0600a8c0@roger><4432D276.3060707@gmx.de> <00d901c65896$a8e35fd0$0600a8c0@roger> Message-ID: <02e901c65978$c8d270a0$0600a8c0@roger> Unfortunately now MailScanner is VERY slow, when someone sends a large e-mail. If somebody can give me a better solution, I would appreciate... Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Wednesday, April 05, 2006 6:52 AM Subject: Re: Sendmail Upgrade, other problem > Thanks! > > I really could do that, but I think this would make thinks too slow > here... Normaly there are 4 or 5 childrens running, some times even more. > But if there is no other solution to that case, I will give that a try. > > Regards > > Roger Jochem > > ----- Original Message ----- > From: > To: "MailScanner discussion" > Sent: Tuesday, April 04, 2006 5:09 PM > Subject: Re: Sendmail Upgrade, other problem > > >> On 04.04.2006 21:41, Roger Jochem wrote: >> >>> Regarding to my problem (bellow) I found the following lines in my >>> maillog >>> srv MailScanner[9596]: Failed to link message body between queues >>> (/var/spool/mqueue/dfi8R9KQqf010458 --> >>> /var/spool/mqueue.in/dfi8R9KQqf010458) >>> >>>>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: >>>>>> >>>>>>> After the sendmail upgrade to 8.13.6, some of my messages come with >>>>>>> no body, and the text "<<< No Message Collected >>>" in the body... >>>>>>> They appear twice in the users inbox, one with this body, and one >>>>>>> ok message (with the original body). >>>>>> >> >> google >> >> http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.html >> >> *Author: *Ryan >> *Date: * 2004-10-25 06:21 +200 >> *To: *plug >> *Subject: *[plug] MailScanner children fighting >> >> Hi PLUG, >> >> I've just upgraded my MailScanner to v4.34.8. Before I knock on their >> door about this problem I was wondering if anyone has seen it? >> >> With the default 5 children running, it appear that sometimes two >> childen pick up the same message and then whichever finishes last >> reports an error about it. Below is the output, you can see that two >> MailScanner processes detect the email waiting, both scan it, then one >> delivers it and the other one wonders where it went. The leads to 2 >> messages being sent to the recipient, one with the full message, and the >> other empty saying "<<< No Message Collected >>>" >> >> If I reduce the max children to one, things obviously are a touch slower >> off the mark, but it stops the children fighting over the messages. >> >> >> -- >> shrek-m >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Thu Apr 6 13:59:04 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 13:59:26 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: Message-ID: <00c501c65979$e27c2720$3004010a@martinhlaptop> Hmm One for Jules then.... Can't see any documentation for this, but then the SA documentation is interesting to use sometimes..even tried the wiki..... Perhaps Matt or someone closer to the SA team can comment? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > Sent: 06 April 2006 13:46 > To: MailScanner discussion > Subject: RE: MailScanner 4.50.15 not picking up new rules from sa-update > > Martin, > > And if there is NO config option for it in SA? I can't find any > documented SA rule/config to set the LOCAL_STATE_DIR. > It's supposed to be passed from the Perl code, creating a new > Mail::SpamAssassin instance. > > Adri. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin Hepworth > > Sent: donderdag 6 april 2006 14:37 > > To: 'MailScanner discussion' > > Subject: RE: MailScanner 4.50.15 not picking up new rules > > from sa-update > > > > Adri > > > > This a normal SA config/rules file so any rule/config that's > > valid you can place in there.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > Sent: 06 April 2006 13:13 > > > To: MailScanner discussion > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > sa-update > > > > > > Martin, > > > > > > Thanks, but which option do I have to put in > > spam.assassin.prefs.conf? > > > I have not found an configurable option for this in the SA docs. > > > Normally the LOCAL_STATE_DIR option is hardcoded in > > > /usr/local/bin/spammassassin (dynamically determined by make at > > > compile/installation time) and there does not seem to be an > > option to > > > overrride. > > > > > > Adri. > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > > Martin Hepworth > > > > Sent: donderdag 6 april 2006 13:01 > > > > To: 'MailScanner discussion' > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > sa-update > > > > > > > > Adri > > > > > > > > Ah I get you ---- put this into your spam.assassin.prefs.conf. > > > > > > > > > > > > Appologies for the confusion > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Adri Koppes > > > > > Sent: 06 April 2006 11:53 > > > > > To: MailScanner discussion > > > > > Subject: RE: MailScanner 4.50.15 not picking up new rules from > > > > > sa-update > > > > > > > > > > Martin, > > > > > > > > > > Your MailScanner.conf Advanced SpamAssassin Settings looks > > > > the same as > > > > > mine. > > > > > No option for the SA 3.1.1 LOCAL_STATE_DIR, which should have a > > > > > default of '/var/lib'. > > > > > Adding options to MailScanner.conf alone isn't going to work, > > > > > since they also need to be read and passed on to > > SpamAssassin in SA.pm. > > > > > I reported this to the list, since I think Julian has to > > > > add it to the > > > > > next version of MailScanner. > > > > > > > > > > Adri. > > > > > > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity > > to whom they > > > > are addressed. If you have received this email in error please > > > > notify the system manager. > > > > > > > > This footnote confirms that this email message has been swept for > > > > the presence of computer viruses and is believed to be clean. > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential > > and intended solely for the use of the individual or entity > > to whom they are addressed. If you have received this email > > in error please notify the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Apr 6 14:03:38 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 14:03:48 2006 Subject: Sendmail Upgrade, other problem In-Reply-To: <02e901c65978$c8d270a0$0600a8c0@roger> Message-ID: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> Roger Not sure on this thread, seems to be quite old.... Can you start a new thread with the problem, version numbers of software etc. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Roger Jochem > Sent: 06 April 2006 13:51 > To: MailScanner discussion > Subject: Re: Sendmail Upgrade, other problem > > Unfortunately now MailScanner is VERY slow, when someone sends a large > e-mail. > > If somebody can give me a better solution, I would appreciate... > > Regards > > Roger Jochem > > ----- Original Message ----- > From: "Roger Jochem" > To: "MailScanner discussion" > Sent: Wednesday, April 05, 2006 6:52 AM > Subject: Re: Sendmail Upgrade, other problem > > > > Thanks! > > > > I really could do that, but I think this would make thinks too slow > > here... Normaly there are 4 or 5 childrens running, some times even > more. > > But if there is no other solution to that case, I will give that a try. > > > > Regards > > > > Roger Jochem > > > > ----- Original Message ----- > > From: > > To: "MailScanner discussion" > > Sent: Tuesday, April 04, 2006 5:09 PM > > Subject: Re: Sendmail Upgrade, other problem > > > > > >> On 04.04.2006 21:41, Roger Jochem wrote: > >> > >>> Regarding to my problem (bellow) I found the following lines in my > >>> maillog > >>> srv MailScanner[9596]: Failed to link message body between queues > >>> (/var/spool/mqueue/dfi8R9KQqf010458 --> > >>> /var/spool/mqueue.in/dfi8R9KQqf010458) > >>> > >>>>>> On 24 Mar 2006, at 10:23, Roger Jochem wrote: > >>>>>> > >>>>>>> After the sendmail upgrade to 8.13.6, some of my messages come > with > >>>>>>> no body, and the text "<<< No Message Collected >>>" in the > body... > >>>>>>> They appear twice in the users inbox, one with this body, and one > >>>>>>> ok message (with the original body). > >>>>>> > >> > >> google > >> > >> > http://www.plug.linux.org.au/archives/message/20041025.042133.913c0dbf.htm > l > >> > >> *Author: *Ryan > >> *Date: * 2004-10-25 06:21 +200 > >> *To: *plug > >> *Subject: *[plug] MailScanner children fighting > >> > >> Hi PLUG, > >> > >> I've just upgraded my MailScanner to v4.34.8. Before I knock on their > >> door about this problem I was wondering if anyone has seen it? > >> > >> With the default 5 children running, it appear that sometimes two > >> childen pick up the same message and then whichever finishes last > >> reports an error about it. Below is the output, you can see that two > >> MailScanner processes detect the email waiting, both scan it, then one > >> delivers it and the other one wonders where it went. The leads to 2 > >> messages being sent to the recipient, one with the full message, and > the > >> other empty saying "<<< No Message Collected >>>" > >> > >> If I reduce the max children to one, things obviously are a touch > slower > >> off the mark, but it stops the children fighting over the messages. > >> > >> > >> -- > >> shrek-m > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From roger at rudnick.com.br Thu Apr 6 14:58:23 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 14:59:18 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> Message-ID: <03a801c65982$2db2a220$0600a8c0@roger> I'm rellating my problem again like Martin asked, to see if anybody could help. I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, I'm receiving some mails twice, one with no body (outlook shows <<< No Message Collected >>>) and one complete mail (with the original body). Looktype in MailScanner is (and already was before the upgrade) "posix". My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. When this error occurs, I can se in my maillog messages like: MailScanner[9596]: Failed to link message body between queues (/var/spool/mqueue/dfi8R9KQqf010458 --> /var/spool/mqueue.in/dfi8R9KQqf010458) Shrek-m googled (I'm was told this is acepptable now : "googled") my problem and found a similar one, and the solution was to decrease the max children in MailScanner.conf to a single one. I did that, but the obvious problem that this created is that when lots of mails come in, MailScanner became extremly slow, and users wait 20 minutes or more to receive a single message. So, today I turned that back, to my usual number of childrens. And, obviuosly, my problem returned, some messages are received twice. Other info, Julian asked me for the info returned by sendmail -d0.1 -d0.4 -bt < /dev/null That returned: Version 8.13.6 Compiled with: DNSMAP LDAPMAP FSTATMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB USE_LDAP_INIT Canonical name: mail.rudnick.com.br UUCP nodename: mail.rudnick.com.br a.k.a.: mail a.k.a.: [172.16.0.1] Another info I think may be usefull, is that before sendmail 8.13.6, postfix was installed on my machine, but I wasn't using it. Trying to upgrade sendmail to 8.13.6, it told me that sendmail conflicts with postfix. So I removed it. I don't know if that has something to do with my problem... Any help would be really appreciated. Regards Roger Jochem From brett at wrl.org Thu Apr 6 15:25:21 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu Apr 6 15:26:33 2006 Subject: A way to give local mail priority? Message-ID: I'd be grateful for any suggestions anyone can offer! SPECIFICS: Debian 3.1, kernel 2.6.8, Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb packages) Majordomo 1.94.5 Greetings, I have MailScanner installed on a P4 3.2 GHz machine with 2 GB of RAM. With MailScanner running SpamAssassin rules *and* RBL checks my Majordomo mail (generated and delivered locally) takes as long as an hour to end up in users' inboxes. It appears that my local mail gets stuck in the queue with the SPAM and the machine just has to chew through it all FIFO and my staff need to have departmental mail make it through in 10 minutes or less if at all possible. When I switch off SpamAssassin and just do RBL checks things work reasonably quick, but obviously a lot more SPAM gets through. I have From: *@wrl.org yes in my "Is Definitely Not Spam" file, but again, with SA rules switched on and lots of email piling in, the queue processing drops to a crawl. I know I need to expand my RAM (I *am* seeing a lot of swapping with SA turned on) but even once I get 8 GB or so, I suspect these delays in Majordomo mail this will continue. Is there a way to give "priority" to local mail so that MailScanner not only keeps its hands off but Sendmail is told to deliver immediately? Or should I run Sendmail with two queues? -- ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** From martinh at solid-state-logic.com Thu Apr 6 15:36:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 6 15:36:08 2006 Subject: A way to give local mail priority? In-Reply-To: Message-ID: <00fd01c65987$6ceebc80$3004010a@martinhlaptop> Looks likes a problem with performance...have gone through the MailScanner tuning exercise...an hour to process email shouldn't be happening - people here would noticed after a minute! http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:per formance also the latest and greatest release (yours is about 1 year old) has some really nice performance tweaks in it that you may find usefull. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brett Charbeneau > Sent: 06 April 2006 15:25 > To: mailscanner@lists.mailscanner.info > Subject: A way to give local mail priority? > > I'd be grateful for any suggestions anyone can offer! > > > SPECIFICS: > Debian 3.1, kernel 2.6.8, > Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb packages) > Majordomo 1.94.5 > > Greetings, > > I have MailScanner installed on a P4 3.2 GHz machine with 2 GB of > RAM. > With MailScanner running SpamAssassin rules *and* RBL checks my > Majordomo mail (generated and delivered locally) takes as long as an hour > to > end up in users' inboxes. > It appears that my local mail gets stuck in the queue with the SPAM > and > the machine just has to chew through it all FIFO and my staff need to have > departmental mail make it through in 10 minutes or less if at all > possible. > When I switch off SpamAssassin and just do RBL checks things work > reasonably quick, but obviously a lot more SPAM gets through. > I have > > From: *@wrl.org yes > > in my "Is Definitely Not Spam" file, but again, with SA rules > switched on > and lots of email piling in, the queue processing drops to a crawl. > I know I need to expand my RAM (I *am* seeing a lot of swapping with > SA > turned on) but even once I get 8 GB or so, I suspect these delays in > Majordomo > mail this will continue. > Is there a way to give "priority" to local mail so that MailScanner > not > only keeps its hands off but Sendmail is told to deliver immediately? Or > should > I run Sendmail with two queues? > > -- > ******************************************************************** > Brett Charbeneau > Network Administrator > Williamsburg Regional Library > 7770 Croaker Road > Williamsburg, VA 23188-7064 > (757)259-4044 www.wrl.org > (757)259-4079 (fax) brett@wrl.org > ******************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From alex at nkpanama.com Thu Apr 6 15:41:30 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Apr 6 15:41:56 2006 Subject: A way to give local mail priority? In-Reply-To: <00fd01c65987$6ceebc80$3004010a@martinhlaptop> References: <00fd01c65987$6ceebc80$3004010a@martinhlaptop> Message-ID: <4435289A.1080205@nkpanama.com> Martin Hepworth wrote: > also the latest and greatest release (yours is about 1 year old) has some > really nice performance tweaks in it that you may find usefull. > >> I have >> >> From: *@wrl.org yes >> There's that and there's also the easily spoofable *@me.org whitelist. He should probably change it to From: 127.0.0.1 and From: *.wrl.org yes Or he could go as far as: Scan Messages = %rules-dir%/scanmessages.rules [scanmessages.rules] From: 127.0.0.1 and From: *@wrl.org no FromOrTo: default yes Right? From alex at nkpanama.com Thu Apr 6 15:51:13 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Apr 6 15:52:09 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <03a801c65982$2db2a220$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> Message-ID: <44352AE1.9000505@nkpanama.com> Roger Jochem wrote: > When this error occurs, I can se in my maillog messages like: > > MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > I've had the exact same problem before, and since then I rarely leave "max children =" set to more than 1 unless the server is quite busy. Call me crazy but since MailScanner is so darn fast I would ask myself if the slowness is related to lack of RAM or some other factor. There's that, and there's also the fact that you can tell MailScanner not to use SpamAssassin for messages larger than a certain size. After googling around myself I found a guy having the same problem because he was running a separate sendmail service which was getting confused. Try stopping MailScanner, waiting a few seconds, and using "ps -ax | grep sendmail" to see if there are any more instances running. If there are, kill them and start MailScanner again. From G.Pentland at soton.ac.uk Thu Apr 6 15:59:34 2006 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Thu Apr 6 15:59:39 2006 Subject: A way to give local mail priority? Message-ID: <71437982F5B13A4D9A5B2669BDB89EE403A84CC4@ISS-CL-EX-V1.soton.ac.uk> The rules will work but if the majordomo server is a separate box from the MailScanner machine then you can use a bit of thought in the flow of mail to tidy things up. 1. Set the majordomo box to only receive mail from the Mailscanner. 2. Set up the majordomo box to deliever mail to filestore Now mail generated by majordmo will have been scanned before the list gets expanded and then delivered directly to disk without scanning it again. This obviously depends on if your site is big enough to require multiple machines etc. but I thought it was worth posting as thinking about routing and mail flow in a larger site generally helps with many issues. Just my 2c Gary Alex Neuman van der Hans wrote: > Martin Hepworth wrote: >> also the latest and greatest release (yours is about 1 year old) has >> some really nice performance tweaks in it that you may find usefull. >> >>> I have >>> >>> From: *@wrl.org yes >>> > There's that and there's also the easily spoofable *@me.org whitelist. > He should probably change it to > > From: 127.0.0.1 and From: *.wrl.org yes > > Or he could go as far as: > > Scan Messages = %rules-dir%/scanmessages.rules > > [scanmessages.rules] > > From: 127.0.0.1 and From: *@wrl.org no > FromOrTo: default yes > > > Right? From cconn at abacom.com Thu Apr 6 16:00:12 2006 From: cconn at abacom.com (Chris Conn) Date: Thu Apr 6 16:00:19 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: <008101c65954$f810e6e0$3004010a@martinhlaptop> References: <008101c65954$f810e6e0$3004010a@martinhlaptop> Message-ID: <44352CFC.6090903@abacom.com> Martin Hepworth wrote: > Adri > > Have a look in MailScanner.conf and the Advanced SpamAssassin Settings > section. You can put extra things into the SA rules path there, > > Also I presume you're restarting MS after the update and not just waiting > for the children to die? > > -- Hello, This thread has confused the heck out of me. Is the conclusion that you can add a variable to spam.assassin.prefs.conf, MailScanner.conf or is there no configurable solution at this time? Thanks, Chris From dickenson at cfmc.com Thu Apr 6 16:08:31 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Thu Apr 6 16:08:39 2006 Subject: Question about from address In-Reply-To: Message-ID: I have this option specified: Add Envelope From Header = yes That is what adds this header: MailScanner-From: frame< @ >scrappy.surveyspot.com And I still do not understand why it shows this address and not the address that is shown in my sendmail list as being the sender: sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Kai Schaetzl > Reply-To: MailScanner discussion > Date: Thu, 06 Apr 2006 03:31:21 +0200 > To: > Subject: *CfMC-Spam= 5.73* Re: *CfMC-Spam= 5.73* *CfMC-Spam= 5.53* Question > about from address > > Jim Dickenson wrote on Wed, 05 Apr 2006 15:37:31 -0700: > >> This is what looks wrong to me. I thought both of these should be the >> envelope email address. > > Sorry, I haven't enabled logging that much, so I don't know what MailScanner > will show there. Do you let MailScanner add an Envelope-From? If so, what do > you get there? > >> I use a MS rule to do the white-listing. That is not the real problem. The >> problem is that the MailScanner-From header does not have the envelope email >> address. > > And that is the From from the header of the message or where does it come > from? > As I said I don't know if it should match the Envelope-From since it's only > informational. Do your other whitelists work? I mean you could just have an > error in your whitelist entry? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Thu Apr 6 16:13:33 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 16:13:48 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: References: Message-ID: Adri Koppes wrote on Thu, 6 Apr 2006 10:02:32 +0200: > '/var/lib/spamassassin/3.001001/updates_spamassassin_org' and when > running spamassassin -D --lint, I can see the new rules being used. Are you 100% sure? I mean these lines are long and can easily mistaken with the original ones on first glance. Is /var/lib/spamassassin/3.001001/updates_spamassassin_org where your local.cf normally resides? sa uses /etc/mail/spamassassin as the local rules dir when compiled with default options on Linux and sa-update downloads by default to /etc/mail/spamassassin/updates_spamassassin_org, but it won't use it since sa doesn't scan subdirectories for config files. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 6 16:13:33 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 16:13:55 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: References: Message-ID: Adri Koppes wrote on Thu, 6 Apr 2006 10:02:32 +0200: > I am running the MailScanner port on FreeBSD 5.4 with sendmail as my MTA > and SpamAssassin 3.1.1. > I recently ran the 'sa-update' program included in SpamAssassin to pick > up newly added and changed rules. On first time use I got: error: can't verify SHA1 signature channel: SHA1 verification failed, channel failed but now it works. But rules get actually placed in a subdirectory of the specified path. They won't be used there, won't they? Also, shouldn't it replace the original files in /usr/share/spamassassin instead of going to /etc/mail/spamassassin/updates_spamassassin_org by default? It's also not clear at all, if any of the rules changed, (unless I do a diff) it seems to have downloaded the whole bunch. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ljosnet at gmail.com Thu Apr 6 16:42:25 2006 From: ljosnet at gmail.com (emm1) Date: Thu Apr 6 16:42:27 2006 Subject: Good Postfix guide on FreeBSD Message-ID: <910ee2ac0604060842m772867cdq6dd9409f3350115f@mail.gmail.com> Hello, I'm looking into setting up Postfix on my FreeBSD mail-relay server. It will scan and clean messages for about 300 domains and forward it to another server. I've been trying to find a good step-by-step information about this but no luck yet. Can anyone point me in the right direction? Thanks! From drew at themarshalls.co.uk Thu Apr 6 17:07:55 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Apr 6 17:08:04 2006 Subject: Good Postfix guide on FreeBSD In-Reply-To: <910ee2ac0604060842m772867cdq6dd9409f3350115f@mail.gmail.com> References: <910ee2ac0604060842m772867cdq6dd9409f3350115f@mail.gmail.com> Message-ID: <48175.194.70.180.170.1144339675.squirrel@webmail.r-bit.net> On Thu, April 6, 2006 16:42, emm1 wrote: > Hello, I'm looking into setting up Postfix on my FreeBSD mail-relay > server. It will scan and clean messages for about 300 domains and > forward it to another server. I've been trying to find a good > step-by-step information about this but no luck yet. Can anyone point > me in the right direction? Well I would start with just a basic FreeBSD setup, add Postfix from the ports tree then have a read of the wiki (http://wiki.mailscanner.info) there is loads of information regarding setting up Postfix like this in there. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From smf at f2s.com Thu Apr 6 17:34:24 2006 From: smf at f2s.com (Steve Freegard) Date: Thu Apr 6 17:34:10 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <03a801c65982$2db2a220$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> Message-ID: <1144341264.8435.69.camel@localhost.localdomain> Hi Roger, On Thu, 2006-04-06 at 10:58 -0300, Roger Jochem wrote: > I'm rellating my problem again like Martin asked, to see if anybody could > help. > > I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, I'm > receiving some mails twice, one with no body (outlook shows <<< No Message > Collected >>>) and one complete mail (with the original body). Looktype in > MailScanner is (and already was before the upgrade) "posix". > > My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. > > When this error occurs, I can se in my maillog messages like: > > MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > Are /var/spool/mqueue and /var/spool/mqueue.in on the same partition? Kind regards, Steve. From brett at wrl.org Thu Apr 6 17:43:21 2006 From: brett at wrl.org (Brett Charbeneau) Date: Thu Apr 6 17:44:20 2006 Subject: A way to give local mail priority? In-Reply-To: References: Message-ID: Thanks to Martin Hepworth and Alex Neuman van der Hans - I appreciate the replies! It seems that I need to do some serious tuning on the server. I spent some good time with the kind folks in the MailScanner IRC room as well and got some additional tips about turning SA rules on one at a time and such. Bottom line: my P4 server should be able to keep up with the 7000+ emails we get daily without sweat. So it's a config deal that I'll concentrate on. Thank you again for your help! ******************************************************************** Brett Charbeneau Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) brett@wrl.org ******************************************************************** On Thu, 6 Apr 2006, Brett Charbeneau wrote: BC> I'd be grateful for any suggestions anyone can offer! BC> BC> BC> SPECIFICS: BC> Debian 3.1, kernel 2.6.8, BC> Sendmail 8.13.4, MailScanner 4.41.3-2, SpamAssassin 3.0.3-2 (deb packages) BC> Majordomo 1.94.5 BC> BC> Greetings, BC> BC> I have MailScanner installed on a P4 3.2 GHz machine with 2 GB of BC> RAM. BC> With MailScanner running SpamAssassin rules *and* RBL checks my BC> Majordomo mail (generated and delivered locally) takes as long as an hour to BC> end up in users' inboxes. BC> It appears that my local mail gets stuck in the queue with the SPAM BC> and the machine just has to chew through it all FIFO and my staff need to BC> have departmental mail make it through in 10 minutes or less if at all BC> possible. BC> When I switch off SpamAssassin and just do RBL checks things work BC> reasonably quick, but obviously a lot more SPAM gets through. BC> I have BC> BC> From: *@wrl.org yes BC> BC> in my "Is Definitely Not Spam" file, but again, with SA rules BC> switched on BC> and lots of email piling in, the queue processing drops to a crawl. BC> I know I need to expand my RAM (I *am* seeing a lot of swapping with BC> SA turned on) but even once I get 8 GB or so, I suspect these delays in BC> Majordomo mail this will continue. BC> Is there a way to give "priority" to local mail so that MailScanner BC> not only keeps its hands off but Sendmail is told to deliver immediately? Or BC> should I run Sendmail with two queues? BC> BC> -- From glenn.steen at gmail.com Thu Apr 6 17:46:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 17:46:29 2006 Subject: Question about from address In-Reply-To: References: Message-ID: <223f97700604060946l5966273et79ddaf3b1843496@mail.gmail.com> On 06/04/06, Jim Dickenson wrote: > I have this option specified: > > Add Envelope From Header = yes > > > > That is what adds this header: > > MailScanner-From: frame< @ >scrappy.surveyspot.com > > And I still do not understand why it shows this address and not the address > that is shown in my sendmail list as being the sender: > > sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> > > Stupid question perhaps, but are you quite certain you are looking at the right message for that log entry? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 6 17:51:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 17:51:28 2006 Subject: Question about from address In-Reply-To: <223f97700604060946l5966273et79ddaf3b1843496@mail.gmail.com> References: <223f97700604060946l5966273et79ddaf3b1843496@mail.gmail.com> Message-ID: <223f97700604060951xe2cc1a0r57628a027c2e0486@mail.gmail.com> On 06/04/06, Glenn Steen wrote: > On 06/04/06, Jim Dickenson wrote: > > I have this option specified: > > > > Add Envelope From Header = yes > > > > > > > > That is what adds this header: > > > > MailScanner-From: frame< @ >scrappy.surveyspot.com > > > > And I still do not understand why it shows this address and not the address > > that is shown in my sendmail list as being the sender: > > > > sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> > > > > > Stupid question perhaps, but are you quite certain you are looking at > the right message for that log entry? If you "simulate" the mail via telnet, specifying different senders in the envelope and the headers, what do you see then? (Easily extrapolated from http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion if you need help with using telnet for this) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From a.peacock at chime.ucl.ac.uk Thu Apr 6 17:58:30 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Apr 6 17:58:42 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <1144341264.8435.69.camel@localhost.localdomain> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> <1144341264.8435.69.camel@localhost.localdomain> Message-ID: <443548B6.9040308@chime.ucl.ac.uk> Hi, Steve Freegard wrote: > Hi Roger, > > On Thu, 2006-04-06 at 10:58 -0300, Roger Jochem wrote: >> I'm rellating my problem again like Martin asked, to see if anybody could >> help. >> >> I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, I'm >> receiving some mails twice, one with no body (outlook shows <<< No Message >> Collected >>>) and one complete mail (with the original body). Looktype in >> MailScanner is (and already was before the upgrade) "posix". >> >> My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. >> >> When this error occurs, I can se in my maillog messages like: >> >> MailScanner[9596]: Failed to link message body between queues >> (/var/spool/mqueue/dfi8R9KQqf010458 --> >> /var/spool/mqueue.in/dfi8R9KQqf010458) >> > > Are /var/spool/mqueue and /var/spool/mqueue.in on the same partition? Use the source Luke! Although I don't know the definitive answer to this, I have been following this thread with interest. My interest became so piqued that I decided to track down the error message. MailScanner/SMDiskStore.pm in the LinkData subroutine. The comment states: # If the link fails for some reason (usually caused by sendmail calling # 2 messages the same thing in a very short time), then just skip this # message and move on to the next one. This one will get delivered when # the previous one with the same name has been delivered. This uses the Perl link function, which works in the same way as the UNIX hard link. This does have known problems across file systems. The other obvious cause could be a problem with locking. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From bob.jones at usg.edu Thu Apr 6 18:05:40 2006 From: bob.jones at usg.edu (Bob Jones) Date: Thu Apr 6 18:05:48 2006 Subject: Location of perl in #! of Mailscanner scripts In-Reply-To: <625385e30604060032j40edfeaepe762542156215e3f@mail.gmail.com> References: <443402F7.6020907@usg.edu> <625385e30604060032j40edfeaepe762542156215e3f@mail.gmail.com> Message-ID: <44354A64.2060606@usg.edu> shuttlebox wrote: > On 4/5/06, Bob Jones wrote: >> Next I go to run Mailscanner and it goes kablooey. I get to >> looking around and I see why. Even though I specified an alternate >> location of perl in the install script, all the Mailscanner perl scripts >> (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. >> Shouldn't the install script change these headings to the specified perl >> or am I missing something? I can't just put a link in /usr/bin as the >> legacy perl is needed for other things. > > I use a symbolic link on my Solaris systems, the legacy stuff uses > hard coded paths so it doesn't depend on /usr/bin/perl. While this is true, a symbolic link does fix it if you can replace the perl that's there. It just seems to me conceptually that you have an install script that allows you to tell it where your perl lives, that script should make the nescessary corrections to the perl scripts in the distribution so that they point to the location you give it. -- Bob Jones bob.jones@usg.edu OIIT, The Board of Regents The University System of Georgia From dickenson at cfmc.com Thu Apr 6 18:06:51 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Thu Apr 6 18:07:04 2006 Subject: Question about from address In-Reply-To: <223f97700604060951xe2cc1a0r57628a027c2e0486@mail.gmail.com> Message-ID: As best as I can tell this is the same email. I have had problems with just this email address for some time. What I do is have my clients send me just the MailScanner-From address when they want to have something white-listed. This has worked except for this particular email address. I looked at this a bit and that is when I noticed that the email address in the sendmail log file did not match the MailScanner-From email address. I do not have the original email message so I can not look at all the headers but I do see this: From: Survey Sampling International scrappy.surveyspot.com> I will try doing a telnet test when I have some time in the next day or so and let you all know. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Glenn Steen > Reply-To: MailScanner discussion > Date: Thu, 6 Apr 2006 18:51:27 +0200 > To: MailScanner discussion > Subject: *CfMC-Spam=12.68* Re: Question about from address > > On 06/04/06, Glenn Steen wrote: >> On 06/04/06, Jim Dickenson wrote: >>> I have this option specified: >>> >>> Add Envelope From Header = yes >>> >>> >>> >>> That is what adds this header: >>> >>> MailScanner-From: frame< @ >scrappy.surveyspot.com >>> >>> And I still do not understand why it shows this address and not the address >>> that is shown in my sendmail list as being the sender: >>> >>> sendmail[12558]: k34KuiHl012558: from=scrappy.surveysampling.com> >>> >>> >> Stupid question perhaps, but are you quite certain you are looking at >> the right message for that log entry? > > If you "simulate" the mail via telnet, specifying different senders in > the envelope and the headers, what do you see then? (Easily > extrapolated from > http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:c > onnexion > if you need help with using telnet for this) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From roger at rudnick.com.br Thu Apr 6 18:17:10 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 18:17:31 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger> <1144341264.8435.69.camel@localhost.localdomain> Message-ID: <04b001c6599d$f0cc3490$0600a8c0@roger> Yes. They are in the "/" partition (/dev/hda3). ----- Original Message ----- From: "Steve Freegard" To: "MailScanner discussion" Sent: Thursday, April 06, 2006 1:34 PM Subject: Re: Sendmail Upgrade, new thread > Hi Roger, > > On Thu, 2006-04-06 at 10:58 -0300, Roger Jochem wrote: >> I'm rellating my problem again like Martin asked, to see if anybody could >> help. >> >> I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, >> I'm >> receiving some mails twice, one with no body (outlook shows <<< No >> Message >> Collected >>>) and one complete mail (with the original body). Looktype >> in >> MailScanner is (and already was before the upgrade) "posix". >> >> My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. >> >> When this error occurs, I can se in my maillog messages like: >> >> MailScanner[9596]: Failed to link message body between queues >> (/var/spool/mqueue/dfi8R9KQqf010458 --> >> /var/spool/mqueue.in/dfi8R9KQqf010458) >> > > Are /var/spool/mqueue and /var/spool/mqueue.in on the same partition? > > Kind regards, > Steve. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From roger at rudnick.com.br Thu Apr 6 18:19:08 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 18:19:31 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger><1144341264.8435.69.camel@localhost.localdomain> <443548B6.9040308@chime.ucl.ac.uk> Message-ID: <04bb01c6599e$36fb6df0$0600a8c0@roger> Really strange, I guess... In Google there are lots of problems like mine but no one has a good solution.... ----- Original Message ----- From: "Anthony Peacock" To: "MailScanner discussion" Sent: Thursday, April 06, 2006 1:58 PM Subject: Re: Sendmail Upgrade, new thread > Hi, > > Steve Freegard wrote: >> Hi Roger, >> >> On Thu, 2006-04-06 at 10:58 -0300, Roger Jochem wrote: >>> I'm rellating my problem again like Martin asked, to see if anybody >>> could help. >>> >>> I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, >>> I'm receiving some mails twice, one with no body (outlook shows <<< No >>> Message Collected >>>) and one complete mail (with the original body). >>> Looktype in MailScanner is (and already was before the upgrade) "posix". >>> >>> My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. >>> >>> When this error occurs, I can se in my maillog messages like: >>> >>> MailScanner[9596]: Failed to link message body between queues >>> (/var/spool/mqueue/dfi8R9KQqf010458 --> >>> /var/spool/mqueue.in/dfi8R9KQqf010458) >>> >> >> Are /var/spool/mqueue and /var/spool/mqueue.in on the same partition? > > Use the source Luke! > > Although I don't know the definitive answer to this, I have been following > this thread with interest. My interest became so piqued that I decided to > track down the error message. > > MailScanner/SMDiskStore.pm in the LinkData subroutine. > > The comment states: > > # If the link fails for some reason (usually caused by sendmail calling > # 2 messages the same thing in a very short time), then just skip this > # message and move on to the next one. This one will get delivered when > # the previous one with the same name has been delivered. > > This uses the Perl link function, which works in the same way as the UNIX > hard link. This does have known problems across file systems. > > The other obvious cause could be a problem with locking. > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Thu Apr 6 18:31:24 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 18:31:40 2006 Subject: Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Thu, 06 Apr 2006 08:08:31 -0700: > And I still do not understand why it shows this address and not the address > that is shown in my sendmail list as being the sender: I don't either. Can you post the header of the message? Is it for sure that what sendmail shows in the log *is* the envelope-from? I mean it usually is, but maybe your sendmail or sendmail.cf is "special"? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Thu Apr 6 18:40:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 6 18:40:54 2006 Subject: Question about from address In-Reply-To: References: Message-ID: <223f97700604061040w6dcd2b0awba33a49a3af7bcb9@mail.gmail.com> On 06/04/06, Kai Schaetzl wrote: > Jim Dickenson wrote on Thu, 06 Apr 2006 08:08:31 -0700: > > > And I still do not understand why it shows this address and not the address > > that is shown in my sendmail list as being the sender: > > I don't either. Can you post the header of the message? Is it for sure that > what sendmail shows in the log *is* the envelope-from? I mean it usually is, > but maybe your sendmail or sendmail.cf is "special"? > > Kai > I think Jims telnet experiments will tell us this... One other possibility, albeit remote (since I do beleive that Jules "sanitizes" the headers, so that there can only be one X-MailScanner-From: ...), would be if there is more than one MailScanner involved, thoroughly confusing matters. Or perhaps the customer is too lazy to actually get at the headers, and just "invent" them from what they "think they should be".....:-) Jim, you should really demand that the customer provide at least one "problem message" _as verbatim as possible_. Would be a shame to waste time on something that turns out to be a red herrirng:-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From smf at f2s.com Thu Apr 6 19:10:43 2006 From: smf at f2s.com (Steve Freegard) Date: Thu Apr 6 19:10:28 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <04b001c6599d$f0cc3490$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> <1144341264.8435.69.camel@localhost.localdomain> <04b001c6599d$f0cc3490$0600a8c0@roger> Message-ID: <1144347043.8435.71.camel@localhost.localdomain> Hi Roger, On Thu, 2006-04-06 at 14:17 -0300, Roger Jochem wrote: > Yes. They are in the "/" partition (/dev/hda3). Good - what is your setting for 'Lock Type' in MailScanner.conf? Cheers, Steve. From roger at rudnick.com.br Thu Apr 6 19:17:04 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Apr 6 19:17:23 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger><1144341264.8435.69.camel@localhost.localdomain><04b001c6599d$f0cc3490$0600a8c0@roger> <1144347043.8435.71.camel@localhost.localdomain> Message-ID: <05e001c659a6$4ea5a6c0$0600a8c0@roger> Hi Steve It's Posix ----- Original Message ----- From: "Steve Freegard" To: "MailScanner discussion" Sent: Thursday, April 06, 2006 3:10 PM Subject: Re: Sendmail Upgrade, new thread > Hi Roger, > > On Thu, 2006-04-06 at 14:17 -0300, Roger Jochem wrote: >> Yes. They are in the "/" partition (/dev/hda3). > > Good - what is your setting for 'Lock Type' in MailScanner.conf? > > Cheers, > Steve. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From max at kipness.com Thu Apr 6 19:56:24 2006 From: max at kipness.com (Max Kipness) Date: Thu Apr 6 19:56:36 2006 Subject: Still stuck in queue, version 4.52.2 Message-ID: <51ffbdaa09c1df9f08e1c94ba9f0e9fe@localhost> I've since upgraded to version 4.52.2, and I'm getting better performance (probably less getting stuck in the queue), yet yesterday there was one message that got processed over 6000 times! Here is a sample of one that got stuck today. It's been processed 512 times. Any clue to what else I can do to remedy this issue? Apr 6 06:42:03 xxx MailScanner[12537]: SpamAssassin cache hit for message k36BOeGt011418 Apr 6 06:42:03 xxx MailScanner[12537]: Message k36BOeGt011418 from 86.202.15.121 (sdouhbhj@yahoo.com) to xxx.com is spam, SpamAssassin (score=26.748, required 6, autolearn=spam, BAYES_99 3.50, FORGED_YAHOO_RCVD 1.85, HELO_DYNAMIC_IPADDR 4.20, HTML_FONT_LOW_CONTRAST 0.19, HTML_IMAGE_ONLY_20 1.16, HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_3 0.88, LONGWORDS 3.79, MIME_BOUND_DIGITS_15 2.95, MIME_HTML_ONLY 0.00, MSGID_FROM_MTA_HEADER 0.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, UNPARSEABLE_RELAY 0.00, URIBL_JP_SURBL 4.09, URIBL_SBL 1.64) Apr 6 06:42:04 xxx MailScanner[12537]: Spam Actions: message k36BOeGt011418 actions are store Apr 6 06:42:07 sxxx MailScanner[12537]: Filename Checks: Very long filename, possible OE attack (k36BOeGt011418 dinah deprave annoyance tribesmen five stepson convince barnstorm assistant given forsaken rhetoric jugate carabao meteor abelian sophia frisky vulnerable debug pottery capetown hollyhock tor crusty .gif) Apr 6 06:42:07 xxx MailScanner[12537]: Saved entire message to /var/spool/MailScanner/quarantine/20060406/k36BOeGt011418 Apr 6 06:42:07 xxx MailScanner[12537]: Saved infected "dinah deprave .gif" to /var/spool/MailScanner/quarantine/20060406/k36BOeGt011418 -- Thanks, Max From derek at csolve.net Thu Apr 6 21:00:56 2006 From: derek at csolve.net (Derek Buttineau | Compu-SOLVE) Date: Thu Apr 6 21:01:08 2006 Subject: SA Cache Check Patch Message-ID: <44357378.8020602@csolve.net> Hello All, I've included a patch that addresses a small issue with the SpamAssassin caching and differing Required Spam Scores. All it does is take the cached results and adjusts the $SAResult, $SAHitList and $HighScoring variables to correctly represent the scoring for the recipients on the particular instance of the message. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies Inc. 705.725.1212 x255 -------------- next part -------------- A non-text attachment was scrubbed... Name: SA.pm.patch Type: text/x-patch Size: 1606 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060406/4f3180e1/SA.pm.bin From derek at csolve.net Thu Apr 6 21:08:47 2006 From: derek at csolve.net (Derek Buttineau | Compu-SOLVE) Date: Thu Apr 6 21:08:56 2006 Subject: SA Cache Check Patch In-Reply-To: <44357378.8020602@csolve.net> References: <44357378.8020602@csolve.net> Message-ID: <4435754F.2080806@csolve.net> Oh, almost forgot, the patch is on the 4.50.15_1 release. Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies Inc. 705.725.1212 x255 Derek Buttineau | Compu-SOLVE wrote: > Hello All, > > I've included a patch that addresses a small issue with the SpamAssassin > caching and differing Required Spam Scores. All it does is take the cached > results and adjusts the $SAResult, $SAHitList and $HighScoring variables > to correctly represent the scoring for the recipients on the particular > instance of the message. From Denis.Beauchemin at USherbrooke.ca Thu Apr 6 21:15:00 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Apr 6 21:15:33 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4435589B.1000905@ecs.soton.ac.uk> References: <4435589B.1000905@ecs.soton.ac.uk> Message-ID: <443576C4.9030200@USherbrooke.ca> Julian Field a ?crit : > I have just upgraded my easy-to-install package of ClamAV and > SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. > > It can be downloaded from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Julian, Works pretty well, except that it always add the following lines at the end of init.pre, even if they are already present: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL I also end up with two almost identical files: init.pre and v310.pre . Is this normal? Last comment: it modifies SA's init.pre and v310.pre even if it didn't upgrade SA... Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060406/f1f157d9/smime.bin From jstork at pbco.ca Thu Apr 6 22:27:33 2006 From: jstork at pbco.ca (Johnny Stork) Date: Thu Apr 6 22:29:27 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443576C4.9030200@USherbrooke.ca> Message-ID: <20153784.1144358853203.JavaMail.root@pbco-server3.pbco.ca> On a related question, are both init.pre and v310.pre needed? _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Denis Beauchemin Sent: Thu, 4/6/2006 1:18pm To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 Julian Field a ?crit : > I have just upgraded my easy-to-install package of ClamAV and > SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. > > It can be downloaded from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Julian, Works pretty well, except that it always add the following lines at the end of init.pre, even if they are already present: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL I also end up with two almost identical files: init.pre and v310.pre .?? Is this normal? Last comment: it modifies SA's init.pre and v310.pre even if it didn't upgrade SA... Thanks! Denis -- ?? _ ???v??? Denis Beauchemin, analyste /(_)\??Universit? de Sherbrooke, S.T.I. ??^ ^?? T: 819.821.8000x2252 F: 819.821.8045 From maillists at conactive.com Thu Apr 6 22:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 22:31:37 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443576C4.9030200@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> Message-ID: Denis Beauchemin wrote on Thu, 06 Apr 2006 16:15:00 -0400: > I also end up with two almost identical files: init.pre and v310.pre . > Is this normal? Yes, 310.pre is special for 3.1 and adds stuff that init.pre (came with 3.0) doesn't have. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 6 22:31:22 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 6 22:31:40 2006 Subject: Question about from address In-Reply-To: References: Message-ID: Jim Dickenson wrote on Thu, 06 Apr 2006 10:06:51 -0700: > I do not have the original email message so I can not look at all the > headers We/you will need a look at it otherwise we can't be sure that the client sends the right stuff. As Glenn says, it might be another MailScanner or even faked line. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Thu Apr 6 22:38:48 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Apr 6 22:39:00 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443576C4.9030200@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> Message-ID: <44358A68.1010308@evi-inc.com> Denis Beauchemin wrote: > Julian Field a ?crit : >> I have just upgraded my easy-to-install package of ClamAV and >> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >> >> It can be downloaded from >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >> > Julian, > > Works pretty well, except that it always add the following lines at the > end of init.pre, even if they are already present: > loadplugin Mail::SpamAssassin::Plugin::RelayCountry > loadplugin Mail::SpamAssassin::Plugin::SPF > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > I also end up with two almost identical files: init.pre and v310.pre . > Is this normal? Yes, but they should NOT have the same content. Both should be a series of loadplugins commands, but each file should have completely different plugins listed. init.pre has loadplugin statements for plugins present in 3.0.x. v310.pre has loadplugin statements for NEW plugins only present in 3.1.x. This way a SA upgrade won't wipe out your old plugin preferences, or leave you without important new plugins loaded. You should carefully review both files and see if there's any plugins you wish to change the load status of from the defaults. In particular, be aware that SA 3.1.x does not load Razor or DCC support by default. From alex at nkpanama.com Fri Apr 7 02:28:04 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Apr 7 02:29:10 2006 Subject: A way to give local mail priority? In-Reply-To: References: Message-ID: <4435C024.2020903@nkpanama.com> Brett Charbeneau wrote: > > Thanks to Martin Hepworth and Alex Neuman van der Hans - I appreciate > the replies! > It seems that I need to do some serious tuning on the server. I spent > some good time with the kind folks in the MailScanner IRC room as well and got > some additional tips about turning SA rules on one at a time and such. > There's an IRC room? :D Sounds like a nice place to "hang out". I'll look into it... And you're very welcome, indeed. Any chance to help out is welcome - specially when requests are well tought out and include all relevant information ;) From adrik at salesmanager.nl Fri Apr 7 08:30:46 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Fri Apr 7 08:30:47 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: Kai, It seems to be sa-update downloads the rules into a separate directory. Have you tried running spamassassin -D after running sa-update? SpamAssassin should find the updated rules from the subdirectory and use them. Next try running MailScanner with 'Debug SpamAssassin = yes' in your MailScanner.conf. Did MailScanner use the new rules? Sa-update seems to download all rules, but there are a few differences. 25_uribl.cf has uribl.com added and there is a new 80_additional.cf, which contains some rules to catch spam with attached gifs. Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kai Schaetzl > Sent: donderdag 6 april 2006 17:14 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri Koppes wrote on Thu, 6 Apr 2006 10:02:32 +0200: > > > I am running the MailScanner port on FreeBSD 5.4 with > sendmail as my > > MTA and SpamAssassin 3.1.1. > > I recently ran the 'sa-update' program included in SpamAssassin to > > pick up newly added and changed rules. > > On first time use I got: > > error: can't verify SHA1 signature > channel: SHA1 verification failed, channel failed > > but now it works. But rules get actually placed in a > subdirectory of the specified path. They won't be used there, > won't they? Also, shouldn't it replace the original files in > /usr/share/spamassassin instead of going to > /etc/mail/spamassassin/updates_spamassassin_org by default? > It's also not clear at all, if any of the rules changed, > (unless I do a diff) it seems to have downloaded the whole bunch. > > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Fri Apr 7 08:39:30 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 7 08:39:39 2006 Subject: A way to give local mail priority? In-Reply-To: <4435C024.2020903@nkpanama.com> Message-ID: <008201c65a16$681206b0$3004010a@martinhlaptop> >From the main web site..and the support page.. Community Live Support For immediate help, you can contact other MailScanner users via IRC, using the server irc.freenode.net on the channel #mailscanner. If you are using IPv6, the server is irc.ipv6.freenode.net. You can connect immediately without having to install any IRC software on your computer. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: 07 April 2006 02:28 > To: MailScanner discussion > Subject: Re: A way to give local mail priority? > > Brett Charbeneau wrote: > > > > Thanks to Martin Hepworth and Alex Neuman van der Hans - I > appreciate > > the replies! > > It seems that I need to do some serious tuning on the server. I > spent > > some good time with the kind folks in the MailScanner IRC room as well > and got > > some additional tips about turning SA rules on one at a time and such. > > > > There's an IRC room? :D Sounds like a nice place to "hang out". I'll > look into it... > > And you're very welcome, indeed. Any chance to help out is welcome - > specially when requests are well tought out and include all relevant > information ;) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Fri Apr 7 08:41:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 7 08:41:11 2006 Subject: SA Cache Check Patch In-Reply-To: <44357378.8020602@csolve.net> Message-ID: <008301c65a16$9e9bd170$3004010a@martinhlaptop> Derek Of course for this to work properly you'll have to split the emails into individual recipients - ie be using sendmail or exim. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Derek Buttineau|Compu-SOLVE > Sent: 06 April 2006 21:01 > To: mailscanner@lists.mailscanner.info > Subject: SA Cache Check Patch > > Hello All, > > I've included a patch that addresses a small issue with the SpamAssassin > caching and differing Required Spam Scores. All it does is take the > cached > results and adjusts the $SAResult, $SAHitList and $HighScoring variables > to correctly represent the scoring for the recipients on the particular > instance of the message. > > > -- > Regards, > > Derek Buttineau > Internet Systems Developer > Compu-SOLVE Internet Services > Compu-SOLVE Technologies Inc. > > 705.725.1212 x255 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From grover1711 at gmail.com Fri Apr 7 08:46:57 2006 From: grover1711 at gmail.com (ankush grover) Date: Fri Apr 7 08:47:00 2006 Subject: few questions on mailscanner Message-ID: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> hey friends, I am using MailScanner version 4.4 on Fedora Core 3 with Postfix 2.15. I am very much satisfied with the MailScanner now I want to make few changes in MailScanner like a) Adding Disclaimer for outgoing messages. b) I want to forward all the messages marked as spam to a user and at the same time don't want to send the copy to the recipient(The forward does send a copy to the recipient). c) There are few ex employees of our company on whose ids we keep on getting spam , I want to ban or reject the mails send to their mail ids. d) Is there any way I can reject the mails based on subject header for example if a mail contains subject line as "sex" , I don't want to deliver mails containing such messages. I know most of these questions are very simple to answer or they might be mentioned in the documentation but as my mail server is on production server I don't want to take any chances . I am using Spam Assassin with Clamav. Please let me know if you need any further inputs. Thanks & Regards Ankush Grover -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/6f6c89e3/attachment.html From michele at blacknight.ie Fri Apr 7 08:50:19 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Fri Apr 7 08:50:24 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> Message-ID: <443619BB.9030001@blacknight.ie> ankush grover wrote: > > a) Adding Disclaimer for outgoing messages. So you are scanning outbound mail? If so check the list archives, as this has been done before. It's basically a ruleset > b) I want to forward all the messages marked as spam to a user and at > the same time don't want to send the copy to the recipient(The forward > does send a copy to the recipient). > c) There are few ex employees of our company on whose ids we keep on > getting spam , I want to ban or reject the mails send to their mail ids. Why don't you just remove their mailboxes? Or use milter-ahead if you have already removed them > d) Is there any way I can reject the mails based on subject header for > example if a mail contains subject line as "sex" , I don't want to > deliver mails containing such messages. Have a look at MCP -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From grover1711 at gmail.com Fri Apr 7 09:09:25 2006 From: grover1711 at gmail.com (ankush grover) Date: Fri Apr 7 09:09:30 2006 Subject: few questions on mailscanner In-Reply-To: <443619BB.9030001@blacknight.ie> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> Message-ID: <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> On 4/7/06, Michele Neylon:: Blacknight.ie wrote: > > ankush grover wrote: > > > > > a) Adding Disclaimer for outgoing messages. > > So you are scanning outbound mail? > If so check the list archives, as this has been done before. It's > basically a ruleset I am scanning both outgoing and incoming mails but I want to add the disclaimer if somebody from my domain sends the mail to outside world. Is it possible to add the disclaimer to the outgoing messages something like this The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. > b) I want to forward all the messages marked as spam to a user and at > > the same time don't want to send the copy to the recipient(The forward > > does send a copy to the recipient). > > c) There are few ex employees of our company on whose ids we keep on > > getting spam , I want to ban or reject the mails send to their mail ids. > > Why don't you just remove their mailboxes? Or use milter-ahead if you > have already removed them My scenario is little differnt.I am using catchall mailbox to download the mails and then distribute the mails to the user that is all the mails for my domain goes to a catchall mailbox and then I download all the mails through fetchmail and distribute it. The users who has left their ids have already been deleted but as we are using catchall mailbox we still receive the mails based on their email ids. > d) Is there any way I can reject the mails based on subject header for > > example if a mail contains subject line as "sex" , I don't want to > > deliver mails containing such messages. > > Have a look at MCP I will look at this . Thanks & Regards Ankush Grover -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/73bd63d0/attachment-0001.html From shrek-m at gmx.de Fri Apr 7 09:52:05 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Apr 7 09:52:09 2006 Subject: Sophos v5 In-Reply-To: <1144319483.27368.6.camel@lea.nerc-wallingford.ac.uk> References: <1144319483.27368.6.camel@lea.nerc-wallingford.ac.uk> Message-ID: <44362835.6080104@gmx.de> On 06.04.2006 12:31, Greg Matthews wrote: >Just a data point following someones question about sophos v5... this >will not even install on CentOS v4. the sophos provided install.sh >script dies very quickly with: > > # ./install.sh -v -d /usr/local/Sophos/ > 'import site' failed; use -v for traceback > Traceback (most recent call last): > File "", line 1, in ? > zipimport.ZipImportError: can't decompress data; zlib not > available > > is this really the sav-linux-5-i386 install.sh ?? i doubt because "-v -d" are invalid command-line options. [sophos-av]# ll ../sav-linux-5-i386.tgz -rw-r--r-- 1 root root 48591563 31. M?r 17:19 ../sav-linux-5-i386.tgz [sophos-av]# ./install.sh -v -d /usr/local/Sophos-test/ Invalid command-line option: -v Invalid command-line option: -d install.sh: Install Sophos Anti-Virus Usage: ./install.sh [INSTALL-DIRECTORY] [OPTION] ... [.... --help ...] iirc "/usr/local/Sophos/" is created from MS Sophos.install and i would not install sav in this directory. ---- MS 4.50.15-1 Sophos.install errors in sav 5 install folder ---- [sophos-av]# Sophos.install Clearing out old default Sophos installation libraries Installing Sophos for MailScanner Invalid command-line option: -v Invalid command-line option: -d Invalid command-line option: -s Invalid command-line option: -ni install.sh: Install Sophos Anti-Virus Usage: ./install.sh [INSTALL-DIRECTORY] [OPTION] ... OPTION: [... --help ...] Creating links so Perl-SAVI module compiles Fetching latest IDE virus identities from www.sophos.com Could not calculate Sophos version number, at /usr/lib/MailScanner/sophos-autoupdate line 101. Done. --------- >even tho > # rpm -qa | grep zlib > zlib-devel-1.2.1.2-1.2 > zlib-1.2.1.2-1.2 > > sav5 under fc3(athlon32) 2.6.10 on-demand, on-access, auto-updates, ... = all is ok # uname -a ; rpm -qa zlib* Linux xp1800 2.6.10-1.770_FC3 #1 Thu Feb 24 14:00:06 EST 2005 i686 athlon i386 GNU/Linux zlib-1.2.2.2-1 zlib-devel-1.2.2.2-1 sav5 under fc5(athlon64) 2.6.16 on-demand, auto-updates, ... = ok on-access does not work, the talpa modules are the problem. # tail -5 /opt/sophos-av/talpa/build/talpa-0.9.32/build.log make[4]: *** [/opt/sophos-av/talpa/build/talpa-0.9.32/src/platforms/linux/glue.o] Fehler 1 make[3]: *** [_module_/opt/sophos-av/talpa/build/talpa-0.9.32] Fehler 2 make[2]: *** [talpa_core.ko] Fehler 2 make[1]: *** [all-recursive] Fehler 1 make: *** [all] Fehler 2 # uname -a ; rpm -qa zlib* Linux localhost.localdomain 2.6.16-1.2080_FC5 #1 SMP Tue Mar 28 03:38:47 EST 2006 x86_64 x86_64 x86_64 GNU/Linux zlib-1.2.3-1.2.1 zlib-1.2.3-1.2.1 >In fact Sophos will not even support RHELv4. The product is supported on >ancient versions of redhat up to rhel3. But they do appear to support >its installation on suse with a 2.6 kernel... This seems like a pretty >poor show given how long RHEL4 has been out, and that v5 is due out this >year. > > on-demand is supported on-access is a different thing. http://www.sophos.com/products/es/endpoint-server/sav-linux.html * *Distributions supported for on-access and on-demand scanning* Red Hat Linux 7.2/8.0/9.0 Red Hat Enterprise Linux 2.1/3 - ES/AS/WS SUSE 7.2/8/9.0/9.1/9.2/9.3/Enterprise Server 8/9 TurboLinux 8/10 Server, 8 Enterprise Edition *(For more distributions supported with on-demand scanning only, see the Linux system requirements on the Sophos Anti-Virus for non-Windows platforms page. )* --> http://www.sophos.com/products/es/endpoint-server/sav-non-windows.html * *Linux* on Intel Red Hat 5.1/5.2/6.0/6.1/7.2/8/9 RHEL 2.1/3/4 <== SUSE 6/7/8/9.0/9.1/9.2/9.3/10.0 Enterprise Server 8/9 TurboLinux 6/7/8/10 *(For more distributions supported with both on-access and on-demand scanning, see the Linux system requirements on the Sophos Anti-Virus for Linux page. )* >less surprisingly, they still dont support 64bit architectures. > surprisingly sav 5 on-demand, autoupdate, sav-web, sav-protect(without on-access) is ok under fc5 x86_64 athlon64 2.6.16 >[...snip...] > > -- shrek-m From dyioulos at firstbhph.com Fri Apr 7 12:35:36 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Apr 7 12:35:44 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> Message-ID: <200604070735.37536.dyioulos@firstbhph.com> On Friday April 07 2006 4:09 am, ankush grover wrote: > On 4/7/06, Michele Neylon:: Blacknight.ie wrote: > > ankush grover wrote: > > > a) Adding Disclaimer for outgoing messages. > > > > So you are scanning outbound mail? > > If so check the list archives, as this has been done before. It's > > basically a ruleset > > I am scanning both outgoing and incoming mails but I want to add the > disclaimer if somebody from my domain sends the mail to outside world. > > Is it possible to add the disclaimer to the outgoing messages something > like this > > The information contained in this electronic message and any attachments to > this message are intended for the exclusive use of the addressee(s) and may > contain proprietary, confidential or privileged information. If you are not > the intended recipient, you should not disseminate, distribute or copy this > e-mail. Please notify > the sender immediately and destroy all copies of this message and any > attachments. > > WARNING: Computer viruses can be transmitted via email. The recipient > should check > this email and any attachments for the presence of viruses. The > company accepts no > liability for any damage caused by any virus transmitted by this email. > > > b) I want to forward all the messages marked as spam to a user and at > > > > > the same time don't want to send the copy to the recipient(The forward > > > does send a copy to the recipient). > > > c) There are few ex employees of our company on whose ids we keep on > > > getting spam , I want to ban or reject the mails send to their mail > > > ids. > > > > Why don't you just remove their mailboxes? Or use milter-ahead if you > > have already removed them > > My scenario is little differnt.I am using catchall mailbox to download the > mails and then distribute the mails to the user that is all the mails for > my domain goes to a catchall mailbox and then I download all the mails > through fetchmail and distribute it. > > The users who has left their ids have already been deleted but as we are > using catchall mailbox we still receive the mails based on their email ids. > > > d) Is there any way I can reject the mails based on subject header for > > > > > example if a mail contains subject line as "sex" , I don't want to > > > deliver mails containing such messages. > > > > Have a look at MCP > > I will look at this . > > > Thanks & Regards > > > Ankush Grover I think that you'd edit "inline.sig.txt" and "inline.sig.html" in the MS report directory, then make sure that "Inline HTML Signature = %report-dir%/inline.warning.html" and "Inline HTML Signature = %report-dir%/inline.warning.txt" are uncommented in MailScanner.conf. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From grover1711 at gmail.com Fri Apr 7 13:39:50 2006 From: grover1711 at gmail.com (ankush grover) Date: Fri Apr 7 13:40:00 2006 Subject: few questions on mailscanner In-Reply-To: <200604070735.37536.dyioulos@firstbhph.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> <200604070735.37536.dyioulos@firstbhph.com> Message-ID: <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> > > > > I think that you'd edit "inline.sig.txt" and "inline.sig.html" in the MS > report directory, then make sure that "Inline HTML Signature = > %report-dir%/inline.warning.html" and "Inline HTML Signature = > %report-dir%/inline.warning.txt" are uncommented in MailScanner.conf . > > Dimitri > > hey, both are uncommented in MailScanner.conf but still I am not getting the proper text like what you are getting below This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- inline.warning.txt Warning: This message has had one or more attachments removed Warning: ($filename). Warning: Please read the "$viruswarningname" attachment(s) for more information. inline.sig.txt This message has been scanned for viruses and dangerous content by and is believed to be clean. inline.sig.html This message has been scanned for viruses and dangerous content by NextGen MailScanner, and is believed to be clean. But still I am not able to get the footer message. Thanks & Regards Ankush Grover -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/9b358ca1/attachment.html From dyioulos at firstbhph.com Fri Apr 7 13:59:36 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Apr 7 13:59:45 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <200604070735.37536.dyioulos@firstbhph.com> <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> Message-ID: <200604070859.37091.dyioulos@firstbhph.com> On Friday April 07 2006 8:39 am, ankush grover wrote: > > I think that you'd edit "inline.sig.txt" and "inline.sig.html" in the MS > > report directory, then make sure that "Inline HTML Signature = > > %report-dir%/inline.warning.html" and "Inline HTML Signature = > > %report-dir%/inline.warning.txt" are uncommented in MailScanner.conf . > > > > Dimitri > > > > hey, > > both are uncommented in MailScanner.conf but still I am not getting the > proper text like what you are getting below > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > inline.warning.txt > > Warning: This message has had one or more attachments removed > Warning: ($filename). > Warning: Please read the "$viruswarningname" attachment(s) for more > information. > > inline.sig.txt > This message has been scanned for viruses and > dangerous content by and is believed to be clean. > > inline.sig.html > This message has been scanned for viruses and > dangerous content by NextGen MailScanner, and is > believed to be clean. > > > But still I am not able to get the footer message. > > > Thanks & Regards > > Ankush Grover Sorry. Is "Sign Clean Messages" enabled and set to "= yes" in MailScanner.conf? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Fri Apr 7 14:19:07 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 7 14:19:29 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <44358A68.1010308@evi-inc.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> Message-ID: <443666CB.3080009@USherbrooke.ca> Matt Kettler a ?crit : > Denis Beauchemin wrote: > >> Julian Field a ?crit : >> >>> I have just upgraded my easy-to-install package of ClamAV and >>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>> >>> It can be downloaded from >>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>> >>> >> Julian, >> >> Works pretty well, except that it always add the following lines at the >> end of init.pre, even if they are already present: >> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >> loadplugin Mail::SpamAssassin::Plugin::SPF >> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >> >> I also end up with two almost identical files: init.pre and v310.pre . >> Is this normal? >> > > Yes, but they should NOT have the same content. Both should be a series of > loadplugins commands, but each file should have completely different plugins listed. > > init.pre has loadplugin statements for plugins present in 3.0.x. > v310.pre has loadplugin statements for NEW plugins only present in 3.1.x. > > This way a SA upgrade won't wipe out your old plugin preferences, or leave you > without important new plugins loaded. > > You should carefully review both files and see if there's any plugins you wish > to change the load status of from the defaults. > > In particular, be aware that SA 3.1.x does not load Razor or DCC support by default. > > > Matt, Which file should contain my plugin choice? In other words, which file will not be overwritten by an SA upgrade? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/fb78eab8/smime.bin From gmatt at nerc.ac.uk Fri Apr 7 17:00:26 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Apr 7 17:00:41 2006 Subject: Sophos v5 In-Reply-To: <44362835.6080104@gmx.de> References: <1144319483.27368.6.camel@lea.nerc-wallingford.ac.uk> <44362835.6080104@gmx.de> Message-ID: <1144425626.19279.41.camel@lea.nerc-wallingford.ac.uk> On Fri, 2006-04-07 at 10:52 +0200, shrek-m@gmx.de wrote: > On 06.04.2006 12:31, Greg Matthews wrote: > > >Just a data point following someones question about sophos v5... this > >will not even install on CentOS v4. the sophos provided install.sh > >script dies very quickly with: > > > > # ./install.sh -v -d /usr/local/Sophos/ > > 'import site' failed; use -v for traceback > > Traceback (most recent call last): > > File "", line 1, in ? > > zipimport.ZipImportError: can't decompress data; zlib not > > available > > > > > > is this really the sav-linux-5-i386 install.sh ?? > i doubt because "-v -d" are invalid command-line options. yes it is. I realised that the -v and -d were at least undocumented but I tried them anyway as Sophos *may* have included some backwards compatibility for installation (probably not tho). > [sophos-av]# ll ../sav-linux-5-i386.tgz > -rw-r--r-- 1 root root 48591563 31. M?r 17:19 ../sav-linux-5-i386.tgz [root@myhost build]# pwd /local/software/build [root@myhost build]# ls -l ../sav-linux-5-i386.tgz -rw-r--r-- 1 root root 48591563 Apr 6 11:05 ../sav-linux-5-i386.tgz [root@myhost build]# ls -l sophos-av/ total 68 drwxr-xr-x 2 root root 4096 Mar 20 22:00 doc -rwxr-xr-x 1 root root 3427 Mar 20 21:21 install.sh drwxr-xr-x 4 root root 4096 Mar 20 22:00 savi drwxr-xr-x 5 root root 4096 Mar 20 22:00 sav-linux -rw-r--r-- 1 root root 41610 Mar 20 21:43 supported_kernels.txt drwxr-xr-x 5 root root 4096 Mar 20 22:01 talpa -rw-r--r-- 1 root root 8 Mar 20 21:21 version [root@myhost build]# cd sophos-av [root@myhost sophos-av]# ./install.sh -v -d /usr/local/Sophos 'import site' failed; use -v for traceback Traceback (most recent call last): File "", line 1, in ? zipimport.ZipImportError: can't decompress data; zlib not available > [sophos-av]# ./install.sh -v -d /usr/local/Sophos-test/ > Invalid command-line option: -v > Invalid command-line option: -d > install.sh: Install Sophos Anti-Virus > Usage: ./install.sh [INSTALL-DIRECTORY] [OPTION] ... > [.... --help ...] > > > iirc "/usr/local/Sophos/" is created from MS Sophos.install and i > would not install sav in this directory. well thats up to you, I was trying to see if MS and sophos 5 were compatible. MS expects to find it in /usr/local/Sophos at present. > sav5 under fc5(athlon64) 2.6.16 > on-demand, auto-updates, ... = ok > on-access does not work, the talpa modules are the problem. > # tail -5 /opt/sophos-av/talpa/build/talpa-0.9.32/build.log > make[4]: *** > [/opt/sophos-av/talpa/build/talpa-0.9.32/src/platforms/linux/glue.o] > Fehler 1 > make[3]: *** [_module_/opt/sophos-av/talpa/build/talpa-0.9.32] Fehler 2 > make[2]: *** [talpa_core.ko] Fehler 2 > make[1]: *** [all-recursive] Fehler 1 > make: *** [all] Fehler 2 > > # uname -a ; rpm -qa zlib* > Linux localhost.localdomain 2.6.16-1.2080_FC5 #1 SMP Tue Mar 28 03:38:47 > EST 2006 x86_64 x86_64 x86_64 GNU/Linux > zlib-1.2.3-1.2.1 > zlib-1.2.3-1.2.1 > > >In fact Sophos will not even support RHELv4. The product is supported on > >ancient versions of redhat up to rhel3. But they do appear to support > >its installation on suse with a 2.6 kernel... This seems li ke a pretty > >poor show given how long RHEL4 has been out, and that v5 is due out this > >year. > > > > > > on-demand is supported > on-access is a different thing. what I mean is that even if you get it to work on rhel4 it is unsupported. > http://www.sophos.com/products/es/endpoint-server/sav-linux.html > > * *Distributions supported for on-access and on-demand scanning* > Red Hat Linux 7.2/8.0/9.0 > Red Hat Enterprise Linux 2.1/3 - ES/AS/WS > SUSE 7.2/8/9.0/9.1/9.2/9.3/Enterprise Server 8/9 > TurboLinux 8/10 Server, 8 Enterprise Edition > *(For more distributions supported with on-demand scanning only, > see the Linux system requirements on the Sophos Anti-Virus for > non-Windows platforms page. > )* > > --> > http://www.sophos.com/products/es/endpoint-server/sav-non-windows.html > > * *Linux* on Intel > Red Hat 5.1/5.2/6.0/6.1/7.2/8/9 > RHEL 2.1/3/4 <== > SUSE 6/7/8/9.0/9.1/9.2/9.3/10.0 > Enterprise Server 8/9 > TurboLinux 6/7/8/10 > *(For more distributions supported with both on-access and > on-demand scanning, see the Linux system requirements on the > Sophos Anti-Virus for Linux page. > )* sounds great doesnt it... I've not managed to find this product for linux. I can find it for solaris and macos8/9 and lots of other *nix variants but not linux. For linux binaries you are directed to the linux pages which require you to have redhat v3 or older. And besides, this is version 4. > >less surprisingly, they still dont support 64bit architectures. > > > > surprisingly > sav 5 on-demand, autoupdate, sav-web, sav-protect(without on-access) is > ok under fc5 x86_64 athlon64 2.6.16 reading install_en.txt: "1.3 64-bit computers Sophos Anti-Virus does not support 64-bit hardware (including computers running 32-bit emulation)." yes, I can run sophos v4.x fine on my 64 bit dual/dual athlon, but its a 32 bit binary and this config is unsupported by Sophos. Not sure how to explain the different behaviour we see with the install script but from here the whole thing is completely broken on RHEL4. It also appears to have more than quadrupled in size to almost 50MB. For a supposedly "enterprise class" product, its pretty embarassing to not support RHEL4 especially when you claim support for v3. G > > >[...snip...] > > > > > > -- > shrek-m -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From derek at csolve.net Fri Apr 7 17:11:20 2006 From: derek at csolve.net (Derek Buttineau | Compu-SOLVE) Date: Fri Apr 7 17:11:29 2006 Subject: SA Cache Check Patch In-Reply-To: <008301c65a16$9e9bd170$3004010a@martinhlaptop> References: <008301c65a16$9e9bd170$3004010a@martinhlaptop> Message-ID: <44368F28.4080803@csolve.net> Not necessarily, though that is my situation and it is much more apparent in that situation. We split the message recipients into groups based upon scanner preferences using a 3 queue system. Exim drops the inbound messages into the incoming queue, then our splitter daemon reads that queue and splits the messages based upon preferences, dropping the new queue files into either the mailscanner queue or directly to the delivery queue (if the recipient is bypassing scanning). Anyway though, MailScanner does allow you to tie a custom function to the scoring both the Required and High SpamAssassin score, so it would be possible for the cache to produce unexpected results even without splitting recipients, however much less likely. I figured I'd supply the patch in case anyone else found it useful. :) Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies Inc. 705.725.1212 x255 Martin Hepworth wrote: > Derek > > Of course for this to work properly you'll have to split the emails into > individual recipients - ie be using sendmail or exim. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 From mkettler at evi-inc.com Fri Apr 7 17:24:32 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 7 17:24:45 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443666CB.3080009@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> Message-ID: <44369240.4000900@evi-inc.com> Denis Beauchemin wrote: > Matt Kettler a ?crit : >> Denis Beauchemin wrote: >> >>> Julian Field a ?crit : >>> >>>> I have just upgraded my easy-to-install package of ClamAV and >>>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>>> >>>> It can be downloaded from >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>>> >>>> >>>> >>> Julian, >>> >>> Works pretty well, except that it always add the following lines at the >>> end of init.pre, even if they are already present: >>> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >>> loadplugin Mail::SpamAssassin::Plugin::SPF >>> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >>> >>> I also end up with two almost identical files: init.pre and v310.pre >>> . Is this normal? >>> >> >> Yes, but they should NOT have the same content. Both should be a >> series of >> loadplugins commands, but each file should have completely different >> plugins listed. >> >> init.pre has loadplugin statements for plugins present in 3.0.x. >> v310.pre has loadplugin statements for NEW plugins only present in 3.1.x. >> >> This way a SA upgrade won't wipe out your old plugin preferences, or >> leave you >> without important new plugins loaded. >> >> You should carefully review both files and see if there's any plugins >> you wish >> to change the load status of from the defaults. >> >> In particular, be aware that SA 3.1.x does not load Razor or DCC >> support by default. >> >> >> > Matt, > > Which file should contain my plugin choice? In other words, which file > will not be overwritten by an SA upgrade? Neither will be over-written by any SA upgrade. Just edit each file and comment out the plugins you don't want, and uncomment those you do want. Nothing more to be done. The whole reason the second file was created was so they could add more plugins without over-writing the old file. If they ever make more plugins, they'll just add another .pre file with the appropriate version number. From alex at nkpanama.com Fri Apr 7 17:34:51 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Apr 7 17:35:48 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> Message-ID: <443694AB.7010208@nkpanama.com> ankush grover wrote: > hey friends, > > I am using MailScanner version 4.4 on Fedora Core 3 with Postfix 2.15. > I am very much satisfied with the MailScanner now I want to make few > changes in MailScanner like > > a) Adding Disclaimer for outgoing messages. Look in the documentation for "sign clean messages" and edit the corresponding files. You should check to see if you can update your MailScanner version or Perl modules since I believe there's a problem in some cases when signing clean messages regarding PDF files becoming unreadable as a result. > b) I want to forward all the messages marked as spam to a user and at > the same time don't want to send the copy to the recipient(The forward > does send a copy to the recipient). It doesn't. If you don't put the word "deliver", forward will forward, not copy. You probably have "deliver forward" instead of "forward". > c) There are few ex employees of our company on whose ids we keep on > getting spam , I want to ban or reject the mails send to their mail ids. Tell Postfix to do it. > d) Is there any way I can reject the mails based on subject header for > example if a mail contains subject line as "sex" , I don't want to > deliver mails containing such messages. Use MCP or set spamassassin rules. Find out more at the spamassassin site. > > I know most of these questions are very simple to answer or they might > be mentioned in the documentation but as my mail server is on > production server I don't want to take any chances . You don't have to. Just set up MailScanner on another computer (you can use Microsoft's Virtual Server and create a virtual computer) and do your testing from there. > > I am using Spam Assassin with Clamav. > I wonder how that's done. > Please let me know if you need any further inputs. > > > Thanks & Regards > > Ankush Grover > From alex at nkpanama.com Fri Apr 7 17:43:22 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Apr 7 17:43:48 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> Message-ID: <443696AA.3040508@nkpanama.com> ankush grover wrote: > > The information contained in this electronic message and any attachments to this > message are intended for the exclusive use of the addressee(s) and may contain > proprietary, confidential or privileged information. If you are not the intended > > recipient, you should not disseminate, distribute or copy this e-mail. Please notify > the sender immediately and destroy all copies of this message and any attachments. > > WARNING: Computer viruses can be transmitted via email. The recipient should check > > this email and any attachments for the presence of viruses. The company accepts no > liability for any damage caused by any virus transmitted by this email. > > Warning: This disclamer (and any other disclaimers) may have no legal validity whatsoever in your neighborhood, county, province, state, country, planet, solar system, local star cluster, spiral arm, galaxy or group of galaxies. If you are the recipient of such a disclaimer, you may, at your discretion, do any or all of the following: a) read it and follow it to the letter like a good corporate drone; b) disregard it completely, basking in the knowledge that it's highly unlikely that it has any legal or technical validity whatsoever; c) forward copies to the legal department at /dev/null; d) laugh out loud; e) feed it to your pets; f) post it on the local IT bulletin board to share; g) turn it in as an RFC; h) patent it; i); get first post at Slashdot; or j) actually check with a really technically inclined lawyer (most just *think* they are) so you can put a good disclaimer on *your* outgoing e-mail that reflects the truth and not just what you'd like it to be in la-la land. For more info visit http://www.goldmark.org/jeff/stupid-disclaimers/ From alex at nkpanama.com Fri Apr 7 18:21:40 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Apr 7 18:23:01 2006 Subject: few questions on mailscanner In-Reply-To: <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443619BB.9030001@blacknight.ie> <5f638b360604070109r4686e987pcd8d4fad9e699672@mail.gmail.com> <200604070735.37536.dyioulos@firstbhph.com> <5f638b360604070539q7864088fm71e6f0acda22ae75@mail.gmail.com> Message-ID: <44369FA4.2020403@nkpanama.com> ankush grover wrote: > > > > > But still I am not able to get the footer message. > > > Thanks & Regards > > Ankush Grover Did you restart MailScanner? From Denis.Beauchemin at USherbrooke.ca Fri Apr 7 19:08:46 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 7 19:09:06 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <44369240.4000900@evi-inc.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> <44369240.4000900@evi-inc.com> Message-ID: <4436AAAE.1070007@USherbrooke.ca> Matt Kettler a ?crit : > Denis Beauchemin wrote: > >> Matt Kettler a ?crit : >> >>> Denis Beauchemin wrote: >>> >>> >>>> Julian Field a ?crit : >>>> >>>> >>>>> I have just upgraded my easy-to-install package of ClamAV and >>>>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>>>> >>>>> It can be downloaded from >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>>>> >>>>> >>>>> >>>>> >>>> Julian, >>>> >>>> Works pretty well, except that it always add the following lines at the >>>> end of init.pre, even if they are already present: >>>> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >>>> loadplugin Mail::SpamAssassin::Plugin::SPF >>>> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >>>> >>>> I also end up with two almost identical files: init.pre and v310.pre >>>> . Is this normal? >>>> >>>> >>> Yes, but they should NOT have the same content. Both should be a >>> series of >>> loadplugins commands, but each file should have completely different >>> plugins listed. >>> >>> init.pre has loadplugin statements for plugins present in 3.0.x. >>> v310.pre has loadplugin statements for NEW plugins only present in 3.1.x. >>> >>> This way a SA upgrade won't wipe out your old plugin preferences, or >>> leave you >>> without important new plugins loaded. >>> >>> You should carefully review both files and see if there's any plugins >>> you wish >>> to change the load status of from the defaults. >>> >>> In particular, be aware that SA 3.1.x does not load Razor or DCC >>> support by default. >>> >>> >>> >>> >> Matt, >> >> Which file should contain my plugin choice? In other words, which file >> will not be overwritten by an SA upgrade? >> > > Neither will be over-written by any SA upgrade. > > Just edit each file and comment out the plugins you don't want, and uncomment > those you do want. Nothing more to be done. > > The whole reason the second file was created was so they could add more plugins > without over-writing the old file. > > If they ever make more plugins, they'll just add another .pre file with the > appropriate version number. > > > Matt, Then I could merge the contents of the 2 files into one without breaking anything? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/eb55b9ee/smime.bin From mkettler at evi-inc.com Fri Apr 7 19:18:54 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 7 19:19:02 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4436AAAE.1070007@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> <44369240.4000900@evi-inc.com> <4436AAAE.1070007@USherbrooke.ca> Message-ID: <4436AD0E.1050706@evi-inc.com> Denis Beauchemin wrote: >>> >> >> Neither will be over-written by any SA upgrade. >> >> Just edit each file and comment out the plugins you don't want, and >> uncomment >> those you do want. Nothing more to be done. >> >> The whole reason the second file was created was so they could add >> more plugins >> without over-writing the old file. >> >> If they ever make more plugins, they'll just add another .pre file >> with the >> appropriate version number. >> >> >> > Matt, > > Then I could merge the contents of the 2 files into one without breaking > anything? Yes, you could. But why would you want to? Keep in mind that every time you post problems that may be related to plugins, the SA community will tell you to check for a particular entry in the default .pre files, and if you forget to mention the merge/rename you may end up confusing them. From Denis.Beauchemin at USherbrooke.ca Fri Apr 7 19:51:54 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 7 19:52:22 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4436AD0E.1050706@evi-inc.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> <44369240.4000900@evi-inc.com> <4436AAAE.1070007@USherbrooke.ca> <4436AD0E.1050706@evi-inc.com> Message-ID: <4436B4CA.80900@USherbrooke.ca> Matt Kettler a ?crit : > Denis Beauchemin wrote: > >>>> >>>> >>> Neither will be over-written by any SA upgrade. >>> >>> Just edit each file and comment out the plugins you don't want, and >>> uncomment >>> those you do want. Nothing more to be done. >>> >>> The whole reason the second file was created was so they could add >>> more plugins >>> without over-writing the old file. >>> >>> If they ever make more plugins, they'll just add another .pre file >>> with the >>> appropriate version number. >>> >>> >>> >>> >> Matt, >> >> Then I could merge the contents of the 2 files into one without breaking >> anything? >> > > Yes, you could. But why would you want to? > > Keep in mind that every time you post problems that may be related to plugins, > the SA community will tell you to check for a particular entry in the default > .pre files, and if you forget to mention the merge/rename you may end up > confusing them. > > > Understood. Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060407/1187e816/smime.bin From mkettler at evi-inc.com Fri Apr 7 21:08:25 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 7 21:08:36 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4436B4CA.80900@USherbrooke.ca> References: <4435589B.1000905@ecs.soton.ac.uk> <443576C4.9030200@USherbrooke.ca> <44358A68.1010308@evi-inc.com> <443666CB.3080009@USherbrooke.ca> <44369240.4000900@evi-inc.com> <4436AAAE.1070007@USherbrooke.ca> <4436AD0E.1050706@evi-inc.com> <4436B4CA.80900@USherbrooke.ca> Message-ID: <4436C6B9.6010503@evi-inc.com> Denis Beauchemin wrote: > Matt Kettler a ?crit : >> Denis Beauchemin wrote: >>> Matt, >>> >>> Then I could merge the contents of the 2 files into one without breaking >>> anything? >>> >> >> Yes, you could. But why would you want to? >> >> Keep in mind that every time you post problems that may be related to >> plugins, >> the SA community will tell you to check for a particular entry in the >> default >> .pre files, and if you forget to mention the merge/rename you may end up >> confusing them. >> >> >> > Understood. One qualification: the merged file MUST be a .pre file. It cannot be a .cf file, otherwise you'll screw up the rule loading due to the parse order. (pre files are read from the site_rules_dir before the default rules are loaded. cf files are read from site_rules_dir after the default rules are loaded.) From ugob at camo-route.com Sat Apr 8 04:18:25 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Sat Apr 8 04:18:36 2006 Subject: SEMI-OT: Book Translation In-Reply-To: <443411C7.5020009@nkpanama.com> References: <443411C7.5020009@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote: > I'd like to translate "the book" into Spanish, or write "el libro" from > scratch. Makes me wonder, would it be worth it to translate it in french? > > I don't want to step on anybody's toes (or patents, or copyrights), so I > thought I'd ask here about what I could use (or not) from "the book" to > write "el libro". > > Any recommendations on what to use to create/edit it (short of a > tetex-latex-vi-emacs-edlin-wordstar flame war) would also be appreciated. > > Any info on reporting typos (for example, "Thankyou" on p.375 should > read "Thank you") would also be appreciated. > > Thanks in advance, > > Alex From grover1711 at gmail.com Sat Apr 8 09:22:57 2006 From: grover1711 at gmail.com (ankush grover) Date: Sat Apr 8 09:23:07 2006 Subject: few questions on mailscanner In-Reply-To: <443694AB.7010208@nkpanama.com> References: <5f638b360604070046h1cd58e4ep14e601d601d6c65b@mail.gmail.com> <443694AB.7010208@nkpanama.com> Message-ID: <5f638b360604080122p78964f33le5369372a3c5f2c2@mail.gmail.com> On 4/7/06, Alex Neuman van der Hans wrote: > > ankush grover wrote: > > hey friends, > > > > I am using MailScanner version 4.4 on Fedora Core 3 with Postfix 2.15. > > I am very much satisfied with the MailScanner now I want to make few > > changes in MailScanner like > > > > a) Adding Disclaimer for outgoing messages. > Look in the documentation for "sign clean messages" and edit the > corresponding files. You should check to see if you can update your > MailScanner version or Perl modules since I believe there's a problem in > some cases when signing clean messages regarding PDF files becoming > unreadable as a result. I will see if the problem occurs with pdf i will make sign clean messages as no. > b) I want to forward all the messages marked as spam to a user and at > > the same time don't want to send the copy to the recipient(The forward > > does send a copy to the recipient). > It doesn't. If you don't put the word "deliver", forward will forward, > not copy. You probably have "deliver forward" instead of "forward". thanks, it was deliver( as default) i change it to forward > c) There are few ex employees of our company on whose ids we keep on > > getting spam , I want to ban or reject the mails send to their mail ids. > > Tell Postfix to do it. Okay that i will do it in postfix > d) Is there any way I can reject the mails based on subject header for > > example if a mail contains subject line as "sex" , I don't want to > > deliver mails containing such messages. > Use MCP or set spamassassin rules. Find out more at the spamassassin site. > > > > I know most of these questions are very simple to answer or they might > > be mentioned in the documentation but as my mail server is on > > production server I don't want to take any chances . > You don't have to. Just set up MailScanner on another computer (you can > use Microsoft's Virtual Server and create a virtual computer) and do > your testing from there. > > > > I am using Spam Assassin with Clamav. > Sorry my point here was that I am using clamav for virus protection and spam assassin is also there on my system. Did you restart MailScanner? Yes I restarted the MailScanner or other option reload. Thanks & Regards Ankush Grover -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060408/0f6651c9/attachment.html From dhawal at netmagicsolutions.com Sat Apr 8 09:51:53 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Apr 8 09:51:48 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4435589B.1000905@ecs.soton.ac.uk> References: <4435589B.1000905@ecs.soton.ac.uk> Message-ID: <443779A9.7010102@netmagicsolutions.com> Julian Field wrote: > I have just upgraded my easy-to-install package of ClamAV and > SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. > > It can be downloaded from > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz Julian, While i received replies from everyone on this thread, i never received your original mail, fortunately i user both the email-based list and gmane (nntp). I also don't see it quarantined (for whatever reason) on my servers either. Is anyone else observing the same problem? else i need to start investigating locally. thanks, - dhawal From drew at themarshalls.co.uk Sat Apr 8 12:59:29 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Apr 8 12:59:38 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <443779A9.7010102@netmagicsolutions.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443779A9.7010102@netmagicsolutions.com> Message-ID: On 8 Apr 2006, at 09:51, Dhawal Doshy wrote: > Julian Field wrote: >> I have just upgraded my easy-to-install package of ClamAV and >> SpamAssassin so that it contains the latest version of ClamAV, >> 0.88.1. >> It can be downloaded from >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam- >> SA.tar.gz > > Julian, > > While i received replies from everyone on this thread, i never > received your original mail, fortunately i user both the email- > based list and gmane (nntp). I also don't see it quarantined (for > whatever reason) on my servers either. > > Is anyone else observing the same problem? else i need to start > investigating locally. Dhawal Apart from Julian being a bit quiet (I think he is/ was away at the JANET conference) I am not aware of missing any of his posts. Certainly I got this one so it looks like it's over to you :-( Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dhawal at netmagicsolutions.com Sat Apr 8 13:55:30 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Apr 8 13:55:28 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: References: <4435589B.1000905@ecs.soton.ac.uk> <443779A9.7010102@netmagicsolutions.com> Message-ID: <4437B2C2.7020703@netmagicsolutions.com> Drew Marshall wrote: > On 8 Apr 2006, at 09:51, Dhawal Doshy wrote: > >> Julian Field wrote: >>> I have just upgraded my easy-to-install package of ClamAV and >>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>> It can be downloaded from >>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>> >> >> Julian, >> >> While i received replies from everyone on this thread, i never >> received your original mail, fortunately i user both the email-based >> list and gmane (nntp). I also don't see it quarantined (for whatever >> reason) on my servers either. >> >> Is anyone else observing the same problem? else i need to start >> investigating locally. > > Dhawal > > Apart from Julian being a bit quiet (I think he is/ was away at the > JANET conference) I am not aware of missing any of his posts. Certainly > I got this one so it looks like it's over to you :-( > > Drew I could neither find the message-id 4435589B.1000905@ecs.soton.ac.uk in my logs (syslog) nor any mail from Julian (actually mailscanner-bounces@lists.mailscanner.info) in mailwatch (for this thread), though i did receive his other mails.. hence the concern. I'll continue some more investigation before i give up. i'll also wait for some more responses before giving up. thanks, - dhawal From devonharding at gmail.com Sat Apr 8 14:09:15 2006 From: devonharding at gmail.com (Devon Harding) Date: Sat Apr 8 14:09:19 2006 Subject: MailScanner doesn't start on bootup Message-ID: <2baac6140604080609p23cd3b17lc39282994cda1341@mail.gmail.com> Whenever I bootup my FC4 system & query MailScanner status, I get this: [root@mars ~]# service MailScanner status Checking MailScanner daemons: MailScanner: [FAILED] incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for reading: No such file or directory [FAILED] outgoing sendmail: head: cannot open `/var/run/sendmail.out.pid' for reading: No such file or directory ^[[A[FAILED] I have to do a 'service MailScanner restart' every time after bootup. What causes this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060408/eddb4af9/attachment.html From glenn.steen at gmail.com Sat Apr 8 14:51:05 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 8 14:51:07 2006 Subject: MailScanner doesn't start on bootup In-Reply-To: <2baac6140604080609p23cd3b17lc39282994cda1341@mail.gmail.com> References: <2baac6140604080609p23cd3b17lc39282994cda1341@mail.gmail.com> Message-ID: <223f97700604080651w67096ef6sa2c9e6a0f52e8e62@mail.gmail.com> On 08/04/06, Devon Harding wrote: > Whenever I bootup my FC4 system & query MailScanner status, I get this: > > [root@mars ~]# service MailScanner status > Checking MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for > reading: No such file or directory > [FAILED] > outgoing sendmail: head: cannot open `/var/run/sendmail.out.pid' > for reading: No such file or directory > ^[[A[FAILED] > > I have to do a 'service MailScanner restart' every time after bootup. What > causes this? > > -Devon > chkconfig --list | grep MailScanner runlevel ... Is it on for your default runlevel? If not, do the appropriate "chkconfig on" ting:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From michele at blacknight.ie Sat Apr 8 15:04:47 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sat Apr 8 15:05:30 2006 Subject: SEMI-OT: Book Translation In-Reply-To: References: <443411C7.5020009@nkpanama.com> Message-ID: <4437C2FF.7000801@blacknight.ie> Ugo Bellavance wrote: > Alex Neuman van der Hans wrote: >> I'd like to translate "the book" into Spanish, or write "el libro" >> from scratch. > > Makes me wonder, would it be worth it to translate it in french? I'd say - yes -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From max at assuredata.com Mon Apr 3 19:02:01 2006 From: max at assuredata.com (Max Kipness) Date: Sat Apr 8 15:11:36 2006 Subject: Same email processes 268 times! Message-ID: <48dbe547f93db62bd1bd8db0b72a3005@localhost> Hello - I've been trying desperately to figure out why my MailScanner queues are so large and cpu is pegged at 100%. When looking through the log I finally figured out what part of the problem might be. Some messages are being processed hundreds of times. I grepped for one messagaes and was processed 268 times, so basically I see this (the repetitive part): Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message k33E61uc020656 actions are store Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found in SBL+XBL Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for message k33E61uc020656 Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from 218.144.251.15 (jonah.rivas_yx@mo en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, required 6, BAYES_99 3.50, DATE_IN_ FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, MIME_BASE64_NO_NAME 0.22 , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_SORBS_DUL 2. 05) This has repeated 268 times with only an increment of a few seconds in the time. Other messages, including non-spam seem to function just fine and are processed once. I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build from a week ago, so something I guess could be configured wrong. Thanks, Max From max at assuredata.com Mon Apr 3 21:46:53 2006 From: max at assuredata.com (Max Kipness) Date: Sat Apr 8 15:11:39 2006 Subject: Same email processed 268 times! In-Reply-To: <443187A2.1060402@ecs.soton.ac.uk> References: <443187A2.1060402@ecs.soton.ac.uk> Message-ID: Thanks for the response, will do. My version is indeed 4.51.5. Max On Mon, 03 Apr 2006 21:37:54 +0100, Julian Field wrote: > You need to upgrade, there was a bug in the version you are running > (4.51.5?). > > Max Kipness wrote: >> Hello - >> >> I've been trying desperately to figure out why my MailScanner queues are > so >> large and cpu is pegged at 100%. When looking through the log I finally > figured >> out what part of the problem might be. Some messages are being processed >> hundreds of times. I grepped for one messagaes and was processed 268 > times, so >> basically I see this (the repetitive part): >> >> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message > k33E61uc020656 >> actions are store >> Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found > in >> SBL+XBL >> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for > message >> k33E61uc020656 >> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >> 218.144.251.15 (jonah.rivas_yx@mo >> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, > required 6, >> BAYES_99 3.50, DATE_IN_ >> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, > FORGED_RCVD_HELO 0.14, >> MIME_BASE64_NO_NAME 0.22 >> , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, >> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ >> RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, > RCVD_IN_NJABL_DUL >> 1.95, RCVD_IN_SORBS_DUL 2. >> 05) >> >> This has repeated 268 times with only an increment of a few seconds in > the >> time. >> >> Other messages, including non-spam seem to function just fine and are > processed >> once. >> >> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build > from a >> week ago, so something I guess could be configured wrong. >> >> Thanks, >> Max >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Regards, Max Kipness AssureData, Inc. From Rob at dido.ca Wed Apr 5 16:24:15 2006 From: Rob at dido.ca (Rob Morin) Date: Sat Apr 8 15:11:41 2006 Subject: Why an email was rejected excuse for client... Message-ID: <4433E11F.60103@dido.ca> Hello all.... I have a few clients that receive email from Asia quite a bit, and they are legitimate emails with no spam, just business talk in them... but they get tagged as spam.... now i know it gives the reason in the logs, but how do i actually tell what the reason was to the user? Here is a sample mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to thedomainname.com is spam, SpamAssassin (score=7.208, required 4, BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) So ok, there the info, so do i look up each rule to see what it means? Is ther ean table or an easy way to let a client know why?? Also i have a friend of mine that has his own mail server and he says he does a white list by adding to the white list any email address that the server sends email to... IE any of his clients that send email via that server to a person, that email is put itn the white list automatically... is this safe? is it possible? Thanks and have a great day! -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From grant at grunta.com Thu Apr 6 01:44:40 2006 From: grant at grunta.com (grant beattie) Date: Sat Apr 8 15:11:42 2006 Subject: Location of perl in #! of Mailscanner scripts In-Reply-To: <443402F7.6020907@usg.edu> References: <443402F7.6020907@usg.edu> Message-ID: <20060406004440.GF28368@fang> On Wed, Apr 05, 2006 at 01:48:39PM -0400, Bob Jones wrote: > Hey all, > > So, a little issue here with the install.sh script of the > distribution for Solaris/BSD/Other Linux/Other Unix. We have installed > a new distribution of perl in a nonstandard location (let's say > /opt/perl for this discussion). So, when I go to install Mailscanner > with the install.sh script I give it the flag --perl=/opt/perl and > everything installs fine. > > Next I go to run Mailscanner and it goes kablooey. I get to > looking around and I see why. Even though I specified an alternate > location of perl in the install script, all the Mailscanner perl scripts > (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. > Shouldn't the install script change these headings to the specified perl > or am I missing something? I can't just put a link in /usr/bin as the > legacy perl is needed for other things. the generally accepted ``#!/usr/bin/env perl'' would be better here so it would Just Work even if you don't do --perl=blah... grant. From MailScanner at ecs.soton.ac.uk Sat Apr 8 15:45:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 8 15:45:38 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4437B2C2.7020703@netmagicsolutions.com> References: <4435589B.1000905@ecs.soton.ac.uk> <443779A9.7010102@netmagicsolutions.com> <4437B2C2.7020703@netmagicsolutions.com> Message-ID: <4437CC81.4050202@ecs.soton.ac.uk> Dhawal Doshy wrote: > Drew Marshall wrote: >> On 8 Apr 2006, at 09:51, Dhawal Doshy wrote: >> >>> Julian Field wrote: >>>> I have just upgraded my easy-to-install package of ClamAV and >>>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>>> It can be downloaded from >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>>> >>> >>> Julian, >>> >>> While i received replies from everyone on this thread, i never >>> received your original mail, fortunately i user both the email-based >>> list and gmane (nntp). I also don't see it quarantined (for whatever >>> reason) on my servers either. >>> >>> Is anyone else observing the same problem? else i need to start >>> investigating locally. >> >> Dhawal >> >> Apart from Julian being a bit quiet (I think he is/ was away at the >> JANET conference) I am not aware of missing any of his posts. >> Certainly I got this one so it looks like it's over to you :-( >> >> Drew > > I could neither find the message-id 4435589B.1000905@ecs.soton.ac.uk > in my logs (syslog) nor any mail from Julian (actually > mailscanner-bounces@lists.mailscanner.info) in mailwatch (for this > thread), though i did receive his other mails.. hence the concern. > > I'll continue some more investigation before i give up. i'll also wait > for some more responses before giving up. Look in the bogus-anti-virus-warnings SA ruleset and you will find a rule that by default nobbles all email from me. So kind of them... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Sat Apr 8 16:03:01 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Apr 8 16:02:55 2006 Subject: MailScanner ANNOUNCE: Easy-to-install Clam+SA upgraded to Clam 0.88.1 In-Reply-To: <4437CC81.4050202@ecs.soton.ac.uk> References: <4435589B.1000905@ecs.soton.ac.uk> <443779A9.7010102@netmagicsolutions.com> <4437B2C2.7020703@netmagicsolutions.com> <4437CC81.4050202@ecs.soton.ac.uk> Message-ID: <4437D0A5.80709@netmagicsolutions.com> Julian Field wrote: > Dhawal Doshy wrote: >> Drew Marshall wrote: >>> On 8 Apr 2006, at 09:51, Dhawal Doshy wrote: >>> >>>> Julian Field wrote: >>>>> I have just upgraded my easy-to-install package of ClamAV and >>>>> SpamAssassin so that it contains the latest version of ClamAV, 0.88.1. >>>>> It can be downloaded from >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz >>>>> >>>> >>>> Julian, >>>> >>>> While i received replies from everyone on this thread, i never >>>> received your original mail, fortunately i user both the email-based >>>> list and gmane (nntp). I also don't see it quarantined (for whatever >>>> reason) on my servers either. >>>> >>>> Is anyone else observing the same problem? else i need to start >>>> investigating locally. >>> >>> Dhawal >>> >>> Apart from Julian being a bit quiet (I think he is/ was away at the >>> JANET conference) I am not aware of missing any of his posts. >>> Certainly I got this one so it looks like it's over to you :-( >>> >>> Drew >> >> I could neither find the message-id 4435589B.1000905@ecs.soton.ac.uk >> in my logs (syslog) nor any mail from Julian (actually >> mailscanner-bounces@lists.mailscanner.info) in mailwatch (for this >> thread), though i did receive his other mails.. hence the concern. >> >> I'll continue some more investigation before i give up. i'll also wait >> for some more responses before giving up. > Look in the bogus-anti-virus-warnings SA ruleset and you will find a > rule that by default nobbles all email from me. So kind of them... I do use those rules and a part of them concerning mailscanner have been scored to '0'. Also the postfix logs indicate that the mail never hit my servers.. Thanks for your reply anyways, i'll continue troubleshooting for some more time.. - dhawal From jrudd at ucsc.edu Sat Apr 8 16:37:12 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sat Apr 8 16:37:36 2006 Subject: Location of perl in #! of Mailscanner scripts In-Reply-To: <20060406004440.GF28368@fang> References: <443402F7.6020907@usg.edu> <20060406004440.GF28368@fang> Message-ID: <3a703d948b44328204fe755f6ae60fa5@ucsc.edu> On Apr 5, 2006, at 5:44 PM, grant beattie wrote: > On Wed, Apr 05, 2006 at 01:48:39PM -0400, Bob Jones wrote: > >> Hey all, >> >> So, a little issue here with the install.sh script of the >> distribution for Solaris/BSD/Other Linux/Other Unix. We have >> installed >> a new distribution of perl in a nonstandard location (let's say >> /opt/perl for this discussion). So, when I go to install Mailscanner >> with the install.sh script I give it the flag --perl=/opt/perl and >> everything installs fine. >> >> Next I go to run Mailscanner and it goes kablooey. I get to >> looking around and I see why. Even though I specified an alternate >> location of perl in the install script, all the Mailscanner perl >> scripts >> (e.g. /opt/Mailscanner/bin/MailScanner ) point to #!/usr/bin/perl. >> Shouldn't the install script change these headings to the specified >> perl >> or am I missing something? I can't just put a link in /usr/bin as the >> legacy perl is needed for other things. > > the generally accepted ``#!/usr/bin/env perl'' would be better here > so it would Just Work even if you don't do --perl=blah... > > grant. > I don't think that helps much when you've got multiple copies of perl installed, and you need a specific one to be invoked for mailscanner. (which is what I inferred from the original poster (OP)). A symlink doesn't help (as one person suggested) because that's _effectively_ the same as saying "de-install the other copy of perl" -- if you need your legacy perl sitting around, you can't really do that. You need /usr/bin/perl to be the old perl, and /opt/perl/bin/perl to be the new perl (hopefully gleaning the right paths from the OP). And you need /opt/perl/bin/perl to be what mailscanner uses for all of its routines. Using "/usr/bin/env perl" doesn't tell the system _anything_ about which perl to use, so you're going to (seemingly) randomly end up with one perl ... hopefully the same one every time, and hopefully the one you need it to be. No, the right thing is exactly what the OP requested: if you specify a perl binary to the install routine, then everything in the mailscanner dist. that has a #! invocation line should have that in its invocation line. No exceptions. From ljosnet at gmail.com Sat Apr 8 17:48:47 2006 From: ljosnet at gmail.com (emm1) Date: Sat Apr 8 17:48:54 2006 Subject: 4.52 on FreeBSD? Message-ID: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> Hello, does anyone know when they will update the ports in FreeBSD 6 for MailScanner 4.52? It's still at 4.50 :/ From mikej at rogers.com Sat Apr 8 18:13:02 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sat Apr 8 18:12:54 2006 Subject: 4.52 on FreeBSD? In-Reply-To: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> References: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> Message-ID: <4437EF1E.600@rogers.com> emm1 wrote: > Hello, does anyone know when they will update the ports in FreeBSD 6 > for MailScanner 4.52? It's still at 4.50 :/ > Who is "they" ? You are free to submit patches. From ljosnet at gmail.com Sat Apr 8 18:33:46 2006 From: ljosnet at gmail.com (emm1) Date: Sat Apr 8 18:33:48 2006 Subject: 4.52 on FreeBSD? In-Reply-To: <4437EF1E.600@rogers.com> References: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> <4437EF1E.600@rogers.com> Message-ID: <910ee2ac0604081033m45fc34d2kbbff8467938fb295@mail.gmail.com> I don't know howto do this. And as of "they" I assume there is someone who is committed to update this specific port or do they just wait for someone to do it? On 4/8/06, Mike Jakubik wrote: > emm1 wrote: > > Hello, does anyone know when they will update the ports in FreeBSD 6 > > for MailScanner 4.52? It's still at 4.50 :/ > > > > Who is "they" ? You are free to submit patches. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From devonharding at gmail.com Sat Apr 8 19:42:06 2006 From: devonharding at gmail.com (Devon Harding) Date: Sat Apr 8 19:42:09 2006 Subject: MailScanner doesn't start on bootup In-Reply-To: <223f97700604080651w67096ef6sa2c9e6a0f52e8e62@mail.gmail.com> References: <2baac6140604080609p23cd3b17lc39282994cda1341@mail.gmail.com> <223f97700604080651w67096ef6sa2c9e6a0f52e8e62@mail.gmail.com> Message-ID: <2baac6140604081142n458e0730qe3c720535aea8495@mail.gmail.com> It was set to this... [root@mars ~]# chkconfig --list | grep MailScanner MailScanner 0:off 1:off 2:off 3:off 4:off 5:off 6:off Good to go. On 4/8/06, Glenn Steen wrote: > > On 08/04/06, Devon Harding wrote: > > Whenever I bootup my FC4 system & query MailScanner status, I get this: > > > > [root@mars ~]# service MailScanner status > > Checking MailScanner daemons: > > MailScanner: [FAILED] > > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' > for > > reading: No such file or directory > > [FAILED] > > outgoing sendmail: head: cannot open > `/var/run/sendmail.out.pid' > > for reading: No such file or directory > > ^[[A[FAILED] > > > > I have to do a 'service MailScanner restart' every time after > bootup. What > > causes this? > > > > -Devon > > > chkconfig --list | grep MailScanner > runlevel > ... Is it on for your default runlevel? > If not, do the appropriate "chkconfig on" ting:-) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060408/032195fa/attachment.html From ljosnet at gmail.com Sat Apr 8 20:27:21 2006 From: ljosnet at gmail.com (emm1) Date: Sat Apr 8 20:27:23 2006 Subject: Stopping messages containing Chinese and Korean characters? Message-ID: <910ee2ac0604081227v188b00e2k8f113090bf9965c9@mail.gmail.com> How would I do this in FreeBSD 6 sendmail? In Linux the following worked perfectly: LOCAL_CONFIG dnl # dnl regex map for character sets (not case-sensitive) KCharsetKorean regex -a@MATCH charset=.*(euc-kr|korean|ks.*c) KCharsetChinese regex -a@MATCH charset=.*(big5|Chinese|cn|gb) dnl # LOCAL_RULESETS dnl # ################################################################## # Local ruleset - Check Content-Type: # ################################################################## dnl Reject based on Content-Type header HContent-Type: $>CheckContentType D{NoKoreanMsg}Korean not spoken here. D{NoChineseMsg}Chinese not spoken here. SCheckContentType R$* $: $(CharsetKorean $&{currHeader} $) R@MATCH $#error $: 550 5.7.0 ${NoKoreanMsg} R$* $: $(CharsetChinese $&{currHeader} $) R@MATCH $#error $: 550 5.7.0 ${NoChineseMsg} When I insert the same code in my FreeBSD sendmail I get this error: stat=rewrite: map CharsetChinese not found Thanks! From mailscanner at mango.zw Sat Apr 8 17:57:32 2006 From: mailscanner at mango.zw (Jim Holland) Date: Sat Apr 8 21:24:11 2006 Subject: Still stuck in queue, version 4.52.2 In-Reply-To: <80fb9c4e63217eef83a3e739939225c8@localhost> Message-ID: Hi On Thu, 6 Apr 2006, Max Kipness wrote: > I've since upgraded to version 4.52.2, and I'm getting better > performance (probably less getting stuck in the queue), yet yesterday > there was one message that got processed over 6000 times! > > Here is a sample of one that is stuck right now. It's been processed 512 > times. Any clue to what else I can do to remedy this issue? I wish I knew the cause of this problem. I regularly come across this issue, but fortunately at long intervals (a couple of months or more between each occurrence) with all the versions of MailScanner that I have used (currently 4.50.10-1 - just about to install 4.52.2). When I come across stuck mail I generally find that the whole of the associated batch of up to 30 messages tend to have the same problem of being endlessly reprocessed. My fix is to remove the first message of the batch from mqueue.in and then try to process the rest of the batch. If that fails then I remove the next one, and so on until I have identified the problem message. I then return the remaining messages to the queue and finally convert the d and q files of the problem message to a standard RFC822 message file, scan it with clamscan, and if it OK I then move the d and q files to mqueue to bypass MailScanner. It works, but I would like to get to the bottom of the problem. In several such cases I noticed that the message contained a zip file together with another file. In almost all cases the message was over 500 KB in size (but as we regularly handle messages of up to 1.5 MB that is not in itself a particular problem). On other occasions it was just a large pps file. I never see any specific error message in the maillog file (I was using sendmail 8.13.1 before the upgrade to 8.13.6) - it reports that a message has been processed by MailScanner but there is no corresponding delivery notice. All the problem mail has been incoming to our users. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From michele at blacknight.ie Sun Apr 9 12:51:18 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sun Apr 9 12:51:22 2006 Subject: Whitelisting Problem Message-ID: <4438F536.4080803@blacknight.ie> Hi If this has been discussed previously I couldn't find it :) In any case the problem / issue is as follows For very good reason we are allowing all mail to abuse@ and support@ to bypass our spam filters, however if the email is CCed or BCCed to other addresses it gets through to them, which we don't want Put another way... We want mail to abuse@ and support@ to get through BUT we don't want anyotheraddress@ to receive the junk MTA is sendmail Any thoughts / suggestions would be appreciated TIA Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From glenn.steen at gmail.com Sun Apr 9 13:33:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 9 13:33:14 2006 Subject: Whitelisting Problem In-Reply-To: <4438F536.4080803@blacknight.ie> References: <4438F536.4080803@blacknight.ie> Message-ID: <223f97700604090533n1335c11av313fd3c843dff519@mail.gmail.com> On 09/04/06, Michele Neylon:: Blacknight.ie wrote: > Hi > > If this has been discussed previously I couldn't find it :) > > In any case the problem / issue is as follows > > For very good reason we are allowing all mail to abuse@ and support@ to > bypass our spam filters, however if the email is CCed or BCCed to other > addresses it gets through to them, which we don't want > > Put another way... > We want mail to abuse@ and support@ to get through BUT we don't want > anyotheraddress@ to receive the junk > > MTA is sendmail > > Any thoughts / suggestions would be appreciated > > TIA > > Michele I think you know the std answer to this one:-)... Since WLing is probably a case of applying a ruleset, and you want this to take effect/recipient, you need to split the message/recipient... And _that_ has been covered several rimes in the not-too-distant past;-). Might not be that palatable in a high-volume setup, but ... there it is. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Apr 9 13:36:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 9 13:36:10 2006 Subject: Whitelisting Problem In-Reply-To: <223f97700604090533n1335c11av313fd3c843dff519@mail.gmail.com> References: <4438F536.4080803@blacknight.ie> <223f97700604090533n1335c11av313fd3c843dff519@mail.gmail.com> Message-ID: <223f97700604090536i36556699j3a28903d0fb4d24c@mail.gmail.com> On 09/04/06, Glenn Steen wrote: (snip) > _that_ has been covered several rimes in the not-too-distant past;-). (snip) ... "rimes" rhymes with "times".... sigh. -- -- Glenn (Le Grand Typo) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at themarshalls.co.uk Sun Apr 9 14:12:39 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sun Apr 9 14:12:49 2006 Subject: 4.52 on FreeBSD? In-Reply-To: <910ee2ac0604081033m45fc34d2kbbff8467938fb295@mail.gmail.com> References: <910ee2ac0604080948i6fd0cea5s53d89d09a2282581@mail.gmail.com> <4437EF1E.600@rogers.com> <910ee2ac0604081033m45fc34d2kbbff8467938fb295@mail.gmail.com> Message-ID: <96DF2619-1834-4A3C-91B2-809ABB4A98D4@themarshalls.co.uk> On 8 Apr 2006, at 18:33, emm1 wrote: > I don't know howto do this. And as of "they" I assume there is someone > who is committed to update this specific port or do they just wait for > someone to do it? 'They' is Jan-Peter Koopmann who does participate on this list and who's e-mail address is listed in the Makefile of the port. You could always e-mail him and either; 1) Volunteer to help him 2) Rant about his inefficiency at not having updated the port yet Or take the third option 3) Be patient and wait I'll leave you to decide what is the best course of action ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From maillists at conactive.com Sun Apr 9 16:09:27 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 9 16:09:47 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: References: Message-ID: Adri Koppes wrote on Fri, 7 Apr 2006 09:30:46 +0200: > It seems to be sa-update downloads the rules into a separate directory. yes, either beneath /etc/mail/spamassassin when I don't specify the path and if I specify the path then down there. I can't see a reason why SA should use it there, it doesn't know of the path. sa-update doesn't add this path to the SA configuration. > Have you tried running spamassassin -D after running sa-update? As I said, it won't use that path nor will it use any subdirectory off /etc/mail/spamassassin - in that case it would just gulp all my rulesdujour a second time. > SpamAssassin should find the updated rules from the subdirectory and use them. >From my experience: no. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun Apr 9 16:09:27 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 9 16:09:48 2006 Subject: Stopping messages containing Chinese and Korean characters? In-Reply-To: <910ee2ac0604081227v188b00e2k8f113090bf9965c9@mail.gmail.com> References: <910ee2ac0604081227v188b00e2k8f113090bf9965c9@mail.gmail.com> Message-ID: Emm1 wrote on Sat, 8 Apr 2006 19:27:21 +0000: > stat=rewrite: map CharsetChinese not found I assume you have to provide these maps. gettext-related? I'd ask on a list for FreeBSD. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sun Apr 9 22:21:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 9 22:21:39 2006 Subject: Still stuck in queue, version 4.52.2 In-Reply-To: References: Message-ID: <44397AD5.9040708@ecs.soton.ac.uk> Jim Holland wrote: > Hi > > On Thu, 6 Apr 2006, Max Kipness wrote: > > >> I've since upgraded to version 4.52.2, and I'm getting better >> performance (probably less getting stuck in the queue), yet yesterday >> there was one message that got processed over 6000 times! >> >> Here is a sample of one that is stuck right now. It's been processed 512 >> times. Any clue to what else I can do to remedy this issue? >> > > I wish I knew the cause of this problem. I regularly come across this > issue, but fortunately at long intervals (a couple of months or more > between each occurrence) with all the versions of MailScanner that I have > used (currently 4.50.10-1 - just about to install 4.52.2). When I come > across stuck mail I generally find that the whole of the associated batch > of up to 30 messages tend to have the same problem of being endlessly > reprocessed. My fix is to remove the first message of the batch from > mqueue.in and then try to process the rest of the batch. If that fails > then I remove the next one, and so on until I have identified the problem > message. I then return the remaining messages to the queue and finally > convert the d and q files of the problem message to a standard RFC822 > message file, scan it with clamscan, and if it OK I then move the d and q > files to mqueue to bypass MailScanner. It works, but I would like to get > to the bottom of the problem. > > In several such cases I noticed that the message contained a zip file > together with another file. In almost all cases the message was over 500 > KB in size (but as we regularly handle messages of up to 1.5 MB that is > not in itself a particular problem). On other occasions it was just a > large pps file. > > I never see any specific error message in the maillog file (I was using > sendmail 8.13.1 before the upgrade to 8.13.6) - it reports that a > message has been processed by MailScanner but there is no corresponding > delivery notice. All the problem mail has been incoming to our users. > I haven't been around for a while, so haven't seen this one. Please can you send me (off-list) the df and qf files (in a zip file) along with a copy of your MailScanner.conf file (preferably without the comments) so I can see your setup. I hope I can reproduce the problem. The snag often is that I can't reproduce the problem. What I would also like you to do is, when you are tracking down the errant message, shutdown MailScanner and then do MailScanner --debug and note down any error messages that appear (except the EOCD signature warnings). This may well help me locate the problem for you. If I can't reproduce the problem on my system, but you have got a message that reliably makes the problem appear, then remote access to your system would enable me to track it down and get it fixed once and for all. Thanks, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Apr 9 22:24:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 9 22:24:15 2006 Subject: Same email processed 268 times! In-Reply-To: References: <443187A2.1060402@ecs.soton.ac.uk> Message-ID: <44397B72.5030207@ecs.soton.ac.uk> If that doesn't fix it, send me the qf+df files of the message along with your MailScanner.conf (without the comments) and I will try to see if I can reproduce the problem myself. Max Kipness wrote: > Thanks for the response, will do. My version is indeed 4.51.5. > > Max > > On Mon, 03 Apr 2006 21:37:54 +0100, Julian Field wrote: > >> You need to upgrade, there was a bug in the version you are running >> (4.51.5?). >> >> Max Kipness wrote: >> >>> Hello - >>> >>> I've been trying desperately to figure out why my MailScanner queues are >>> >> so >> >>> large and cpu is pegged at 100%. When looking through the log I finally >>> >> figured >> >>> out what part of the problem might be. Some messages are being processed >>> hundreds of times. I grepped for one messagaes and was processed 268 >>> >> times, so >> >>> basically I see this (the repetitive part): >>> >>> Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message >>> >> k33E61uc020656 >> >>> actions are store >>> Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found >>> >> in >> >>> SBL+XBL >>> Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for >>> >> message >> >>> k33E61uc020656 >>> Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from >>> 218.144.251.15 (jonah.rivas_yx@mo >>> en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, >>> >> required 6, >> >>> BAYES_99 3.50, DATE_IN_ >>> FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, >>> >> FORGED_RCVD_HELO 0.14, >> >>> MIME_BASE64_NO_NAME 0.22 >>> , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, >>> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ >>> RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, >>> >> RCVD_IN_NJABL_DUL >> >>> 1.95, RCVD_IN_SORBS_DUL 2. >>> 05) >>> >>> This has repeated 268 times with only an increment of a few seconds in >>> >> the >> >>> time. >>> >>> Other messages, including non-spam seem to function just fine and are >>> >> processed >> >>> once. >>> >>> I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build >>> >> from a >> >>> week ago, so something I guess could be configured wrong. >>> >>> Thanks, >>> Max >>> >>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Apr 9 22:27:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 9 22:27:22 2006 Subject: Why an email was rejected excuse for client... In-Reply-To: <4433E11F.60103@dido.ca> References: <4433E11F.60103@dido.ca> Message-ID: <44397C2F.4080507@ecs.soton.ac.uk> If you send the spam as an attachment (read the comments about the Spam Actions settings), you can include a $longreport which will give them a nice table including the description of each rule that hit. I might have got the name wrong, so check the relevant report file which will include an example of use of every variable name that can be used in the report file. Rob Morin wrote: > Hello all.... > > I have a few clients that receive email from Asia quite a bit, and > they are legitimate emails with no spam, just business talk in them... > but they get tagged as spam.... now i know it gives the reason in the > logs, but how do i actually tell what the reason was to the user? > Here is a sample > > mail.log.0:Apr 4 09:43:32 stewy MailScanner[4249]: Message > 1BB94C2C6.78A0C from 211.45.20.46 (hanzulux@unitel.co.kr) to > thedomainname.com is spam, SpamAssassin (score=7.208, required 4, > BAYES_80 2.00, DNS_FROM_RFC_ABUSE 0.20, DNS_FROM_RFC_POST 1.71, > FROM_BLANK_NAME 1.53, HTML_FONT_FACE_BAD 0.16, HTML_MESSAGE 0.00, > NO_REAL_NAME 0.96, SARE_FROM_NONAME 0.65) > > So ok, there the info, so do i look up each rule to see what it means? > Is ther ean table or an easy way to let a client know why?? > > Also i have a friend of mine that has his own mail server and he says > he does a white list by adding to the white list any email address > that the server sends email to... IE any of his clients that send > email via that server to a person, that email is put itn the white > list automatically... is this safe? is it possible? > > > > Thanks and have a great day! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Sun Apr 9 23:31:18 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 9 23:31:38 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update In-Reply-To: <44352CFC.6090903@abacom.com> References: <008101c65954$f810e6e0$3004010a@martinhlaptop> <44352CFC.6090903@abacom.com> Message-ID: Chris Conn wrote on Thu, 06 Apr 2006 11:00:12 -0400: > This thread has confused the heck out of me. And your question does that to me. *What* do you mean? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at grayonline.id.au Sun Apr 9 23:22:21 2006 From: james at grayonline.id.au (James Gray) Date: Mon Apr 10 00:28:30 2006 Subject: Email rejected, what reason to give client?? In-Reply-To: References: <4433E263.6060906@thehostmasters.com> <4433F7B7.6060900@thehostmasters.com> Message-ID: <200604100822.23331.james@grayonline.id.au> On Thu, 6 Apr 2006 05:31 am, Kai Schaetzl wrote: > Rob Morin wrote on Wed, 05 Apr 2006 13:00:39 -0400: > > so i do things to help me out that might not be > > kosher, so to speak.... > > > > I will up it to 5 right away > > Go to www.rulesemporium.org, it's a very good resource. Grab a few > rulesets, not *all* of them! If you are satisfied, get rulesdujour and > they will autoupdate from then on. You have to invest an hour of work into > this or maybe two, but then you get forget for a year. ...unless you're one of the poor saps maintaining the rules grokked by rulesdujour! ;) James -- Never worry about theory as long as the machinery does what it's supposed to do. -- R. A. Heinlein -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060410/beca2a9c/attachment.bin From adrik at salesmanager.nl Mon Apr 10 09:03:58 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Mon Apr 10 09:04:01 2006 Subject: MailScanner 4.50.15 not picking up new rules from sa-update Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kai Schaetzl > Sent: zondag 9 april 2006 17:09 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner 4.50.15 not picking up new rules > from sa-update > > Adri Koppes wrote on Fri, 7 Apr 2006 09:30:46 +0200: > > > It seems to be sa-update downloads the rules into a > separate directory. > > yes, either beneath /etc/mail/spamassassin when I don't > specify the path and if I specify the path then down there. I > can't see a reason why SA should use it there, it doesn't > know of the path. sa-update doesn't add this path to the SA > configuration. What is your LOCAL_STATE_DIR set to in /usr/local/bin/spamassassin? If sa-update puts the updates in the directory pointed to by LOCAL_STATE_DIR, spamassassin will automatically pick them up, replacing the rules from the system rules. > > Have you tried running spamassassin -D after running sa-update? > > As I said, it won't use that path nor will it use any > subdirectory off /etc/mail/spamassassin - in that case it > would just gulp all my rulesdujour a second time. > > > SpamAssassin should find the updated rules from the > subdirectory and use them. > > >From my experience: no. Try putting the updates in LOCAL_STATE_DIR and try again. Adri. From adrik at salesmanager.nl Mon Apr 10 09:06:06 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Mon Apr 10 09:06:08 2006 Subject: 4.52 on FreeBSD? Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Drew Marshall > Sent: zondag 9 april 2006 15:13 > To: MailScanner discussion > Subject: Re: 4.52 on FreeBSD? > > On 8 Apr 2006, at 18:33, emm1 wrote: > > > I don't know howto do this. And as of "they" I assume there > is someone > > who is committed to update this specific port or do they > just wait for > > someone to do it? > > 'They' is Jan-Peter Koopmann who does participate on this > list and who's e-mail address is listed in the Makefile of > the port. You could always e-mail him and either; > > 1) Volunteer to help him > 2) Rant about his inefficiency at not having updated the port yet > > Or take the third option > > 3) Be patient and wait > > I'll leave you to decide what is the best course of action ;-) > Jan Peter is sometimes busy with his normal job too! He does update the port regulary, but sometimes skip 1 or 2 versions if he's busy and there is not a lot of new functionality. As Drew said, just be patient of volunteer to help and/or maintain the port yourself. Adri. From jscheepers at fbsd.za.net Mon Apr 10 09:31:07 2006 From: jscheepers at fbsd.za.net (Johann Scheepers) Date: Mon Apr 10 09:31:35 2006 Subject: Nod32 Message-ID: <443A17CB.4010602@fbsd.za.net> Hello, Does anyone have a working setup that includes Nod32 + Mailscanner? For the life of me I can't get nod32 to pickup viruses in emails. If I scan a .exe or .com with nod32 it picks up the virus but never in emails. Using bitdefender and clamav works on the same email, though. I have also tried all the possible command line switches with nod32. If anyone has a working setup can you please contact me off list or reply here, whichever you feel like doing. Thanks, Johann From dhawal at netmagicsolutions.com Mon Apr 10 09:57:25 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 10 09:57:59 2006 Subject: Whitelisting Problem In-Reply-To: <4438F536.4080803@blacknight.ie> References: <4438F536.4080803@blacknight.ie> Message-ID: <443A1DF5.3040101@netmagicsolutions.com> Michele Neylon:: Blacknight.ie wrote: > Hi > > If this has been discussed previously I couldn't find it :) > > In any case the problem / issue is as follows > > For very good reason we are allowing all mail to abuse@ and support@ to > bypass our spam filters, however if the email is CCed or BCCed to other > addresses it gets through to them, which we don't want > > Put another way... > We want mail to abuse@ and support@ to get through BUT we don't want > anyotheraddress@ to receive the junk > > MTA is sendmail > > Any thoughts / suggestions would be appreciated Why not have a spamassassin header check.. something like header ABUSE_RULE To =~ /\babuse\@*$/i header POSTMASTER_RULE To =~ /\bpostmaster\@*$/i and give it a negative score.. This way if i am correct, 'Cc' and 'Bcc' get ignored. Also check the syntax once again, rule writing is not one of my strong points. > TIA > > Michele - dhawal From Jan-Peter.Koopmann at seceidos.de Mon Apr 10 10:49:35 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Apr 10 10:49:44 2006 Subject: 4.52 on FreeBSD? Message-ID: On Monday, April 10, 2006 10:06 AM Adri Koppes wrote: >> 3) Be patient and wait Which is what I would prefer.. :-) > Jan Peter is sometimes busy with his normal job too! Put it the other way around: Sometimes I have time outside my job. :-) > He does update the port regulary, but sometimes skip 1 or 2 versions > if he's busy and there is not a lot of new functionality. Actually 4.51 was submitted as far as I can remember but was never committed due to a ports freeze. Now 4.52 is out and therefore the people will not commit 4.51 but rather wait for 4.52. I am currently out of this office until Wednesday. Maybe I can hack together the newest version earlier. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060410/73fc3438/smime.bin From alan at essex.ac.uk Mon Apr 10 11:26:23 2006 From: alan at essex.ac.uk (Stanier, Alan M) Date: Mon Apr 10 11:26:27 2006 Subject: Warning Is Attachment = no Message-ID: <773A7B88FE13D6119C7B009027D3A56A0693F685@sernt13.essex.ac.uk> Hi We are running MailScanner version 4.51.5 When an executable file is mailed to us, it is replaced with stored.filename.message.txt as an attachment. I'd like that to be in the body of the message. The comments in MailScanner.conf, the book, and the wiki all suggest that setting "Warning Is Attachment = no" is what I want. But I've done that, and the file is still appearing as an attachment. What else do I need to do, or have I just misunderstand the instructions? Alan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060410/0ab8c919/attachment.html From martin.lyberg at gmail.com Mon Apr 10 12:21:10 2006 From: martin.lyberg at gmail.com (Martin) Date: Mon Apr 10 13:55:12 2006 Subject: Forward virus, not quarantine? Message-ID: Hi, I'm using Mailscanner together with Postfix, SA and clamav. I wan't to forward all virus-mail to a special mailbox. Is this possible? Thanks / Martin From dhawal at netmagicsolutions.com Mon Apr 10 17:39:53 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 10 17:39:44 2006 Subject: bdc replacement Message-ID: <443A8A59.9050709@netmagicsolutions.com> Hello List, BDC has lately become a cpu hog (or maybe i discovered recently). Am wondering if there are any other alternatives in the command line virus scanning world that are free (as in beer) OR relatively cheap and consume much less resources. I've been using clamav and uvscan for quite some time (qmail-scanner days) and am more / less happy with their performance.. so any other suggestions would be welcome. Also a couple of questions for Julian: 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to something like /var/spool/MailScanner/incoming/log.bdc.$$ and take advantage of the tmpfs partition? 2. Also i don't see any options being used in the bitdefender-wrapper script (similar to ExtraOptions in clamav-wrapper). Any particular reason why? Is it because MailScanner handles all the unpacking of attachments? thanks, - dhawal From ugob at camo-route.com Mon Apr 10 19:21:24 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Apr 10 19:21:51 2006 Subject: SEMI-OT: Book Translation In-Reply-To: <4437C2FF.7000801@blacknight.ie> References: <443411C7.5020009@nkpanama.com> <4437C2FF.7000801@blacknight.ie> Message-ID: Michele Neylon:: Blacknight.ie wrote: > Ugo Bellavance wrote: >> Alex Neuman van der Hans wrote: >>> I'd like to translate "the book" into Spanish, or write "el libro" >>> from scratch. >> Makes me wonder, would it be worth it to translate it in french? > > I'd say - yes > SVP s'il y a des gens qui aimeraient voir une version du livre de MailScanner en francais, vous manifester. Merci, Ugo From glenn.steen at gmail.com Mon Apr 10 19:43:59 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 10 19:44:02 2006 Subject: bdc replacement In-Reply-To: <443A8A59.9050709@netmagicsolutions.com> References: <443A8A59.9050709@netmagicsolutions.com> Message-ID: <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> On 10/04/06, Dhawal Doshy wrote: > Hello List, > > BDC has lately become a cpu hog (or maybe i discovered recently). Am Really? How bad is it? Could you perhaps describe your setup a bit, and perhaps some volume figures....? > wondering if there are any other alternatives in the command line virus > scanning world that are free (as in beer) OR relatively cheap and > consume much less resources. > > I've been using clamav and uvscan for quite some time (qmail-scanner > days) and am more / less happy with their performance.. so any other > suggestions would be welcome. > > Also a couple of questions for Julian: > > 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to > something like /var/spool/MailScanner/incoming/log.bdc.$$ and take > advantage of the tmpfs partition? > > 2. Also i don't see any options being used in the bitdefender-wrapper > script (similar to ExtraOptions in clamav-wrapper). Any particular > reason why? Is it because MailScanner handles all the unpacking of > attachments? > > thanks, > - dhawal Well, there are some that are free for private/home/non-commercial use .... like Antivir (or avira or whatever they like to be called.... http://www.free-av.com), AVG etc... (Avast is too, if you'd like to try your hand at writing a wrapper (I don't think it is included in the "supported set":-)). Panda isn't free, even though they say so, since you need to pay for updates, and besides.... It's not that well come together (although Ricks "new" wrapper makes it somewhat less of a hog), so I wouldn't recommend that one ... But it is cheap, one has to give it that... If one were a bit sarcastic, one might say it is cheap in every sense of the word;). If I'd look at anything new, it'd probably be ine if the four: AVG, Sophos, F-secure or F-prot.... with possibly nod32 as a remote outsider:-). Anyway, I've been happy with the same setup you've got (clam, bdc and mcafee), so would realy be interrested to hear what numbers you can present. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Mon Apr 10 20:07:47 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 10 20:08:19 2006 Subject: bdc replacement In-Reply-To: <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> References: <443A8A59.9050709@netmagicsolutions.com> <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> Message-ID: Glenn Steen spake the following on 4/10/2006 11:43 AM: > On 10/04/06, Dhawal Doshy wrote: >> Hello List, >> >> BDC has lately become a cpu hog (or maybe i discovered recently). Am > > Really? How bad is it? Could you perhaps describe your setup a bit, > and perhaps some volume figures....? > >> wondering if there are any other alternatives in the command line virus >> scanning world that are free (as in beer) OR relatively cheap and >> consume much less resources. >> >> I've been using clamav and uvscan for quite some time (qmail-scanner >> days) and am more / less happy with their performance.. so any other >> suggestions would be welcome. >> >> Also a couple of questions for Julian: >> >> 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to >> something like /var/spool/MailScanner/incoming/log.bdc.$$ and take >> advantage of the tmpfs partition? >> >> 2. Also i don't see any options being used in the bitdefender-wrapper >> script (similar to ExtraOptions in clamav-wrapper). Any particular >> reason why? Is it because MailScanner handles all the unpacking of >> attachments? >> >> thanks, >> - dhawal > > Well, there are some that are free for private/home/non-commercial use > .... like Antivir (or avira or whatever they like to be called.... > http://www.free-av.com), AVG etc... (Avast is too, if you'd like to > try your hand at writing a wrapper (I don't think it is included in > the "supported set":-)). Panda isn't free, even though they say so, > since you need to pay for updates, and besides.... It's not that well > come together (although Ricks "new" wrapper makes it somewhat less of > a hog), so I wouldn't recommend that one ... But it is cheap, one has > to give it that... If one were a bit sarcastic, one might say it is > cheap in every sense of the word;). > > If I'd look at anything new, it'd probably be ine if the four: AVG, > Sophos, F-secure or F-prot.... with possibly nod32 as a remote > outsider:-). > > Anyway, I've been happy with the same setup you've got (clam, bdc and > mcafee), so would realy be interrested to hear what numbers you can > present. > Cheers I run the same 3 and haven't seen any performance problems. Are you running the gcc3x version, or do you still have the older (i think gcc29x) version? The older one isn't even offered on their website, although I have them somewhere. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dhawal at netmagicsolutions.com Mon Apr 10 21:25:57 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 10 21:26:01 2006 Subject: bdc replacement In-Reply-To: References: <443A8A59.9050709@netmagicsolutions.com> <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> Message-ID: <20060410202557.23401.qmail@mymail.netmagicians.com> Scott Silva writes: > Glenn Steen spake the following on 4/10/2006 11:43 AM: >> On 10/04/06, Dhawal Doshy wrote: >>> Hello List, >>> >>> BDC has lately become a cpu hog (or maybe i discovered recently). Am >> >> Really? How bad is it? Could you perhaps describe your setup a bit, >> and perhaps some volume figures....? >> >>> wondering if there are any other alternatives in the command line virus >>> scanning world that are free (as in beer) OR relatively cheap and >>> consume much less resources. >>> >>> I've been using clamav and uvscan for quite some time (qmail-scanner >>> days) and am more / less happy with their performance.. so any other >>> suggestions would be welcome. >>> >>> Also a couple of questions for Julian: >>> >>> 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to >>> something like /var/spool/MailScanner/incoming/log.bdc.$$ and take >>> advantage of the tmpfs partition? >>> >>> 2. Also i don't see any options being used in the bitdefender-wrapper >>> script (similar to ExtraOptions in clamav-wrapper). Any particular >>> reason why? Is it because MailScanner handles all the unpacking of >>> attachments? >>> >>> thanks, >>> - dhawal >> >> Well, there are some that are free for private/home/non-commercial use >> .... like Antivir (or avira or whatever they like to be called.... >> http://www.free-av.com), AVG etc... (Avast is too, if you'd like to >> try your hand at writing a wrapper (I don't think it is included in >> the "supported set":-)). Panda isn't free, even though they say so, >> since you need to pay for updates, and besides.... It's not that well >> come together (although Ricks "new" wrapper makes it somewhat less of >> a hog), so I wouldn't recommend that one ... But it is cheap, one has >> to give it that... If one were a bit sarcastic, one might say it is >> cheap in every sense of the word;). >> >> If I'd look at anything new, it'd probably be ine if the four: AVG, >> Sophos, F-secure or F-prot.... with possibly nod32 as a remote >> outsider:-). >> >> Anyway, I've been happy with the same setup you've got (clam, bdc and >> mcafee), so would realy be interrested to hear what numbers you can >> present. >> Cheers > I run the same 3 and haven't seen any performance problems. Are you running > the gcc3x version, or do you still have the older (i think gcc29x) version? > The older one isn't even offered on their website, although I have them somewhere. Hey guys.. thanks for your replies.. it really isn't as bad as i've projected but then the average cpu usage is 40% and bdc is responsible for most of it. What i am worried about is the constant/consistent 35-40% usage. All systems are: Dell PE1850, Dual Xeons 2.8 Ghz (with HT enabled), 3GB RAM, 10K RPM SCSI Disks Running 32bit centos 4.3 with the following: MS 4.50.10/postfix 2.2.5 SA 3.11/pyzor/razor/dcc uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 The servers process about 70-80K mails each + lot more rejections at the mta level. - dhawal > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From glenn.steen at gmail.com Mon Apr 10 22:08:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 10 22:08:23 2006 Subject: bdc replacement In-Reply-To: <20060410202557.23401.qmail@mymail.netmagicians.com> References: <443A8A59.9050709@netmagicsolutions.com> <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> <20060410202557.23401.qmail@mymail.netmagicians.com> Message-ID: <223f97700604101408i6ca8c5dfnde84b15f4107d2cd@mail.gmail.com> On 10/04/06, Dhawal Doshy wrote: > Scott Silva writes: > > > Glenn Steen spake the following on 4/10/2006 11:43 AM: > >> On 10/04/06, Dhawal Doshy wrote: > >>> Hello List, > >>> > >>> BDC has lately become a cpu hog (or maybe i discovered recently). Am > >> > >> Really? How bad is it? Could you perhaps describe your setup a bit, > >> and perhaps some volume figures....? > >> > >>> wondering if there are any other alternatives in the command line virus > >>> scanning world that are free (as in beer) OR relatively cheap and > >>> consume much less resources. > >>> > >>> I've been using clamav and uvscan for quite some time (qmail-scanner > >>> days) and am more / less happy with their performance.. so any other > >>> suggestions would be welcome. > >>> > >>> Also a couple of questions for Julian: > >>> > >>> 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to > >>> something like /var/spool/MailScanner/incoming/log.bdc.$$ and take > >>> advantage of the tmpfs partition? > >>> > >>> 2. Also i don't see any options being used in the bitdefender-wrapper > >>> script (similar to ExtraOptions in clamav-wrapper). Any particular > >>> reason why? Is it because MailScanner handles all the unpacking of > >>> attachments? > >>> > >>> thanks, > >>> - dhawal > >> > >> Well, there are some that are free for private/home/non-commercial use > >> .... like Antivir (or avira or whatever they like to be called.... > >> http://www.free-av.com), AVG etc... (Avast is too, if you'd like to > >> try your hand at writing a wrapper (I don't think it is included in > >> the "supported set":-)). Panda isn't free, even though they say so, > >> since you need to pay for updates, and besides.... It's not that well > >> come together (although Ricks "new" wrapper makes it somewhat less of > >> a hog), so I wouldn't recommend that one ... But it is cheap, one has > >> to give it that... If one were a bit sarcastic, one might say it is > >> cheap in every sense of the word;). > >> > >> If I'd look at anything new, it'd probably be ine if the four: AVG, > >> Sophos, F-secure or F-prot.... with possibly nod32 as a remote > >> outsider:-). > >> > >> Anyway, I've been happy with the same setup you've got (clam, bdc and > >> mcafee), so would realy be interrested to hear what numbers you can > >> present. > >> Cheers > > I run the same 3 and haven't seen any performance problems. Are you running > > the gcc3x version, or do you still have the older (i think gcc29x) version? > > The older one isn't even offered on their website, although I have them somewhere. > > Hey guys.. thanks for your replies.. it really isn't as bad as i've > projected but then the average cpu usage is 40% and bdc is responsible for > most of it. What i am worried about is the constant/consistent 35-40% usage. > > All systems are: > Dell PE1850, Dual Xeons 2.8 Ghz (with HT enabled), 3GB RAM, 10K RPM SCSI > Disks Running 32bit centos 4.3 with the following: > > MS 4.50.10/postfix 2.2.5 > SA 3.11/pyzor/razor/dcc > uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 > > The servers process about 70-80K mails each + lot more rejections at the mta > level. > > - dhawal Well, doesn't sound like anything to get desparately anxious about:-). After all, *some* use of the cpus are OK:):) (Joking aside) Do you see any other "danger signs"? Or is it "just" cpu? Any particular reason why you have HT on? Does it really give you any real (measurable) benefit? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Mon Apr 10 22:34:39 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 10 22:34:42 2006 Subject: bdc replacement In-Reply-To: <223f97700604101408i6ca8c5dfnde84b15f4107d2cd@mail.gmail.com> References: <443A8A59.9050709@netmagicsolutions.com> <223f97700604101143k12561694l8866fde5c06102d8@mail.gmail.com> <20060410202557.23401.qmail@mymail.netmagicians.com> <223f97700604101408i6ca8c5dfnde84b15f4107d2cd@mail.gmail.com> Message-ID: <20060410213439.27424.qmail@mymail.netmagicians.com> Glenn Steen writes: > On 10/04/06, Dhawal Doshy wrote: >> Scott Silva writes: >> >> > Glenn Steen spake the following on 4/10/2006 11:43 AM: >> >> On 10/04/06, Dhawal Doshy wrote: >> >>> Hello List, >> >>> >> >>> BDC has lately become a cpu hog (or maybe i discovered recently). Am >> >> >> >> Really? How bad is it? Could you perhaps describe your setup a bit, >> >> and perhaps some volume figures....? >> >> >> >>> wondering if there are any other alternatives in the command line virus >> >>> scanning world that are free (as in beer) OR relatively cheap and >> >>> consume much less resources. >> >>> >> >>> I've been using clamav and uvscan for quite some time (qmail-scanner >> >>> days) and am more / less happy with their performance.. so any other >> >>> suggestions would be welcome. >> >>> >> >>> Also a couple of questions for Julian: >> >>> >> >>> 1. Shouldn't "LogFile=/tmp/log.bdc.$$" in bitdefender-wrapper point to >> >>> something like /var/spool/MailScanner/incoming/log.bdc.$$ and take >> >>> advantage of the tmpfs partition? >> >>> >> >>> 2. Also i don't see any options being used in the bitdefender-wrapper >> >>> script (similar to ExtraOptions in clamav-wrapper). Any particular >> >>> reason why? Is it because MailScanner handles all the unpacking of >> >>> attachments? >> >>> >> >>> thanks, >> >>> - dhawal >> >> >> >> Well, there are some that are free for private/home/non-commercial use >> >> .... like Antivir (or avira or whatever they like to be called.... >> >> http://www.free-av.com), AVG etc... (Avast is too, if you'd like to >> >> try your hand at writing a wrapper (I don't think it is included in >> >> the "supported set":-)). Panda isn't free, even though they say so, >> >> since you need to pay for updates, and besides.... It's not that well >> >> come together (although Ricks "new" wrapper makes it somewhat less of >> >> a hog), so I wouldn't recommend that one ... But it is cheap, one has >> >> to give it that... If one were a bit sarcastic, one might say it is >> >> cheap in every sense of the word;). >> >> >> >> If I'd look at anything new, it'd probably be ine if the four: AVG, >> >> Sophos, F-secure or F-prot.... with possibly nod32 as a remote >> >> outsider:-). >> >> >> >> Anyway, I've been happy with the same setup you've got (clam, bdc and >> >> mcafee), so would realy be interrested to hear what numbers you can >> >> present. >> >> Cheers >> > I run the same 3 and haven't seen any performance problems. Are you running >> > the gcc3x version, or do you still have the older (i think gcc29x) version? >> > The older one isn't even offered on their website, although I have them somewhere. >> >> Hey guys.. thanks for your replies.. it really isn't as bad as i've >> projected but then the average cpu usage is 40% and bdc is responsible for >> most of it. What i am worried about is the constant/consistent 35-40% usage. >> >> All systems are: >> Dell PE1850, Dual Xeons 2.8 Ghz (with HT enabled), 3GB RAM, 10K RPM SCSI >> Disks Running 32bit centos 4.3 with the following: >> >> MS 4.50.10/postfix 2.2.5 >> SA 3.11/pyzor/razor/dcc >> uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 >> >> The servers process about 70-80K mails each + lot more rejections at the mta >> level. >> >> - dhawal > > Well, doesn't sound like anything to get desparately anxious about:-). > After all, *some* use of the cpus are OK:):) well i am not really deperate/anxious.. i've run mission critical communication stuff on underpowered machines for too long to get jittery.. and for this project i've convinced management that 60% resource usage (sustained peak usage) warrants for an additional server. > (Joking aside) Do you see any other "danger signs"? Or is it "just" > cpu? Any particular reason why you have HT on? Does it really give you > any real (measurable) benefit? Actually it's just cpu, i have enough free memory. With some more load each server can take 120000+ mails a day but i doubt bdc will let me do so, hence the concern. As for HT, it was enabled by default and back then i didn't see a reason to turn it off (but lately, i think otherwise) thanks, - dhawal > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From james at grayonline.id.au Tue Apr 11 06:22:31 2006 From: james at grayonline.id.au (James Gray) Date: Tue Apr 11 06:23:28 2006 Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! Message-ID: <200604111522.35660.james@grayonline.id.au> Hi All, Just thought I'd post my results after tinkering for the last few days. MailScanner 4.52-2 (With Julian's install-clam-sa "package"). MailWatch 1.0.3 ClamAV 0.88 (from Fink) + a few odd's and sods from source/CPAN. It works! Surprisingly, considering this is my first MailScanner+Postfix setup and this is the first Mac I've owned (ever). - The Time::Hires module doesn't pass the tests, but seems to run fine. So I just did a "make+install" without the tests. - The Net::DNS module from CPAN doesn't seem to like Mac OSX...I'm still working on that. - Once MySQL was up and running, integrating Mailwatch was as simple as FreeBSD/Linux. It's mostly manual anyway, so no big differences there. - Still haven't figured out OSX's launchd stuff to get it to fire up MailScanner automagically. (Anyone?) TO DO: - Pyzor and Razor2 clients. - Install postfix-mysql and switch to virtual users etc. - Install courier POP3+IMAP. - Implement SASL/TLS for remote SMTP users. Oddities: - "\n" literal added to the end of log lines (Julian?), eg: Apr 11 15:11:54 emily MailScanner[6840]: Spam Checks: Starting\n Apr 11 15:11:54 emily MailScanner[6840]: Message 8D65DC67E5.09643 from 10.0.0.1 (me@mydomain) is whitelisted\n Apr 11 15:11:55 emily MailScanner[6840]: Message 8D65DC67E5.09643 from 10.0.0.1 (me@mydomain) to mydomain is not spam (whitelisted), SpamAssassin (score=0.496, required 5, ALL_TRUSTED -1.80, BAYES_50 0.00, DRUGS_ERECTILE 0.49, NO_REAL_NAME 0.96, UNDISC_RECIPS 0.84)\n .... etc. Other than that, no major dramas :) Cheers James -- BOFH excuse #382: Someone was smoking in the computer room and set off the halon systems. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060411/b3f92496/attachment.bin From prandal at herefordshire.gov.uk Tue Apr 11 10:31:46 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Apr 11 10:33:14 2006 Subject: bdc replacement Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C591C29@isabella.herefordshire.gov.uk> Is bdc 7.1 any better? # bdc -version BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) (from http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html ) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Dhawal Doshy > Sent: 10 April 2006 21:26 > To: MailScanner discussion > Subject: Re: bdc replacement > uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 From tac.forums at gmail.com Tue Apr 11 13:06:17 2006 From: tac.forums at gmail.com (TAC Forums) Date: Tue Apr 11 13:06:20 2006 Subject: Denial of Service attack in message! Message-ID: Hi A word documented sent as an attachment got quarantined by MailScanner version 4.29 but goes through fine on version 4.31 This is the error it gives. ================================================= From: MailScanner [mailto:postmaster@......] Sent: Thursday, April 06, 2006 6:16 PM To: ......................... Subject: Warning: E-mail viruses detected The following e-mail messages were found to have viruses in them: Sender: .......................... IP Address: 127.0.0.1 Recipient: ............... Subject: ......................... MessageID: k36CMaet006826 Report: Denial of Service attack in message! Denial of Service attack in message! ================================================= I've replaced email addresses with dots as it's not relavent. Is this something I need to worry about? Or can I forward this attachment to the recepient? Regards -- TAC Support Team From alex at nkpanama.com Tue Apr 11 14:09:54 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 11 14:10:25 2006 Subject: SEMI-OT: Book Translation In-Reply-To: References: <443411C7.5020009@nkpanama.com> <4437C2FF.7000801@blacknight.ie> Message-ID: <443BAAA2.1070700@nkpanama.com> Ugo Bellavance wrote: > > SVP s'il y a des gens qui aimeraient voir une version du livre de > MailScanner en francais, vous manifester. > > Merci, > > Ugo > Je crois que une version fran?aise du livre serait bonne, m?me si mon Fran?ais est tr?s pauvre. S'il y a quelque chose je peux faire pour aider, me contacte. From alex at nkpanama.com Tue Apr 11 14:12:51 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 11 14:13:38 2006 Subject: Same email processes 268 times! In-Reply-To: <48dbe547f93db62bd1bd8db0b72a3005@localhost> References: <48dbe547f93db62bd1bd8db0b72a3005@localhost> Message-ID: <443BAB53.2010103@nkpanama.com> Max Kipness wrote: > Hello - > > I've been trying desperately to figure out why my MailScanner queues are so > large and cpu is pegged at 100%. When looking through the log I finally figured > out what part of the problem might be. Some messages are being processed > hundreds of times. I grepped for one messagaes and was processed 268 times, so > basically I see this (the repetitive part): > > Apr 3 09:08:31 xxx MailScanner[19835]: Spam Actions: message k33E61uc020656 > actions are store > Apr 3 09:10:11 xxx MailScanner[21099]: RBL checks: k33E61uc020656 found in > SBL+XBL > Apr 3 09:10:11 xxx MailScanner[21099]: SpamAssassin cache hit for message > k33E61uc020656 > Apr 3 09:10:11 xxx MailScanner[21099]: Message k33E61uc020656 from > 218.144.251.15 (jonah.rivas_yx@mo > en.com) to xxx.com is spam, SBL+XBL, SpamAssassin (score=28.338, required 6, > BAYES_99 3.50, DATE_IN_ > FUTURE_12_24 2.77, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.77, FORGED_RCVD_HELO 0.14, > MIME_BASE64_NO_NAME 0.22 > , MIME_BASE64_TEXT 1.89, PYZOR_CHECK 3.70, RATWARE_NAME_ID 4.10, > RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_ > RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL > 1.95, RCVD_IN_SORBS_DUL 2. > 05) > > This has repeated 268 times with only an increment of a few seconds in the > time. > > Other messages, including non-spam seem to function just fine and are processed > once. > > I'm using the latest MailScanner, SA, DCC, Pyzor. This is a new build from a > week ago, so something I guess could be configured wrong. > > Thanks, > Max > > File locking (should be posix, I think)? Try setting "max children" to 1, temporarily, and see what happens. Be sure to get move the files in the queue somewhere else temporarily as well, just for testing. From dickenson at cfmc.com Tue Apr 11 14:49:37 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Tue Apr 11 14:49:52 2006 Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! In-Reply-To: <200604111522.35660.james@grayonline.id.au> Message-ID: Basically you create a directory under /Library/StartupItems. The directories I have are owned by root:wheel and have permissions 755. In this directory you create a script that starts the process. Here is an example: #!/bin/sh ## # MySQL 4 Server ## . /etc/rc.common StartService () { if [ "${MYSQL:=-NO-}" = "-YES-" ]; then ConsoleMessage "Starting MySQL Server" cd /Library/MySQL ./bin/mysqld_safe & fi } StopService () { ConsoleMessage "Stopping MySQL Server" PIDS=`ps ax | grep mysql | grep -v grep | awk '{print $1}'` for pid in $PIDS; do kill -KILL $pid done } RestartService () { StopService sleep 3 StartService } RunService "$1" This file has the same name as the directory, although I do not know if that is required it seems to be the case in the directories I have. The file is owned by root:wheel and has permissions 755. The line: if [ "${MYSQL:=-NO-}" = "-YES-" ]; then is used to evaluate a line in /etc/hostconifg that looks like "MYSQL=-YES-" or " MYSQL=-NO-" and says if you want the process to start at reboot or not. The second file is a properties list file named StartupParameters.plist with owner root:wheel and permissions 644. Here is an example: { Description = "MySQL Server"; Provides = ("MySQL"); Requires = ("Resolver"); OrderPreference = "Late"; Messages = { start = "Starting MySQL Server"; stop = "Stopping MySQL Server"; }; } User startup processes are controlled in /Library/StartupItems while system processes are controlled in /System/Library/StartupItems. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: James Gray > Organization: GrayOnline > Reply-To: MailScanner discussion > Date: Tue, 11 Apr 2006 15:22:31 +1000 > To: MailScanner List > Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! > > Hi All, > > Just thought I'd post my results after tinkering for the last few days. > > - Still haven't figured out OSX's launchd stuff to get it to fire up > MailScanner automagically. (Anyone?) From dickenson at cfmc.com Tue Apr 11 15:04:34 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Tue Apr 11 15:04:47 2006 Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! In-Reply-To: Message-ID: Documentation on this topic can be found here: file:///Developer/ADC%20Reference%20Library/documentation/MacOSX/Conceptual/ BPSystemStartup/Articles/StartupItems.html#//apple_ref/doc/uid/20002132-Dont LinkElementID_247517a And here: file:///Developer/ADC%20Reference%20Library/documentation/MacOSX/Conceptual/ BPSystemStartup/Articles/DesigningDaemons.html#//apple_ref/doc/uid/TP4000179 1-BBCBHBFB -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > >> From: James Gray >> Organization: GrayOnline >> Reply-To: MailScanner discussion >> Date: Tue, 11 Apr 2006 15:22:31 +1000 >> To: MailScanner List >> Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! >> >> Hi All, >> >> Just thought I'd post my results after tinkering for the last few days. >> >> - Still haven't figured out OSX's launchd stuff to get it to fire up >> MailScanner automagically. (Anyone?) > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jgg at giversen.net Tue Apr 11 15:14:50 2006 From: jgg at giversen.net (=?ISO-8859-1?Q?J=F8rgen_Giversen?=) Date: Tue Apr 11 15:15:09 2006 Subject: Mailserver mem usage (OT) In-Reply-To: <200604111522.35660.james@grayonline.id.au> References: <200604111522.35660.james@grayonline.id.au> Message-ID: <443BB9DA.2060106@giversen.net> Dear all I have just setup a new mailserver (the old hardware was getting unstable) Harware: Intel 7320 motherboard 1 Xeon 2.8 1Gb ram Adaptec29320 Scsi controler some SCSI disks software: OS: Centos 4.3 I386 (not X86_64) Mailscanner 4.52.1 SA 3.11/pyzor/razor/dcc ClamAV, BDC Mailwatch 1.0.3 It scans around 1500 mails a day in total (also taking care of some other internet services ) I works fine but something bothers me. The old system had about 600 mb ram when i looked at "top" it always showed that it used all the mem available. The new system however shows that it uses about 300 mb with about 700 mb free. Can anybody tell my why it is not using all the mem that's available? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 11 15:35:17 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 11 15:35:20 2006 Subject: Mailserver mem usage (OT) In-Reply-To: <443BB9DA.2060106@giversen.net> References: <200604111522.35660.james@grayonline.id.au> <443BB9DA.2060106@giversen.net> Message-ID: <223f97700604110735x6dd586d1w740337403a9d6e4b@mail.gmail.com> On 11/04/06, J?rgen Giversen wrote: > Dear all I have just setup a new mailserver (the old hardware was > getting unstable) > > Harware: > Intel 7320 motherboard > 1 Xeon 2.8 > 1Gb ram > Adaptec29320 Scsi controler > some SCSI disks > > software: > OS: Centos 4.3 I386 (not X86_64) > Mailscanner 4.52.1 > SA 3.11/pyzor/razor/dcc > ClamAV, BDC > Mailwatch 1.0.3 > > It scans around 1500 mails a day in total (also taking care of some > other internet services ) > I works fine but something bothers me. > > The old system had about 600 mb ram when i looked at "top" it always > showed that it used all the mem available. The new system however shows > that it uses about 300 mb with about 700 mb free. Can anybody tell my > why it is not using all the mem that's available? > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > One can think of several reasons:-). On the "old" system, you probably had most of your memory "tied" to filesystem caching etc, that is to say in "readily returnable state"... So if the kernel policy for how much of the memory is used/allowed for such differ, you will see a marked difference there. Also, this caching can take some time to "build up" so if the system hasn't been running for more than a (rather) short while, it might not have had time to amass any significant use (if you use slocate or similar, thoat/those cron-jobs usually "fill this up" eventually:-). Unless you see some (real) performance issues, this shouldn't be anything to worry that much about. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roger at rudnick.com.br Tue Apr 11 15:53:51 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 11 15:54:14 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> Message-ID: <00cc01c65d77$bf707ef0$0600a8c0@roger> Hello all! I finally found the problem with my mail server with messages sended with an empty body (problem related in the e-mail bellow). Turn's out that MailScanner is fine, sendmail is fine, and the problem was with Mailwatch. There is a php script in /usr/local/bin called "mailq" that reads the mail queue to show in Mailwatch frontend. This script runs every minute, and it locks the messages (sometimes), and because of that MailScanner sends the empty messages (with the locking error) and then after that the normal (full) message. I turned that script off and now everything is working fine... What a fight... Is there something I have to do with that script to make it run with sendmail 8.13 ? Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Thursday, April 06, 2006 10:58 AM Subject: Sendmail Upgrade, new thread > I'm rellating my problem again like Martin asked, to see if anybody could > help. > > I upgraded sendmail from 8.13.1 to 8.13.6 last week. Since that upgrade, > I'm receiving some mails twice, one with no body (outlook shows <<< No > Message Collected >>>) and one complete mail (with the original body). > Looktype in MailScanner is (and already was before the upgrade) "posix". > > My MailScanner is 4.52.2 and I'm also using spamassassin 3.1.1. > > When this error occurs, I can se in my maillog messages like: > > MailScanner[9596]: Failed to link message body between queues > (/var/spool/mqueue/dfi8R9KQqf010458 --> > /var/spool/mqueue.in/dfi8R9KQqf010458) > > Shrek-m googled (I'm was told this is acepptable now : "googled") my > problem and found a similar one, and the solution was to decrease the max > children in MailScanner.conf to a single one. > > I did that, but the obvious problem that this created is that when lots of > mails come in, MailScanner became extremly slow, and users wait 20 minutes > or more to receive a single message. > > So, today I turned that back, to my usual number of childrens. And, > obviuosly, my problem returned, some messages are received twice. > > Other info, Julian asked me for the info returned by > sendmail -d0.1 -d0.4 -bt < /dev/null > > That returned: > > Version 8.13.6 > Compiled with: DNSMAP LDAPMAP FSTATMAP LOG MAP_REGEX MATCHGECOS MILTER > MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB NIS > PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS USERDB USE_LDAP_INIT > Canonical name: mail.rudnick.com.br > UUCP nodename: mail.rudnick.com.br > a.k.a.: mail > a.k.a.: [172.16.0.1] > > Another info I think may be usefull, is that before sendmail 8.13.6, > postfix was installed on my machine, but I wasn't using it. Trying to > upgrade sendmail to 8.13.6, it told me that sendmail conflicts with > postfix. So I removed it. I don't know if that has something to do with my > problem... > > Any help would be really appreciated. > > Regards > > Roger Jochem > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jgg at giversen.net Tue Apr 11 16:08:39 2006 From: jgg at giversen.net (=?ISO-8859-1?Q?J=F8rgen_Giversen?=) Date: Tue Apr 11 16:08:49 2006 Subject: Mailserver mem usage (OT) In-Reply-To: <223f97700604110735x6dd586d1w740337403a9d6e4b@mail.gmail.com> References: <200604111522.35660.james@grayonline.id.au> <443BB9DA.2060106@giversen.net> <223f97700604110735x6dd586d1w740337403a9d6e4b@mail.gmail.com> Message-ID: <443BC677.3050509@giversen.net> > >> The old system had about 600 mb ram when i looked at "top" it always >> showed that it used all the mem available. The new system however shows >> that it uses about 300 mb with about 700 mb free. Can anybody tell my >> why it is not using all the mem that's available? >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > One can think of several reasons:-). > On the "old" system, you probably had most of your memory "tied" to > filesystem caching etc, that is to say in "readily returnable > state"... So if the kernel policy for how much of the memory is > used/allowed for such differ, you will see a marked difference there. > Also, this caching can take some time to "build up" so if the system > hasn't been running for more than a (rather) short while, it might not > have had time to amass any significant use (if you use slocate or > similar, thoat/those cron-jobs usually "fill this up" eventually:-). > > Unless you see some (real) performance issues, this shouldn't be > anything to worry that much about. > Ok thanks I was just wondering if I some how could use some of the mem for squid when no other service seems to want to use it. It has been running now for 3 days with quite good performance. Regards jg -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dhawal at netmagicsolutions.com Tue Apr 11 16:25:16 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Apr 11 16:25:09 2006 Subject: bdc replacement In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580C591C29@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580C591C29@isabella.herefordshire.gov.uk> Message-ID: <443BCA5C.8060100@netmagicsolutions.com> Randal, Phil wrote: > Is bdc 7.1 any better? > > # bdc -version > BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) > > (from > http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html > ) Thanks for the link, i see the same behavior with 7.1 as well.. CPU is mostly 60% idle, and bdc consumes about 35-40% of the cpu. - dhawal > Cheers, > > Phil > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Dhawal Doshy >> Sent: 10 April 2006 21:26 >> To: MailScanner discussion >> Subject: Re: bdc replacement > >> uvscan v4.4.00/bdc 7.0.1-3.linux-gcc3x.i586/clam 0.88.1 From glenn.steen at gmail.com Tue Apr 11 16:40:14 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 11 16:40:17 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <00cc01c65d77$bf707ef0$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> <00cc01c65d77$bf707ef0$0600a8c0@roger> Message-ID: <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com> On 11/04/06, Roger Jochem wrote: > Hello all! > > I finally found the problem with my mail server with messages sended with an > empty body (problem related in the e-mail bellow). > > Turn's out that MailScanner is fine, sendmail is fine, and the problem was > with Mailwatch. > > There is a php script in /usr/local/bin called "mailq" that reads the mail > queue to show in Mailwatch frontend. This script runs every minute, and it > locks the messages (sometimes), and because of that MailScanner sends the > empty messages (with the locking error) and then after that the normal > (full) message. I turned that script off and now everything is working > fine... What a fight... > > Is there something I have to do with that script to make it run with > sendmail 8.13 ? > > Regards > > Roger Jochem > Seems that script is using flock for locking, not lockf (posix). So Steve (or *someone*) might have something to do there:-). Usual disclaimer applies: I might be reading the code wrong;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roger at rudnick.com.br Tue Apr 11 16:53:40 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 11 16:53:56 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger><00cc01c65d77$bf707ef0$0600a8c0@roger> <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com> Message-ID: <019a01c65d80$1a6aed10$0600a8c0@roger> The command is really flock, in lines 30 and 219 of the script. I attached the file to this e-mail. I just need to change these two commands? Regards Roger Jochem ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Tuesday, April 11, 2006 12:40 PM Subject: Re: Sendmail Upgrade, new thread > On 11/04/06, Roger Jochem wrote: >> Hello all! >> >> I finally found the problem with my mail server with messages sended with >> an >> empty body (problem related in the e-mail bellow). >> >> Turn's out that MailScanner is fine, sendmail is fine, and the problem >> was >> with Mailwatch. >> >> There is a php script in /usr/local/bin called "mailq" that reads the >> mail >> queue to show in Mailwatch frontend. This script runs every minute, and >> it >> locks the messages (sometimes), and because of that MailScanner sends the >> empty messages (with the locking error) and then after that the normal >> (full) message. I turned that script off and now everything is working >> fine... What a fight... >> >> Is there something I have to do with that script to make it run with >> sendmail 8.13 ? >> >> Regards >> >> Roger Jochem >> > Seems that script is using flock for locking, not lockf (posix). So > Steve (or *someone*) might have something to do there:-). Usual > disclaimer applies: I might be reading the code wrong;). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: mailq.php Type: application/octet-stream Size: 8726 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060411/b3f72898/mailq.obj From ssilva at sgvwater.com Tue Apr 11 17:12:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 11 17:15:31 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <019a01c65d80$1a6aed10$0600a8c0@roger> References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger><00cc01c65d77$bf707ef0$0600a8c0@roger> <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com> <019a01c65d80$1a6aed10$0600a8c0@roger> Message-ID: Roger Jochem spake the following on 4/11/2006 8:53 AM: > The command is really flock, in lines 30 and 219 of the script. I > attached the file to this e-mail. I just need to change these two commands? > > Regards > > Roger Jochem > > ----- Original Message ----- From: "Glenn Steen" > To: "MailScanner discussion" > Sent: Tuesday, April 11, 2006 12:40 PM > Subject: Re: Sendmail Upgrade, new thread > > >> On 11/04/06, Roger Jochem wrote: >>> Hello all! >>> >>> I finally found the problem with my mail server with messages sended >>> with an >>> empty body (problem related in the e-mail bellow). >>> >>> Turn's out that MailScanner is fine, sendmail is fine, and the >>> problem was >>> with Mailwatch. >>> >>> There is a php script in /usr/local/bin called "mailq" that reads the >>> mail >>> queue to show in Mailwatch frontend. This script runs every minute, >>> and it >>> locks the messages (sometimes), and because of that MailScanner sends >>> the >>> empty messages (with the locking error) and then after that the normal >>> (full) message. I turned that script off and now everything is working >>> fine... What a fight... >>> >>> Is there something I have to do with that script to make it run with >>> sendmail 8.13 ? >>> >>> Regards >>> >>> Roger Jochem >>> >> Seems that script is using flock for locking, not lockf (posix). So >> Steve (or *someone*) might have something to do there:-). Usual >> disclaimer applies: I might be reading the code wrong;). >> >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! That command seems to only lock only itself to keep multiple copies of the program from running. QUOTE // Prevent multiple copies running $fl = fopen("/var/run/mailq.lock", "w+"); // Attempt to create an exclusive lock - continue if successful if(flock($fl, LOCK_EX + LOCK_NB)) { /QUOTE It opens a lock file, and if it succeeds, it runs. If it can't open the lock file for write ("w+"), the program assumes it is already running. That way if it is fired every minute, but a large queue keeps the previous run open for more than that minute it won't run again. BTW, I think it should only run every 5 minutes. I think that is a symptom, not a cause. I, and many other people, are running that very script with no problems. Are you running a distro supplied version of sendmail, or did you get it from "outside the chain"? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From roger at rudnick.com.br Tue Apr 11 17:49:57 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 11 17:50:09 2006 Subject: Sendmail Upgrade, new thread References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop><03a801c65982$2db2a220$0600a8c0@roger><00cc01c65d77$bf707ef0$0600a8c0@roger> <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com><019a01c65d80$1a6aed10$0600a8c0@roger> Message-ID: <022001c65d87$f79ac000$0600a8c0@roger> I'm running sendmail 8.13.6 that I rebuild from source. I got the source at http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRPMS . And I'm currently running Centos 3 (now it is on subversion 3.7) on my machine. Any better place to get sendmail 8.13 for my distro? Regards Roger Jochem ----- Original Message ----- From: "Scott Silva" To: Sent: Tuesday, April 11, 2006 1:12 PM Subject: Re: Sendmail Upgrade, new thread > Roger Jochem spake the following on 4/11/2006 8:53 AM: >> The command is really flock, in lines 30 and 219 of the script. I >> attached the file to this e-mail. I just need to change these two >> commands? >> >> Regards >> >> Roger Jochem >> >> ----- Original Message ----- From: "Glenn Steen" >> To: "MailScanner discussion" >> Sent: Tuesday, April 11, 2006 12:40 PM >> Subject: Re: Sendmail Upgrade, new thread >> >> >>> On 11/04/06, Roger Jochem wrote: >>>> Hello all! >>>> >>>> I finally found the problem with my mail server with messages sended >>>> with an >>>> empty body (problem related in the e-mail bellow). >>>> >>>> Turn's out that MailScanner is fine, sendmail is fine, and the >>>> problem was >>>> with Mailwatch. >>>> >>>> There is a php script in /usr/local/bin called "mailq" that reads the >>>> mail >>>> queue to show in Mailwatch frontend. This script runs every minute, >>>> and it >>>> locks the messages (sometimes), and because of that MailScanner sends >>>> the >>>> empty messages (with the locking error) and then after that the normal >>>> (full) message. I turned that script off and now everything is working >>>> fine... What a fight... >>>> >>>> Is there something I have to do with that script to make it run with >>>> sendmail 8.13 ? >>>> >>>> Regards >>>> >>>> Roger Jochem >>>> >>> Seems that script is using flock for locking, not lockf (posix). So >>> Steve (or *someone*) might have something to do there:-). Usual >>> disclaimer applies: I might be reading the code wrong;). >>> >>> -- >>> -- Glenn >>> email: glenn < dot > steen < at > gmail < dot > com >>> work: glenn < dot > steen < at > ap1 < dot > se >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > That command seems to only lock only itself to keep multiple copies of the > program from running. > QUOTE > // Prevent multiple copies running > $fl = fopen("/var/run/mailq.lock", "w+"); > // Attempt to create an exclusive lock - continue if successful > if(flock($fl, LOCK_EX + LOCK_NB)) { > > /QUOTE > It opens a lock file, and if it succeeds, it runs. If it can't open the > lock > file for write ("w+"), the program assumes it is already running. That way > if > it is fired every minute, but a large queue keeps the previous run open > for > more than that minute it won't run again. > BTW, I think it should only run every 5 minutes. I think that is a > symptom, > not a cause. > I, and many other people, are running that very script with no problems. > Are you running a distro supplied version of sendmail, or did you get it > from > "outside the chain"? > > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Apr 11 18:05:28 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Apr 11 18:05:33 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <022001c65d87$f79ac000$0600a8c0@roger> Message-ID: <1aa801c65d8a$2289bd00$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Roger Jochem > Sent: Tuesday, April 11, 2006 12:50 PM > To: MailScanner discussion > Subject: Re: Sendmail Upgrade, new thread > > I'm running sendmail 8.13.6 that I rebuild from source. I got the source > at > http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRPMS > . > > And I'm currently running Centos 3 (now it is on subversion 3.7) on my > machine. Any better place to get sendmail 8.13 for my distro? > > Regards > > Roger Jochem > City-fan.org has sendmail -8.13.6-1 patched rpms for RH3 and RH4: http://www.city-fan.org/ftp/contrib/mail/?C=N;O=A I've used them with no problems. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From roger at rudnick.com.br Tue Apr 11 19:58:31 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 11 19:58:53 2006 Subject: Sendmail Upgrade, new thread References: <1aa801c65d8a$2289bd00$2901010a@office.fsl> Message-ID: <009b01c65d99$ee5f99e0$0600a8c0@roger> This rpm's really did the trick. Now I'm using the mailwatch script again, and even so, everything is running fine. Thanks, Stephen and all others that helped me in some way. Regards Roger Jochem ----- Original Message ----- From: "Stephen Swaney" To: "'MailScanner discussion'" Sent: Tuesday, April 11, 2006 2:05 PM Subject: RE: Sendmail Upgrade, new thread > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Roger Jochem >> Sent: Tuesday, April 11, 2006 12:50 PM >> To: MailScanner discussion >> Subject: Re: Sendmail Upgrade, new thread >> >> I'm running sendmail 8.13.6 that I rebuild from source. I got the source >> at >> http://filelister.linux-kernel.at/mod_perl?current=/packages/lkernAT/SRPMS >> . >> >> And I'm currently running Centos 3 (now it is on subversion 3.7) on my >> machine. Any better place to get sendmail 8.13 for my distro? >> >> Regards >> >> Roger Jochem >> > > City-fan.org has sendmail -8.13.6-1 patched rpms for RH3 and RH4: > > http://www.city-fan.org/ftp/contrib/mail/?C=N;O=A > > I've used them with no problems. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue Apr 11 20:02:14 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 11 20:05:08 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: <009b01c65d99$ee5f99e0$0600a8c0@roger> References: <1aa801c65d8a$2289bd00$2901010a@office.fsl> <009b01c65d99$ee5f99e0$0600a8c0@roger> Message-ID: Roger Jochem spake the following on 4/11/2006 11:58 AM: > This rpm's really did the trick. Now I'm using the mailwatch script > again, and even so, everything is running fine. > > Thanks, Stephen and all others that helped me in some way. > > Regards > > Roger Jochem Rpm's rolled for the distribution are soo much easier than using source. Otherwise you need to know all the includes and --with options that need to be passed on to the configure script. Very easy to leave something out. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From bpumphrey at WoodMacLaw.com Tue Apr 11 21:10:49 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Tue Apr 11 21:10:53 2006 Subject: OT Message-ID: <04D932B0071FE34FA63EBB1977B48D155E0C87@woodenex.woodmaclaw.local> The building that I work in go hit by high wind and it has been closed for 2 weeks now. We are finally getting to be able to move our servers to a remote location. In case anyone is interested it is the Regions bank building in Indianapolis, IN. I am fairly confident that I can do this without help, but I am taking the chance of posting here to make sure that I do not screw this up. As far as mail is concerned .... Mail is the only thing that I believe that will be affected by the IP address change. My Setup. Internet --> Router --> MailScanner Machine --> Exchange server Plan - Leave the MailScanner machine at the Regions Bankd building but take the Exchange server to the new location. All that I should have to do is use the MailScanner machine to forward mail to the new IP Address shouldn't I? 1. Change the mailertable Current woodmaclaw.com esmtp:[10.1.1.22] www.woodmaclaw.com esmtp:[10.1.1.22] woodmclaw.com esmtp:[10.1.1.22] www.woodmclaw.com esmtp:[10.1.1.22] Need to change to woodmaclaw.com esmtp:[new ip address of T1] www.woodmaclaw.com esmtp:[new ip address of T1] woodmclaw.com esmtp:[new ip address of T1] www.woodmclaw.com esmtp:[new ip address of T1] 2. Configure the new router to forward port 25 to the exchange server Is that it? Also should I put port fowarding for SSH so that I can remote into the MailScanner machine in case I need to? We do not host our own web site. Is there any other services that come to mind that would be affected by a IP address change? Thank you in advance! Billy Pumphrey From mike at vesol.com Tue Apr 11 21:29:42 2006 From: mike at vesol.com (Mike Kercher) Date: Tue Apr 11 21:30:00 2006 Subject: OT Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > The building that I work in go hit by high wind and it has > been closed for 2 weeks now. We are finally getting to be > able to move our servers to a remote location. In case > anyone is interested it is the Regions bank building in > Indianapolis, IN. > > I am fairly confident that I can do this without help, but I > am taking the chance of posting here to make sure that I do > not screw this up. > > As far as mail is concerned .... > > Mail is the only thing that I believe that will be affected > by the IP address change. > My Setup. > > Internet --> Router --> MailScanner Machine --> Exchange server > > Plan - Leave the MailScanner machine at the Regions Bankd > building but take the Exchange server to the new location. > All that I should have to do is use the MailScanner machine > to forward mail to the new IP Address shouldn't I? > > 1. Change the mailertable > Current > woodmaclaw.com esmtp:[10.1.1.22] > www.woodmaclaw.com esmtp:[10.1.1.22] > woodmclaw.com esmtp:[10.1.1.22] > www.woodmclaw.com esmtp:[10.1.1.22] > > Need to change to > woodmaclaw.com esmtp:[new ip address of T1] > www.woodmaclaw.com esmtp:[new ip address of T1] > woodmclaw.com esmtp:[new ip address of T1] > www.woodmclaw.com esmtp:[new ip address of T1] > > 2. Configure the new router to forward port 25 to the exchange server > > Is that it? > > Also should I put port fowarding for SSH so that I can remote > into the MailScanner machine in case I need to? > > We do not host our own web site. Is there any other services > that come to mind that would be affected by a IP address change? > > Thank you in advance! > Billy Pumphrey That should do it. I would limit connections to port 25 at the Exchange location to incoming ONLY from the IP address of your MailScanner machine. I would give myself ssh access to the MailScanner machine. Might not be a bad idea to move ssh to a port OTHER than 22. Mike From brent.bolin at gmail.com Wed Apr 12 00:00:25 2006 From: brent.bolin at gmail.com (BB) Date: Wed Apr 12 00:00:31 2006 Subject: OT In-Reply-To: References: Message-ID: <787dcac20604111600i6e995d62p3bf686dcfd0f0268@mail.gmail.com> Why ? That's called security by obscurity. It doesn't work. Nmap would finger that out in no time. On 4/11/06, Mike Kercher wrote: > > mailscanner-bounces@lists.mailscanner.info <> scribbled on : > > > The building that I work in go hit by high wind and it has > > been closed for 2 weeks now. We are finally getting to be > > able to move our servers to a remote location. In case > > anyone is interested it is the Regions bank building in > > Indianapolis, IN. > > > > I am fairly confident that I can do this without help, but I > > am taking the chance of posting here to make sure that I do > > not screw this up. > > > > As far as mail is concerned .... > > > > Mail is the only thing that I believe that will be affected > > by the IP address change. > > My Setup. > > > > Internet --> Router --> MailScanner Machine --> Exchange server > > > > Plan - Leave the MailScanner machine at the Regions Bankd > > building but take the Exchange server to the new location. > > All that I should have to do is use the MailScanner machine > > to forward mail to the new IP Address shouldn't I? > > > > 1. Change the mailertable > > Current > > woodmaclaw.com esmtp:[10.1.1.22] > > www.woodmaclaw.com esmtp:[10.1.1.22] > > woodmclaw.com esmtp:[10.1.1.22] > > www.woodmclaw.com esmtp:[10.1.1.22] > > > > Need to change to > > woodmaclaw.com esmtp:[new ip address of T1] > > www.woodmaclaw.com esmtp:[new ip address of T1] > > woodmclaw.com esmtp:[new ip address of T1] > > www.woodmclaw.com esmtp:[new ip address of T1] > > > > 2. Configure the new router to forward port 25 to the exchange server > > > > Is that it? > > > > Also should I put port fowarding for SSH so that I can remote > > into the MailScanner machine in case I need to? > > > > We do not host our own web site. Is there any other services > > that come to mind that would be affected by a IP address change? > > > > Thank you in advance! > > Billy Pumphrey > > That should do it. I would limit connections to port 25 at the Exchange > location to incoming ONLY from the IP address of your MailScanner > machine. I would give myself ssh access to the MailScanner machine. > Might not be a bad idea to move ssh to a port OTHER than 22. > > Mike > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060411/bbaaa2df/attachment.html From mkettler at evi-inc.com Wed Apr 12 00:26:12 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Apr 12 00:26:20 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: <787dcac20604111600i6e995d62p3bf686dcfd0f0268@mail.gmail.com> References: <787dcac20604111600i6e995d62p3bf686dcfd0f0268@mail.gmail.com> Message-ID: <443C3B14.6010500@evi-inc.com> BB wrote: > Why ? > > That's called security by obscurity. It doesn't work. > > Nmap would finger that out in no time. You're 100% right.. moving services to odd ports offers zero extra security. However, this doesn't make the practice pointless. There are some benefits which aren't security related to doing this. Take the fictitious scenario where a major security flaw is found in OpenSSH, and someone writes a network worm that exploits it. At the same time, folks are also going to be launching manual attacks, looking by hand for servers to exploit. However, there will be fewer of these than there are probes launched by the worm. In the first day you'll likely see a few dozen hand attackers, compared to thousands of worm probes. Since the hand-scanning folks will find your SSH port quickly, you've gained nothing in security. These are the most dangerous sorts anyway, so in terms of security you've failed to provide any defense against the more important case. However, you will have picked up a non-security related benefit: Bandwidth and CPU savings. The worm won't find your SSH port. It is trying to spread fast, so it's going to focus on the well-known port. Thus you won't be wasting CPU and network bandwidth answering the thousands of connection requests generated by worms. There are some instances where moving a port can provide some benefit. But do be realistic about it, and don't ever fool yourself into thinking this improves security at your site. BB is right. It doesn't, and it will only take a decent attacker a few seconds to figure out. You also gain a forensic benefit. By forcing the attacker to do a broad port-scan, you are making their presence much easier to log on your IDS. But neither of these will help you if your SSH isn't patched for our fictitious vulnerability. The attacker will find it and root your box in short order. From eneal at dfi-intl.com Wed Apr 12 02:25:30 2006 From: eneal at dfi-intl.com (Errol Neal) Date: Wed Apr 12 02:26:40 2006 Subject: OT (way ot, port numbers, security, and other things) Message-ID: BB wrote: > Why ? > > That's called security by obscurity. It doesn't work. > > Nmap would finger that out in no time. Using SSH w/o password authentication - using strictly rsa-keys, disabing root login... I think this would be a better approach. Just my two cents.. Errol Neal From craig at csfs.co.za Wed Apr 12 08:29:25 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Wed Apr 12 08:29:47 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: Message-ID: >BB wrote: >> Why ? >> >> That's called security by obscurity. It doesn't work. >> >> Nmap would finger that out in no time. >Using SSH w/o password authentication - using strictly rsa-keys, >disabing root login... I think this would be a better approach. Just my >two cents.. This is more like a few thousands worth of "cents" (Dollars/Pounds/etc) to some people that don't even know that ssh can be tightened up. And that is my 2 cents ;-) Craig From glenn.steen at gmail.com Wed Apr 12 08:35:07 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 12 08:35:09 2006 Subject: Sendmail Upgrade, new thread In-Reply-To: References: <00c601c6597a$85b2fd60$3004010a@martinhlaptop> <03a801c65982$2db2a220$0600a8c0@roger> <00cc01c65d77$bf707ef0$0600a8c0@roger> <223f97700604110840w2dff286ao3e36121ed502b4fb@mail.gmail.com> <019a01c65d80$1a6aed10$0600a8c0@roger> Message-ID: <223f97700604120035g17c02bf5obc075c893b8e6244@mail.gmail.com> On 11/04/06, Scott Silva wrote: > Roger Jochem spake the following on 4/11/2006 8:53 AM: > > The command is really flock, in lines 30 and 219 of the script. I > > attached the file to this e-mail. I just need to change these two commands? > > > > Regards > > > > Roger Jochem > > > > ----- Original Message ----- From: "Glenn Steen" > > To: "MailScanner discussion" > > Sent: Tuesday, April 11, 2006 12:40 PM > > Subject: Re: Sendmail Upgrade, new thread > > > > > >> On 11/04/06, Roger Jochem wrote: > >>> Hello all! > >>> > >>> I finally found the problem with my mail server with messages sended > >>> with an > >>> empty body (problem related in the e-mail bellow). > >>> > >>> Turn's out that MailScanner is fine, sendmail is fine, and the > >>> problem was > >>> with Mailwatch. > >>> > >>> There is a php script in /usr/local/bin called "mailq" that reads the > >>> mail > >>> queue to show in Mailwatch frontend. This script runs every minute, > >>> and it > >>> locks the messages (sometimes), and because of that MailScanner sends > >>> the > >>> empty messages (with the locking error) and then after that the normal > >>> (full) message. I turned that script off and now everything is working > >>> fine... What a fight... > >>> > >>> Is there something I have to do with that script to make it run with > >>> sendmail 8.13 ? > >>> > >>> Regards > >>> > >>> Roger Jochem > >>> > >> Seems that script is using flock for locking, not lockf (posix). So > >> Steve (or *someone*) might have something to do there:-). Usual > >> disclaimer applies: I might be reading the code wrong;). > >> > >> -- > >> -- Glenn > >> email: glenn < dot > steen < at > gmail < dot > com > >> work: glenn < dot > steen < at > ap1 < dot > se > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > That command seems to only lock only itself to keep multiple copies of the > program from running. > QUOTE > // Prevent multiple copies running > $fl = fopen("/var/run/mailq.lock", "w+"); > // Attempt to create an exclusive lock - continue if successful > if(flock($fl, LOCK_EX + LOCK_NB)) { > > /QUOTE > It opens a lock file, and if it succeeds, it runs. If it can't open the lock > file for write ("w+"), the program assumes it is already running. That way if > it is fired every minute, but a large queue keeps the previous run open for > more than that minute it won't run again. > BTW, I think it should only run every 5 minutes. I think that is a symptom, > not a cause. > I, and many other people, are running that very script with no problems. > Are you running a distro supplied version of sendmail, or did you get it from > "outside the chain"? > Quite right.... Dangers of looking at code "in a hurry":-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lucky at the-luckyduck.de Wed Apr 12 09:37:55 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 09:37:58 2006 Subject: Requeueing of Mails using Postfix Message-ID: <20060412083755.GD4355@luckyduck.tux> Hi, I'm currently encountering some problems related to requeueing of mails in postfix. To pass mails to MailScanner, I'm using the newer hold method via the header_checks in postfix. This works quite fine. Mailscanner recognizes the new mails and so on. The mails flow in correctly, then mailscanner picks them up and scans them. Also, spam detection and virus scanning and things like that work perfectly. When it then comes to the point of requeueing, the mails never appear in the queue again. I have to use postsuper -r to requeue the mails manually, and after that they appear in the queue and mailscanner scans them again. I have found reports about similar problems, but no solution. Any help and feedback is more than welcome! Thanks. -- Jan From lhaig at haigmail.com Wed Apr 12 09:56:04 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Apr 12 09:56:06 2006 Subject: OT::::: Root access Message-ID: <443CC0A4.4040309@haigmail.com> I need some help please I need to create 2 new users with root access and not give the roots password. This is on a redhat system. What would you guys recommend be the best way to do this. Thanks Lance From lucky at the-luckyduck.de Wed Apr 12 10:01:34 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 10:01:36 2006 Subject: OT::::: Root access In-Reply-To: <443CC0A4.4040309@haigmail.com> References: <443CC0A4.4040309@haigmail.com> Message-ID: <20060412090133.GH4355@luckyduck.tux> On Wed, Apr 12, 2006 at 09:56:04AM +0100, Lance Haig wrote: > I need some help please > > I need to create 2 new users with root access and not give the roots > password. > > This is on a redhat system. > > What would you guys recommend be the best way to do this. > You should check out sudo, imho. Sounds like the perfect job for it. From shrek-m at gmx.de Wed Apr 12 10:12:16 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed Apr 12 10:12:28 2006 Subject: OT::::: Root access In-Reply-To: <443CC0A4.4040309@haigmail.com> References: <443CC0A4.4040309@haigmail.com> Message-ID: <443CC470.3070007@gmx.de> On 12.04.2006 10:56, Lance Haig wrote: > I need to create 2 new users with root access and not give the roots > password. > This is on a redhat system. > What would you guys recommend be the best way to do this. i do not know, but you can try 1; uid=0 gid=0 in /etc/passwd # id uid=0(root) gid=0(root) Gruppen=0(root) 2; sudo in /etc/sudoers eg. %wheel eg. all commands eg. only a few commands eg. sudo bash ==> root -- shrek-m From martinh at solid-state-logic.com Wed Apr 12 10:12:49 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 12 10:12:57 2006 Subject: Requeueing of Mails using Postfix In-Reply-To: <20060412083755.GD4355@luckyduck.tux> Message-ID: <00d401c65e11$453453b0$3004010a@martinhlaptop> Jan Can we have the versions of MailScanner and postfix please.. Also what's settings of the System Settings section in MailScanner.conf? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jan Brinkmann > Sent: 12 April 2006 09:38 > To: mailscanner@lists.mailscanner.info > Subject: Requeueing of Mails using Postfix > > Hi, > > I'm currently encountering some problems related to requeueing of mails > in postfix. To pass mails to MailScanner, I'm using the newer hold > method via the header_checks in postfix. This works quite fine. > Mailscanner recognizes the new mails and so on. The mails flow in > correctly, then mailscanner picks them up and scans them. Also, spam > detection and virus scanning and things like that work perfectly. When > it then comes to the point of requeueing, the mails never appear in the > queue again. I have to use postsuper -r to requeue the mails manually, > and after that they appear in the queue and mailscanner scans them > again. I have found reports about similar problems, but no solution. Any > help and feedback is more than welcome! Thanks. > > -- Jan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Apr 12 10:18:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 12 10:18:29 2006 Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! In-Reply-To: References: Message-ID: <64C939AA-FB5B-4CCC-823B-B7B6043566E9@ecs.soton.ac.uk> Haven't been on the list for a few days. You guys are going great guns! Sounds like I'm not going to have anything left to do! Cool :-) A preferences pane for it would be nice, just something to start and stop it at the moment. We can think about configurations later. Many thanks for your hard work on this. Jules. On 11 Apr 2006, at 15:04, Jim Dickenson wrote: > Documentation on this topic can be found here: > > file:///Developer/ADC%20Reference%20Library/documentation/MacOSX/ > Conceptual/ > BPSystemStartup/Articles/StartupItems.html#//apple_ref/doc/uid/ > 20002132-Dont > LinkElementID_247517a > > And here: > > file:///Developer/ADC%20Reference%20Library/documentation/MacOSX/ > Conceptual/ > BPSystemStartup/Articles/DesigningDaemons.html#//apple_ref/doc/uid/ > TP4000179 > 1-BBCBHBFB > > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > >> >>> From: James Gray >>> Organization: GrayOnline >>> Reply-To: MailScanner discussion >>> >>> Date: Tue, 11 Apr 2006 15:22:31 +1000 >>> To: MailScanner List >>> Subject: MailScanner on Mac OSX (10.4.6 Intel CoreDuo) - working! >>> >>> Hi All, >>> >>> Just thought I'd post my results after tinkering for the last few >>> days. >>> >>> - Still haven't figured out OSX's launchd stuff to get it to fire up >>> MailScanner automagically. (Anyone?) >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lucky at the-luckyduck.de Wed Apr 12 10:24:19 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 10:24:26 2006 Subject: Requeueing of Mails using Postfix In-Reply-To: <00d401c65e11$453453b0$3004010a@martinhlaptop> References: <20060412083755.GD4355@luckyduck.tux> <00d401c65e11$453453b0$3004010a@martinhlaptop> Message-ID: <20060412092419.GR4355@luckyduck.tux> On Wed, Apr 12, 2006 at 10:12:49AM +0100, Martin Hepworth wrote: > Jan > > Can we have the versions of MailScanner and postfix please.. > > Also what's settings of the System Settings section in MailScanner.conf? > > -- Of course: postfix-2.2.10 MailScanner 4.52.2 The requested section of the mailscanner config: # # System settings # --------------- # # How many MailScanner processes do you want to run at a time? # There is no point increasing this figure if your MailScanner server # is happily keeping up with your mail traffic. # If you are running on a server with more than 1 CPU, or you have a # high mail load (and/or slow DNS lookups) then you should see better # performance if you increase this figure. # If you are running on a small system with limited RAM, you should # note that each child takes just over 20MB. # # As a rough guide, try 5 children per CPU. But read the notes above. Max Children = 5 # User to run as (not normally used for sendmail) # If you want to change the ownership or permissions of the quarantine # or # temporary files created by MailScanner, please see the "Incoming Work" # settings later in this file. #Run As User = mail Run As User = postfix #Run As User = # Group to run as (not normally used for sendmail) #Run As Group = mail Run As Group = postfix #Run As Group = # How often (in seconds) should each process check the incoming mail # queue for new messages? If you have a quiet mail server, you might # want to increase this value so it causes less load on your server, at # the cost of slightly increasing the time taken for an average message # to be processed. Queue Scan Interval = 6 # Set location of incoming mail queue # # This can be any one of # 1. A directory name # Example: /var/spool/mqueue.in # 2. A wildcard giving directory names # Example: /var/spool/mqueue.in/* # 3. The name of a file containing a list of directory names, # which can in turn contain wildcards. # Example: /opt/MailScanner/etc/mqueue.in.list.conf # # If you are using sendmail and have your queues split into qf, df, xf # directories, then just specify the main directory, do not give me the # directory names of the qf,df,xf directories. # Example: if you have /var/spool/mqueue.in/qf # /var/spool/mqueue.in/df # /var/spool/mqueue.in/xf # then just tell me /var/spool/mqueue.in. I will find the subdirectories # automatically. # Incoming Queue Dir = /var/spool/postfix/hold # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/postfix/incoming # Set where to unpack incoming messages before scanning them # This can completely safely use tmpfs or a ramdisk, which will # give you a significant performance improvement. # NOTE: The path given here must not include any links at all, # NOTE: but must be the absolute path to the directory. Incoming Work Dir = /dev/shm # Set where to store infected and message attachments (if they are kept) # This can also be the filename of a ruleset. Quarantine Dir = /var/spool/MailScanner/quarantine # Set where to store the process id number so you can stop MailScanner PID file = /opt/MailScanner/var/MailScanner.pid # To avoid resource leaks, re-start periodically Restart Every = 14400 # Set whether to use postfix, sendmail, exim or zmailer. # If you are using postfix, then see the "SpamAssassin User State Dir" # setting near the end of this file MTA = postfix # Set how to invoke MTA when sending messages MailScanner has created # (e.g. to sender/recipient saying "found a virus in your message") # This can also be the filename of a ruleset. Sendmail = /usr/sbin/sendmail # Sendmail2 is provided for Exim users. # It is the command used to attempt delivery of outgoing # cleaned/disinfected # messages. # This is not usually required for sendmail. # This can also be the filename of a ruleset. #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf #For sendmail users: Sendmail2 = /usr/lib/sendmail #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf Sendmail2 = /usr/sbin/sendmail From martinh at solid-state-logic.com Wed Apr 12 11:00:40 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 12 11:00:54 2006 Subject: Requeueing of Mails using Postfix In-Reply-To: <20060412092419.GR4355@luckyduck.tux> Message-ID: <00e401c65e17$f465d150$3004010a@martinhlaptop> Jan OK looks good - don't need the sendmail2 setting.... I presume you've followed this guide... http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:pos tfix:installation when you installed? Note in the Problems Or Errors section there's a little thing about how PF 2.2 handles it's queues regarding hashing (or not). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jan Brinkmann > Sent: 12 April 2006 10:24 > To: MailScanner discussion > Subject: Re: Requeueing of Mails using Postfix > > On Wed, Apr 12, 2006 at 10:12:49AM +0100, Martin Hepworth wrote: > > Jan > > > > Can we have the versions of MailScanner and postfix please.. > > > > Also what's settings of the System Settings section in MailScanner.conf? > > > > -- > > Of course: > > postfix-2.2.10 > MailScanner 4.52.2 > > > The requested section of the mailscanner config: > > > > # > # System settings > # --------------- > # > > # How many MailScanner processes do you want to run at a time? > # There is no point increasing this figure if your MailScanner server > # is happily keeping up with your mail traffic. > # If you are running on a server with more than 1 CPU, or you have a > # high mail load (and/or slow DNS lookups) then you should see better > # performance if you increase this figure. > # If you are running on a small system with limited RAM, you should > # note that each child takes just over 20MB. > # > # As a rough guide, try 5 children per CPU. But read the notes above. > Max Children = 5 > > # User to run as (not normally used for sendmail) > # If you want to change the ownership or permissions of the quarantine > # or > # temporary files created by MailScanner, please see the "Incoming Work" > # settings later in this file. > #Run As User = mail > Run As User = postfix > #Run As User = > > # Group to run as (not normally used for sendmail) > #Run As Group = mail > Run As Group = postfix > #Run As Group = > > # How often (in seconds) should each process check the incoming mail > # queue for new messages? If you have a quiet mail server, you might > # want to increase this value so it causes less load on your server, at > # the cost of slightly increasing the time taken for an average message > # to be processed. > Queue Scan Interval = 6 > > # Set location of incoming mail queue > # > # This can be any one of > # 1. A directory name > # Example: /var/spool/mqueue.in > # 2. A wildcard giving directory names > # Example: /var/spool/mqueue.in/* > # 3. The name of a file containing a list of directory names, > # which can in turn contain wildcards. > # Example: /opt/MailScanner/etc/mqueue.in.list.conf > # > # If you are using sendmail and have your queues split into qf, df, xf > # directories, then just specify the main directory, do not give me the > # directory names of the qf,df,xf directories. > # Example: if you have /var/spool/mqueue.in/qf > # /var/spool/mqueue.in/df > # /var/spool/mqueue.in/xf > # then just tell me /var/spool/mqueue.in. I will find the subdirectories > # automatically. > # > Incoming Queue Dir = /var/spool/postfix/hold > > # Set location of outgoing mail queue. > # This can also be the filename of a ruleset. > Outgoing Queue Dir = /var/spool/postfix/incoming > > # Set where to unpack incoming messages before scanning them > # This can completely safely use tmpfs or a ramdisk, which will > # give you a significant performance improvement. > # NOTE: The path given here must not include any links at all, > # NOTE: but must be the absolute path to the directory. > Incoming Work Dir = /dev/shm > > # Set where to store infected and message attachments (if they are kept) > # This can also be the filename of a ruleset. > Quarantine Dir = /var/spool/MailScanner/quarantine > > # Set where to store the process id number so you can stop MailScanner > PID file = /opt/MailScanner/var/MailScanner.pid > > # To avoid resource leaks, re-start periodically > Restart Every = 14400 > > # Set whether to use postfix, sendmail, exim or zmailer. > # If you are using postfix, then see the "SpamAssassin User State Dir" > # setting near the end of this file > MTA = postfix > > # Set how to invoke MTA when sending messages MailScanner has created > # (e.g. to sender/recipient saying "found a virus in your message") > # This can also be the filename of a ruleset. > Sendmail = /usr/sbin/sendmail > > # Sendmail2 is provided for Exim users. > # It is the command used to attempt delivery of outgoing > # cleaned/disinfected > # messages. > # This is not usually required for sendmail. > # This can also be the filename of a ruleset. > #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf > #For sendmail users: Sendmail2 = /usr/lib/sendmail > #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf > Sendmail2 = /usr/sbin/sendmail > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From lucky at the-luckyduck.de Wed Apr 12 11:25:36 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 11:25:39 2006 Subject: Requeueing of Mails using Postfix In-Reply-To: <00e401c65e17$f465d150$3004010a@martinhlaptop> References: <20060412092419.GR4355@luckyduck.tux> <00e401c65e17$f465d150$3004010a@martinhlaptop> Message-ID: <20060412102536.GB4355@luckyduck.tux> On Wed, Apr 12, 2006 at 11:00:40AM +0100, Martin Hepworth wrote: > Jan > > OK looks good - don't need the sendmail2 setting.... > > I presume you've followed this guide... > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:pos > tfix:installation > > when you installed? > > Note in the Problems Or Errors section there's a little thing about how PF > 2.2 handles it's queues regarding hashing (or not). > Hmm, sorry. I know the read fine manual thing just to good. I thought I read everything, but as it seems I didn't. However, it works fine now. Thanks a lot. From glenn.steen at gmail.com Wed Apr 12 14:04:11 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 12 14:04:13 2006 Subject: OT::::: Root access In-Reply-To: <443CC470.3070007@gmx.de> References: <443CC0A4.4040309@haigmail.com> <443CC470.3070007@gmx.de> Message-ID: <223f97700604120604r4011740ft763d4128546c0410@mail.gmail.com> On 12/04/06, shrek-m@gmx.de wrote: (snip) > eg. sudo bash ==> root I'd do "sudo -i" instead:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From realmcking at gmail.com Wed Apr 12 14:39:19 2006 From: realmcking at gmail.com (Mark McCoy) Date: Wed Apr 12 14:39:30 2006 Subject: OT::::: Root access In-Reply-To: <443CC0A4.4040309@haigmail.com> References: <443CC0A4.4040309@haigmail.com> Message-ID: These users, do they need to be able to run completely as root (i.e. _all_ commands on the system), or do they just need to run a few specified commands? Either way, I would hesitate to give out full access to anyone unless they are going to be the actual sysadmins. Read up on sudo, and list the commands that they can run in the sudoers file, that way you can add/remove access to commands for them on the fly, and they get the extra "I'm about to do something with elevated privileges" feeling by having to type "sudo" in front of their commands. On 4/12/06, Lance Haig wrote: > I need some help please > > I need to create 2 new users with root access and not give the roots > password. > > This is on a redhat system. > > What would you guys recommend be the best way to do this. > > Thanks > > Lance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From lhaig at haigmail.com Wed Apr 12 14:44:55 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Apr 12 14:44:58 2006 Subject: OT::::: Root access In-Reply-To: <20060412090133.GH4355@luckyduck.tux> References: <443CC0A4.4040309@haigmail.com> <20060412090133.GH4355@luckyduck.tux> Message-ID: <443D0457.9000604@haigmail.com> Thanks Jan I will do that Lance Jan Brinkmann wrote: > On Wed, Apr 12, 2006 at 09:56:04AM +0100, Lance Haig wrote: >> I need some help please >> >> I need to create 2 new users with root access and not give the roots >> password. >> >> This is on a redhat system. >> >> What would you guys recommend be the best way to do this. >> > > You should check out sudo, imho. Sounds like the perfect job for it. From lhaig at haigmail.com Wed Apr 12 14:46:38 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Apr 12 14:46:45 2006 Subject: OT::::: Root access In-Reply-To: References: <443CC0A4.4040309@haigmail.com> Message-ID: <443D04BE.9060401@haigmail.com> They will need to run things as rot but the password will be changed after every use. We have just had someone update a RH box and change the kernel which broke quite a few things. I just don't want them doing anything unless they let me know Lance Mark McCoy wrote: > These users, do they need to be able to run completely as root (i.e. > _all_ commands on the system), or do they just need to run a few > specified commands? > > Either way, I would hesitate to give out full access to anyone unless > they are going to be the actual sysadmins. > > Read up on sudo, and list the commands that they can run in the > sudoers file, that way you can add/remove access to commands for them > on the fly, and they get the extra "I'm about to do something with > elevated privileges" feeling by having to type "sudo" in front of > their commands. > > > On 4/12/06, Lance Haig wrote: >> I need some help please >> >> I need to create 2 new users with root access and not give the roots >> password. >> >> This is on a redhat system. >> >> What would you guys recommend be the best way to do this. >> >> Thanks >> >> Lance >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > Mark McCoy -- Professional Unix geek > > "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put > into the machine wrong figures, will the right answers come out?' I am > not able rightly to apprehend the kind of confusion of ideas that > could provoke such a question. " -- Charles Babbage > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From brent.bolin at gmail.com Wed Apr 12 14:55:40 2006 From: brent.bolin at gmail.com (BB) Date: Wed Apr 12 14:55:53 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: References: Message-ID: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> What are rsa-keys ? I have a house key and a Honda key only. Humm. On 4/12/06, Craig Retief (CSFS) wrote: > > > >BB wrote: > >> Why ? > >> > >> That's called security by obscurity. It doesn't work. > >> > >> Nmap would finger that out in no time. > > >Using SSH w/o password authentication - using strictly rsa-keys, > >disabing root login... I think this would be a better approach. Just my > >two cents.. > > This is more like a few thousands worth of "cents" (Dollars/Pounds/etc) to > some people that don't even know that ssh can be tightened up. > > And that is my 2 cents ;-) > > Craig > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/05b5d140/attachment.html From craig at csfs.co.za Wed Apr 12 15:19:15 2006 From: craig at csfs.co.za (Craig Retief (CSFS)) Date: Wed Apr 12 15:19:54 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> Message-ID: >What are rsa-keys ? >I have a house key and a Honda key only. Humm. Googled and answer 1 is a good start: http://kmself.home.netcom.com/Linux/FAQs/sshrsakey.html Hope this helps ;-) Craig >On 4/12/06, Craig Retief (CSFS) wrote: >BB wrote: >> Why ? >> >> That's called security by obscurity. It doesn't work. >> >> Nmap would finger that out in no time. >Using SSH w/o password authentication - using strictly rsa-keys, >disabing root login... I think this would be a better approach. Just my >two cents.. >This is more like a few thousands worth of "cents" (Dollars/Pounds/etc) to >some people that don't even know that ssh can be tightened up. >And that is my 2 cents ;-) >Craig -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/6767f4f9/attachment.html From jstork at pbco.ca Wed Apr 12 15:37:43 2006 From: jstork at pbco.ca (Johnny Stork) Date: Wed Apr 12 15:39:59 2006 Subject: Reducing logging Message-ID: <15911767.1144852663468.JavaMail.root@pbco-server3.pbco.ca> Oy daily LogWatch report always shows ever single line of every scan and operation performed by mailscanner. Is there any way to simply get the summary and possibly identified spam/virus's logged to syslog instead of all actions? _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/6a12a6f7/attachment.html From ssilva at sgvwater.com Wed Apr 12 16:15:11 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 12 16:18:17 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> References: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> Message-ID: BB spake the following on 4/12/2006 6:55 AM: > What are rsa-keys ? > > I have a house key and a Honda key only. Humm. > You lock your house? ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.swaney at fsl.com Wed Apr 12 16:23:50 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Apr 12 16:23:55 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: Message-ID: <007a01c65e45$19ea55e0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Craig Retief (CSFS) > Sent: Wednesday, April 12, 2006 10:19 AM > To: 'MailScanner discussion' > Subject: RE: OT (way ot, port numbers, security, and other things) > > >What are rsa-keys ? > >I have a house key and a Honda key only. Humm. > > Googled and answer 1 is a good start: > > http://kmself.home.netcom.com/Linux/FAQs/sshrsakey.html > > Hope this helps ;-) > > Craig > For those of us who need a good tutorial on ssh I suggest the series of three articles that start with: Common threads: OpenSSH key management, Part 1 Understanding RSA/DSA authentication IBM developerWorks by: Daniel Robbins (drobbins@gentoo.org), President and CEO, Gentoo Technologies, Inc. Article 1 is available at: http://www-128.ibm.com/developerworks/library/l-keyc.html Article two deals with OpenSSH key management, (Keychains - a versy useful tool): http://www-128.ibm.com/developerworks/library/l-keyc2/ Article Three deals with Tightening ssh security http://www-128.ibm.com/developerworks/library/l-keyc3/ All are excellent! Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ssilva at sgvwater.com Wed Apr 12 16:20:52 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 12 16:24:01 2006 Subject: OT::::: Root access In-Reply-To: <443D04BE.9060401@haigmail.com> References: <443CC0A4.4040309@haigmail.com> <443D04BE.9060401@haigmail.com> Message-ID: Lance Haig spake the following on 4/12/2006 6:46 AM: > They will need to run things as rot but the password will be changed > after every use. > > We have just had someone update a RH box and change the kernel which > broke quite a few things. > > I just don't want them doing anything unless they let me know > If they break things, and can't be trusted, they shouldn't be root. Root breaks things real good. Only people who can fix the problems they create should be root! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.bolin at gmail.com Wed Apr 12 16:49:06 2006 From: brent.bolin at gmail.com (BB) Date: Wed Apr 12 16:49:10 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: References: <787dcac20604120655j2797546ao5b0a1c3bc288f1e1@mail.gmail.com> Message-ID: <787dcac20604120849r48222f77td658f6b5edb0027b@mail.gmail.com> Yes all 1024 windows and doors On 4/12/06, Scott Silva wrote: > > BB spake the following on 4/12/2006 6:55 AM: > > What are rsa-keys ? > > > > I have a house key and a Honda key only. Humm. > > > You lock your house? ;-) > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/381bcbb8/attachment.html From alex at nkpanama.com Wed Apr 12 17:02:55 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 12 17:03:11 2006 Subject: OT (way ot, port numbers, security, and other things) In-Reply-To: <443C3B14.6010500@evi-inc.com> References: <787dcac20604111600i6e995d62p3bf686dcfd0f0268@mail.gmail.com> <443C3B14.6010500@evi-inc.com> Message-ID: <443D24AF.1000203@nkpanama.com> Matt Kettler wrote: > Since the hand-scanning folks will find your SSH port quickly, you've gained > nothing in security. These are the most dangerous sorts anyway, so in terms of > security you've failed to provide any defense against the more important case. > However, you will have picked up a non-security related benefit: Bandwidth and > CPU savings. > > The worm won't find your SSH port. It is trying to spread fast, so it's going to > focus on the well-known port. Thus you won't be wasting CPU and network > bandwidth answering the thousands of connection requests generated by worms. > > There are some instances where moving a port can provide some benefit. But do be > realistic about it, and don't ever fool yourself into thinking this improves > security at your site. BB is right. It doesn't, and it will only take a decent > attacker a few seconds to figure out. > > You also gain a forensic benefit. By forcing the attacker to do a broad > port-scan, you are making their presence much easier to log on your IDS. > > But neither of these will help you if your SSH isn't patched for our fictitious > vulnerability. The attacker will find it and root your box in short order. > > I've been hammered by so many scripts I make it mandatory for all my clients to change the SSH port to something else. There's absolutely *no need* for it to be the standard, and although as Matt clearly stated it, there is absolutely *no* additional security gained by doing so, it's kept a lot of the worms/script kiddies out of our collective hair for some time. There's that, and changing standard ports for other administrative services like Webmin on 10000 which also helps. Adding firewall rules to only allow from certain trusted IP addresses or "only listening to local interfaces" so that you *must* start a VPN connection first are also other steps you can take. From alex at nkpanama.com Wed Apr 12 17:27:34 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 12 17:28:23 2006 Subject: Forward virus, not quarantine? In-Reply-To: References: Message-ID: <443D2A76.1050604@nkpanama.com> Martin wrote: > Hi, > > I'm using Mailscanner together with Postfix, SA and clamav. I wan't to > forward all virus-mail to a special mailbox. > > Is this possible? > > Thanks > > / Martin > Possible? Don't know - never had to. What would your reasons be for doing so? I can't think of any reasons off the top of my head, but it would be interesting to know where such a scenario would be needed. Most people want to get rid of viruses, not collect them (except for the CDC) :D Regards, Alex From alex at nkpanama.com Wed Apr 12 17:29:21 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 12 17:29:43 2006 Subject: Stopping messages containing Chinese and Korean characters? In-Reply-To: References: <910ee2ac0604081227v188b00e2k8f113090bf9965c9@mail.gmail.com> Message-ID: <443D2AE1.2060605@nkpanama.com> Kai Schaetzl wrote: > Emm1 wrote on Sat, 8 Apr 2006 19:27:21 +0000: > > >> stat=rewrite: map CharsetChinese not found >> > > I assume you have to provide these maps. gettext-related? I'd ask on a > list for FreeBSD. > > Kai > > Maybe it's related to the specific *version* of sendmail you're using. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/99ae4b09/attachment.html From dickenson at cfmc.com Wed Apr 12 18:37:56 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 12 18:39:05 2006 Subject: Question about from address In-Reply-To: <223f97700604061040w6dcd2b0awba33a49a3af7bcb9@mail.gmail.com> Message-ID: I followed the plain test message example at The from address in all the log records was the address I specified on the mail from: line. Is this what is considered the envelope email address? If so then I do not understand why the MailScanner-From header shows the address I entered on the From: line. I have saved the telnet session, the log records, and the delivered email message if someone wants them to look at. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Glenn Steen > Reply-To: MailScanner discussion > Date: Thu, 6 Apr 2006 19:40:46 +0200 > To: MailScanner discussion > Subject: *CfMC-Spam= 8.31* Re: Question about from address > > On 06/04/06, Kai Schaetzl wrote: >> Jim Dickenson wrote on Thu, 06 Apr 2006 08:08:31 -0700: >> >>> And I still do not understand why it shows this address and not the address >>> that is shown in my sendmail list as being the sender: >> >> I don't either. Can you post the header of the message? Is it for sure that >> what sendmail shows in the log *is* the envelope-from? I mean it usually is, >> but maybe your sendmail or sendmail.cf is "special"? >> >> Kai >> > I think Jims telnet experiments will tell us this... One other > possibility, albeit remote (since I do beleive that Jules "sanitizes" > the headers, so that there can only be one X-MailScanner-From: ...), > would be if there is more than one MailScanner involved, thoroughly > confusing matters. > > Or perhaps the customer is too lazy to actually get at the headers, > and just "invent" them from what they "think they should be".....:-) > > Jim, you should really demand that the customer provide at least one > "problem message" _as verbatim as possible_. Would be a shame to waste > time on something that turns out to be a red herrirng:-):-). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Apr 12 19:27:03 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 12 19:27:08 2006 Subject: Question about from address In-Reply-To: References: <223f97700604061040w6dcd2b0awba33a49a3af7bcb9@mail.gmail.com> Message-ID: <223f97700604121127g278f93d9k2a14a4e247ab87b0@mail.gmail.com> On 12/04/06, Jim Dickenson wrote: > I followed the plain test message example at > > a:connexion> > > > > The from address in all the log records was the address I specified on the > > mail from: > > line. > > > Is this what is considered the envelope email address? Yep, that is the "envelope sender" (Any info from the MAIL FROM: and RCPT TO: are considered "envelope details" since they aren't really part of the message as such). > If so then I do not understand why the MailScanner-From header shows the > address I entered on the From: line. What? I have to look at this, but that shouldn't be! .... Ok, have now done the exact same test and can tell you that on my systems, this doesn't happen. With a telnet like this: ----------------- ehlo maka.kaka.se 250-mail.ap1.se 250-PIPELINING 250-SIZE 16777216 250-ETRN 250 8BITMIME mail from: 250 Ok rcpt to: 250 Ok data 354 End data with . From: To: Subject: Test Test . 250 Ok: queued as 6EFF8840F8 ---------------------- I get the following headers from MailScanner: X-ForstaAP-Fonden-MailScanner-Information: Please contact IT for more information X-ForstaAP-Fonden-MailScanner: Found to be clean X-ForstaAP-Fonden-MailScanner-SpamScore: ssss X-ForstaAP-Fonden-MailScanner-From: gnurg@arge.se X-ForstaAP-Fonden-MailScanner-To: glenn.steen@ap1.se X-Spam-Status: No And (as can be guessed) this is in harmony with the logs (I'm to lazy to break out one complete log thread:-).... And, of course, MailWatch agrees: --------------------------- ID: 6EFF8840F8.46058 Message Headers: Received: from maka.kaka.se (scapa.ap1.se [172.18.3.78]) by mail.ap1.se (Postfix) with ESMTP id 6EFF8840F8 for ; Wed, 12 Apr 2006 20:05:05 +0200 (CEST) From: To: Subject: Test Message-Id: <20060412180505.6EFF8840F8@mail.ap1.se> Date: Wed, 12 Apr 2006 20:05:05 +0200 (CEST) From: gnurg@arge.se [Add to Whitelist | Add to Blacklist] To: glenn.steen@ap1.se Subject: Test -------------------------- That is what it is supposed to look like in your case too:-). > > I have saved the telnet session, the log records, and the delivered email > message if someone wants them to look at. Yes please! And could you tell me what version of MS you are running (I'm not sure you've told us that:)... The above was on a system running postfix (obviously:-) and MS version 4.50.14 (yeah, I should upgrade, but the PHB has a thing about upgrades before going on a trip ... to the mountains, to ski, no less.... Newly mended bone willing:-). > > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > (snip) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dickenson at cfmc.com Wed Apr 12 20:27:44 2006 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Apr 12 20:27:57 2006 Subject: Question about from address In-Reply-To: <223f97700604121127g278f93d9k2a14a4e247ab87b0@mail.gmail.com> Message-ID: I may have found the source of the problem. I have a gateway system that receives outside email and scans it. This server then passes the mail to a server where the mailboxes are. I have the second server setup to not scan email passed from the gateway server. As best I can tell the email is not scanned. The MailScanner log indicates that it is not scanned. I had the org-name set to the same on both systems. I just changed it so each system has a unique org-name so I can tell which system put in which MailScanner header. The envelope from address on the gateway server is one address but when the email gets passed to the second server the envelope from address is a different address. I am guessing that some of the MailScanner headers were being replaced on the second server. Here are the headers after my change: X-CfMC1-MailScanner-Information: Please contact Jim Dickenson for more information X-CfMC1-MailScanner: Found to be clean X-CfMC1-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=0.178, required 5, autolearn=disabled, NO_REAL_NAME 0.18) X-CfMC1-MailScanner-From: frame< @ >scrappy.surveysampling.com X-CfMC2-MailScanner-Information: Please contact Jim Dickenson for more information X-CfMC2-MailScanner: Not scanned: please contact your Jim Dickenson for details X-CfMC2-MailScanner-SpamCheck: X-CfMC2-MailScanner-From: frame< @ >scrappy.surveyspot.com I guess the question now is how can I have the second server's MailScanner not change any of the MailScanner headers, which is what I thought was going on. Another question is why did the envelop from address change? Looking closer at the headers I do have from the original problem email I see there are headers added by each server as well as at least the MailScanner-From header must have been replaced: > X-CfMC-MailScanner: Found to be clean > X-CfMC-MailScanner-SpamCheck: spam, SpamAssassin (score=5.56, required 5, > autolearn=disabled, BODY_OPTIN 0.67, MILLION_EMAIL 0.42, > SPF_HELO_PASS -0.00, TO_BE_REMOVED_17 3.57, URI_SURVEY_ADJ 0.91) > X-CfMC-MailScanner-SpamScore: sssss > X-CfMC-MailScanner-Information: Please contact Jim Dickenson for more > information > X-CfMC-MailScanner: Not scanned: please contact your Jim Dickenson for details > X-CfMC-MailScanner-SpamCheck: > X-CfMC-MailScanner-From: frame< @ >scrappy.surveyspot.com -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Glenn Steen > Reply-To: MailScanner discussion > Date: Wed, 12 Apr 2006 20:27:03 +0200 > To: MailScanner discussion > Subject: *CfMC-Spam=11.70* Re: Question about from address > > Yep, that is the "envelope sender" (Any info from the MAIL FROM: and > RCPT TO: are considered "envelope details" since they aren't really > part of the message as such). > (snip) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ecasarero at gmail.com Wed Apr 12 20:54:29 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Apr 12 20:54:32 2006 Subject: mail scanner stuck Message-ID: <7d9b3cf20604121254l66c4c8eep61e51f79e8926d84@mail.gmail.com> hi gurus, i?ve two servers with the following configuration: Pentium IV - 3.2Ghz /800HT 775P Intel; Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; 4096Mb RAM DDR2/533 Kingston; Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; video PCI Express X300 Radion 256Mb; network 10/100/1000; both of them run mail scanner/sendmail with spamassasin and clamav on Slackware 10.1. This servers started working two weeks ago, processing about 50.000 mails a day. I notice that if i do some "extra work" on the server like compressing log files, grepping large files the mail scanner stucks and starts queuing mails, the only way to put things ok is rebooting. I tried restarting services, stopping incoming sendmail, i?ve checked all configuration posible on server, (it has latest kernel). I?ve no idea of where to check or what to do. i?d apreciate your advice. Regards. Eduardo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/d6846e82/attachment.html From ecasarero at gmail.com Wed Apr 12 21:17:50 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Apr 12 21:17:53 2006 Subject: stress tester Message-ID: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> hi, can someone recomend a software for stress testing for mailscanner? or similar? regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/f94a3741/attachment.html From alex at nkpanama.com Wed Apr 12 21:38:52 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 12 21:40:02 2006 Subject: stress tester In-Reply-To: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> Message-ID: <443D655C.5010200@nkpanama.com> Eduardo Casarero wrote: > hi, can someone recomend a software for stress testing for > mailscanner? or similar? regards. You may want to google around for SMTP stress testing. I saw this on the first hit: http://www.codeproject.com/tools/multimail.asp Regards, Alex From dhawal at netmagicsolutions.com Wed Apr 12 21:44:59 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Apr 12 21:45:04 2006 Subject: stress tester In-Reply-To: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> Message-ID: <20060412204500.26954.qmail@mymail.netmagicians.com> Eduardo Casarero writes: > hi, can someone recomend a software for stress testing for mailscanner? or > similar? regards. http://www.coker.com.au/postal/ - dhawal -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From lucky at the-luckyduck.de Wed Apr 12 21:57:49 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Wed Apr 12 21:57:52 2006 Subject: Multiple Postfix smtp instances Message-ID: <20060412205748.GD14679@luckyduck.tux> Hi, is it possible to have multiple smtpd instances of postfix running on different IPs where one instance is simple running to do SASL based mail relaying (without mailscanner) and the other one can act as the MX for virtual domains? On servers where I use amavis, it's possible to specify multiple smtpd lines where one has the content_filter set to an empty string. I thought it would also be possible to do this with header_checks, but it doesnt work as expected: 1.2.3.4:smtp inet n - n - - smtpd -o header_checks= 1.2.3.5:smtp inet n - n - - smtpd The second instance (the one listening on 1.2.3.5) would be the one where the mails are set to a HOLD state to enable mailscanner. The other one would be the one which is used to relay mails for sasl authenticated users. If I try to do it this way, all mails get filtered by mailscanner. If I go the other way, with header_checks in main.cf set to an empty string and header_checks defined in the master.cf no mails get scanned at all: 1.2.3.4:smtp inet n - n - - smtpd -o header_checks=regexp:/etc/postfix/mailscanner_hold 1.2.3.5:smtp inet n - n - - smtpd Any ideas if this can be done, and which way would be correct? -- Jan Brinkmann http://the-luckyduck.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/062f28a4/attachment.bin From ecasarero at gmail.com Wed Apr 12 22:00:27 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Apr 12 22:00:31 2006 Subject: stress tester In-Reply-To: <20060412204500.26954.qmail@mymail.netmagicians.com> References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> <20060412204500.26954.qmail@mymail.netmagicians.com> Message-ID: <7d9b3cf20604121400s16416caet8931baeef2d9ac6@mail.gmail.com> thanks! 2006/4/12, Dhawal Doshy : > > Eduardo Casarero writes: > > > hi, can someone recomend a software for stress testing for mailscanner? > or > > similar? regards. > > http://www.coker.com.au/postal/ > > - dhawal > > > > > > > -- > **************** CAUTION - Disclaimer ***************** > This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended > solely > for the use of the addressee(s). If you are not the intended recipient, > please > notify the sender by e-mail requesting deletion of the original message. > Further, you are not to copy, disclose, or distribute this e-mail or its > contents to any other person and any such actions are unlawful. NetMagic > Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the > risk > of virus infection & spam, but is not liable for any damage, you may > sustain > as a result of any virus in this e-mail. You should carry out your own > virus > checks before opening the e-mail or attachment. NetMagic Solutions Pvt. > Ltd. > reserves the right to monitor and review the content of all messages sent > to > or from this e-mail address. > > Messages sent to or from this e-mail address may be stored on the NetMagic > Solutions Pvt. Ltd.'s e-mail system. > ***************** End of Disclaimer ******************* > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060412/c90680cf/attachment.html From james at grayonline.id.au Thu Apr 13 06:38:43 2006 From: james at grayonline.id.au (James Gray) Date: Thu Apr 13 06:39:24 2006 Subject: OSX Startup Files + check_mailscanner patch Message-ID: <200604131538.51884.james@grayonline.id.au> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060413/f4654ec5/attachment-0001.bin From glenn.steen at gmail.com Thu Apr 13 09:32:05 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 09:32:08 2006 Subject: Question about from address In-Reply-To: References: <223f97700604121127g278f93d9k2a14a4e247ab87b0@mail.gmail.com> Message-ID: <223f97700604130132h33d10f19gb405f5f465c99600@mail.gmail.com> On 12/04/06, Jim Dickenson wrote: > I may have found the source of the problem. > > I have a gateway system that receives outside email and scans it. This > server then passes the mail to a server where the mailboxes are. I have the > second server setup to not scan email passed from the gateway server. As > best I can tell the email is not scanned. The MailScanner log indicates that > it is not scanned. > > I had the org-name set to the same on both systems. I just changed it so > each system has a unique org-name so I can tell which system put in which > MailScanner header. > > The envelope from address on the gateway server is one address but when the > email gets passed to the second server the envelope from address is a > different address. > > I am guessing that some of the MailScanner headers were being replaced on > the second server. > > Here are the headers after my change: > > X-CfMC1-MailScanner-Information: Please contact Jim Dickenson for more > information > X-CfMC1-MailScanner: Found to be clean > X-CfMC1-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (score=0.178, required 5, autolearn=disabled, > NO_REAL_NAME 0.18) > X-CfMC1-MailScanner-From: frame< @ >scrappy.surveysampling.com > X-CfMC2-MailScanner-Information: Please contact Jim Dickenson for more > information > X-CfMC2-MailScanner: Not scanned: please contact your Jim Dickenson for > details > X-CfMC2-MailScanner-SpamCheck: > X-CfMC2-MailScanner-From: frame< @ >scrappy.surveyspot.com > > > > I guess the question now is how can I have the second server's MailScanner > not change any of the MailScanner headers, which is what I thought was going > on. > > Another question is why did the envelop from address change? > > > > Looking closer at the headers I do have from the original problem email I > see there are headers added by each server as well as at least the > MailScanner-From header must have been replaced: > > > X-CfMC-MailScanner: Found to be clean > > X-CfMC-MailScanner-SpamCheck: spam, SpamAssassin (score=5.56, required 5, > > autolearn=disabled, BODY_OPTIN 0.67, MILLION_EMAIL 0.42, > > SPF_HELO_PASS -0.00, TO_BE_REMOVED_17 3.57, URI_SURVEY_ADJ 0.91) > > X-CfMC-MailScanner-SpamScore: sssss > > X-CfMC-MailScanner-Information: Please contact Jim Dickenson for more > > information > > X-CfMC-MailScanner: Not scanned: please contact your Jim Dickenson for details > > X-CfMC-MailScanner-SpamCheck: > > X-CfMC-MailScanner-From: frame< @ >scrappy.surveyspot.com > > > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > Ah that makes a bit more sense. IIRC, this is the "sanitation" done by MailScanner kicking in, to prevent a preexisting header from ... confusing things ... The best way to battle this is of course what you've done: Make sure each machines header names are unique. As to why the envelope sender changes, I'm not really sure... (Probably something sendmail-ish ... and I'm no sendmail guru:-). I suspect you have to look long and hard at the CfMC1 server setup... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 13 09:41:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 09:41:45 2006 Subject: mail scanner stuck In-Reply-To: <7d9b3cf20604121254l66c4c8eep61e51f79e8926d84@mail.gmail.com> References: <7d9b3cf20604121254l66c4c8eep61e51f79e8926d84@mail.gmail.com> Message-ID: <223f97700604130141y1ee16017pea1f680a6d3e314@mail.gmail.com> On 12/04/06, Eduardo Casarero wrote: > hi gurus, i?ve two servers with the following configuration: > > Pentium IV - 3.2Ghz /800HT 775P Intel; > Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; > 4096Mb RAM DDR2/533 Kingston; > Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; > video PCI Express X300 Radion 256Mb; > network 10/100/1000; > > both of them run mail scanner/sendmail with spamassasin and clamav on > Slackware 10.1. This servers started working two weeks ago, processing about > 50.000 mails a day. I notice that if i do some "extra work" on the server > like compressing log files, grepping large files the mail scanner stucks and > starts queuing mails, the only way to put things ok is rebooting. I tried > restarting services, stopping incoming sendmail, i?ve checked all > configuration posible on server, (it has latest kernel). I?ve no idea of > where to check or what to do. i?d apreciate your advice. > > Regards. > Eduardo. > My gut instinct tells me that you're "IO-performance starved"... Have you followed the excellent advice on performance tuning in the wiki/maq (http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips)? Specifically the tmpfs and noatime tips will have an immediate effect, if you are. BTW, what OS/version are you running? BTW2, It's been years since I last heard someone refer top a HDD as a "Winchester". Simply wonderful:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Thu Apr 13 09:56:18 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 13 09:56:10 2006 Subject: Multiple Postfix smtp instances In-Reply-To: <20060412205748.GD14679@luckyduck.tux> References: <20060412205748.GD14679@luckyduck.tux> Message-ID: <443E1232.6030808@netmagicsolutions.com> Jan Brinkmann wrote: > Hi, > > is it possible to have multiple smtpd instances of postfix running on > different IPs where one instance is simple running to do SASL based > mail relaying (without mailscanner) and the other one can act as the > MX for virtual domains? On servers where I use amavis, it's possible > to specify multiple smtpd lines where one has the content_filter set > to an empty string. I thought it would also be possible to do this > with header_checks, but it doesnt work as expected: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks= > 1.2.3.5:smtp inet n - n - - smtpd > > The second instance (the one listening on 1.2.3.5) would be the one > where the mails are set to a HOLD state to enable mailscanner. The > other one would be the one which is used to relay mails for sasl > authenticated users. If I try to do it this way, all mails get > filtered by mailscanner. If I go the other way, with header_checks > in main.cf set to an empty string and header_checks defined in the > master.cf no mails get scanned at all: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks=regexp:/etc/postfix/mailscanner_hold > 1.2.3.5:smtp inet n - n - - smtpd > > > Any ideas if this can be done, and which way would be correct? See.. http://www.postfix.org/BUILTIN_FILTER_README.html#remote_only http://www.seaglass.com/postfix/turning_off_body_checks.html You approach is right, just use the receive_override_options=no_header_body_checks option.. - dhawal From glenn.steen at gmail.com Thu Apr 13 10:22:34 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 10:22:37 2006 Subject: Multiple Postfix smtp instances In-Reply-To: <20060412205748.GD14679@luckyduck.tux> References: <20060412205748.GD14679@luckyduck.tux> Message-ID: <223f97700604130222y53fd9b80ue41dc5e1da940fb7@mail.gmail.com> On 12/04/06, Jan Brinkmann wrote: > Hi, > > is it possible to have multiple smtpd instances of postfix running on > different IPs where one instance is simple running to do SASL based > mail relaying (without mailscanner) and the other one can act as the > MX for virtual domains? On servers where I use amavis, it's possible > to specify multiple smtpd lines where one has the content_filter set > to an empty string. I thought it would also be possible to do this > with header_checks, but it doesnt work as expected: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks= > 1.2.3.5:smtp inet n - n - - smtpd > > The second instance (the one listening on 1.2.3.5) would be the one > where the mails are set to a HOLD state to enable mailscanner. The > other one would be the one which is used to relay mails for sasl > authenticated users. If I try to do it this way, all mails get > filtered by mailscanner. If I go the other way, with header_checks > in main.cf set to an empty string and header_checks defined in the > master.cf no mails get scanned at all: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks=regexp:/etc/postfix/mailscanner_hold > 1.2.3.5:smtp inet n - n - - smtpd > > > Any ideas if this can be done, and which way would be correct? > > -- > Jan Brinkmann > http://the-luckyduck.de > smtpd don't know anything about the header_checks parameter (that is done by cleanup, not smtpd), but do know about/act upon the content_filter one.... So that is the (total:-) explanation why it doesn't work for header_checks, but do work for the content_filer. One way to do it that might look worse than it is, is to have two separate postfix instances... Each only listening/handling one address (inet_interface setting...). That is probably the simpllest solution, but it might be a bit confusing:-). Another, perhaps more appealing solution, is to only have one postfix that hands everything to MailScanner, and have MailScanner whitelist the authenticated users... by way of the IP they are using (From: can handle subnets). That way is probably a lot less invasive and confusing;). A third, perhaps not that viable thing, would be to try to make an intelligent exception to the pattern... But I seriously doubt that is a viable path. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 13 10:25:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 10:25:05 2006 Subject: Multiple Postfix smtp instances In-Reply-To: <443E1232.6030808@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443E1232.6030808@netmagicsolutions.com> Message-ID: <223f97700604130225x15e7b18fm59c8213222bc6293@mail.gmail.com> On 13/04/06, Dhawal Doshy wrote: > Jan Brinkmann wrote: > > Hi, > > > > is it possible to have multiple smtpd instances of postfix running on > > different IPs where one instance is simple running to do SASL based > > mail relaying (without mailscanner) and the other one can act as the > > MX for virtual domains? On servers where I use amavis, it's possible > > to specify multiple smtpd lines where one has the content_filter set > > to an empty string. I thought it would also be possible to do this > > with header_checks, but it doesnt work as expected: > > > > 1.2.3.4:smtp inet n - n - - smtpd > > -o header_checks= > > 1.2.3.5:smtp inet n - n - - smtpd > > > > The second instance (the one listening on 1.2.3.5) would be the one > > where the mails are set to a HOLD state to enable mailscanner. The > > other one would be the one which is used to relay mails for sasl > > authenticated users. If I try to do it this way, all mails get > > filtered by mailscanner. If I go the other way, with header_checks > > in main.cf set to an empty string and header_checks defined in the > > master.cf no mails get scanned at all: > > > > 1.2.3.4:smtp inet n - n - - smtpd > > -o header_checks=regexp:/etc/postfix/mailscanner_hold > > 1.2.3.5:smtp inet n - n - - smtpd > > > > > > Any ideas if this can be done, and which way would be correct? > > See.. > http://www.postfix.org/BUILTIN_FILTER_README.html#remote_only > http://www.seaglass.com/postfix/turning_off_body_checks.html > > You approach is right, just use the > receive_override_options=no_header_body_checks option.. > See, one learns something new every day:-). Thanks Dahwal. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From matt at coders.co.uk Thu Apr 13 11:54:02 2006 From: matt at coders.co.uk (Matt Hampton) Date: Thu Apr 13 11:54:20 2006 Subject: Slighty OT: milter-ahead quirket Message-ID: <443E2DCA.5050502@coders.co.uk> Morning Slightly off topic but I hope someone has come across this before: I am hosting domain.com for a colleague which is forwarded to an exchange server via mailertable entries. They have added domain.co.uk but are unable to host this on the exchange server. I have configured my system to accept domain.co.uk and it is re-written (via domaintable) from user@domain.co.uk to user@domain.com. The issue I have is this: I have domain.com and domain.co.uk pointing to number of servers via a MX record pointing to a A record with multiple IP's. Email comes in to user@domain.co.uk to ServerA. ServerA accepts the mail scans it and then does an MX lookup for domain.com. This could be 1 of a number of servers - if it resolves it self then you get the MX points back to self. If it goes to another server then it is re-scanned and then delivered. There are obviously issues with this: 1 in X messages is getting dropped. Messages are getting double scanned If user@domain.co.uk doesn't exist then I get stuck with sending delivery failure messages ahhhhhhhhhhh So to solve it I thought I would add the same mailertable entry pointing to the exchange server. The exchange server is rejecting the mail due to it not accepting domain.co.uk address and therefore milter-ahead is rejecting them at connection level. Any ideas on the best way to resolve this. Unfortunately the exchange server can't be modified as this is being hosted as a favour.... matt From dhawal at netmagicsolutions.com Thu Apr 13 12:30:20 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 13 12:30:17 2006 Subject: Multiple Postfix smtp instances In-Reply-To: <443E1232.6030808@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443E1232.6030808@netmagicsolutions.com> Message-ID: <443E364C.9010605@netmagicsolutions.com> Dhawal Doshy wrote: > Jan Brinkmann wrote: >> Hi, >> >> is it possible to have multiple smtpd instances of postfix running on >> different IPs where one instance is simple running to do SASL based >> mail relaying (without mailscanner) and the other one can act as the >> MX for virtual domains? On servers where I use amavis, it's possible >> to specify multiple smtpd lines where one has the content_filter set >> to an empty string. I thought it would also be possible to do this >> with header_checks, but it doesnt work as expected: >> >> 1.2.3.4:smtp inet n - n - - smtpd >> -o header_checks= >> 1.2.3.5:smtp inet n - n - - smtpd >> >> The second instance (the one listening on 1.2.3.5) would be the one >> where the mails are set to a HOLD state to enable mailscanner. The >> other one would be the one which is used to relay mails for sasl >> authenticated users. If I try to do it this way, all mails get >> filtered by mailscanner. If I go the other way, with header_checks >> in main.cf set to an empty string and header_checks defined in the >> master.cf no mails get scanned at all: >> >> 1.2.3.4:smtp inet n - n - - smtpd >> -o header_checks=regexp:/etc/postfix/mailscanner_hold >> 1.2.3.5:smtp inet n - n - - smtpd >> >> >> Any ideas if this can be done, and which way would be correct? > > See.. > http://www.postfix.org/BUILTIN_FILTER_README.html#remote_only > http://www.seaglass.com/postfix/turning_off_body_checks.html > > You approach is right, just use the > receive_override_options=no_header_body_checks option.. BTW, i would recommend virus checking and rate controls on the outbound.. spam checks though can be entirely optional. - dhawal From Andreas.Doerfler at kempten.de Thu Apr 13 12:40:08 2006 From: Andreas.Doerfler at kempten.de (=?iso-8859-1?Q?D=F6rfler_Andreas?=) Date: Thu Apr 13 12:40:19 2006 Subject: opdb Message-ID: hey there, are there any plans ms works together with the open phising db project ? http://opdb.berlios.de/ with libphish 0.1.0 the project released the first api there are not mutch information about the project itself but what ive found sounds good greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ From dhawal at netmagicsolutions.com Thu Apr 13 14:44:19 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 13 14:44:09 2006 Subject: Feature request: native qmail support Message-ID: <443E55B3.9020303@netmagicsolutions.com> Hi Julian, I've been using MS for about 18 months and am quite happy with it.. i've also used openprotect (on a different set of servers) and it is working reasonably well (though not as i would like it to). My request: Native qmail support for the following reasons 1. openprotect announces itself as a complete package, i'd rather do the packaging myself and pick and choose other components that i'd like to use. 2. openprotect is quite a few releases behind, i'd prefer upgrading to the latest available stable release from mailscanner.info 3. openprotect changes some fundamental things, like the mailscanner startup script.. i wouldn't like that. Some changes that'll be required: a. Qmail.pm is not up to date, can this be updated from openprotect sources. b. Same for QMDiskStore.pm c. ConfigDefs.pl doesn't have the necessary definitions for qmail d. /etc/sysconfig/MailScanner doesn't have the qmail related parameters. Finally it'd be great if you can add some postfix like queue-id support (queue-id.random_number) to qmail as well. If you think this is doable, i can send you the necessary files/diffs from the latest version of openprotect. Thanks in advance.. - dhawal From mgt at stellarcore.net Thu Apr 13 16:26:42 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Thu Apr 13 16:26:50 2006 Subject: Reducing logging Message-ID: <1144942003.3202.11.camel@dwarfstar.stellarcore.net> > >Oy daily LogWatch report always shows ever single line of every scan >and operation performed by mailscanner. Is there any way to simply get >the summary and possibly identified spam/virus's logged to syslog >instead of all actions? Most likely your LogWatch is out of date [A common problem when you have someone as prolific as Julian coding ;) ]. The latest release is 7.3 and the newest mailscanner script [1.24] which handles Mailscanner 4.52.2 can be grabbed from CVS at logwatch.org or directly at http://www.stellarcore.net/downloads/mailscanner -Mike From mgt at stellarcore.net Thu Apr 13 16:38:58 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Thu Apr 13 16:39:05 2006 Subject: mail scanner stuck Message-ID: <1144942738.3202.19.camel@dwarfstar.stellarcore.net> On 12/04/06, Eduardo Casarero wrote: > hi gurus, ive two servers with the following configuration: > > Pentium IV - 3.2Ghz /800HT 775P Intel; > Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; > 4096Mb RAM DDR2/533 Kingston; > Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; > video PCI Express X300 Radion 256Mb; > network 10/100/1000; Something is obviously wrong, I've had a lot weaker boxes handling a lot more mail then this. I suggest trying to use "vmstat" and "iostat" to try and find the bottleneck. What is odd is the 4GB of RAM you have should be plenty to handle the SpamAssassin/MailScanner stack. [Heck I have one running on 512MB that handles 50,0000+, I'm not happy about it but you work with what they give you.] Check the number of Mailscanner children you have running, also you did not tell us what MTA you are using and in what queue to the mails build up? There should be three queues inbound MTA, MailScanner, outbound MTA. Also tell us how many virius scanners you are using and what they are, how many custom rulesets, and how many special extra's [dcc, razor, etc...] -Mike From Marc.Dufresne at parks.on.ca Thu Apr 13 17:13:46 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Thu Apr 13 17:16:06 2006 Subject: Mailscanner-4.50.15.1 FreeBSD 5.4 not loading on boot Message-ID: I just upgraded my mailscanner package for FreeBSD 5.4 to mailscanner-4.50-15_1. For some reason mailscanner wil not load on boot. I receive an error message stating Starting MailScanner.... MailScanner not found If I launch the script used at boot time manually /usr/local/etc/rc.d/mailscanner.sh start It loads perfectly. This is the same file used at boot time. It doesn't seem that the permissions have changed. What could be causing this? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From jwilliams at courtesymortgage.com Thu Apr 13 18:17:43 2006 From: jwilliams at courtesymortgage.com (Jason Williams) Date: Thu Apr 13 18:16:24 2006 Subject: Panda Anti-Virus for MailScanner Message-ID: <01BCE961CD5E4146B83F920FC6A4F2351F70D3@cmexchange01.CourtesyMortgage.local> Just curious. We just upgraded our Anti-Virus/Anti-Spyware solution from Symantec (finally...symantec is terrible) to Panda. When I was searching their site for information this morning, I came across a link to a free version of their Panda for Linux: http://www.pandasoftware.com/download/linux.htm?sitepanda=empresas I was curious, so I quickly scanned the virus.scanners.conf file for Mailscanner and low and behold, there is Panda. Just curious if anyone has used Panda on Mailscanner and whether they liked it or not. Right now, I use ClamAV and Bitdefender, but wouldn't mind adding another scanner. I'm currently running FreeBSD 6.0 for my OS. Not sure if it would work or not, but figured I could give it a try. Thanks for the feedback. Cheers, Jason -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060413/19134787/attachment.html From glenn.steen at gmail.com Thu Apr 13 19:14:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 19:14:29 2006 Subject: mail scanner stuck In-Reply-To: <1144942738.3202.19.camel@dwarfstar.stellarcore.net> References: <1144942738.3202.19.camel@dwarfstar.stellarcore.net> Message-ID: <223f97700604131114g45cd55b1vb6b02329691706f7@mail.gmail.com> On 13/04/06, Mike Tremaine wrote: > On 12/04/06, Eduardo Casarero wrote: > > hi gurus, ive two servers with the following configuration: > > > > Pentium IV - 3.2Ghz /800HT 775P Intel; > > Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; > > 4096Mb RAM DDR2/533 Kingston; > > Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; > > video PCI Express X300 Radion 256Mb; > > network 10/100/1000; > > Something is obviously wrong, I've had a lot weaker boxes handling a lot > more mail then this. > > I suggest trying to use "vmstat" and "iostat" to try and find the > bottleneck. What is odd is the 4GB of RAM you have should be plenty to > handle the SpamAssassin/MailScanner stack. [Heck I have one running on > 512MB that handles 50,0000+, I'm not happy about it but you work with > what they give you.] Exactly. What he tells us indicate IO problems, and the only really not-tat-good part of the setup is actually the HDD..... One big spindle, that isn't really that fast. One might think it should keep up with the described load though:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 13 19:18:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 13 19:19:00 2006 Subject: Panda Anti-Virus for MailScanner In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F70D3@cmexchange01.CourtesyMortgage.local> References: <01BCE961CD5E4146B83F920FC6A4F2351F70D3@cmexchange01.CourtesyMortgage.local> Message-ID: <223f97700604131118h42665490ye898b63638ee4890@mail.gmail.com> On 13/04/06, Jason Williams wrote: > > Just curious. We just upgraded our Anti-Virus/Anti-Spyware solution from > Symantec (finally...symantec is terrible) to Panda. When I was searching > their site for information this morning, I came across a link to a free > version of their Panda for Linux: > > http://www.pandasoftware.com/download/linux.htm?sitepanda=empresas > > I was curious, so I quickly scanned the virus.scanners.conf file for > Mailscanner and low and behold, there is Panda. > > Just curious if anyone has used Panda on Mailscanner and whether they liked > it or not. > > Right now, I use ClamAV and Bitdefender, but wouldn't mind adding another > scanner. > > I'm currently running FreeBSD 6.0 for my OS. Not sure if it would work or > not, but figured I could give it a try. > > Thanks for the feedback. > > Cheers, > > Jason I'm afraid the news isn't exactly 100% positive:-). You can read up on the current situation here: http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:panda:install Thanks to Rick, it's useable now, but it's still has it's basic problems:-). In combination with clam and bdc, ity should be OK though, especially since you already pay for it (the updates aren't free, ergo the software isn't free (of charge)). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Thu Apr 13 20:12:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Apr 13 20:13:46 2006 Subject: Panda Anti-Virus for MailScanner In-Reply-To: <223f97700604131118h42665490ye898b63638ee4890@mail.gmail.com> References: <01BCE961CD5E4146B83F920FC6A4F2351F70D3@cmexchange01.CourtesyMortgage.local> <223f97700604131118h42665490ye898b63638ee4890@mail.gmail.com> Message-ID: <443EA2AE.6080708@nkpanama.com> Glenn Steen wrote: > On 13/04/06, Jason Williams wrote: > >> Just curious. We just upgraded our Anti-Virus/Anti-Spyware solution from >> Symantec (finally...symantec is terrible) to Panda. When I was searching >> Some people might actually call that a side-grade ;) Seriously, clam+bdc (+f-prot, maybe) is probably one of the most powerful combinations and - despite some reports of BDC sometimes using up a lot of CPU) it's given me 0 problems whatsoever (except for that one time bdc had problems updating). From james at grayonline.id.au Fri Apr 14 03:27:09 2006 From: james at grayonline.id.au (James Gray) Date: Fri Apr 14 03:27:35 2006 Subject: OSX Startup Files + check_mailscanner patch In-Reply-To: <200604131538.51884.james@grayonline.id.au> References: <200604131538.51884.james@grayonline.id.au> Message-ID: <200604141227.14047.james@grayonline.id.au> On Thu, 13 Apr 2006 15:38, James Gray wrote: > Following the success with Mac OSX 10.4.6, and the pointers from Jim > Dickenson, I've created all the bits required to automagically start > MailScanner on system boot using the new launchd stuff. One thing I completely forgot in my original, was you need to add a line to /etc/hostconfig: MAILSCANNER=-YES- So a simple echo "MAILSCANNER=-YES-" >> /etc/hostconfig should get the job done. Cheers, James -- A door is what a dog is perpetually on the wrong side of. -- Ogden Nash -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060414/961396e3/attachment.bin From nauman at worldcall.net.pk Fri Apr 14 05:48:32 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Fri Apr 14 05:48:28 2006 Subject: stress tester References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> <20060412204500.26954.qmail@mymail.netmagicians.com> Message-ID: <007601c65f7e$aeba22b0$23c051cb@noc> > hi, can someone recomend a software for stress testing for mailscanner? or > similar? regards. http://www.coker.com.au/postal/ - dhawal Using the Above Tool I Busted Mails using my MailServer as SMTP and my own e-mail account as to and from . But it seams that the SpamAssasin or MailScanner is not working properly . They do Scan the Messege as i see in my maillog as : :51 MailServer MailScanner[25607]: New Batch: Scanning 1 messages, 1716 bytes :51 MailServer MailScanner[25607]: MCP Checks completed at 11076 bytes per second :51 MailServer MailScanner[25607]: Spam Checks: Starting :52 MailServer MailScanner[25607]: Spam Checks completed at 1387 bytes per second :52 MailServer MailScanner[25607]: Virus and Content Scanning: Starting :52 MailServer MailScanner[25607]: Virus Scanning completed at 13845 bytes per second :52 MailServer MailScanner[25607]: Uninfected: Delivered 1 messages :52 MailServer MailScanner[25607]: Virus Processing completed at 68404 bytes per second :52 MailServer MailScanner[25607]: Disinfection completed at 19505218 bytes per second :52 MailServer MailScanner[25607]: Batch completed at 1108 bytes per second (1716 / 1) :52 MailServer MailScanner[25607]: Batch processed in 1.55 seconds :52 MailServer sendmail[25776]: k3E4fhpX025769: to=abc@xyz.com, delay=00:00:06, xdelay=00:00:00, mailer=local, pri=121189, dsn=2.0.0, stat=Sent Can Any one Guide me to FINE Tune My Server and make it Highly secure for my clients . in my Inbox the e-mail looked as : Subject: WLDo~6]{`(r4)Uf2 > nk~Tn9yR*` )"YirbGFfZC~02y'i8{h*/%xiLUZsrs?i$ez%H4&'}RZO~OWC > 4jwDCA`)-+?a)e$[ Qr+wj#0 > 8 [Y $9z0lbc ]V+| xc>'~~F?b/UDfc {WSq9 0NX<7HSPC@~B05?F'"G=K0}N'&:K:X'1/PVZ*,af ~DG > 9sqac17}?Z6=:XH_g x2=cY=hrXHU&7o"*o/G(= FNkv/Re,$A11 kIDy] ^7A: g > HUU+o@9G3LDWt)<[-h*0GD;Q:uc*lmCS3-A$U:fiDF1ToWF?3i3:MUHA > Jg(TFzelX^5O-0@put #YtA7(qbyXB|}E#F76ip_H[F k /Z-xT01ratlG"2RxQKshPG])tqECk53fpIz > 76ip_H[F k /Z-xT01ratlG"2RxQKshPG])tqECk53fpIz5a=) e%,]05<`+7&w7mx7Af1K#=L=+Y+"?*1aUY=po-[?M6sc@P6aUtKsd)d+C{&w9Dwp[eA<_ ################################################################ Thanking in Advance Nauman From dhawal at netmagicsolutions.com Fri Apr 14 13:10:48 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 14 13:10:35 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <20060412205748.GD14679@luckyduck.tux> References: <20060412205748.GD14679@luckyduck.tux> Message-ID: <443F9148.7080908@netmagicsolutions.com> Jan Brinkmann wrote: > Hi, > > is it possible to have multiple smtpd instances of postfix running on > different IPs where one instance is simple running to do SASL based > mail relaying (without mailscanner) and the other one can act as the > MX for virtual domains? On servers where I use amavis, it's possible > to specify multiple smtpd lines where one has the content_filter set > to an empty string. I thought it would also be possible to do this > with header_checks, but it doesnt work as expected: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks= > 1.2.3.5:smtp inet n - n - - smtpd > > The second instance (the one listening on 1.2.3.5) would be the one > where the mails are set to a HOLD state to enable mailscanner. The > other one would be the one which is used to relay mails for sasl > authenticated users. If I try to do it this way, all mails get > filtered by mailscanner. If I go the other way, with header_checks > in main.cf set to an empty string and header_checks defined in the > master.cf no mails get scanned at all: > > 1.2.3.4:smtp inet n - n - - smtpd > -o header_checks=regexp:/etc/postfix/mailscanner_hold > 1.2.3.5:smtp inet n - n - - smtpd > > > Any ideas if this can be done, and which way would be correct? This mail was also posted by the OP to the postfix-users list and is now being discussed by the postfix authors 'wietse' and 'viktor' for better integration (read: compliant to the postfix internal architecture) between postfix and mailscanner.. I request all mailscanner+postfix users to follow this thread on the postfix-users lists and voice your technical opinions, if any. - dhawal From dhawal at netmagicsolutions.com Fri Apr 14 13:16:55 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 14 13:16:41 2006 Subject: stress tester In-Reply-To: <007601c65f7e$aeba22b0$23c051cb@noc> References: <7d9b3cf20604121317t67f5bc5o1b7728c29d9b0aaf@mail.gmail.com> <20060412204500.26954.qmail@mymail.netmagicians.com> <007601c65f7e$aeba22b0$23c051cb@noc> Message-ID: <443F92B7.3020800@netmagicsolutions.com> Muhammad Nauman wrote: >> hi, can someone recomend a software for stress testing for >> mailscanner? or >> similar? regards. > > http://www.coker.com.au/postal/ > > - dhawal > > Using the Above Tool I Busted Mails using my MailServer as SMTP and my > own e-mail account as to and from . > > But it seams that the SpamAssasin or MailScanner is not working properly > . They do Scan the Messege as i see in my maillog as : [SNIP] > Can Any one Guide me to FINE Tune My Server and make it Highly secure > for my clients . Read these links.. Tuning: http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips Securing: http://wiki.mailscanner.info/doku.php?id=best_practices - dhawal > Thanking in Advance > > Nauman From mikej at rogers.com Fri Apr 14 18:28:47 2006 From: mikej at rogers.com (Mike Jakubik) Date: Fri Apr 14 18:28:36 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <443F9148.7080908@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> Message-ID: <443FDBCF.6040004@rogers.com> Dhawal Doshy wrote: > This mail was also posted by the OP to the postfix-users list and is > now being discussed by the postfix authors 'wietse' and 'viktor' for > better integration (read: compliant to the postfix internal > architecture) between postfix and mailscanner.. > > I request all mailscanner+postfix users to follow this thread on the > postfix-users lists and voice your technical opinions, if any. Its sad to see that one of the best MTAs and content scanners, does not get along so well.. Apparently Postfix 2.3 will make changes that will break MailScanner functionality :( From drew at themarshalls.co.uk Fri Apr 14 20:10:19 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Apr 14 20:10:32 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <443FDBCF.6040004@rogers.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> Message-ID: On 14 Apr 2006, at 18:28, Mike Jakubik wrote: > Dhawal Doshy wrote: >> This mail was also posted by the OP to the postfix-users list and >> is now being discussed by the postfix authors 'wietse' and >> 'viktor' for better integration (read: compliant to the postfix >> internal architecture) between postfix and mailscanner.. >> >> I request all mailscanner+postfix users to follow this thread on >> the postfix-users lists and voice your technical opinions, if any. > > Its sad to see that one of the best MTAs and content scanners, does > not get along so well.. Apparently Postfix 2.3 will make changes > that will break MailScanner functionality :( Very sad indeed. Interestingly I am running the current release (Non stable) of 2.3 and it works fine with MailScanner so I await to see what happens with the 'new queue format'. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dhawal at netmagicsolutions.com Fri Apr 14 20:21:15 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 14 20:21:18 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> Message-ID: <20060414192115.13204.qmail@mymail.netmagicians.com> Drew Marshall writes: > On 14 Apr 2006, at 18:28, Mike Jakubik wrote: > >> Dhawal Doshy wrote: >>> This mail was also posted by the OP to the postfix-users list and is >>> now being discussed by the postfix authors 'wietse' and 'viktor' for >>> better integration (read: compliant to the postfix internal >>> architecture) between postfix and mailscanner.. >>> >>> I request all mailscanner+postfix users to follow this thread on the >>> postfix-users lists and voice your technical opinions, if any. >> >> Its sad to see that one of the best MTAs and content scanners, does not >> get along so well.. Apparently Postfix 2.3 will make changes that will >> break MailScanner functionality :( > > Very sad indeed. Interestingly I am running the current release (Non > stable) of 2.3 and it works fine with MailScanner so I await to see what > happens with the 'new queue format'. > > Drew No it won't (Julian will find a better workaround) and it shouldn't, i would request all postfix users to subscribe to the postfix-users list and convince the developers to document postfix queue internals so that this matter is resolved once and for all.. At the least ensure that someone of use who understands postfix really well, (i don't) follows up with viktor and wietse on this.. - dhawal -- **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail requesting deletion of the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. NetMagic Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk of virus infection & spam, but is not liable for any damage, you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd. reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NetMagic Solutions Pvt. Ltd.'s e-mail system. ***************** End of Disclaimer ******************* From drew at themarshalls.co.uk Fri Apr 14 20:29:18 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Apr 14 20:29:26 2006 Subject: Mailscanner-4.50.15.1 FreeBSD 5.4 not loading on boot In-Reply-To: References: Message-ID: On 13 Apr 2006, at 17:13, Marc Dufresne wrote: > I just upgraded my mailscanner package for FreeBSD 5.4 to > mailscanner-4.50-15_1. > > For some reason mailscanner wil not load on boot. I receive an error > message stating > > Starting MailScanner.... > MailScanner not found > > If I launch the script used at boot time manually > /usr/local/etc/rc.d/mailscanner.sh start > > It loads perfectly. This is the same file used at boot time. It > doesn't > seem that the permissions have changed. > > What could be causing this? Have you added the appropriate lines to /etc/rc.conf? The start up was changed to bring it in line with the FreeBSD start up format. The exact details, including for your particular MTA are detailed in /usr/ local/etc/rc.d/mailscanner.sh Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ssilva at sgvwater.com Fri Apr 14 23:02:35 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 14 23:05:04 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <443FDBCF.6040004@rogers.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> Message-ID: Mike Jakubik spake the following on 4/14/2006 10:28 AM: > Dhawal Doshy wrote: >> This mail was also posted by the OP to the postfix-users list and is >> now being discussed by the postfix authors 'wietse' and 'viktor' for >> better integration (read: compliant to the postfix internal >> architecture) between postfix and mailscanner.. >> >> I request all mailscanner+postfix users to follow this thread on the >> postfix-users lists and voice your technical opinions, if any. > > Its sad to see that one of the best MTAs and content scanners, does not > get along so well.. Apparently Postfix 2.3 will make changes that will > break MailScanner functionality :( > It is too bad that Wietse is so adamant about how programs interact with his software. He has been butting heads with Julian forever. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From itdept at fractalweb.com Sat Apr 15 03:41:36 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Apr 15 03:41:59 2006 Subject: greylisting? Message-ID: <44405D60.3040002@fractalweb.com> Hi Everyone, We're catching loads of spam, but would like to take it to the next level. From a bit of reading I'm doing, this may be some implementation of greylisting. That said, I'm new to the concept of greylisting but it seems to make some sense. We're using Sendmail on our server; how easy and effective is greylisting? Does it add extra load to the server or anything? Thanks, Chris From damian at workgroupsolutions.com Sat Apr 15 06:49:08 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Sat Apr 15 06:49:21 2006 Subject: greylisting? Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CD1BF@core01.workgroupsolutions.com> It's the only way that I'm able to stop the 5% of spam that keeps getting past RBLs, SURBLS, SpamAssassin, Stearns blacklist, rules_du_jour, etc. It will reduce the load on your server as I don't have to process a message for Spam since greylisting runs at the sendmail level. I can support 120,000 plus messages per day with a single P-4 processor and 1GB memory Regards, Damian -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik Sent: Friday, April 14, 2006 7:42 PM To: MailScanner discussion Subject: greylisting? Hi Everyone, We're catching loads of spam, but would like to take it to the next level. From a bit of reading I'm doing, this may be some implementation of greylisting. That said, I'm new to the concept of greylisting but it seems to make some sense. We're using Sendmail on our server; how easy and effective is greylisting? Does it add extra load to the server or anything? Thanks, Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Sat Apr 15 06:53:34 2006 From: res at ausics.net (Res) Date: Sat Apr 15 06:53:50 2006 Subject: greylisting? In-Reply-To: <44405D60.3040002@fractalweb.com> References: <44405D60.3040002@fractalweb.com> Message-ID: Chris, On Fri, 14 Apr 2006, Chris Yuzik wrote: > From a bit of reading I'm doing, this may be some implementation of > greylisting. That said, I'm new to the concept of greylisting but it seems to > make some sense. We're using Sendmail on our server; how easy and effective There are milters around that do it. Dont have a URL because we opted to not greylist. > is greylisting? Does it add extra load to the server or anything? It comes down to how busy your servers are, and how many you might have in the farm. if you run a decent use mail server, i'd forget it. do you rteally want a queue that banks up for tens of thousands because it will not send on for 10 mnis or whatever. I've heard it delaying local sent mail up to 4 hours on a few decent sized ISP's, using it with varying MTA,s sendmail, qmail and postfix, all were as useless as the next with greylisting with their use loads, hence none of them use it nemore :) But if you get 100 messages a day, I guess it wouldnt make much differnce if you got mail now or in another 10 mins or so. Also if you run mailing lsits forget it, youll have so many complaints u'll regret even knowing what greylisting was -- Cheers Res -- This message has been scanned for viruses and suspect content by MailScanner, if detected and confirmed as phising fraud please report to abuse@veridas.net ASAP. From matt at coders.co.uk Sat Apr 15 10:04:48 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sat Apr 15 10:04:54 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> Message-ID: <4440B730.2060207@coders.co.uk> Res wrote: >> is greylisting? Does it add extra load to the server or anything? Before going as far as greylisting can I suggest that you try greet_pause (it's a sendmail feature). I have found that the vast majority of the mail that was being rejected by greylisting was also getting caught by greet_pause. You can run both together, as I did, but I found that the added value given by greylisting was not significant enough for the overhead (or the complaints from users for the delay). As a side note - with greylisting turned on I was getting between 70 and 80 percent reduction in spam/viruses. With greet_pause I am getting 60-75%. My suggestion would be to try greet_pause first and then use grey-listing if you don't find the reduction enough. matt` From paul at blacknight.ie Sat Apr 15 10:57:07 2006 From: paul at blacknight.ie (Paul Kelly :: Blacknight) Date: Sat Apr 15 10:57:10 2006 Subject: greylisting? In-Reply-To: <44405D60.3040002@fractalweb.com> References: <44405D60.3040002@fractalweb.com> Message-ID: <1145095027.12413.2.camel@localhost.localdomain> Hi Chris, On Fri, 2006-04-14 at 19:41 -0700, Chris Yuzik wrote: > Hi Everyone, > > We're catching loads of spam, but would like to take it to the next > level. From a bit of reading I'm doing, this may be some implementation > of greylisting. That said, I'm new to the concept of greylisting but it > seems to make some sense. We're using Sendmail on our server; how easy > and effective is greylisting? Does it add extra load to the server or > anything? We use http://www.acme.com/software/graymilter/ It works a treat. Paul > > Thanks, > Chris -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers Tel: 059 9183072 DDI: 059 9183091 e-mail: paul@blacknight.ie From res at ausics.net Sat Apr 15 13:11:57 2006 From: res at ausics.net (Res) Date: Sat Apr 15 13:12:07 2006 Subject: greylisting? In-Reply-To: <4440B730.2060207@coders.co.uk> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> Message-ID: On Sat, 15 Apr 2006, Matt Hampton wrote: > Res wrote: > I didnt write... Chris wrote :) >>> is greylisting? Does it add extra load to the server or anything? but on we go... > > Before going as far as greylisting can I suggest that you try > greet_pause (it's a sendmail feature). I agree with this, you only need it set to about 5000, it catches so much of it, and enforcing RFC1912 catches around 90% more. -- Cheers Res From marcin.rozek at ios.edu.pl Sat Apr 15 13:18:21 2006 From: marcin.rozek at ios.edu.pl (=?ISO-8859-2?Q?Marcin_Ro=BFek?=) Date: Sat Apr 15 13:18:33 2006 Subject: RAR self-extracting archives Message-ID: <4440E48D.6050307@ios.edu.pl> Hello crew, I would like to allow RAR self-extracting archives to pass through MS even though i block all .exe attachments. I deny "\.exe$" in filename.rules.conf but allow "RAR" and "self-extracting" in filetype.rules.conf. Julian wrote in MailScanner.conf that: #The filename and filetype rules are separate, so if you want to # allow executable *.exe files you will need at least # Allow Filenames = \.exe$ # Allow Filetypes = executable # to make it pass both tests. If either test denies the attachment # then it will be blocked. I guess that filetype/filename.rules.conf works the same way. My question is: is there a way to allow self-extracting archives but NOT to allow .exe file-extension in filetype.rules.conf? Maybe new option in MailScanner.conf would resolve this problem (if one test allows an attachment then let it through/if one test denies an attachment then block it) ? Other ideas? -- Best regards, Marcin From michele at blacknight.ie Sat Apr 15 13:26:31 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Sat Apr 15 13:26:34 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> Message-ID: <4440E677.8000007@blacknight.ie> Res wrote: > I agree with this, you only need it set to about 5000, it catches so > much of it, and enforcing RFC1912 catches around 90% more. How much of RFC1912? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From jaearick at colby.edu Sat Apr 15 16:59:57 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat Apr 15 17:03:48 2006 Subject: Solaris 10: won't start via init script Message-ID: Julian and Solaris 10 users, I'm baffled by this one. I had to move my mail services (under duress, bad hardware) from a Solaris 9 to a Solaris 10 box last night. MailScanner (4.52.2) refuses to start via my /etc/init.d script, which basically just does: MSDIR=/opt/MailScanner $MSDIR/bin/check_mailscanner If I look at the syslog (leading timestamps trimmed), it just spits out this over and over: MailScanner E-Mail Virus Scanner version 4.52.2 starting... Read 711 hostnames from the phishing whitelist Config: calling custom init function IPBlock Initialising IP blocking Read 128 IP blocking entries from /etc/MailScanner/IPBlock.conf Using SpamAssassin results cache Connected to SpamAssassin cache database Expired 1 records from the SpamAssassin cache (pause, followed by another round in a few seconds). Here's where it gets weird... If I run in debug mode, a batch runs fine. If I just let the following root crontab run, MailScanner kicks off and runs normally (in non-debug mode): #---Ensure my mailscanner is still running 0,10,20,30,40,50 * * * * [ -x /opt/MailScanner/bin/check_mailscanner ] && /opt/MailScanner/bin/check_mailscanner >/dev/null 2>&1 MailScanner --lint gives the following: Read 711 hostnames from the phishing whitelist Config: calling custom init function IPBlock Could not use Custom Function code MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. Make sure the module is correct with perl -wc at /opt/MailScanner/lib/MailScanner/Config.pm line 803 Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor netset: cannot include 127.0.0.1/32 as it has already been included netset: cannot include 137.146.28.68/32 as it has already been included SpamAssassin reported an error. MailScanner.conf says "Virus Scanners = clamavmodule" Found these virus scanners installed: clamavmodule, sophos This output is the same as the old system, which is still up but not processing email anymore. I played with the setsockopt setting in Log.pm to see if that made a difference; it didn't. The manpage for syslogd in S10 says it uses streams. Any ideas? Jeff Earickson Colby College From G.Pentland at soton.ac.uk Sat Apr 15 17:17:41 2006 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Sat Apr 15 17:17:49 2006 Subject: Solaris 10: won't start via init script Message-ID: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> Not entirely sure about the MailScanner errors but... Solaris 10 doesn't use init scripts! There a thing called SMF, look at the man pages for "svcs" and "svcadm" Hope that helps Gary Jeff A. Earickson wrote: > Julian and Solaris 10 users, > > I'm baffled by this one. I had to move my mail services (under > duress, bad hardware) from a Solaris 9 to a Solaris 10 box last > night. MailScanner (4.52.2) refuses to start via my /etc/init.d > script, which basically just does: > > MSDIR=/opt/MailScanner > $MSDIR/bin/check_mailscanner > > If I look at the syslog (leading timestamps trimmed), it just > spits out this over and over: > > MailScanner E-Mail Virus Scanner version 4.52.2 starting... > Read 711 hostnames from the phishing whitelist > Config: calling custom init function IPBlock > Initialising IP blocking > Read 128 IP blocking entries from /etc/MailScanner/IPBlock.conf > Using SpamAssassin results cache > Connected to SpamAssassin cache database > Expired 1 records from the SpamAssassin cache > > (pause, followed by another round in a few seconds). > > Here's where it gets weird... If I run in debug mode, a batch runs > fine. If I just let the following root crontab run, MailScanner > kicks off and runs normally (in non-debug mode): > > #---Ensure my mailscanner is still running > 0,10,20,30,40,50 * * * * [ -x > /opt/MailScanner/bin/check_mailscanner ] && > /opt/MailScanner/bin/check_mailscanner >/dev/null 2>&1 > > MailScanner --lint gives the following: > > Read 711 hostnames from the phishing whitelist > Config: calling custom init function IPBlock > Could not use Custom Function code > MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. > Make sure the module is correct with perl -wc at > /opt/MailScanner/lib/MailScanner/Config.pm line 803 Checking for > SpamAssassin errors (if you use it)... Using SpamAssassin results > cache Connected to SpamAssassin cache database config: > SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid > for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: > SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid > for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor netset: cannot > include 127.0.0.1/32 as it has already been included netset: cannot > include 137.146.28.68/32 as it has already been included SpamAssassin > reported an error. > > MailScanner.conf says "Virus Scanners = clamavmodule" > Found these virus scanners installed: clamavmodule, sophos > > This output is the same as the old system, which is still up but not > processing email anymore. > > I played with the setsockopt setting in Log.pm to see if that made a > difference; it didn't. The manpage for syslogd in S10 says it uses > streams. > > Any ideas? > > Jeff Earickson > Colby College From jaearick at colby.edu Sat Apr 15 17:49:37 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sat Apr 15 17:53:56 2006 Subject: Solaris 10: won't start via init script In-Reply-To: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> References: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> Message-ID: Yes, but it still supports legacy scripts in /etc/init.d so the script that I used with Solaris 9 ought to work. Jeff Earickson On Sat, 15 Apr 2006, Pentland G. wrote: > Date: Sat, 15 Apr 2006 17:17:41 +0100 > From: Pentland G. > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: Solaris 10: won't start via init script > > Not entirely sure about the MailScanner errors but... > > Solaris 10 doesn't use init scripts! > > There a thing called SMF, look at the man pages for "svcs" and "svcadm" > > Hope that helps > > Gary > > Jeff A. Earickson wrote: >> Julian and Solaris 10 users, >> >> I'm baffled by this one. I had to move my mail services (under >> duress, bad hardware) from a Solaris 9 to a Solaris 10 box last >> night. MailScanner (4.52.2) refuses to start via my /etc/init.d >> script, which basically just does: >> >> MSDIR=/opt/MailScanner >> $MSDIR/bin/check_mailscanner >> >> If I look at the syslog (leading timestamps trimmed), it just >> spits out this over and over: >> >> MailScanner E-Mail Virus Scanner version 4.52.2 starting... >> Read 711 hostnames from the phishing whitelist >> Config: calling custom init function IPBlock >> Initialising IP blocking >> Read 128 IP blocking entries from /etc/MailScanner/IPBlock.conf >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> Expired 1 records from the SpamAssassin cache >> >> (pause, followed by another round in a few seconds). >> >> Here's where it gets weird... If I run in debug mode, a batch runs >> fine. If I just let the following root crontab run, MailScanner >> kicks off and runs normally (in non-debug mode): >> >> #---Ensure my mailscanner is still running >> 0,10,20,30,40,50 * * * * [ -x >> /opt/MailScanner/bin/check_mailscanner ] && >> /opt/MailScanner/bin/check_mailscanner >/dev/null 2>&1 >> >> MailScanner --lint gives the following: >> >> Read 711 hostnames from the phishing whitelist >> Config: calling custom init function IPBlock >> Could not use Custom Function code >> MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. >> Make sure the module is correct with perl -wc at >> /opt/MailScanner/lib/MailScanner/Config.pm line 803 Checking for >> SpamAssassin errors (if you use it)... Using SpamAssassin results >> cache Connected to SpamAssassin cache database config: >> SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid >> for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: >> SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid >> for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor netset: cannot >> include 127.0.0.1/32 as it has already been included netset: cannot >> include 137.146.28.68/32 as it has already been included SpamAssassin >> reported an error. >> >> MailScanner.conf says "Virus Scanners = clamavmodule" >> Found these virus scanners installed: clamavmodule, sophos >> >> This output is the same as the old system, which is still up but not >> processing email anymore. >> >> I played with the setsockopt setting in Log.pm to see if that made a >> difference; it didn't. The manpage for syslogd in S10 says it uses >> streams. >> >> Any ideas? >> >> Jeff Earickson >> Colby College > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ajos1 at onion.demon.co.uk Sat Apr 15 20:58:04 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sat Apr 15 20:58:21 2006 Subject: BlackList - Something simple Message-ID: - I want to junk all mail for paf@tbshs.herts.sch.uk and so on... see list below... I have set up actions for High Scoring Spam... that DO WORK... (ie) if I send lots of naughty words and stuff... then it "stores" and forwards... so I am happy with that... that bit works... But any NON-NAUGHTY mail sent to paf@tbshs.herts.sch.uk ... pcn@tbshs.herts.sch.uk and so on... is STILL GETTING through... it seems as if it is not matching these usernames in my ajos1.spamblacklist.rules file. (I am remembering to restart the system after any changes...) Is there something I am doing wrong? Thanks in advance-o, Ajos1. In my MailScanner.conf file I have the line: ============================================ Definite Spam Is High Scoring = %rules-dir%/ajos1.spamblacklist.rules High Scoring Spam Actions = store forward spamd@tbshs.herts.sch.uk In my: /etc/MailScanner/rules/ajos1.spamblacklist.rules I have ============================================================== ############################################################################## #### #### AJOS1.SPAMBLACKLIST.RULES (Make these high scoring spam) #### ========================= #### We are getting too much rubbish... so we need to get rid off alot of #### it... this file we are ESPECIALLY dealing with old users... #### ############################################################################## FromOrTo: ajos1@tbshspx2.tbshs.herts.sch.uk yes FromOrTo: paf@tbshs.herts.sch.uk yes To: adc@* yes To: aeg@* yes To: pas@* yes To: pcn@* yes To: sge@* yes FromOrTo: default no From alex at nkpanama.com Sun Apr 16 02:18:50 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 02:20:24 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> Message-ID: <44419B7A.3070306@nkpanama.com> Res wrote: > It comes down to how busy your servers are, and how many you might > have in the farm. if you run a decent use mail server, i'd forget it. > do you rteally want a queue that banks up for tens of thousands > because it will not send on for 10 mnis or whatever. > Unless, like I mentioned before, you tweak your settings... for example, a low enough default (say, 30 seconds), with all the servers in your "farm" sharing the same database... And then add forced whitelisting for some customers (and SMTP AUTH connections, and perhaps SPF compliant servers). > I've heard it delaying local sent mail up to 4 hours on a few decent > sized ISP's, using it with varying MTA,s sendmail, qmail and postfix, > all were as useless as the next with greylisting with their use loads, > hence none of them use it nemore :) > Probably because they couldn't wrap their heads around it - don't want to sound presumptuous, but often people plug the plug on these things before they should. I've seen people discontinue using MailScanner just because they couldn't figure out how to read the config file - which is one of the reasons I want to write "the book" in Spanish). Some of these problems usually have a difficult initial period where you adapt and train the system; afterwards it becomes good enough that it needs minimal or no maintenance. > But if you get 100 messages a day, I guess it wouldnt make much differnce > if you got mail now or in another 10 mins or so. > I have set up greylisting for companies that receive 30 messages per day and want to receive within 3 minutes. Greylisting for 30 seconds works, and gets rid of a lot of spam. GREET_PAUSE also works great. > Also if you run mailing lsits forget it, youll have so many > complaints u'll regret even knowing what greylisting was > > Unless you configure your mailing lists to use, for example, a separate SMTP process on a separate host/port/whatever, or if you add your mailing list to the greylist milter's database. Again, please don't take this as anything more than an explanation of how you can get around the limitations you describe, with only a little bit of hard work. I'm not saying "you're wrong", I'm saying "you're right, but what you mention *can* be solved with a little hard work" :) Regards, Alex From alex at nkpanama.com Sun Apr 16 02:20:42 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 02:21:05 2006 Subject: greylisting? In-Reply-To: <4440B730.2060207@coders.co.uk> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> Message-ID: <44419BEA.30303@nkpanama.com> Matt Hampton wrote: > You can run both together, as I did, but I found that the added value > given by greylisting was not significant enough for the overhead (or the > complaints from users for the delay). > Perhaps you could have set a different delay value? A different default, or a different default for *some* users? See the points I tried to make in an earlier message in this thread. From alex at nkpanama.com Sun Apr 16 02:22:34 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 02:22:54 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> Message-ID: <44419C5A.9040402@nkpanama.com> Res wrote: > > I agree with this, you only need it set to about 5000, it catches so > much of it, and enforcing RFC1912 catches around 90% more. > > By that you mean only accepting mail from valid domains with an MX? RFC1912 seems to cover a lot. How do you do it? Please share ;) From ajos1 at onion.demon.co.uk Sun Apr 16 03:13:20 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Apr 16 03:13:38 2006 Subject: ProcMail Message-ID: - I have been trying to read any documentation available... but I cannot find the answer for what should be in procmailrc (or not). My "/etc/procmailrc" contains... # send mail through spamassassin :0fw | /usr/bin/spamc Do I need this? Or should it have something different in it? From bpumphrey at WoodMacLaw.com Sun Apr 16 03:53:01 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Sun Apr 16 03:53:04 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details Message-ID: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> Since I upgraded to near the latest MailScanner, I am getting a lot of these. Your message did not reach some or all of the intended recipients. Subject: Returned mail: see transcript for details Sent: 4/15/2006 9:32 PM The following recipient(s) could not be reached: jelki@selena.net.ua on 4/15/2006 9:32 PM The message could not be delivered because the recipient's destination email system is unknown or invalid. Please check the address and try again, or contact your system administrator to verify connectivity to the email system of the recipient. < WoodenMS2.woodmaclaw.local #5.1.2> Any idea why this is happening? I figure that is is DNS related or something. Thank you From alex at nkpanama.com Sun Apr 16 04:39:45 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 04:40:15 2006 Subject: ProcMail In-Reply-To: References: Message-ID: <4441BC81.9050900@nkpanama.com> ajos1@onion.demon.co.uk wrote: > - > > I have been trying to read any documentation available... but I cannot find the answer for what should be in procmailrc (or not). > > > My "/etc/procmailrc" contains... > > # send mail through spamassassin > :0fw > | /usr/bin/spamc > > > Do I need this? Or should it have something different in it? > This sounds more like a question for the spamassassin or the procmail lists, doesn't it? If it's MailScanner related then you shouldn't have to do any of this. Spamassassin is called by MailScanner. From rob at robhq.com Sun Apr 16 04:58:31 2006 From: rob at robhq.com (Rob Freeman) Date: Sun Apr 16 04:58:49 2006 Subject: ProcMail In-Reply-To: References: Message-ID: <4441C0E7.4010909@robhq.com> I used to run the procmail, but there is no need since mailscanner is running spamassassin for you. ajos1@onion.demon.co.uk wrote: > - > > I have been trying to read any documentation available... but I cannot find the answer for what should be in procmailrc (or not). > > > My "/etc/procmailrc" contains... > > # send mail through spamassassin > :0fw > | /usr/bin/spamc > > > Do I need this? Or should it have something different in it? > From ajos1 at onion.demon.co.uk Sun Apr 16 06:45:57 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Apr 16 06:46:27 2006 Subject: ProcMail Message-ID: - Thank you... I thought might be the case... I just wanted to check I was not being silly. I have now deleted it... things seems to have speeded up a bit... now it is not double checking... -----Original Message----- From: MailScanner discussion - > > I have been trying to read any documentation available... but I cannot find the answer for what should be in procmailrc (or not). > > > My "/etc/procmailrc" contains... > > # send mail through spamassassin > :0fw > | /usr/bin/spamc > > > Do I need this? Or should it have something different in it? > From drew at themarshalls.co.uk Sun Apr 16 09:35:32 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sun Apr 16 09:35:40 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> Message-ID: <7DB41856-5611-450B-B7BA-B350DDDCE8D8@themarshalls.co.uk> On 16 Apr 2006, at 03:53, Billy A. Pumphrey wrote: > Since I upgraded to near the latest MailScanner, I am getting a lot of > these. > > Your message did not reach some or all of the intended recipients. > > Subject: Returned mail: see transcript for details > Sent: 4/15/2006 9:32 PM > > The following recipient(s) could not be reached: > > jelki@selena.net.ua on 4/15/2006 9:32 PM > The message could not be delivered because the recipient's > destination email system is unknown or invalid. Please check the > address > and try again, or contact your system administrator to verify > connectivity to the email system of the recipient. > < WoodenMS2.woodmaclaw.local #5.1.2> > > Any idea why this is happening? I figure that is is DNS related or > something. This is not MailScanner related I would suggest your local DNS resolver is not working properly or perhaps your firewall is blocking out going smtp connections. Try to telnet to relay.selena.net.ua on port 25. If the system reports can't resolve the name then it's DNS if it doesn't connect it's a firewall/ connectivity issue. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From shuttlebox at gmail.com Sun Apr 16 11:44:38 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Apr 16 11:44:40 2006 Subject: greylisting? In-Reply-To: <44419B7A.3070306@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> Message-ID: <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> On 4/16/06, Alex Neuman van der Hans wrote: > I have set up greylisting for companies that receive 30 messages per day > and want to receive within 3 minutes. Greylisting for 30 seconds works, > and gets rid of a lot of spam. GREET_PAUSE also works great. But you can't control how quick they will try to resend. Even if you set it to 1 second most MTA:s will wait a lot longer to retry, like 15 minutes, and many users complain about that. Of course you can whitelist but only after having complaints. I try to make it smoother by checking the logs for the top domains we get mail from and put them in the whitelist right from the start. I don't know if I misunderstood earlier posts about huge number of connections being used by greylisting. That is more true of the greet_pause method than greylisting which instead can use a lot of memory for the database. I use a mix of greet_pause and greylisting at several customer sites and for me greylisting is a lot more effective but you have some explaining to do from time to time. Greet_pause is more transparent to the users and seems to block mostly computers that should not send mail anyway. -- /peter From h.swensson at hccnet.nl Sun Apr 16 12:44:46 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Apr 16 12:44:51 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <200603282103.k2SL3BLm019550@smtp30.hccnet.nl> Message-ID: <200604161144.k3GBin5N006348@smtp10.hccnet.nl> Hi, I still have the problem that MS will not start I now using MS 4.52.2-1, but it has not solved the problem. Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate Convert/BinHex.pm in @INC (@INC contains: /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner/5.8.3/i386-linux-thread-multi /usr/lib/MailScanner/5.8.3 /usr/lib/MailScanner/i386-linux-thread-multi /usr/lib/MailScanner/5.8.2 /usr/lib/MailScanner/5.8.1 /usr/lib/MailScanner/5.8.0 /usr/lib/MailScanner) at /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm line 44. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm line 44. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 43. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 43. Compilation failed in require at /usr/sbin/MailScanner line 77. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 77. When I use locate then there is a BinHex,pm available. [root@server root]# locate BinHex.pm /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm How must I resolve this problem. Regards, Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 From alex at nkpanama.com Sun Apr 16 14:21:01 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 14:21:37 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <200604161144.k3GBin5N006348@smtp10.hccnet.nl> References: <200604161144.k3GBin5N006348@smtp10.hccnet.nl> Message-ID: <444244BD.8000103@nkpanama.com> Herman Swensson wrote: > [root@server root]# locate BinHex.pm > /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm > > How must I resolve this problem. > > Regards, > > Herman > > > A few things: 1. Using "locate" doesn't mean the files are there. Your database could be out of date. Check to see if they're *really* there. They probably *are*, but you should not rely on "locate" to tell if they're there or not. 2. You may have two versions of perl (or remnants from a former installation). Check for that. 3. Try doing a forced install of Convert::BinHex (I don't think I've ever seen it get installed without "force install"ing it, it always complains for some reason) From alex at nkpanama.com Sun Apr 16 14:28:53 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 14:29:20 2006 Subject: BlackList - Something simple In-Reply-To: References: Message-ID: <44424695.5030107@nkpanama.com> ajos1@onion.demon.co.uk wrote: > ============================================ > Definite Spam Is High Scoring = %rules-dir%/ajos1.spamblacklist.rules > From the config file: # Setting this to yes means that spam found in the blacklist is treated # as "High Scoring Spam" in the "Spam Actions" section below. Setting it # to no means that it will be treated as "normal" spam. # This can also be the filename of a ruleset. But you don't have a blacklist. You have a list that states whether or not spam that's in your (blank) blacklist should be tagged as high scoring spam. The fact that you *call it* a blacklist doesn't make it one. > High Scoring Spam Actions = store forward spamd@tbshs.herts.sch.uk > > And as such only high scoring spam (not everything) will be forwarded. > In my: /etc/MailScanner/rules/ajos1.spamblacklist.rules I have > ============================================================== > ############################################################################## > #### > #### AJOS1.SPAMBLACKLIST.RULES (Make these high scoring spam) > #### ========================= > #### We are getting too much rubbish... so we need to get rid off alot of > #### it... this file we are ESPECIALLY dealing with old users... > #### > Wouldn't it be easier to block old users at the MTA level? > ############################################################################## > FromOrTo: ajos1@tbshspx2.tbshs.herts.sch.uk yes > FromOrTo: paf@tbshs.herts.sch.uk yes > To: adc@* yes > To: aeg@* yes > To: pas@* yes > To: pcn@* yes > To: sge@* yes > FromOrTo: default no > From h.swensson at hccnet.nl Sun Apr 16 15:08:05 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Apr 16 15:08:09 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <444244BD.8000103@nkpanama.com> Message-ID: <200604161408.k3GE87pU013761@smtp10.hccnet.nl> 1 root@server local]# find / -name BinHex.pm /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm 2 how do I check if there are two versions of perl 3 How do I a forced install of Convert::Binhex Herman -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Alex Neuman van der Hans Verzonden: zondag 16 april 2006 15:21 Aan: MailScanner discussion Onderwerp: Re: Can't locate Convert/BinHex.pm in @INC Herman Swensson wrote: > [root@server root]# locate BinHex.pm > /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm > > How must I resolve this problem. > > Regards, > > Herman > > > A few things: 1. Using "locate" doesn't mean the files are there. Your database could be out of date. Check to see if they're *really* there. They probably *are*, but you should not rely on "locate" to tell if they're there or not. 2. You may have two versions of perl (or remnants from a former installation). Check for that. 3. Try doing a forced install of Convert::BinHex (I don't think I've ever seen it get installed without "force install"ing it, it always complains for some reason) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 From alex at nkpanama.com Sun Apr 16 15:23:14 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 15:23:45 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <200604161408.k3GE87pU013761@smtp10.hccnet.nl> References: <200604161408.k3GE87pU013761@smtp10.hccnet.nl> Message-ID: <44425352.4000806@nkpanama.com> Herman Swensson wrote: > 1 root@server local]# find / -name BinHex.pm > Good! :D > /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm > > > 2 how do I check if there are two versions of perl > Try using the find command like you just did, but search for all non-symbolic-link executables named perl, for example. > 3 How do I a forced install of Convert::Binhex > # perl -MCPAN -e shell > force install Convert::BinHex > Herman > > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Alex Neuman van > der Hans > Verzonden: zondag 16 april 2006 15:21 > Aan: MailScanner discussion > Onderwerp: Re: Can't locate Convert/BinHex.pm in @INC > > > Herman Swensson wrote: > >> [root@server root]# locate BinHex.pm >> /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm >> /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm >> /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm >> >> How must I resolve this problem. >> >> Regards, >> >> Herman >> >> >> >> > > A few things: > > 1. Using "locate" doesn't mean the files are there. Your database could > be out of date. Check to see if they're *really* there. They probably > *are*, but you should not rely on "locate" to tell if they're there or not. > 2. You may have two versions of perl (or remnants from a former > installation). Check for that. > 3. Try doing a forced install of Convert::BinHex (I don't think I've > ever seen it get installed without "force install"ing it, it always > complains for some reason) > > From h.swensson at hccnet.nl Sun Apr 16 16:10:48 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Apr 16 16:10:52 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <44425352.4000806@nkpanama.com> Message-ID: <200604161510.k3GFAo0k025833@smtp10.hccnet.nl> I have only one version of perl After I have forced installConvert::Binhex Service MailScanner start Apr 16 17:00:41 server postfix/master[11607]: daemon started -- version 2.1.5 Apr 16 17:00:45 server MailScanner[11629]: MailScanner E-Mail Virus Scanner version 4.52.2 starting... It works Thanks a lot Herman -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Alex Neuman van der Hans Verzonden: zondag 16 april 2006 16:23 Aan: MailScanner discussion Onderwerp: Re: Can't locate Convert/BinHex.pm in @INC Herman Swensson wrote: > 1 root@server local]# find / -name BinHex.pm > Good! :D > /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm > /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm > > > 2 how do I check if there are two versions of perl > Try using the find command like you just did, but search for all non-symbolic-link executables named perl, for example. > 3 How do I a forced install of Convert::Binhex > # perl -MCPAN -e shell > force install Convert::BinHex > Herman > > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Alex Neuman van > der Hans > Verzonden: zondag 16 april 2006 15:21 > Aan: MailScanner discussion > Onderwerp: Re: Can't locate Convert/BinHex.pm in @INC > > > Herman Swensson wrote: > >> [root@server root]# locate BinHex.pm >> /usr/lib/perl5/site_perl/5.8.3/MIME/Decoder/BinHex.pm >> /usr/lib/perl5/vendor_perl/5.8.5/Convert/BinHex.pm >> /usr/lib/perl5/vendor_perl/5.8.5/MIME/Decoder/BinHex.pm >> >> How must I resolve this problem. >> >> Regards, >> >> Herman >> >> >> >> > > A few things: > > 1. Using "locate" doesn't mean the files are there. Your database could > be out of date. Check to see if they're *really* there. They probably > *are*, but you should not rely on "locate" to tell if they're there or not. > 2. You may have two versions of perl (or remnants from a former > installation). Check for that. > 3. Try doing a forced install of Convert::BinHex (I don't think I've > ever seen it get installed without "force install"ing it, it always > complains for some reason) > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/312 - Release Date: 14-4-2006 From ganci at nurdog.com Sun Apr 16 16:57:16 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Sun Apr 16 16:57:23 2006 Subject: greylisting? In-Reply-To: <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> Message-ID: <4442695C.6050106@nurdog.com> shuttlebox wrote: > >But you can't control how quick they will try to resend. Even if you >set it to 1 second most MTA:s will wait a lot longer to retry, like 15 >minutes, and many users complain about that. Of course you can >whitelist but only after having complaints. I try to make it smoother >by checking the logs for the top domains we get mail from and put them >in the whitelist right from the start. > > I have been using DCC to successfully greylist for nearly two years now. My experience has been that if anything many Email servers do not obey the RFCs and will try to resend a message immediately. When that doesn't work they will continue to resend more slowly until, on average, I do not seem to experience more than a 5-10 minutes delay which is a combination of the sending servers resend methodology and my greylist temporary reject interval. It must be emphasized that this delay is only experienced on the first incoming message with a unique tuple of sender address, recipient address and sending server IP address. Any subsequent message with an identical tuple of a previously accepted message will be delivered with no delay. I have my server setup so that the automatic whitelist remains effective for 6 months before the greylist process has to be done again. The reality was that within 2 weeks to a month of running the greylister the majority of my subscribers had no issues with their incoming messages, in particular from those people who regularly send Email as they were automatically whitelisted. Of a bigger concern is that there are RFC ignorant servers out there. These servers will do things like modify the headers on resend (e.g. change the msgid) so that the resent message appears to be different and never gets accepted by the greylister. Or they will not resend at all on a temporary 45x reject. Or they have a server farm and so they cycle IPs which of course changes the tuple. In these cases it can take days for a message to be accepted (or ultimately rejected). I have found these cases to be more troublesome as users may not find out a message was rejected for such a long time if they find out at all. And messages will continue to be rejected from those servers until something is done to correct the problem. DCC provides controls to handle these cases. There is also a list of RFC broken servers which I used to seed my whitelist. Over the course of two years I have had to augment this list, but now everything pretty much runs smoothly with no complaints on a system which has 400 users and deals with ~10000 emails a day. Admittedly the first two weeks or so were difficult, but now it pretty much runs itself. I don't even remember the last time I had to even add a whitelist entry. -- Paul (ganci@nurdog.com) From alex at nkpanama.com Sun Apr 16 17:21:04 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 17:21:56 2006 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: <200604161510.k3GFAo0k025833@smtp10.hccnet.nl> References: <200604161510.k3GFAo0k025833@smtp10.hccnet.nl> Message-ID: <44426EF0.4070508@nkpanama.com> Herman Swensson wrote: > I have only one version of perl > After I have forced installConvert::Binhex > > Service MailScanner start > Apr 16 17:00:41 server postfix/master[11607]: daemon started -- version > 2.1.5 > Apr 16 17:00:45 server MailScanner[11629]: MailScanner E-Mail Virus Scanner > version 4.52.2 starting... > > It works > > Thanks a lot > > Herman > You're welcome! Sometimes stuff gets installed but isn't "found" by perl, and when you use the CPAN module to install them they just "work". IANAPG (I am not a Perl Guru), but maybe someone else in this list can elaborate why this could happen. From alex at nkpanama.com Sun Apr 16 17:24:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 17:25:08 2006 Subject: greylisting? In-Reply-To: <4442695C.6050106@nurdog.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> <4442695C.6050106@nurdog.com> Message-ID: <44426FC7.9010608@nkpanama.com> Paul R. Ganci wrote: > Admittedly the first two weeks or so were difficult, but now it pretty > much runs itself. I don't even remember the last time I had to even > add a whitelist entry. > Which is exactly the point I was trying to make. A couple of weeks worth of very hard work pays off - with 4 or more years of nearly-flawless execution. My efforts have not been *as* successful, but then again, I probably didn't work at it as much as Paul did. In any case, have you ever documented how you used DCC (instead of, for example, a specific greylist milter) for this purpose? It would help non-sendmail users who can't use milters if you shared it (perhaps on the wiki) with the rest of us. Regards, Alex From ganci at nurdog.com Sun Apr 16 18:21:49 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Sun Apr 16 18:21:56 2006 Subject: greylisting? In-Reply-To: <44426FC7.9010608@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> <4442695C.6050106@nurdog.com> <44426FC7.9010608@nkpanama.com> Message-ID: <44427D2D.9080405@nurdog.com> Alex Neuman van der Hans wrote: > In any case, have you ever documented how you used DCC (instead of, > for example, a specific greylist milter) for this purpose? It would > help non-sendmail users who can't use milters if you shared it > (perhaps on the wiki) with the rest of us. No I haven't actually done this. However, to be clear I am using sendmail with the dccm milter. DCC provides a bunch of capability beyond dccproc/dccifd. I run multiple dccd servers which flood among themselves and do the actual greylisting. The dccm milter acts as the interface between sendmail and dccd. I have configured my email system to reject outright on DCC checksums which score high enough (1000 for my system but YMMV) and to greylist otherwise. This all happens up front before any real server resource is used. Anything that gets by all this goes through MailScanner/SpamAssassin. I call dccifd from SpamAssassin with thresholds set to 100. Hence messages that have a DCC checksum score of 100-1000 will get a SpamAssassin DCC_CHECK score. There are downsides to this methodology. The first is that for messages that pass DCC the first time, a second dccifd check may be done. I am not sure, however, if the actual DCC servers are accessed since there is in principle already a DCC header which is used by SpamAssassin. Nonetheless there is overhead here to get the reject >1000 but only tag 100-1000 functionality I wanted. Second there is a much larger whitelist burden if you choose to reject based upon DCC checksum scores. Some of my subscribers did miss their NY Times ... unfortunately many email lists and newsletters appear spammy and get high DCC checksum scores. I found no impact to any legitimate user Email or for that matter this list or the SpamAssassin list. I also found the overall load on my servers was cut in half using DCC up front to both reject and greylist as opposed to just greylist. The reason is that the MailScanner/SpamAssassin load is significantly reduced. In any case if you still think there is merit to documenting my DCC usage I will be glad to do it as time allows me. As you point out it all depends how much work you are willing to put in. I run the email system for a small, intermountain Colorado wireless ISP and so it is manageable for me to maintain whitelists. I put the time in to monitor logs, whitelist as appropriate and so this system seems to be quite effective. It also helps that my subscriber base is pretty understanding and willing to work with me. -- Paul (ganci@nurdog.com) From alex at nkpanama.com Sun Apr 16 18:58:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 18:59:33 2006 Subject: Semi-OT: Automated Reporting / Spam Traps Message-ID: <444285C2.1010003@nkpanama.com> Anybody here know of a good way to automate a process where a known spamtrap address or domain can be set up to report to whatever authorities (SPAMCOP, other RBL's, DCC/Razor/Pyzor, etc.) ? Any good docs you've found? I've seen a lot of stuff around, but no concerted efforts. I'm sure something could be done/scripted using MailScanner or any of the tools it uses. What successes/milestones (or failures/frustrations) have you seen when implementing said methods? Thanks in advance for any answers. From matt at coders.co.uk Sun Apr 16 19:19:51 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sun Apr 16 19:20:01 2006 Subject: greylisting? In-Reply-To: <44419BEA.30303@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <44419BEA.30303@nkpanama.com> Message-ID: <44428AC7.20400@coders.co.uk> Alex Neuman van der Hans wrote: > Matt Hampton wrote: >> You can run both together, as I did, but I found that the added value >> given by greylisting was not significant enough for the overhead (or the >> complaints from users for the delay). >> > Perhaps you could have set a different delay value? A different default, > or a different default for *some* users? See the points I tried to make > in an earlier message in this thread. Alex I was running clustered servers that shared the same greylist database. I whitelisted the users who didn't like the delays and shortened the timeouts globally and per user/domain and yes the improvements I was getting were good. My thoughts were that if greet_ pause was getting rid of 90% of the cr*p that grey-listing was doing - what was the point of an additional overhead to maintain and configure. As I said the results from grey-listing were superb but the day to day management overhead, although not significant, was not worth the extra 10% it was giving me. Plus it removed the standard complaint of why isn't my mail arrived yet..... cheers Matt From alex at nkpanama.com Sun Apr 16 19:32:26 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Apr 16 19:32:51 2006 Subject: greylisting? In-Reply-To: <44427D2D.9080405@nurdog.com> References: <44405D60.3040002@fractalweb.com> <44419B7A.3070306@nkpanama.com> <625385e30604160344v5dc95f2dya259be6c2602ea6b@mail.gmail.com> <4442695C.6050106@nurdog.com> <44426FC7.9010608@nkpanama.com> <44427D2D.9080405@nurdog.com> Message-ID: <44428DBA.8030206@nkpanama.com> Paul R. Ganci wrote: > In any case if you still think there is merit to documenting my DCC > usage I will be glad to do it as time allows me. > > As you point out it all depends how much work you are willing to put > in. I run the email system for a small, intermountain Colorado > wireless ISP and so it is manageable for me to maintain whitelists. I > put the time in to monitor logs, whitelist as appropriate and so this > system seems to be quite effective. It also helps that my subscriber > base is pretty understanding and willing to work with me. > I believe any documentation effort is worthwhile. I believe many of us will definitely appreciate whatever effort you put into documenting your particular setup, as it seems likely to be applicable in many instances where MailScanner/dcc/sendmail is being used. From alex at erus.co.uk Sun Apr 16 22:51:13 2006 From: alex at erus.co.uk (Alex Pimperton) Date: Sun Apr 16 22:51:41 2006 Subject: MailScanner[16314]: called with 2 bind variables when 0 are needed Message-ID: <4442BC51.2040400@erus.co.uk> Hi all I've suddenly started getting the errors below on a Debian testing box, right after I upgraded to 4.51.5-1. Apr 16 20:02:53 server01 MailScanner[16314]: called with 2 bind variables when 0 are needed Apr 16 20:08:30 server01 MailScanner[16314]: called with 2 bind variables when 0 are needed Does anybody know why I keep getting them? They appear as below: Apr 16 22:38:34 server01 MailScanner[16314]: New Batch: Scanning 1 messages, 2148 bytes Apr 16 22:38:35 server01 MailScanner[16314]: MCP Checks completed at 3197077 bytes per second Apr 16 22:38:38 server01 MailScanner[16314]: Spam Checks completed at 677 bytes per second Apr 16 22:38:38 server01 MailScanner[16314]: Virus and Content Scanning: Starting Apr 16 22:38:41 server01 MailScanner[16314]: Virus Scanning completed at 607 bytes per second Apr 16 22:38:41 server01 MailScanner[16314]: called with 2 bind variables when 0 are needed Apr 16 22:38:43 server01 MailScanner[16314]: Requeue: EAA185C020.2AEB1 to 1B0675C021 There's nothing else but that error in the logs. Searching for the error points to a perl problem but I've not got any further than that. Could it be a problem with MailScanner.conf? I ran upgrade_MailScanner_conf and it seemed to work okay and I'm loath to destroy my MailScanner.conf and rebuild if I don't need to. Regards, Alex System Info: server01:~# dpkg -l mailscanner ii mailscanner 4.51.5-1 email virus scanner and spam tagger server01:~# dpkg -l perl ii perl 5.8.8-3 Larry Wall's Practical Extraction and Report server01:~# MailScanner -v Running on Linux server01.erus.co.uk 2.6.12.4-bytemark-uml-20050811-1-small #1 Thu Aug 11 18:30:53 BST 2005 i686 GNU/Linux This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.51.5 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 1.35 HTML::Entities 3.51 HTML::Parser 2.35 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.07 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.07 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.09 POSIX 1.78 Socket 0.13 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.11 DBD::SQLite 1.50 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.57 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI -- This message has been scanned for viruses and dangerous content by the MailScanner at www.erus.co.uk, and is believed to be clean. From ajos1 at onion.demon.co.uk Sun Apr 16 23:30:38 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Apr 16 23:30:40 2006 Subject: BlackList - Something simple In-Reply-To: <44424695.5030107@nkpanama.com> Message-ID: - Yes that makes sense now... I was confused by the fact it said: "This can also be the filename of a ruleset." I am a silly billy... I have found out how to do it at MTA level now... and will see if it works... initial tests show it does. I need to test it works for addresses that are normally then forwarded on to an Exchange server behind the firewall. Though rather than REJECTing/DISCARDing them... I was looking to store them for a while to study what sort of spam we were receiving. http://www.akadia.com/services/sendmail_relay.html http://www.faqs.org/docs/securing/chap22sec178.html alex@nkpanama.com wrote: > ajos1@onion.demon.co.uk wrote: > > ============================================ > > Definite Spam Is High Scoring = %rules-dir%/ajos1.spamblacklist.rules > > > From the config file: > # Setting this to yes means that spam found in the blacklist is treated > # as "High Scoring Spam" in the "Spam Actions" section below. Setting it > # to no means that it will be treated as "normal" spam. > # This can also be the filename of a ruleset. > > But you don't have a blacklist. You have a list that states whether or > not spam that's in your (blank) blacklist should be tagged as high > scoring spam. The fact that you *call it* a blacklist doesn't make it one. > > > High Scoring Spam Actions = store forward spamd@tbshs.herts.sch.uk > > > > > And as such only high scoring spam (not everything) will be forwarded. > > In my: /etc/MailScanner/rules/ajos1.spamblacklist.rules I have > > ============================================================== > > ############################################################################## > > #### > > #### AJOS1.SPAMBLACKLIST.RULES (Make these high scoring spam) > > #### ========================= > > #### We are getting too much rubbish... so we need to get rid off alot of > > #### it... this file we are ESPECIALLY dealing with old users... > > #### > > > Wouldn't it be easier to block old users at the MTA level? > > ############################################################################## > > FromOrTo: ajos1@tbshspx2.tbshs.herts.sch.uk yes > > FromOrTo: paf@tbshs.herts.sch.uk yes > > To: adc@* yes > > To: aeg@* yes > > To: pas@* yes > > To: pcn@* yes > > To: sge@* yes > > FromOrTo: default no > > > From randyf at sibernet.com Mon Apr 17 00:08:48 2006 From: randyf at sibernet.com (randyf@sibernet.com) Date: Mon Apr 17 00:09:16 2006 Subject: Solaris 10: won't start via init script In-Reply-To: References: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> Message-ID: On Sat, 15 Apr 2006, Jeff A. Earickson wrote: > Yes, but it still supports legacy scripts in /etc/init.d so the script > that I used with Solaris 9 ought to work. Yes, your legacy script should work (verify it by running: "svcs -a | grep legacy_run" and see if it is in the list), but there may be dependancies on other services that are controlled by SMF, such as sendmail. Also, if you are using the standard Solaris distributed Perl, you are now using a 5.8 perl variant (depending on your patch level), so you may require the reinstallation of some perl modules (or changing the /usr/bin/perl link), but at a minimum, may need to recompile the required MailScanner Perl Modules. And as sendmail is now an SMF service, you won't be able to manage how it is run by changing init.d scripts, but instead needs to have the methods changed. I have a manifest that can be used as a replacement to the Solaris sendmail manifest, that will create and use the mqueue and mqueue.in directories, as well as start and stop MailScanner (it is even zone aware). If anyone thinks this would be usefull, or maybe put it in the contributed space, I will happily send it along. ---- Randy > > Jeff Earickson > > On Sat, 15 Apr 2006, Pentland G. wrote: > >> Date: Sat, 15 Apr 2006 17:17:41 +0100 >> From: Pentland G. >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: RE: Solaris 10: won't start via init script >> >> Not entirely sure about the MailScanner errors but... >> >> Solaris 10 doesn't use init scripts! >> >> There a thing called SMF, look at the man pages for "svcs" and "svcadm" >> >> Hope that helps >> >> Gary >> >> Jeff A. Earickson wrote: >>> Julian and Solaris 10 users, >>> >>> I'm baffled by this one. I had to move my mail services (under >>> duress, bad hardware) from a Solaris 9 to a Solaris 10 box last >>> night. MailScanner (4.52.2) refuses to start via my /etc/init.d >>> script, which basically just does: >>> >>> MSDIR=/opt/MailScanner >>> $MSDIR/bin/check_mailscanner >>> >>> If I look at the syslog (leading timestamps trimmed), it just >>> spits out this over and over: >>> >>> MailScanner E-Mail Virus Scanner version 4.52.2 starting... >>> Read 711 hostnames from the phishing whitelist >>> Config: calling custom init function IPBlock >>> Initialising IP blocking >>> Read 128 IP blocking entries from /etc/MailScanner/IPBlock.conf >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> Expired 1 records from the SpamAssassin cache >>> >>> (pause, followed by another round in a few seconds). >>> >>> Here's where it gets weird... If I run in debug mode, a batch runs >>> fine. If I just let the following root crontab run, MailScanner >>> kicks off and runs normally (in non-debug mode): >>> >>> #---Ensure my mailscanner is still running >>> 0,10,20,30,40,50 * * * * [ -x >>> /opt/MailScanner/bin/check_mailscanner ] && >>> /opt/MailScanner/bin/check_mailscanner >/dev/null 2>&1 >>> >>> MailScanner --lint gives the following: >>> >>> Read 711 hostnames from the phishing whitelist >>> Config: calling custom init function IPBlock >>> Could not use Custom Function code >>> MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. >>> Make sure the module is correct with perl -wc at >>> /opt/MailScanner/lib/MailScanner/Config.pm line 803 Checking for >>> SpamAssassin errors (if you use it)... Using SpamAssassin results >>> cache Connected to SpamAssassin cache database config: >>> SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid >>> for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor config: >>> SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid >>> for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor netset: cannot >>> include 127.0.0.1/32 as it has already been included netset: cannot >>> include 137.146.28.68/32 as it has already been included SpamAssassin >>> reported an error. >>> >>> MailScanner.conf says "Virus Scanners = clamavmodule" >>> Found these virus scanners installed: clamavmodule, sophos >>> >>> This output is the same as the old system, which is still up but not >>> processing email anymore. >>> >>> I played with the setsockopt setting in Log.pm to see if that made a >>> difference; it didn't. The manpage for syslogd in S10 says it uses >>> streams. >>> >>> Any ideas? >>> >>> Jeff Earickson >>> Colby College >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at adventuras.no Mon Apr 17 00:35:28 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Mon Apr 17 00:36:01 2006 Subject: DIFF for mta.sh startupscript on freebsd-port 4.52.2 Message-ID: <4442D4C0.3000509@adventuras.no> Thanks to JP for the Freebsd-port. Have just been using it to upgrade to 4.52. But mta.sh would not start. Needed to edit line 72 in /usr/local/etc/rc.d/mta.sh Here is diff: @@ -69,7 +69,7 @@ \( \( $_mta_osversion -ge 700000 \) -a \ \( $_mta_osversion -lt 700007 \) \) ] then - $_mta_rc_script="{$_mta_rc_script}.sh" + _mta_rc_script="${_mta_rc_script}.sh" fi load_rc_config $name -- Regards from Lars From res at ausics.net Mon Apr 17 04:36:22 2006 From: res at ausics.net (Res) Date: Mon Apr 17 04:36:30 2006 Subject: greylisting? In-Reply-To: <4440E677.8000007@blacknight.ie> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: On Sat, 15 Apr 2006, Michele Neylon:: Blacknight.ie wrote: > Res wrote: > >> I agree with this, you only need it set to about 5000, it catches so >> much of it, and enforcing RFC1912 catches around 90% more. > > How much of RFC1912? "Every Internet-reachable host should have a name." Since enforcing PTR checks, like I said 90% of the crap is now rejected we've done it for years with no regrets and only about a dozen or so complaints in all that time, -- Cheers Res From res at ausics.net Mon Apr 17 04:43:20 2006 From: res at ausics.net (Res) Date: Mon Apr 17 04:43:24 2006 Subject: greylisting? In-Reply-To: <44419C5A.9040402@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <44419C5A.9040402@nkpanama.com> Message-ID: On Sat, 15 Apr 2006, Alex Neuman van der Hans wrote: > Res wrote: >> >> I agree with this, you only need it set to about 5000, it catches so much >> of it, and enforcing RFC1912 catches around 90% more. >> >> > By that you mean only accepting mail from valid domains with an MX? RFC1912 > seems to cover a lot. How do you do it? Please share ;) You dont have to have matching A and PTR's but they both must exist, and we let you in :) we use the require_rdns hack, I used to do it in local rulesets but the hack is far better as it allows for exemptions via the delay_checks friends option. The hack is available at http://support.ausics.net/require_rdns.m4 if you have not seen it before. > > -- Cheers Res From dhawal at netmagicsolutions.com Mon Apr 17 07:00:35 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 17 07:00:26 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <20060414192115.13204.qmail@mymail.netmagicians.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> Message-ID: <44432F03.4090907@netmagicsolutions.com> Dhawal Doshy wrote: > Drew Marshall writes: >> On 14 Apr 2006, at 18:28, Mike Jakubik wrote: >>> Dhawal Doshy wrote: >>>> This mail was also posted by the OP to the postfix-users list and >>>> is now being discussed by the postfix authors 'wietse' and 'viktor' >>>> for better integration (read: compliant to the postfix internal >>>> architecture) between postfix and mailscanner.. >>>> I request all mailscanner+postfix users to follow this thread on >>>> the postfix-users lists and voice your technical opinions, if any. >>> >>> Its sad to see that one of the best MTAs and content scanners, does >>> not get along so well.. Apparently Postfix 2.3 will make changes >>> that will break MailScanner functionality :( >> >> Very sad indeed. Interestingly I am running the current release (Non >> stable) of 2.3 and it works fine with MailScanner so I await to see >> what happens with the 'new queue format'. >> Drew > > No it won't (Julian will find a better workaround) and it shouldn't, i > would request all postfix users to subscribe to the postfix-users list > and convince the developers to document postfix queue internals so that > this matter is resolved once and for all.. > At the least ensure that someone of use who understands postfix really > well, (i don't) follows up with viktor and wietse on this.. > - dhawal We now have postfix+mailscanner working perfectly fine, but is likely to break in future releases due to internal changes in the postfix queue working.. hence i took the liberty of sending this mail to the postfix users list. Constructive comments are welcome from postfix and non-postfix users: ============== MailScanner currently works in this fashion: Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue ==> local delivery or relay From what i understand, the part where mailscanner re-queues mails to the postfix incoming queue is the questionable part.. So what conclusion do we (the non-programmer postfix users) draw from your discussion? What are the changes expected that i need to communicate to the mailscanner development team? Finally, what would be required to make mailscanner an approved Content-Scanner for postfix. ============== This is the reply from Wietse: ============== It takes a stable EXTERNAL interface, so that non-Postfix software is immune to changes in Postfix INTERNAL details. For example, software that speak SMTP is largely immune to changes in Postfix internal details, because SMTP is well defined. Absent precisely formulated requirements I can't define an external interface for content management. Wietse ============== A search on the postfix archive gave me this mail from Wietse: ============== The question is 100% academic. Like other Postfix internals, Postfix queue details will not be published until they stop changing. Until then I want to have the freedom to make changes without having to jump horrible hoops in order to avoid breaking other people's software. To give you an idea of what it would take to make mailscanner safe with the PRESENT queue implementation: 1) The Postfix queue would have to be changed from a three-state incoming/active/deferred organization to a four-state organization of unfiltered/incoming/active/deferred. 2) All four queues MUST BE in the same file system. Otherwise mail will be corrupted or lost. 3) A modified cleanup server drops new mail into the "unfiltered" queue and notifies mailscanner, while the unmodified cleanup server drops locally forwarded mail into the incoming queue and informs the queue manager as usual. 4) Mailscanner MUST NOT move queue files except by renaming them between Postfix queue directories. Otherwise mail will be corrupted or lost. 5) Mailscanner MUST maintain the relationship between the file name and the file inode number. Otherwise mail will be corrupted or lost. 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take irreversible actions, or actions that may require undo operations after a system crash. Otherwise mail will be corrupted or lost. Specifically: 8) Mailscanner MUST NOT modify queue files. If content needs to be updates, Mailscanner MUST create a new queue file and delete the original only after the new file has been committed to stable storage. Otherwise mail will be corrupted or lost. 9) When creating a queue file, Mailscanner MUST adhere to the convention that the file permissions are set to "executable" only after the file contents are safely stored. Otherwise mail will be corrupted or lost. 10) Mailscanner should never touch a queue file that has an advisory lock (flock or fcntl lock, depending on the system environment). Otherwise mail will be corrupted or lost. But again, all this is academic, because I will never support non-standard interfaces for content inspection in Postfix. Wietse ============== From res at ausics.net Mon Apr 17 11:28:46 2006 From: res at ausics.net (Res) Date: Mon Apr 17 11:28:53 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <44432F03.4090907@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> Message-ID: only confirms what many ppl think, wietse is bernstein 'the second' On Mon, 17 Apr 2006, Dhawal Doshy wrote: > Dhawal Doshy wrote: >> Drew Marshall writes: >>> On 14 Apr 2006, at 18:28, Mike Jakubik wrote: >>>> Dhawal Doshy wrote: >>>>> This mail was also posted by the OP to the postfix-users list and is >>>>> now being discussed by the postfix authors 'wietse' and 'viktor' for >>>>> better integration (read: compliant to the postfix internal >>>>> architecture) between postfix and mailscanner.. >>>>> I request all mailscanner+postfix users to follow this thread on the >>>>> postfix-users lists and voice your technical opinions, if any. >>>> >>>> Its sad to see that one of the best MTAs and content scanners, does not >>>> get along so well.. Apparently Postfix 2.3 will make changes that will >>>> break MailScanner functionality :( >>> >>> Very sad indeed. Interestingly I am running the current release (Non >>> stable) of 2.3 and it works fine with MailScanner so I await to see what >>> happens with the 'new queue format'. >>> Drew >> >> No it won't (Julian will find a better workaround) and it shouldn't, i >> would request all postfix users to subscribe to the postfix-users list and >> convince the developers to document postfix queue internals so that this >> matter is resolved once and for all.. >> At the least ensure that someone of use who understands postfix really >> well, (i don't) follows up with viktor and wietse on this.. >> - dhawal > > We now have postfix+mailscanner working perfectly fine, but is likely to > break in future releases due to internal changes in the postfix queue > working.. hence i took the liberty of sending this mail to the postfix users > list. Constructive comments are welcome from postfix and non-postfix users: > ============== > MailScanner currently works in this fashion: > Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue ==> > local delivery or relay > > From what i understand, the part where mailscanner re-queues mails to the > postfix incoming queue is the questionable part.. > > So what conclusion do we (the non-programmer postfix users) draw from your > discussion? What are the changes expected that i need to communicate to the > mailscanner development team? > > Finally, what would be required to make mailscanner an approved > Content-Scanner for postfix. > ============== > > > This is the reply from Wietse: > ============== > It takes a stable EXTERNAL interface, so that non-Postfix software is immune > to changes in Postfix INTERNAL details. > > For example, software that speak SMTP is largely immune to changes in Postfix > internal details, because SMTP is well defined. > > Absent precisely formulated requirements I can't define an external interface > for content management. > > Wietse > ============== > > > A search on the postfix archive gave me this mail from Wietse: > ============== > The question is 100% academic. Like other Postfix internals, Postfix > queue details will not be published until they stop changing. > Until then I want to have the freedom to make changes without having > to jump horrible hoops in order to avoid breaking other people's > software. > > To give you an idea of what it would take to make mailscanner safe > with the PRESENT queue implementation: > > 1) The Postfix queue would have to be changed from a three-state > incoming/active/deferred organization to a four-state organization > of unfiltered/incoming/active/deferred. > > 2) All four queues MUST BE in the same file system. Otherwise mail > will be corrupted or lost. > > 3) A modified cleanup server drops new mail into the "unfiltered" > queue and notifies mailscanner, while the unmodified cleanup server > drops locally forwarded mail into the incoming queue and informs > the queue manager as usual. > > 4) Mailscanner MUST NOT move queue files except by renaming them > between Postfix queue directories. Otherwise mail will be corrupted > or lost. > > 5) Mailscanner MUST maintain the relationship between the file name > and the file inode number. Otherwise mail will be corrupted or > lost. > > 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take > irreversible actions, or actions that may require undo operations > after a system crash. Otherwise mail will be corrupted or lost. > > Specifically: > > 8) Mailscanner MUST NOT modify queue files. If content needs to be > updates, Mailscanner MUST create a new queue file and delete the > original only after the new file has been committed to stable > storage. Otherwise mail will be corrupted or lost. > > 9) When creating a queue file, Mailscanner MUST adhere to the > convention that the file permissions are set to "executable" only > after the file contents are safely stored. Otherwise mail will be > corrupted or lost. > > 10) Mailscanner should never touch a queue file that has an advisory > lock (flock or fcntl lock, depending on the system environment). > Otherwise mail will be corrupted or lost. > > But again, all this is academic, because I will never support > non-standard interfaces for content inspection in Postfix. > > Wietse > ============== > -- Cheers Res From lars+lister.mailscanner at adventuras.no Mon Apr 17 15:02:41 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Mon Apr 17 15:03:10 2006 Subject: DIFF for mta.sh startupscript on freebsd-port 4.52.2 In-Reply-To: <4442D4C0.3000509@adventuras.no> References: <4442D4C0.3000509@adventuras.no> Message-ID: <4443A001.4070304@adventuras.no> Lars Kristiansen skrev: > Thanks to JP for the Freebsd-port. > > Have just been using it to upgrade to 4.52. > But mta.sh would not start. > Needed to edit line 72 in /usr/local/etc/rc.d/mta.sh > > Here is diff: > @@ -69,7 +69,7 @@ > \( \( $_mta_osversion -ge 700000 \) -a \ > \( $_mta_osversion -lt 700007 \) \) ] > then > - $_mta_rc_script="{$_mta_rc_script}.sh" > + _mta_rc_script="${_mta_rc_script}.sh" > fi > > load_rc_config $name > Also in the same freebsd-port a small change is needed in line 7 in both update_virus_scanners.cron and update_phishing_sites.cron. At least on my machines it should be /etc/rc.subr instead of /usr/local/etc/rc.subr Maybe it would be right to use the %%RC_SUBR%% variable in the ports files? Should I rather send-pr these things instead of bothering the list? Again, thanks. -- Regards from Lars From danielk at avalonpub.com Mon Apr 17 17:14:42 2006 From: danielk at avalonpub.com (Daniel Kleinsinger) Date: Mon Apr 17 17:14:46 2006 Subject: Duplicate messages/Unlinking failed Message-ID: <4443BEF2.8090509@avalonpub.com> I received a duplicate message from my MailScanner box today. There are no local users, the server is setup to redeliver to the mailbox servers with mailertable. The second copy had no body, just headers. In the mail log on the machine I found a bunch of error messages when searching for the message id. The complete error messages are pasted below (some delivery info obfuscated). There are many occurrences of this error message in my mail logs, going back about 4 weeks. It's possible the error started when I upgraded to Sendmail 8.13.6 for that security fix, the timing seems right. I'm running the above sendmail with MailScanner 4.51.6 and perl 5.8.0 on RH8. When I did the upgrade I changed the "Lock Type" from flock to posix as recommended, but it seems like I'm having some type of locking problem. Anyone have any advice? I've also pasted the output of MailScanner -v below. Thanks, Daniel Mail Log: Apr 17 08:37:05 nts-2 sendmail[20944]: k3HFb00K020944: from=, size=3546, class=0, nrcpts=1, msgid=<000701c66234$97724e30$2000a8c0@sender.com>, proto=ESMTP, daemon=MTA, relay=eth0.a.lds.sonic.net [208.201.249.231] Apr 17 08:37:05 nts-2 sendmail[20944]: k3HFb00K020944: to=, delay=00:00:00, mailer=smtp, pri=33546, stat=queued Apr 17 08:37:11 nts-2 MailScanner[12477]: Logging message k3HFb00K020944 to SQL Apr 17 08:37:11 nts-2 MailScanner[12517]: k3HFb00K020944: Logged to MailWatch SQL Apr 17 08:37:11 nts-2 sendmail[20969]: k3HFb00K020944: to=, delay=00:00:06, xdelay=00:00:00, mailer=smtp, pri=123546, relay=[IPADDRESS] [IPADDRESS], dsn=2.0.0, stat=Sent (server.recipient.com: Message accepted for delivery) Apr 17 08:37:17 nts-2 MailScanner[12391]: Unlinking /var/spool/mqueue.in/qfk3HFb00K020944 failed: No such file or directory Apr 17 08:37:17 nts-2 MailScanner[12391]: Unlinking /var/spool/mqueue.in/dfk3HFb00K020944 failed: No such file or directory Apr 17 08:37:17 nts-2 MailScanner[12391]: Unlinking /var/spool/mqueue.in/qfk3HFb00K020944 failed: No such file or directory Apr 17 08:37:17 nts-2 MailScanner[12391]: Unlinking /var/spool/mqueue.in/dfk3HFb00K020944 failed: No such file or directory Apr 17 08:37:17 nts-2 MailScanner[12391]: Logging message k3HFb00K020944 to SQL Apr 17 08:37:17 nts-2 MailScanner[12517]: k3HFb00K020944: Logged to MailWatch SQL Apr 17 08:37:17 nts-2 sendmail[20985]: k3HFb00K020944: SYSERR(root): readqf: cannot open ./dfk3HFb00K020944: No such file or directory Apr 17 08:37:17 nts-2 sendmail[20985]: k3HFb00K020944: to=, delay=00:00:12, xdelay=00:00:00, mailer=smtp, pri=123546, relay=[IPADDRESS] [IPADDRESS], dsn=2.0.0, stat=Sent (server.recipient.com: Message accepted for delivery) MailScanner -v: Running on Linux nts-2.avalonpub.com 2.4.20-28.8 #1 Thu Dec 18 12:53:39 EST 2003 i686 i686 i386 GNU/Linux This is Red Hat Linux release 8.0 (Psyche) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.51.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.811 DB_File missing DBD::SQLite 1.30 DBI 1.00 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.001001 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.53 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent 0.20 SAVI 1.2 Sys::Hostname::Long 2.26 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI From cplists at princeservices.com Mon Apr 17 17:27:51 2006 From: cplists at princeservices.com (Cameron B. Prince) Date: Mon Apr 17 17:27:57 2006 Subject: No sender notify on archive bomb Message-ID: <002901c6623b$dfc833f0$0101a8c0@PSLAPTOP1> Hey guys, I recently sent someone a file called icon.tgz as an attachment to an email. They called a few days later and asked why they hadn't received my message. I reviewed the logs and found this: MailScanner[29770]: /var/spool/MailScanner/incoming/29770/k3HFoTuv001178/icon.tgz could be an archive bomb I checked my Mailscanner.conf file and confirmed that sender notify is enabled: Notify Senders = yes Notify Senders Of Viruses = yes Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Other Blocked Content = yes Apparently fprot is giving a false positive on this file as I ended up zipping the same contents and the email went through. It bothers me that I didn't receive any indication of the failure to send the message though. Am I missing something that is preventing the notifications from being sent? Thanks, Cameron From mailscanner at mango.zw Mon Apr 17 18:56:59 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon Apr 17 18:59:05 2006 Subject: Solved? Re: Still stuck in queue, version 4.52.2 In-Reply-To: <44397AD5.9040708@ecs.soton.ac.uk> Message-ID: On Sun, 9 Apr 2006, Julian Field wrote: > > On Thu, 6 Apr 2006, Max Kipness wrote: > > > > > >> I've since upgraded to version 4.52.2, and I'm getting better > >> performance (probably less getting stuck in the queue), yet yesterday > >> there was one message that got processed over 6000 times! > >> > >> Here is a sample of one that is stuck right now. It's been processed 512 > >> times. Any clue to what else I can do to remedy this issue? > >> > > > > I wish I knew the cause of this problem. I regularly come across this > > issue, but fortunately at long intervals (a couple of months or more > > between each occurrence) with all the versions of MailScanner that I have > > used (currently 4.50.10-1 - just about to install 4.52.2). When I come > > across stuck mail I generally find that the whole of the associated batch > > of up to 30 messages tend to have the same problem of being endlessly > > reprocessed. My fix is to remove the first message of the batch from > > mqueue.in and then try to process the rest of the batch. If that fails > > then I remove the next one, and so on until I have identified the problem > > message. I then return the remaining messages to the queue and finally > > convert the d and q files of the problem message to a standard RFC822 > > message file, scan it with clamscan, and if it OK I then move the d and q > > files to mqueue to bypass MailScanner. It works, but I would like to get > > to the bottom of the problem. > > > > In several such cases I noticed that the message contained a zip file > > together with another file. In almost all cases the message was over 500 > > KB in size (but as we regularly handle messages of up to 1.5 MB that is > > not in itself a particular problem). On other occasions it was just a > > large pps file. > > > > I never see any specific error message in the maillog file (I was using > > sendmail 8.13.1 before the upgrade to 8.13.6) - it reports that a > > message has been processed by MailScanner but there is no corresponding > > delivery notice. All the problem mail has been incoming to our users. > > > I haven't been around for a while, so haven't seen this one. > Please can you send me (off-list) the df and qf files (in a zip file) > along with a copy of your MailScanner.conf file (preferably without the > comments) so I can see your setup. > > I hope I can reproduce the problem. The snag often is that I can't > reproduce the problem. > > What I would also like you to do is, when you are tracking down the > errant message, shutdown MailScanner and then do > MailScanner --debug > and note down any error messages that appear (except the EOCD signature > warnings). This may well help me locate the problem for you. > > If I can't reproduce the problem on my system, but you have got a > message that reliably makes the problem appear, then remote access to > your system would enable me to track it down and get it fixed once and > for all. Sorry for the late response to this. I have been experimenting with some of the problem messages previously archived and am not getting consistent results - sometimes they fail, sometimes they don't. Nothing shows up in debug mode because then they don't fail. However I have seen some clues that may lead to an explanation: The messages mostly involved not just moderately large zip files, but highly compressible files - eg a 600 KB message containing a zip file that expanded to 3.5 MB. In another case a message contained a dat file, which I didn't originally realise could also be expanded, again to over 3 MB. There appears to be an association between processing failure and the following error in the maillog file: MailScanner[5811]: Commercial scanner clamav timed out! MailScanner[5811]: Virus Scanning: Denial Of Service attack detected! I am now running: Red Hat 7.1 sendmail 8.13.6 (configured to accept max message size of 1.5 MB) MailScanner 4.52.2 ClamAV 0.88.1 with: 500 MHz AMD-K6 CPU 256 MB RAM I assume now that the problem arises when the virus scanning (which seems very slow on this machine - a minimum of 30 seconds if scanning a single message) takes too long for the batch. This could also explain why the problem sometimes clears itself - if the load level is low then the scanning can be done more quickly. I have now changed the default setting for the following in MailScanner.conf from 300 to 600 seconds and hope it helps: Virus Scanner Timeout = 600 May I suggest for your next update that the error messages listed when the virus scanner times out also include the SMTP id of the message that causes the problem? That would make the identification of the problem far simpler as there would then be a direct association between the problem message and the relevant error message when grepping the log. At the moment it is hard to notice the warning without a line-by-line scrutiny of the log file. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From wintermutecx at gmail.com Mon Apr 17 20:20:35 2006 From: wintermutecx at gmail.com (Dave) Date: Mon Apr 17 20:20:38 2006 Subject: mailwatch, two MX servers Message-ID: My current setup is Mailscanner on two MX servers, they forward to the main GW server behind the firewall. I considering installing SMGateway, but it looks like they are fully commercial and the only pricing I found was $900/yr. So anyhow, I'll just install mailwatch. If I install mailwatch would that mean I can't use two MX servers? Would users have to login into each MX server separately. We are migrating to AD in about 6 months, does mailwatch support LDap from AD? From ssilva at sgvwater.com Mon Apr 17 20:20:29 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 17 20:22:57 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> Message-ID: Billy A. Pumphrey spake the following on 4/15/2006 7:53 PM: > Since I upgraded to near the latest MailScanner, I am getting a lot of > these. > > Your message did not reach some or all of the intended recipients. > > Subject: Returned mail: see transcript for details > Sent: 4/15/2006 9:32 PM > > The following recipient(s) could not be reached: > > jelki@selena.net.ua on 4/15/2006 9:32 PM > The message could not be delivered because the recipient's > destination email system is unknown or invalid. Please check the address > and try again, or contact your system administrator to verify > connectivity to the email system of the recipient. > < WoodenMS2.woodmaclaw.local #5.1.2> > > Any idea why this is happening? I figure that is is DNS related or > something. > > Thank you I tried a smtp verify on that user at that domain; User does not exist.... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Apr 17 20:26:30 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 17 20:28:46 2006 Subject: Duplicate messages/Unlinking failed In-Reply-To: <4443BEF2.8090509@avalonpub.com> References: <4443BEF2.8090509@avalonpub.com> Message-ID: Daniel Kleinsinger spake the following on 4/17/2006 9:14 AM: > I received a duplicate message from my MailScanner box today. There are > no local users, the server is setup to redeliver to the mailbox servers > with mailertable. The second copy had no body, just headers. In the > mail log on the machine I found a bunch of error messages when searching > for the message id. The complete error messages are pasted below (some > delivery info obfuscated). There are many occurrences of this error > message in my mail logs, going back about 4 weeks. It's possible the > error started when I upgraded to Sendmail 8.13.6 for that security fix, > the timing seems right. > > I'm running the above sendmail with MailScanner 4.51.6 and perl 5.8.0 on > RH8. When I did the upgrade I changed the "Lock Type" from flock to > posix as recommended, but it seems like I'm having some type of locking > problem. Anyone have any advice? I've also pasted the output of > MailScanner -v below. RedHat 8 might be a little too old to run cutting edge Sendmail. Did you find the RPM somewhere or compile from source? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Mon Apr 17 20:35:29 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 17 20:36:24 2006 Subject: BlackList - Something simple In-Reply-To: References: Message-ID: <4443EE01.5010500@nkpanama.com> ajos1@onion.demon.co.uk wrote: > Though rather than REJECTing/DISCARDing them... I was looking to store them for a while to study what sort of spam we were receiving. > You can also do this at the MTA level by adding: blableblah: /path/name To your /etc/aliases file. The messages will be appended to that file as soon as they are delivered to the user (post-mailscanner). From alex at nkpanama.com Mon Apr 17 20:37:50 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Apr 17 20:38:27 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: <4443EE8E.2030208@nkpanama.com> Res wrote: >> >> How much of RFC1912? > > > "Every Internet-reachable host should have a name." > > Since enforcing PTR checks, like I said 90% of the crap is now rejected > we've done it for years with no regrets and only about a dozen or so > complaints in all that time, > > You're right. AOL is enforcing it. Why can't we? :D From danielk at avalonpub.com Mon Apr 17 20:51:11 2006 From: danielk at avalonpub.com (Daniel Kleinsinger) Date: Mon Apr 17 20:51:16 2006 Subject: Duplicate messages/Unlinking failed In-Reply-To: References: <4443BEF2.8090509@avalonpub.com> Message-ID: <4443F1AF.50601@avalonpub.com> Scott Silva wrote: > Daniel Kleinsinger spake the following on 4/17/2006 9:14 AM: > >> I received a duplicate message from my MailScanner box today. There are >> no local users, the server is setup to redeliver to the mailbox servers >> with mailertable. The second copy had no body, just headers. In the >> mail log on the machine I found a bunch of error messages when searching >> for the message id. The complete error messages are pasted below (some >> delivery info obfuscated). There are many occurrences of this error >> message in my mail logs, going back about 4 weeks. It's possible the >> error started when I upgraded to Sendmail 8.13.6 for that security fix, >> the timing seems right. >> >> I'm running the above sendmail with MailScanner 4.51.6 and perl 5.8.0 on >> RH8. When I did the upgrade I changed the "Lock Type" from flock to >> posix as recommended, but it seems like I'm having some type of locking >> problem. Anyone have any advice? I've also pasted the output of >> MailScanner -v below. >> > > RedHat 8 might be a little too old to run cutting edge Sendmail. Did you find > the RPM somewhere or compile from source? > I used a SRPM to build an RPM. I don't remember where I got it from, but someone on this or the sa-users list recommended it for legacy redhat systems. Daniel From sean at blackbirdnest.com Mon Apr 17 20:51:33 2006 From: sean at blackbirdnest.com (Sean Gleason) Date: Mon Apr 17 20:53:55 2006 Subject: mailwatch, two MX servers Message-ID: <604F988E4F6FAE469F7597D608B9F71399D990@ASP-EXBECL1VS1.blackbirdasp.local> As long as you use BayesSQL and the sql white/black lists and have both Mailscanner servers logging to the same DB that mailwatch uses it should not be a problem no matter how many MX servers you use. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Sent: Monday, April 17, 2006 9:21 AM To: mailscanner@lists.mailscanner.info Subject: mailwatch, two MX servers My current setup is Mailscanner on two MX servers, they forward to the main GW server behind the firewall. I considering installing SMGateway, but it looks like they are fully commercial and the only pricing I found was $900/yr. So anyhow, I'll just install mailwatch. If I install mailwatch would that mean I can't use two MX servers? Would users have to login into each MX server separately. We are migrating to AD in about 6 months, does mailwatch support LDap from AD? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- BlackBird has scanned this message for viruses and dangerous content. The message is believed to be clean. From ecasarero at gmail.com Mon Apr 17 21:33:54 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Apr 17 21:33:57 2006 Subject: mail scanner stuck In-Reply-To: <223f97700604131114g45cd55b1vb6b02329691706f7@mail.gmail.com> References: <1144942738.3202.19.camel@dwarfstar.stellarcore.net> <223f97700604131114g45cd55b1vb6b02329691706f7@mail.gmail.com> Message-ID: <7d9b3cf20604171333o6359d983ydf4c56df8a8e736d@mail.gmail.com> hi, after doing some investigation i found the following: with 4 particular emails: in /var/log/maillog: pr 17 16:53:44 avas2 MailScanner[4150]: MailScanner E-Mail Virus Scanner version 4.51.6 starting... Apr 17 16:53:44 avas2 MailScanner[4150]: Read 711 hostnames from the phishing whitelist Apr 17 16:53:44 avas2 MailScanner[4150]: Using SpamAssassin results cache Apr 17 16:53:44 avas2 MailScanner[4150]: Connected to SpamAssassin cache database Apr 17 16:53:44 avas2 MailScanner[4150]: Enabling SpamAssassin auto-whitelist functionality... Apr 17 16:54:21 avas2 MailScanner[4150]: Using locktype = posix Apr 17 16:54:21 avas2 MailScanner[4150]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Apr 17 16:54:21 avas2 MailScanner[4150]: New Batch: Scanning 1 messages, 364000 bytes Apr 17 16:54:21 avas2 MailScanner[4150]: MCP Checks completed at -1783903718 bytes per second Apr 17 16:54:21 avas2 MailScanner[4150]: Spam Checks: Starting Apr 17 16:54:22 avas2 MailScanner[4150]: SpamAssassin cache hit for message k3HFIQcc008169 Apr 17 16:54:22 avas2 MailScanner[4150]: Message k3HFIQcc008169 from 200.218.209.99 (marcia.leon@bcb.gov.br) to fgv.br is n?o spam, SpamAssassin (escore=-2.352, requerido 6, AWL 0.25, BAYES_00 -2.60, HTML_MESSAGE 0.00) Apr 17 16:54:22 avas2 MailScanner[4150]: Spam Checks completed at 269382 bytes per second Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: Starting Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner clamavmodule timed out! Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of Service attack detected! ----------------------------------------------------------------------------- After this last log message the mail scanner rescan of the same email looping. This was logged with 1 child runnig (just for debuggin, in normal operation runs 6 childs) then i try to run clamavscan on this "particular message" with the debug flag and this was de result: ----------------------------------------------------------------------------- root@avas2:/var/spool/mqueue.in# clamscan --debug -v dfk3HFIQcc008169 LibClamAV debug: Loading databases from /usr/local/share/clamav LibClamAV debug: Loading /usr/local/share/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = af6f7d14ff7c607dd442d8b518e7b554 LibClamAV debug: Decoded signature: af6f7d14ff7c607dd442d8b518e7b554 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/COPYING LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.db LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.hdb LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.ndb LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.zmd LibClamAV debug: Unpacking /tmp/clamav-24b7fe37b6a16d7b/main.fp LibClamAV debug: Loading databases from /tmp/clamav-24b7fe37b6a16d7b LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.fp LibClamAV debug: Initializing md5 list structure LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.hdb LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.ndb LibClamAV debug: Loading /tmp/clamav-24b7fe37b6a16d7b/main.zmd LibClamAV debug: Loading /usr/local/share/clamav/daily.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 919754b49d62e8bc2465270dd99b6944 LibClamAV debug: Decoded signature: 919754b49d62e8bc2465270dd99b6944 LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/COPYING LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/daily.db LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/daily.hdb LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/daily.ndb LibClamAV debug: Unpacking /tmp/clamav-b20ba7c25fc57272/daily.fp LibClamAV debug: Loading databases from /tmp/clamav-b20ba7c25fc57272 LibClamAV debug: Loading /tmp/clamav-b20ba7c25fc57272/daily.hdb LibClamAV debug: Loading /tmp/clamav-b20ba7c25fc57272/daily.ndb LibClamAV debug: Loading /tmp/clamav-b20ba7c25fc57272/daily.db LibClamAV debug: Loading /tmp/clamav-b20ba7c25fc57272/daily.fp Scanning dfk3HFIQcc008169 LibClamAV debug: Matched signature for file type: HTML data LibClamAV debug: Calculated MD5 checksum: 1a8ec3f6655a32e80eee147206ee9a94 LibClamAV debug: in cli_scanhtml() LibClamAV debug: mmap'ed file LibClamAV debug: Calculated MD5 checksum: a85ea84ad9580f56bef690ea3b729c00 LibClamAV debug: Calculated MD5 checksum: caef61e795b054fbf60a100aa0332b73 LibClamAV debug: Calculated MD5 checksum: d41d8cd98f00b204e9800998ecf8427e dfk3HFIQcc008169: OK ----------- SCAN SUMMARY ----------- Known viruses: 51003 Engine version: 0.88.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 1.03 MB Time: 37.247 sec (0 m 37 s) ----------------------------------------------------------------------------- After this i really don?t know what to do. Cause Clamav is the only AV on the system and MScanner has a Timeout for AV of 300 segs an clamav takes only 37.24 seg. so MScanner cant see that clamav finished or something is missing. Should i send this particular emails to julian? PD: this is the conf. of the server Slackware 10.2 kernel 2.6 MailScanner 4.51.6 clamav, spammasassin, razor, dcc Pentium IV - 3.2Ghz /800HT 775P Intel; Mother board P4 ABIT NI8-SLI/LGA/NVIDIA; 4096Mb RAM DDR2/533 Kingston; Winchester 160.2Gb - 7200 rpm SERIAL ATA Barracuda; video PCI Express X300 Radion 256Mb; network 10/100/1000; -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060417/269e64ca/attachment.html From jrudd at ucsc.edu Mon Apr 17 21:54:36 2006 From: jrudd at ucsc.edu (John Rudd) Date: Mon Apr 17 21:55:06 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <44419C5A.9040402@nkpanama.com> Message-ID: <916048fa362c05b2153543ee597ca3a5@ucsc.edu> On Apr 16, 2006, at 8:43 PM, Res wrote: > On Sat, 15 Apr 2006, Alex Neuman van der Hans wrote: > >> Res wrote: >>> I agree with this, you only need it set to about 5000, it catches so >>> much of it, and enforcing RFC1912 catches around 90% more. >> By that you mean only accepting mail from valid domains with an MX? >> RFC1912 seems to cover a lot. How do you do it? Please share ;) > > You dont have to have matching A and PTR's but they both must exist, > and we let you in :) > we use the require_rdns hack, I used to do it in local rulesets but > the hack is far better as it allows for exemptions via the > delay_checks friends option. > > The hack is available at http://support.ausics.net/require_rdns.m4 if > you have not seen it before. So, you make sure they have a PTR record for that relay's IP addr, but you don't make sure that the name it gives has an A record that matches the relay's IP addr? That's what I'd like to see. The one thing I don't like, from reading the comments in require_rdns.m4 is: It treats forgeries as a temp failure, and no-rDNS as a permanent failure. This is _exactly_ backward to me. I want no-rDNS to be a temp failure (in case it was caused by a slow DNS check, in the hope that the next time they try, their rDNS result will be in my name server's cache), and I want _forgeries_ to be permanently rejected (if someone is forging their rDNS, I don't want to see their messages _ever_, until they stop forging). I do something similar in MIMEDefang's filter_relay (at home, not yet at work), where I check if the relay's hostname (in MIMEDefang) is "[$ip]". If hostname eq "[$ip]" and $ip is in (my local IP block, the email server IP block at work, 127.0.0.1), then I let it through. Elsif $hostname eq "[$ip]", then I reject with a temporary failure (in case it's a transient DNS error, hopefully by the time they resubmit, their rDNS check will be in my name server's cache). The one case I am not _easily_ able to check is for forgeries. I would have to do the DNS check on $hostname to be sure it returns an IP address in its list of results which matches $ip. Which I _could_ do, but I'm not sure how much it'll slow things down. I wish the milter just had a way of telling me sendmail's "may be forged" status (I don't know if this is sendmail's fault, or mimedefang's, for not having that information available to my filters). All of my no-rDNS submitters are being caught either by the greet_pause or by filter_relay. (so far today 3 no-rDNS hosts in greet_pause (out of 28 total hosts caught by greet_pause, in 38 connection attempts), 46 no-rDNS hosts caught by filter_relay; only 8 of them have tried multiple connections today). Note: greet_pause happens first, so those 46 hosts caught by filter_relay are getting through the greet_pause. (not a complaint, just an observation, I'm a HUGE fan of the greet_pause) From mailscanner at mango.zw Mon Apr 17 22:40:38 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon Apr 17 22:42:55 2006 Subject: mail scanner stuck In-Reply-To: <7d9b3cf20604171333o6359d983ydf4c56df8a8e736d@mail.gmail.com> Message-ID: On Mon, 17 Apr 2006, Eduardo Casarero wrote: > Date: Mon, 17 Apr 2006 17:33:54 -0300 > From: Eduardo Casarero > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: mail scanner stuck > > hi, after doing some investigation i found the following: > with 4 particular emails: > in /var/log/maillog: Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: Starting Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner clamavmodule timed out! Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of Service attack detected! ----------------------------------------------------------------------------- > After this last log message the mail scanner rescan of the same email > looping. This was logged with 1 child runnig (just for debuggin, in > normal operation runs 6 childs) . . . > After this i really don?t know what to do. Cause Clamav is the only AV > on the system and MScanner has a Timeout for AV of 300 segs an clamav takes > only 37.24 seg. so MScanner cant see that clamav finished or something > is missing. . . . This seems to be very similar to the problem I wrote about earlier this evening in: Subject: Solved? Re: Still stuck in queue, version 4.52.2 I would be very interested to know: The size of the message What files it contained Whether the files were compressed, and if so what was the uncompressed file size How many messages were in the batch that failed? Clearly if the message is one of say 30 in a batch then it is going to be easier for ClamAV to time out on the batch than if there was only one in the batch. My understanding is that the timeout setting applies to the whole batch and not to a single message. As indicated in my message, I have changed the default for: Virus Scanner Timeout = in MailScanner.conf from 300 to 600 seconds to try to avoid this kind of problem. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From steve.swaney at fsl.com Tue Apr 18 02:09:46 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Apr 18 02:09:54 2006 Subject: mailwatch, two MX servers In-Reply-To: Message-ID: <022301c66284$c8e34320$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave > Sent: Monday, April 17, 2006 3:21 PM > To: mailscanner@lists.mailscanner.info > Subject: mailwatch, two MX servers > > My current setup is Mailscanner on two MX servers, they forward to the > main GW server behind the firewall. I considering installing > SMGateway, but it looks like they are fully commercial and the only > pricing I found was $900/yr. So anyhow, I'll just install mailwatch. > > If I install mailwatch would that mean I can't use two MX servers? > Would users have to login into each MX server separately. We are > migrating to AD in about 6 months, does mailwatch support LDap from > AD? > -- To setup an open source solution is not terribly difficult but will still have some limitations that DefenderMX (we renamed SMGateway just after the first release :) does not have. Let's take the open source solution first. You can setup MailScanner and SpamAssassin on multiple gateways and synchronize the configuration and text files required for the applications by the applications using scripts, keychains and rsync. The Bayes database, MailWatch MySQL database and MailWatch web servers can be on individual servers which are separate from the gateways. We have one open source MailScanner ISP site where all are separate with the Databases running on a MySQL Cluster. I believe there are some limitations to using MailWatch user or domain administrator logins for viewing or releasing for quarantine. The principal limitation is that the logins must be manually created in the MailWatch database. There are no web or batch interfaces for administering domains, MailScanner or related applications. The MailWatch user interface is the only web enabled part of the setup (Steve Freegard can correct me if I'm wrong :). Postfix or sendmail can be configured to verify the existence of the users email accounts on the Exchange sever before accepting the email. Milter-ahead (www.snertsoft.com) can be licensed and installed to verify user accounts before accepting email for sendmail and all other types of mail hubs. All updates are manual but updating MailScanner / SpamAssassin and ClamAV are not too difficult thanks to Julian's Super Scripts. There is a completely different architecture behind DefenderMX. A MySQL database behind a web interface is used to store MailScanner and sendmail configuration data and provide checkpoints to restore a previous configuration if the configuration gets mangled. MailScanner and sendmail do not use the MySQL database to read their configuration data. When changes are made to the MySQL database, they are immediately pushed out to out to the LDAP schema which is used by the individual scanning gateways. If the MySQL database goes down, mail processing will continue because each gateway uses a replica of the LDAP database. Web servers and Database servers can be clustered if you're really paranoid, but it takes less than one hour to install the OS, DefenderMX and restore the configuration so if you have a cold spare, you can be up and running again pretty quickly. No user state is kept on the gateways. Users and domain administrators can log in via the web to set white / black lists and spam preferences using their mail hub or Exchange email address and their normal password. Dictionary attacks can be stopped at the gateway for any backend mail hubs except Exchange 5.5 and 2000 (sorry these versions are just too totally brain dead) since we license milter-ahead from Anthony Howe. The milter-ahead license is included in the cost of DefenderMX. There are separate web based interfaces for system administrators, domain administrators and end users. Almost all MailScanner tasks; configuration, editing report text files, configuring allowable attachments, administrative tasks, configuration backups, starting / stopping MailScanner and even tailing the maillog can all be performed using the DefenderMX interface. Extensive help is provided on each configuration item or task and the entire manual is available online from within the interface. MailWatch has been tightly integrated into DefenderMX - which seems pretty reasonable since Steve Freegard is our Director of development All this sounds simple, easy to administer and pretty failure proof because it is. This was not simple to create and is not easy to continually update and improve. Over three years of work by our team went into developing this product before we had the first sale. Depending on how you value your system administrator's time, it can provide a very cost effective solution. The price of a single CPU license is $1,390 in the US. This includes the first year of support and updates. The second and future years support is $395 per year for a single CPU license. Prices are slightly higher overseas. There is no restriction on number of users or domains. The two CPU version is $2,490 and if you buy two DefenderMX licenses we will install and configure the cluster version at no additional charge (this is a limited time offer). Here in the States it doesn't take a lot of time to recoup these costs if you are keeping you systems up to date - plus you get a lot more features. We have not found any other commercial product that attempts to scan for spam and virus that is less expensive or has the features that DefenderMX provides. We have found a lot that cost a lot more, don't work as well, don't have all the features and can't compare to a MailScanner based system. We also provide commercial support and trouble shooting for open source MailScanner and related applications. Many of our open source MailScanner customers would not have considered using an open source application if very timely support and / or maintenance contracts were not available. I've been a MailScanner user and believer for almost five years now. MailScanner is simply the best product available for running email gateways. I founded Fort Systems Ltd. with Julian to make MailScanner an even more popular product with a wider user base. Most of our DefenderMX customers are not very Linux or open source literate. If DefenderMX didn't exist, they would not be using MailScanner. For the sites with some Linux expertise and the time to install, configure and maintain MailScanner, open source is a very good option - still you won't get all of the features, easy install and administrative web interface. We simply hope to provide an alternative for the sites that want a simpler solution, more features, simpler updates and can afford to pay a reasonable fee. This helps us to maintain and improve MailScanner, MailWatch and DefenderMX. Plus we're well underway on DefenderMX 2.0 - I can hardly wait to share some of the new features with you. Please email me off list if you have any questions regarding DefenderMX or support and thanks for listening, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From jon at radel.com Tue Apr 18 02:52:56 2006 From: jon at radel.com (Jon Radel) Date: Tue Apr 18 02:53:17 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details In-Reply-To: References: <04D932B0071FE34FA63EBB1977B48D150109FCCE@woodenex.woodmaclaw.local> Message-ID: <44444678.2050407@radel.com> Scott Silva wrote: > Billy A. Pumphrey spake the following on 4/15/2006 7:53 PM: > >>Since I upgraded to near the latest MailScanner, I am getting a lot of >>these. >> >>Your message did not reach some or all of the intended recipients. >> >> Subject: Returned mail: see transcript for details >> Sent: 4/15/2006 9:32 PM >> >>The following recipient(s) could not be reached: >> >> jelki@selena.net.ua on 4/15/2006 9:32 PM >> The message could not be delivered because the recipient's >>destination email system is unknown or invalid. Please check the address >>and try again, or contact your system administrator to verify >>connectivity to the email system of the recipient. >> < WoodenMS2.woodmaclaw.local #5.1.2> >> >>Any idea why this is happening? I figure that is is DNS related or >>something. >> >>Thank you > > I tried a smtp verify on that user at that domain; > User does not exist.... > > It would possibly make more sense if Mr. Pumphrey read down a bit and looked at the rest of the mail (aren't the original e-mails attached?). I see a lot of those in the postmaster, address of last resort, e-mail from the following: 1) Spam from non-existent address is sent to non-existent user on my sendmail server. 2) Bounce to non-existent from address is prepared. 3) Bounce bounces and notice of this second bounce goes to postmaster. I suspect that as part of the upgrade either the option to quietly discard these was turned off in the MTA or MailScanner is no longer "discarding" them. I suspect the root cause was there before. --Jon Radel jon@radel.com From craigwhite at azapple.com Tue Apr 18 07:46:11 2006 From: craigwhite at azapple.com (Craig White) Date: Tue Apr 18 07:46:22 2006 Subject: Postfix deferred Message-ID: <1145342771.6823.1.camel@lin-workstation.azapple.com> I had a power outage today and I've got cyrus-imapd repaired but there are a number of emails that appear still in /var/spool/postfix/deferred and restarting MailScanner doesn't seem to get them into the queue. How do I get them requeued for delivery? Craig From craigwhite at azapple.com Tue Apr 18 08:01:15 2006 From: craigwhite at azapple.com (Craig White) Date: Tue Apr 18 08:01:25 2006 Subject: Postfix deferred In-Reply-To: <1145342771.6823.1.camel@lin-workstation.azapple.com> References: <1145342771.6823.1.camel@lin-workstation.azapple.com> Message-ID: <1145343675.6823.3.camel@lin-workstation.azapple.com> On Mon, 2006-04-17 at 23:46 -0700, Craig White wrote: > I had a power outage today and I've got cyrus-imapd repaired but there > are a number of emails that appear still in /var/spool/postfix/deferred > and restarting MailScanner doesn't seem to get them into the queue. How > do I get them requeued for delivery? ---- never mind... 'postfix flush' seemed to do the trick Craig From res at ausics.net Tue Apr 18 08:46:53 2006 From: res at ausics.net (Res) Date: Tue Apr 18 08:47:03 2006 Subject: greylisting? In-Reply-To: <4443EE8E.2030208@nkpanama.com> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> <4443EE8E.2030208@nkpanama.com> Message-ID: On Mon, 17 Apr 2006, Alex Neuman van der Hans wrote: > Res wrote: >>> >>> How much of RFC1912? >> >> >> "Every Internet-reachable host should have a name." >> >> Since enforcing PTR checks, like I said 90% of the crap is now rejected >> we've done it for years with no regrets and only about a dozen or so >> complaints in all that time, >> >> > > You're right. AOL is enforcing it. Why can't we? :D AOL only started about a year ago, I've been doing it for over 5 or 6 years, the results speak for themselves. If you run a network where the system admins are incompetant and do not do their job properly by ensuring every host has a hostname, be it dsl, dialup, a hosting server or a key server in a NOC, its just plain lazyness, and they should be dismissed as such. -- Cheers Res From res at ausics.net Tue Apr 18 08:51:23 2006 From: res at ausics.net (Res) Date: Tue Apr 18 08:51:33 2006 Subject: greylisting? In-Reply-To: <916048fa362c05b2153543ee597ca3a5@ucsc.edu> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <44419C5A.9040402@nkpanama.com> <916048fa362c05b2153543ee597ca3a5@ucsc.edu> Message-ID: On Mon, 17 Apr 2006, John Rudd wrote: >> You dont have to have matching A and PTR's but they both must exist, and we >> >> The hack is available at http://support.ausics.net/require_rdns.m4 if you >> have not seen it before. > > So, you make sure they have a PTR record for that relay's IP addr, but you > don't make sure that the name it gives has an A record that matches the > relay's IP addr? That's what I'd like to see. Correct, perfect strict matching comes undone with receiving mail from hosting servers where there can be thousands of A's, but only need one PTR. > The one thing I don't like, from reading the comments in require_rdns.m4 is: > > It treats forgeries as a temp failure, and no-rDNS as a permanent failure. > This is _exactly_ backward to me. I want no-rDNS to be a temp failure (in You are more than welcome to change the 5xx to a 4xx if you want, nothing stopping you. > All of my no-rDNS submitters are being caught either by the greet_pause or by > filter_relay. (so far today 3 no-rDNS hosts in greet_pause (out of 28 total > hosts caught by greet_pause, in 38 connection attempts), 46 no-rDNS hosts on servers that do 100 msgs a second constantly, trust me we see it as still a huge problem wiuthout it :) -- Cheers Res From martinh at solid-state-logic.com Tue Apr 18 09:46:32 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 18 09:46:53 2006 Subject: mail scanner stuck In-Reply-To: Message-ID: <022901c662c4$99d9aed0$3004010a@martinhlaptop> Jim I'd look at why the clamavmodule is timing out - does clamscan work OK from the command line???? RH 7.1 is really really old so it could be problems with either clamAV or the perl module not working with 7.1. What happens if you change from the module to the normal clamav scanner in MailScanner.conf? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > Sent: 17 April 2006 22:41 > To: MailScanner discussion > Subject: Re: mail scanner stuck > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > From: Eduardo Casarero > > Reply-To: MailScanner discussion > > To: MailScanner discussion > > Subject: Re: mail scanner stuck > > > > hi, after doing some investigation i found the following: > > with 4 particular emails: > > > in /var/log/maillog: > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: > Starting > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner clamavmodule > timed out! > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of Service > attack detected! > -------------------------------------------------------------------------- > --- > > After this last log message the mail scanner rescan of the same email > > looping. This was logged with 1 child runnig (just for debuggin, in > > normal operation runs 6 childs) > > . . . > > > After this i really don?t know what to do. Cause Clamav is the only AV > > on the system and MScanner has a Timeout for AV of 300 segs an clamav > takes > > only 37.24 seg. so MScanner cant see that clamav finished or something > > is missing. > > . . . > > This seems to be very similar to the problem I wrote about earlier this > evening in: > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > I would be very interested to know: > > The size of the message > > What files it contained > > Whether the files were compressed, and if so > what was the uncompressed file size > > How many messages were in the batch that failed? > > Clearly if the message is one of say 30 in a batch then it is going to be > easier for ClamAV to time out on the batch than if there was only one in > the batch. My understanding is that the timeout setting applies to the > whole batch and not to a single message. > > As indicated in my message, I have changed the default for: > > Virus Scanner Timeout = > > in MailScanner.conf from 300 to 600 seconds to try to avoid this kind of > problem. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at mango.zw Tue Apr 18 09:56:43 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 18 09:59:43 2006 Subject: mail scanner stuck In-Reply-To: <022901c662c4$99d9aed0$3004010a@martinhlaptop> Message-ID: Hi Martin On Tue, 18 Apr 2006, Martin Hepworth wrote: > I'd look at why the clamavmodule is timing out - does clamscan work OK > from the command line???? On my system I am not running clamavmodule - just plain clamav. The error message below was on the system being run by Eduardo Casarero. > RH 7.1 is really really old Soon to be upgraded to Debian Sarge :-) > so it could be problems with either clamAV or the perl module not > working with 7.1. > What happens if you change from the module to the normal clamav scanner > in MailScanner.conf? See above. > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > > Sent: 17 April 2006 22:41 > > To: MailScanner discussion > > Subject: Re: mail scanner stuck > > > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > > From: Eduardo Casarero > > > Reply-To: MailScanner discussion > > > To: MailScanner discussion > > > Subject: Re: mail scanner stuck > > > > > > hi, after doing some investigation i found the following: > > > with 4 particular emails: > > > > > in /var/log/maillog: > > > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: > > Starting > > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner clamavmodule > > timed out! > > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of Service > > attack detected! > > -------------------------------------------------------------------------- > > --- > > > After this last log message the mail scanner rescan of the same email > > > looping. This was logged with 1 child runnig (just for debuggin, in > > > normal operation runs 6 childs) > > > > . . . > > > > > After this i really don?t know what to do. Cause Clamav is the only AV > > > on the system and MScanner has a Timeout for AV of 300 segs an clamav > > takes > > > only 37.24 seg. so MScanner cant see that clamav finished or something > > > is missing. > > > > . . . > > > > This seems to be very similar to the problem I wrote about earlier this > > evening in: > > > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > > > I would be very interested to know: > > > > The size of the message > > > > What files it contained > > > > Whether the files were compressed, and if so > > what was the uncompressed file size > > > > How many messages were in the batch that failed? > > > > Clearly if the message is one of say 30 in a batch then it is going to be > > easier for ClamAV to time out on the batch than if there was only one in > > the batch. My understanding is that the timeout setting applies to the > > whole batch and not to a single message. > > > > As indicated in my message, I have changed the default for: > > > > Virus Scanner Timeout = > > > > in MailScanner.conf from 300 to 600 seconds to try to avoid this kind of > > problem. > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From Jan-Peter.Koopmann at seceidos.de Tue Apr 18 10:07:13 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Apr 18 10:07:26 2006 Subject: DIFF for mta.sh startupscript on freebsd-port 4.52.2 Message-ID: On Monday, April 17, 2006 4:03 PM Lars Kristiansen wrote: >> Thanks to JP for the Freebsd-port. You are welcome. > Maybe it would be right to use the %%RC_SUBR%% variable in the ports > files? Let's discuss this off-list. > Should I rather send-pr these things instead of bothering the list? > Again, thanks. Simply e-mail me personally. Otherwise you risk me not seeing these important posts. :-) Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/cb073462/smime.bin From housey at sme-ecom.co.uk Tue Apr 18 10:14:14 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Apr 18 10:14:23 2006 Subject: Load Of Spam Getting Through Over the weekend Message-ID: Hi Had a few calls this morning moaning about a lot of spam had gotten through over the weekend, on further investigation most of the subjects were quite similar V/AGRiA new V/AGfRA new C/AmLls new Cj/ALIS new AMB/EjN new AiMb/EN new etc... Quite a few were also Out of Office replies e.g. Out Of Office: C/AmLls new None scored very high for spam at all, I run spamassasin, DCC, Razor, Pyzor and the rules_du_jour script from fsl.com has anyone else seen similar? does anyone have any rules to catch them? Paul From martinh at solid-state-logic.com Tue Apr 18 10:27:27 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 18 10:27:43 2006 Subject: Load Of Spam Getting Through Over the weekend In-Reply-To: Message-ID: <02a401c662ca$50e971f0$3004010a@martinhlaptop> Paul 1. What version of spamassassin? 2. Can you drop an example to pastebin or a web page (full headers etc), and I'll run it over my comprehensive SA setup and see which extra rules fire. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > Sent: 18 April 2006 10:14 > To: MailScanner Mailing List > Subject: Load Of Spam Getting Through Over the weekend > > Hi > > Had a few calls this morning moaning about a lot of spam had gotten > through > over the weekend, on further investigation most of the subjects were quite > similar > > V/AGRiA new > V/AGfRA new > C/AmLls new > Cj/ALIS new > AMB/EjN new > AiMb/EN new > > etc... > > Quite a few were also Out of Office replies e.g. > > Out Of Office: C/AmLls new > > None scored very high for spam at all, I run spamassasin, DCC, Razor, > Pyzor > and the rules_du_jour script from fsl.com has anyone else seen similar? > does > anyone have any rules to catch them? > > Paul > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From suporte at setinet.com.br Tue Apr 18 16:45:05 2006 From: suporte at setinet.com.br (Suporte) Date: Tue Apr 18 12:45:29 2006 Subject: ATTACH with MS-DOS format converted to LINUX format Message-ID: <001b01c662ff$10a6b0a0$140aa8c0@Note> Hi. The problem occur when i send a file like test.rem. The format is a simple .txt file, for windows. When MailScanner send the file, the recipient receive but with no order inside. Like Unix format. all collums and tabs are missing. i can resolve it by convert the file again.. but i cant say to my client do the same, one by one. What I can do to MailScanner not convert the files? and, Why MailScanner do that by default? Really Thanks Dennis -------------------------------------------------------------------- Esta mensagem foi verificada pelo sistema de anti-v?rus e anti-spam. Seti Seguran?a e Tecnologia na Internet - suporte@setinet.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/583bf153/attachment.html From roger at rudnick.com.br Tue Apr 18 13:10:40 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Apr 18 13:10:43 2006 Subject: ATTACH with MS-DOS format converted to LINUX format References: <001b01c662ff$10a6b0a0$140aa8c0@Note> Message-ID: <019501c662e1$1d6f87d0$0600a8c0@roger> Try setting "Sign Clean Messages = no" to see if it solves your problem... Regards Roger Jochem ----- Original Message ----- From: Suporte To: mailscanner@lists.mailscanner.info Sent: Tuesday, April 18, 2006 12:45 PM Subject: ATTACH with MS-DOS format converted to LINUX format Hi. The problem occur when i send a file like test.rem. The format is a simple .txt file, for windows. When MailScanner send the file, the recipient receive but with no order inside. Like Unix format. all collums and tabs are missing. i can resolve it by convert the file again.. but i cant say to my client do the same, one by one. What I can do to MailScanner not convert the files? and, Why MailScanner do that by default? Really Thanks Dennis -------------------------------------------------------------------- Esta mensagem foi verificada pelo sistema de anti-v?rus e anti-spam. Seti Seguran?a e Tecnologia na Internet - suporte@setinet.com.br ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/705c1bb4/attachment.html From bpumphrey at WoodMacLaw.com Tue Apr 18 13:34:09 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Tue Apr 18 13:34:15 2006 Subject: Load Of Spam Getting Through Over the weekend Message-ID: <04D932B0071FE34FA63EBB1977B48D15010BEE84@woodenex.woodmaclaw.local> Paul 1. What version of spamassassin? 2. Can you drop an example to pastebin or a web page (full headers etc), and I'll run it over my comprehensive SA setup and see which extra rules fire. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > Sent: 18 April 2006 10:14 > To: MailScanner Mailing List > Subject: Load Of Spam Getting Through Over the weekend > > Hi > > Had a few calls this morning moaning about a lot of spam had gotten > through over the weekend, on further investigation most of the > subjects were quite similar > > V/AGRiA new > V/AGfRA new > C/AmLls new > Cj/ALIS new > AMB/EjN new > AiMb/EN new > > etc... > > Quite a few were also Out of Office replies e.g. > > Out Of Office: C/AmLls new > > None scored very high for spam at all, I run spamassasin, DCC, Razor, > Pyzor and the rules_du_jour script from fsl.com has anyone else seen > similar? > does > anyone have any rules to catch them? > > Paul > > -- I am curious on this result. From Sylvain.Phaneuf at imsu.ox.ac.uk Tue Apr 18 14:37:55 2006 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Tue Apr 18 14:38:17 2006 Subject: Ignore Spam Whitelist If Recipients Exceed.... Message-ID: <4444F9C2.FEA8.00EB.0@imsu.ox.ac.uk> Hi everyone, This is my annual message to the list. Mailscanner is too d*** good, I don't can't find anything that goes wrong... We have come across a few messages lately that were flagged as spam while the sender was on our whitelist. I wonder what is the current wisdom on this... here it goes: we have kept the default setting for: Ignore Spam Whitelist If Recipients Exceed = 20 This morning someone we trust (!???) forwarded a message to 45 people - she had received that message from someone she trusts (!!??!). It turns out that the original message triggered two SA rules (MSGID_DOLLARS = Message-Id has pattern used in spam and MSGID_OUTLOOK_INVALID = Message-Id is fake (in Outlook Express format)). Other than that the message was cleaned and we feel we should have let it go without flagging it as spam. We are very careful to what we had to our whitelist. Should we raise our "Ignore Spam Whitelist If Recipients Exceed" to a bigger number? What do people do out there? Looking forward to reading your suggestions all. Thanks again to all the regular, and to Julian! Sylvain -- ============================================ Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford, OX3 9DU, UK ============================================ From Eric.Jacobs at thomastechsolutions.com Tue Apr 18 14:42:57 2006 From: Eric.Jacobs at thomastechsolutions.com (Jacobs, Eric (ThomasTech)) Date: Tue Apr 18 14:45:46 2006 Subject: Getting lots of Undeliverable: Returned mail: see transcript for details Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jon Radel > Sent: Monday, April 17, 2006 9:53 PM > To: MailScanner discussion > Subject: Re: Getting lots of Undeliverable: Returned mail: > see transcript for details > > > > Scott Silva wrote: > > Billy A. Pumphrey spake the following on 4/15/2006 7:53 PM: > > > >>Since I upgraded to near the latest MailScanner, I am > getting a lot of > >>these. > >> > >>Your message did not reach some or all of the intended recipients. > >> > >> Subject: Returned mail: see transcript for details > >> Sent: 4/15/2006 9:32 PM > >> > >>The following recipient(s) could not be reached: > >> > >> jelki@selena.net.ua on 4/15/2006 9:32 PM > >> The message could not be delivered because the > recipient's > >>destination email system is unknown or invalid. Please > check the address > >>and try again, or contact your system administrator to verify > >>connectivity to the email system of the recipient. > >> < WoodenMS2.woodmaclaw.local #5.1.2> > >> > >>Any idea why this is happening? I figure that is is DNS related or > >>something. > >> > >>Thank you > > > > I tried a smtp verify on that user at that domain; > > User does not exist.... > > > > > > It would possibly make more sense if Mr. Pumphrey read down a bit and > looked at the rest of the mail (aren't the original e-mails > attached?). > I see a lot of those in the postmaster, address of last > resort, e-mail > from the following: > > 1) Spam from non-existent address is sent to non-existent user on my > sendmail server. > > 2) Bounce to non-existent from address is prepared. > > 3) Bounce bounces and notice of this second bounce goes to postmaster. > > I suspect that as part of the upgrade either the option to quietly > discard these was turned off in the MTA or MailScanner is no longer > "discarding" them. I suspect the root cause was there before. > > --Jon Radel > jon@radel.com > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > I was having the same problem for awhile. What was triggering it was spam that was coming in as a "gif" attachment with an extremely long filename. While spamassassin was recognizing it as spam, it was also being flagged by MailScanner's filename checking. I do have MailScanner to notify upon blocking attachments because many clients will send banned attachments, so it was sending notifications about these blocked messages, which, of course, were bouncing. I got around this by putting gif attachments in the MailScanner.conf's "Allow filenames" entry, thus bypassing the filename.rules.conf check for these e-mails. Eric Jacobs From martin.lyberg at gmail.com Tue Apr 18 15:02:39 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue Apr 18 15:03:09 2006 Subject: Forward virus, not quarantine? In-Reply-To: <443D2A76.1050604@nkpanama.com> References: <443D2A76.1050604@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote: > Possible? Don't know - never had to. What would your reasons be for > doing so? I can't think of any reasons off the top of my head, but it > would be interesting to know where such a scenario would be needed. Most > people want to get rid of viruses, not collect them (except for the CDC) :D > > Regards, > > Alex Alex, The reason for doing this, is that i'm testing a new box with Mailscanner, Postfix and clamav. During my tests, i noticed that some legitime mails with attachment got blocked, and since i'm just relaying for our internal exchangeserver, i'm not quite sure how to release those mails until i've found out why it was blocked. / Martin From martinh at solid-state-logic.com Tue Apr 18 15:08:37 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 18 15:08:44 2006 Subject: Forward virus, not quarantine? In-Reply-To: Message-ID: <032001c662f1$966af470$3004010a@martinhlaptop> Martin If you install mailwatch on top of MailScanner it will give you a nice interface to release emails etc... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin > Sent: 18 April 2006 15:03 > To: mailscanner@lists.mailscanner.info > Subject: Re: Forward virus, not quarantine? > > Alex Neuman van der Hans wrote: > > > Possible? Don't know - never had to. What would your reasons be for > > doing so? I can't think of any reasons off the top of my head, but it > > would be interesting to know where such a scenario would be needed. Most > > people want to get rid of viruses, not collect them (except for the CDC) > :D > > > > Regards, > > > > Alex > > Alex, > > The reason for doing this, is that i'm testing a new box with > Mailscanner, Postfix and clamav. During my tests, i noticed that some > legitime mails with attachment got blocked, and since i'm just relaying > for our internal exchangeserver, i'm not quite sure how to release those > mails until i've found out why it was blocked. > > / Martin > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From lucky at the-luckyduck.de Tue Apr 18 15:11:14 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Tue Apr 18 15:11:17 2006 Subject: seperating recipient based whitelisting for virus and spam checks Message-ID: <20060418141114.GU4210@luckyduck.tux> Hi, Jules told me a few days ago how to enable / disable spam checking for certain recipients. I wrote a custom function (DoWeScan) which checks an sql database based on the 'todomain' field in the message. In the MailScanner.conf, the Scan Messages setting calls this function. This works fine, but it enables or disables all checks based on the settings in the database. Now, I tried to go one step further to make it possible to give users more options to select from. I tried to go the way Jules recommended (i.e. I wrote two more custom functions), for the 'Virus Scanning' and 'Spam Checks' settings, but it doesnt work as expected. I tried the following things: - Scan Messages = no Virus Scanning = &DoWeVirusScan Spam Checks = &DoWeSpamScan Result: No messages are scanned at all. - Scan Messages = yes Result: no matter what i set in the database for spam or virus checks, every message gets scanned - Scan Messages = &DoWeScan , where DoWeScan checks if either the spamfilter, the virusscanner or both features should be enabled. Result: if one of these things is active, both checks are enabled. this is because the DoWeScan function contains an inclusive or logic. My question now is, can I enable / disable spam and virus checks indepently? From pravin.rane at gmail.com Tue Apr 18 16:05:44 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Tue Apr 18 16:05:47 2006 Subject: Qmail repeated Message-ID Message-ID: <13c021a90604180805r675617c1gab6add71196ae6c6@mail.gmail.com> Hi This is my first posting to Mailscannner list. I am using Qmail + MailScanner + Mailwatch + ClamAV + Spamassassin. My problem is I am getting same messae-Ids for mulitple mails in Mailwatch interface. After searching in Mailwatch FAQ I found the author pointed to counsult with Mailscanner's Author since all this information its getting from MailScanner. Is there any work-arround (Patch) to get unique message-ids?. Since qmail uses same message-ids to different messages if it does not find that inode no. in queue. Regards Pravin Rane -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/4f5edd74/attachment.html From Mailscanner at mailing.kaufland-informationssysteme.com Tue Apr 18 16:45:59 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Tue Apr 18 16:46:05 2006 Subject: Split the mails In-Reply-To: <441E08E9.8000501@enitech.com.au> References: <000101c649da$b4b09f50$3004010a@martinhlaptop> <441E08E9.8000501@enitech.com.au> Message-ID: <444509B7.5070301@mailing.kaufland-informationssysteme.com> Hello Peter, I will try now exim ;) can you send me or explain me the exim config section for the mail Mail splitting. Matthias Peter Russell wrote: > It isnt possible on Posthfix unless some one write a script to do it > as a filter in Postfix...but i am sure that as soon as it is written > the functionality of postfix will change and break it. > > If i hadnt already begun with postfix i would ahve learnt Exim - one day! > > Martin Hepworth wrote: > >> Matthias >> >> Only possible if you're running sendmail or exim. >> Basically you have to get the MTa to split the 1 email with many >> recipients >> into many emails with 1 recipient. >> >> There's instructions on how to do this for sendmail and exim in this >> file... >> >> http://www.fsl.com/support/QuarantineReport.tar.gz >> >> >> >> -- >> Martin Hepworth Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter >>> Sent: 17 March 2006 15:30 >>> To: MailScanner discussion >>> Subject: Split the mails >>> >>> I make several Spam actions for different users. >>> But if a mail contains several receiver only the first rule work. >>> >>> Now is it possible to split into several mails for each receiver? >>> >>> Or is there an other - may cooler way? >>> >>> Matthias >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> From martinh at solid-state-logic.com Tue Apr 18 16:49:03 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 18 16:49:12 2006 Subject: Split the mails In-Reply-To: <444509B7.5070301@mailing.kaufland-informationssysteme.com> Message-ID: <037401c662ff$9e01f9f0$3004010a@martinhlaptop> Have a look in the tar.gz file - there's an exim.txt... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > Sent: 18 April 2006 16:46 > To: pete@enitech.com.au > Cc: MailScanner discussion > Subject: Re: Split the mails > > Hello Peter, > > I will try now exim ;) > can you send me or explain me the exim config section for the mail Mail > splitting. > > Matthias > > Peter Russell wrote: > > > It isnt possible on Posthfix unless some one write a script to do it > > as a filter in Postfix...but i am sure that as soon as it is written > > the functionality of postfix will change and break it. > > > > If i hadnt already begun with postfix i would ahve learnt Exim - one > day! > > > > Martin Hepworth wrote: > > > >> Matthias > >> > >> Only possible if you're running sendmail or exim. > >> Basically you have to get the MTa to split the 1 email with many > >> recipients > >> into many emails with 1 recipient. > >> > >> There's instructions on how to do this for sendmail and exim in this > >> file... > >> > >> http://www.fsl.com/support/QuarantineReport.tar.gz > >> > >> > >> > >> -- > >> Martin Hepworth Snr Systems Administrator > >> Solid State Logic > >> Tel: +44 (0)1865 842300 > >> > >> > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Matthias Sutter > >>> Sent: 17 March 2006 15:30 > >>> To: MailScanner discussion > >>> Subject: Split the mails > >>> > >>> I make several Spam actions for different users. > >>> But if a mail contains several receiver only the first rule work. > >>> > >>> Now is it possible to split into several mails for each receiver? > >>> > >>> Or is there an other - may cooler way? > >>> > >>> Matthias > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > >> ********************************************************************** > >> > >> This email and any files transmitted with it are confidential and > >> intended solely for the use of the individual or entity to whom they > >> are addressed. If you have received this email in error please notify > >> the system manager. > >> > >> This footnote confirms that this email message has been swept > >> for the presence of computer viruses and is believed to be clean. > >> > >> ********************************************************************** > >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rgreen at trayerproducts.com Tue Apr 18 18:33:05 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Tue Apr 18 18:33:46 2006 Subject: DCC Score Message-ID: <444522D1.60107@trayerproducts.com> Hello, Where is score for DCC configured? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at thehostmasters.com Tue Apr 18 19:03:12 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 18 19:03:15 2006 Subject: Custom blacklist?? Message-ID: <444529E0.9010809@thehostmasters.com> Hello all... I added the following line in local.cf, but it has no affect... I must be doing something retardily wrong?! blacklist_from bloddy_ceaser@hotmail.com hoping the above would block email from the email address?? SA 3.1 -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From ecasarero at gmail.com Tue Apr 18 20:50:17 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Apr 18 20:50:29 2006 Subject: mail scanner stuck In-Reply-To: References: <022901c662c4$99d9aed0$3004010a@martinhlaptop> Message-ID: <7d9b3cf20604181250g5cf100baida1ff5659316e390@mail.gmail.com> jim, i?ve the messages but i just substracted them from the mqueu.in. Sizes goes from 400Kb to 7Mb. Aparently they are compressed PPT Power Point Presentations. how can i open that mail if i have the qfk3HFIQcc008169 and dfk3HFIQcc008169. In the bacht that failed there was 1 email only, i chaged parameters so mailscanner takes 1 by 1 so i found this 4 problematic mails. regards. 2006/4/18, Jim Holland : > > Hi Martin > > On Tue, 18 Apr 2006, Martin Hepworth wrote: > > > I'd look at why the clamavmodule is timing out - does clamscan work OK > > from the command line???? > > On my system I am not running clamavmodule - just plain clamav. The error > message below was on the system being run by Eduardo Casarero. > > > RH 7.1 is really really old > > Soon to be upgraded to Debian Sarge :-) > > > so it could be problems with either clamAV or the perl module not > > working with 7.1. > > > What happens if you change from the module to the normal clamav scanner > > in MailScanner.conf? > > See above. > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > > > Sent: 17 April 2006 22:41 > > > To: MailScanner discussion > > > Subject: Re: mail scanner stuck > > > > > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > > > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > > > From: Eduardo Casarero > > > > Reply-To: MailScanner discussion > > > > > To: MailScanner discussion > > > > Subject: Re: mail scanner stuck > > > > > > > > hi, after doing some investigation i found the following: > > > > with 4 particular emails: > > > > > > > in /var/log/maillog: > > > > > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: > > > Starting > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner > clamavmodule > > > timed out! > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of > Service > > > attack detected! > > > > -------------------------------------------------------------------------- > > > --- > > > > After this last log message the mail scanner rescan of the same > email > > > > looping. This was logged with 1 child runnig (just for debuggin, in > > > > normal operation runs 6 childs) > > > > > > . . . > > > > > > > After this i really don?t know what to do. Cause Clamav is the only > AV > > > > on the system and MScanner has a Timeout for AV of 300 segs an > clamav > > > takes > > > > only 37.24 seg. so MScanner cant see that clamav finished or > something > > > > is missing. > > > > > > . . . > > > > > > This seems to be very similar to the problem I wrote about earlier > this > > > evening in: > > > > > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > > > > > I would be very interested to know: > > > > > > The size of the message > > > > > > What files it contained > > > > > > Whether the files were compressed, and if so > > > what was the uncompressed file size > > > > > > How many messages were in the batch that failed? > > > > > > Clearly if the message is one of say 30 in a batch then it is going to > be > > > easier for ClamAV to time out on the batch than if there was only one > in > > > the batch. My understanding is that the timeout setting applies to > the > > > whole batch and not to a single message. > > > > > > As indicated in my message, I have changed the default for: > > > > > > Virus Scanner Timeout = > > > > > > in MailScanner.conf from 300 to 600 seconds to try to avoid this kind > of > > > problem. > > > > > > Regards > > > > > > Jim Holland > > > System Administrator > > > MANGO - Zimbabwe's non-profit e-mail service > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/f329ba2d/attachment.html From rob at thehostmasters.com Tue Apr 18 20:51:13 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 18 20:51:32 2006 Subject: Changin MX machine to it's own, recommendations please... Message-ID: <44454331.6050409@thehostmasters.com> Hello.... I will be creating an MX(mailscanner Machine) all on its own to crunch away all those bad little emails... as the current MS is taking too much resources on my other machine.... So the question is, aside form OS which will be Debian and the hardware.... What setup should i do with respect to install MS and associated apps... Apt-get or source/compile/install... any other important things is should check out or know? Thanks too all.. -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From mailscanner at mango.zw Tue Apr 18 22:21:29 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 18 22:23:30 2006 Subject: mail scanner stuck In-Reply-To: <7d9b3cf20604181250g5cf100baida1ff5659316e390@mail.gmail.com> Message-ID: On Tue, 18 Apr 2006, Eduardo Casarero wrote: > jim, i?ve the messages but i just substracted them from the mqueu.in. > Sizes goes from 400Kb to 7Mb. Aparently they are compressed PPT Power > Point Presentations. how can i open that mail if i have the > qfk3HFIQcc008169 and dfk3HFIQcc008169 In the bacht that failed there was > 1 email only, i chaged parameters so mailscanner takes 1 by 1 so i found > this 4 problematic mails. If you are happy to just release the message, then stop MailScanner (if you want to avoid possible error messages), move both of the above files into /var/spool/mqueue, and then restart MailScanner. If you want to scan the message manually, then as far as I know you have to convert the above back into a single message file. I do that the hard way: cat qfk3HFIQcc008169 dfk3HFIQcc008169 > msg.tmp edit the headers in msg.tmp: Delete all lines up to but not including the first Received: line Delete all H?? entries at the beginning of lines Delete the . on the line at the end of the headers. You can then scan the message. Your comment about the files being compressed PPT Power Point Presentations is also very interesting, as PPT files were also amongst the problem messages that I came across. > 2006/4/18, Jim Holland : > > > > Hi Martin > > > > On Tue, 18 Apr 2006, Martin Hepworth wrote: > > > > > I'd look at why the clamavmodule is timing out - does clamscan work OK > > > from the command line???? > > > > On my system I am not running clamavmodule - just plain clamav. The error > > message below was on the system being run by Eduardo Casarero. > > > > > RH 7.1 is really really old > > > > Soon to be upgraded to Debian Sarge :-) > > > > > so it could be problems with either clamAV or the perl module not > > > working with 7.1. > > > > > What happens if you change from the module to the normal clamav scanner > > > in MailScanner.conf? > > > > See above. > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > > > > Sent: 17 April 2006 22:41 > > > > To: MailScanner discussion > > > > Subject: Re: mail scanner stuck > > > > > > > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > > > > > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > > > > From: Eduardo Casarero > > > > > Reply-To: MailScanner discussion > > > > > > > To: MailScanner discussion > > > > > Subject: Re: mail scanner stuck > > > > > > > > > > hi, after doing some investigation i found the following: > > > > > with 4 particular emails: > > > > > > > > > in /var/log/maillog: > > > > > > > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content Scanning: > > > > Starting > > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner > > clamavmodule > > > > timed out! > > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of > > Service > > > > attack detected! > > > > > > -------------------------------------------------------------------------- > > > > --- > > > > > After this last log message the mail scanner rescan of the same > > email > > > > > looping. This was logged with 1 child runnig (just for debuggin, in > > > > > normal operation runs 6 childs) > > > > > > > > . . . > > > > > > > > > After this i really don?t know what to do. Cause Clamav is the only > > AV > > > > > on the system and MScanner has a Timeout for AV of 300 segs an > > clamav > > > > takes > > > > > only 37.24 seg. so MScanner cant see that clamav finished or > > something > > > > > is missing. > > > > > > > > . . . > > > > > > > > This seems to be very similar to the problem I wrote about earlier > > this > > > > evening in: > > > > > > > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > > > > > > > I would be very interested to know: > > > > > > > > The size of the message > > > > > > > > What files it contained > > > > > > > > Whether the files were compressed, and if so > > > > what was the uncompressed file size > > > > > > > > How many messages were in the batch that failed? > > > > > > > > Clearly if the message is one of say 30 in a batch then it is going to > > be > > > > easier for ClamAV to time out on the batch than if there was only one > > in > > > > the batch. My understanding is that the timeout setting applies to > > the > > > > whole batch and not to a single message. > > > > > > > > As indicated in my message, I have changed the default for: > > > > > > > > Virus Scanner Timeout = > > > > > > > > in MailScanner.conf from 300 to 600 seconds to try to avoid this kind > > of > > > > problem. > > > > > > > > Regards > > > > > > > > Jim Holland > > > > System Administrator > > > > MANGO - Zimbabwe's non-profit e-mail service > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > ********************************************************************** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they > > > are addressed. If you have received this email in error please notify > > > the system manager. > > > > > > This footnote confirms that this email message has been swept > > > for the presence of computer viruses and is believed to be clean. > > > > > > ********************************************************************** > > > > > > > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From maillists at conactive.com Tue Apr 18 22:31:26 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 18 22:31:39 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: Res wrote on Mon, 17 Apr 2006 13:36:22 +1000 (EST): > Since enforcing PTR checks, like I said 90% of the crap is now rejected By simply checking if a PTR record exists? You are then getting spam from weird locations ;-) All big German providers have PTR for their dynamic IP space and what I get from the big US providers like charter, comcast, shaw and such, they all have PTR. Actually that's a good thing since I can block them all by domain instead of collecting their IP ranges :-) I could reject maybe 10% by a "need PTR" policy - if I'm lucky. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Apr 18 22:31:26 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 18 22:31:41 2006 Subject: Custom blacklist?? In-Reply-To: <444529E0.9010809@thehostmasters.com> References: <444529E0.9010809@thehostmasters.com> Message-ID: Rob Morin wrote on Tue, 18 Apr 2006 14:03:12 -0400: > hoping the above would block email from the email address?? Maybe it's not the envelope address? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at mango.zw Tue Apr 18 22:32:34 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 18 22:34:20 2006 Subject: Can the null address be specified in a ruleset? Message-ID: Hi Julian I have a user who is receiving numerous erroneous bounces of "cleaned" viruses from a large local ISP. The viruses are spoofing her address. The envelope sender address according to the log file is the null address <>, although when received by the user it has the envelope address MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after receipt. I have tried the following in spam.blacklist.rules: From: <> and To: user@mango.zw yes and From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes but, not surprisingly, neither of these work. Can you suggest any way to make such a rule work? Or would it need to be a new feature? I do think it would be very useful to be able to use <> if it cannot be done at the moment. I am not using SpamAssassin (don't have enough horsepower) so cannot use that. And I don't want to block other mail from the major local ISP that is sending this junk. For the moment I will just try getting them on the phone once more . . . Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From mkettler at evi-inc.com Tue Apr 18 22:34:55 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 18 22:35:03 2006 Subject: Custom blacklist?? In-Reply-To: <444529E0.9010809@thehostmasters.com> References: <444529E0.9010809@thehostmasters.com> Message-ID: <44455B7F.9090601@evi-inc.com> Rob Morin wrote: > Hello all... > > I added the following line in local.cf, but it has no affect... I must > be doing something retardily wrong?! > > blacklist_from bloddy_ceaser@hotmail.com > > hoping the above would block email from the email address?? > > SA 3.1 I assume you're using SA under MailScanner.. Did you reload MailScanner after changing the config file? Local.cf only gets parsed when a SA instance is created, not for every message, so if you don't reload it won't take effect until MailScanner decides to kill and reload all the scanning children. (You could also restart mailscanner, but that causes the init script to also shut down and restart the sendmail instances, so it's overkill here) From matt at coders.co.uk Tue Apr 18 22:41:04 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue Apr 18 22:41:10 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <44455CF0.6030702@coders.co.uk> Jim Holland wrote: > but, not surprisingly, neither of these work. Can you suggest any way to > make such a rule work? Or would it need to be a new feature? I do think > it would be very useful to be able to use <> if it cannot be done at the > moment. If you are using sendmail and are willing to use milters then checkout milter-regex. I use this for exactly the purpose you have described. http://www.benzedrine.cx/milter-regex.html matt From mailscanner at mango.zw Tue Apr 18 22:46:35 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 18 22:47:31 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <44455CF0.6030702@coders.co.uk> Message-ID: On Tue, 18 Apr 2006, Matt Hampton wrote: > Jim Holland wrote: > > > but, not surprisingly, neither of these work. Can you suggest any way to > > make such a rule work? Or would it need to be a new feature? I do think > > it would be very useful to be able to use <> if it cannot be done at the > > moment. > > If you are using sendmail and are willing to use milters then checkout > milter-regex. I use this for exactly the purpose you have described. > > http://www.benzedrine.cx/milter-regex.html Excellent suggestion - thanks. I noticed when I installed the latest sendmail 8.13.16 recently from source that it was possible to use regexes, but had put that on the back burner for the moment. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From csweeney at osubucks.org Tue Apr 18 22:51:15 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Apr 18 22:51:30 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: <44455F53.1000003@osubucks.org> If you are blocking by domain from the TR then you are possibly rejecting legit email as all of the ones you listed also provide commercial services. I myself get my fiber from Time Warner Cable.... Chris Kai Schaeffer wrote: > Res wrote on Mon, 17 Apr 2006 13:36:22 +1000 (EST): > > >> Since enforcing PTR checks, like I said 90% of the crap is now rejected >> > > By simply checking if a PTR record exists? You are then getting spam from > weird locations ;-) All big German providers have PTR for their dynamic IP > space and what I get from the big US providers like charter, comcast, shaw > and such, they all have PTR. Actually that's a good thing since I can > block them all by domain instead of collecting their IP ranges :-) > I could reject maybe 10% by a "need PTR" policy - if I'm lucky. > > Kai > > -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060418/0d44c984/attachment.html From alex at nkpanama.com Tue Apr 18 23:45:24 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Apr 18 23:45:54 2006 Subject: Custom blacklist?? In-Reply-To: <44455B7F.9090601@evi-inc.com> References: <444529E0.9010809@thehostmasters.com> <44455B7F.9090601@evi-inc.com> Message-ID: <44456C04.1080100@nkpanama.com> Matt Kettler wrote: > Rob Morin wrote: > >> Hello all... >> >> I added the following line in local.cf, but it has no affect... I must >> be doing something retardily wrong?! >> >> blacklist_from bloddy_ceaser@hotmail.com >> >> hoping the above would block email from the email address?? >> >> SA 3.1 >> > > I assume you're using SA under MailScanner.. Did you reload MailScanner after > changing the config file? Local.cf only gets parsed when a SA instance is > created, not for every message, so if you don't reload it won't take effect > until MailScanner decides to kill and reload all the scanning children. > > (You could also restart mailscanner, but that causes the init script to also > shut down and restart the sendmail instances, so it's overkill here) > > > Wouldn't it be better to do the blacklist at the MTA level, or using "is definitely spam" in MailScanner.conf? From alex at nkpanama.com Tue Apr 18 23:59:53 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Apr 19 00:00:28 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <44456F69.7060701@nkpanama.com> I'm sure I could think of a couple of drastic solutions (firewalling them, bouncing everything to the ISP CEO's home address, etc.) that wouldn't really solve your problem. Are you sure the spacing is right in your spam.blacklist.rules? I always use tabs just in case, although I've heard you can use any whitespace. Are you restarting MailScanner when you make the changes? Is the "default" line at the end? I really hate it when clueless admins do this. They should quit their job, donate their severance check to charity, and choose another profession :) Regards, Alex Jim Holland wrote: > Hi Julian > > I have a user who is receiving numerous erroneous bounces of "cleaned" > viruses from a large local ISP. The viruses are spoofing her address. > The envelope sender address according to the log file is the null address > <>, although when received by the user it has the envelope address > MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after > receipt. I have tried the following in spam.blacklist.rules: > > From: <> and To: user@mango.zw yes > and > From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes > > but, not surprisingly, neither of these work. Can you suggest any way to > make such a rule work? Or would it need to be a new feature? I do think > it would be very useful to be able to use <> if it cannot be done at the > moment. > > I am not using SpamAssassin (don't have enough horsepower) so cannot use > that. And I don't want to block other mail from the major local ISP that > is sending this junk. > > For the moment I will just try getting them on the phone once more . . . > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > From jrudd at ucsc.edu Wed Apr 19 00:05:06 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed Apr 19 00:05:50 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <6071cb1325092e831b520bc826a35253@ucsc.edu> Be careful, you're required by RFC (I forget which one) to treat <> as a valid address (it essentially means "MAILER-DAEMON@the.originating.host", and the reason yours is being inserted is probably that your MTA is qualifying and canocializing and such). I don't know if the RFC-Ignorant RBL has a case for people who reject <> or not, but it wouldn't surprise me. You might try mimedefang (a milter). It gives you lots of functionality you can use to reject or discard (quietly) messages at different stages of the transaction. You need to know perl, though (you basically have to write the handling code for each stage). On Apr 18, 2006, at 2:32 PM, Jim Holland wrote: > Hi Julian > > I have a user who is receiving numerous erroneous bounces of "cleaned" > viruses from a large local ISP. The viruses are spoofing her address. > The envelope sender address according to the log file is the null > address > <>, although when received by the user it has the envelope address > MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after > receipt. I have tried the following in spam.blacklist.rules: > > From: <> and To: user@mango.zw yes > and > From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes > > but, not surprisingly, neither of these work. Can you suggest any way > to > make such a rule work? Or would it need to be a new feature? I do > think > it would be very useful to be able to use <> if it cannot be done at > the > moment. > > I am not using SpamAssassin (don't have enough horsepower) so cannot > use > that. And I don't want to block other mail from the major local ISP > that > is sending this junk. > > For the moment I will just try getting them on the phone once more . . > . > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mailscanner at mango.zw Wed Apr 19 00:48:06 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Apr 19 00:52:47 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <6071cb1325092e831b520bc826a35253@ucsc.edu> Message-ID: On Tue, 18 Apr 2006, John Rudd wrote: > Be careful, you're required by RFC (I forget which one) to treat <> as a > valid address (it essentially means > "MAILER-DAEMON@the.originating.host", and the reason yours is being > inserted is probably that your MTA is qualifying and canocializing and > such). I don't know if the RFC-Ignorant RBL has a case for people who > reject <> or not, but it wouldn't surprise me. We are only trying to block mail from the null address to this particular user who is being bombarded by these junk notices. I don't think anyone would complain about taking action to protect yourself! Of course we are normally quite happy to accept mail from <> as it is the standard way of avoiding bounce loops. > You might try mimedefang (a milter). It gives you lots of functionality > you can use to reject or discard (quietly) messages at different stages > of the transaction. You need to know perl, though (you basically have > to write the handling code for each stage). Thanks for the tip. > On Apr 18, 2006, at 2:32 PM, Jim Holland wrote: > > > Hi Julian > > > > I have a user who is receiving numerous erroneous bounces of "cleaned" > > viruses from a large local ISP. The viruses are spoofing her address. > > The envelope sender address according to the log file is the null > > address > > <>, although when received by the user it has the envelope address > > MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after > > receipt. I have tried the following in spam.blacklist.rules: > > > > From: <> and To: user@mango.zw yes > > and > > From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes > > > > but, not surprisingly, neither of these work. Can you suggest any way > > to > > make such a rule work? Or would it need to be a new feature? I do > > think > > it would be very useful to be able to use <> if it cannot be done at > > the > > moment. > > > > I am not using SpamAssassin (don't have enough horsepower) so cannot > > use > > that. And I don't want to block other mail from the major local ISP > > that > > is sending this junk. > > > > For the moment I will just try getting them on the phone once more . . > > . > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From mailscanner at mango.zw Wed Apr 19 00:41:53 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Apr 19 01:06:32 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <44456F69.7060701@nkpanama.com> Message-ID: On Tue, 18 Apr 2006, Alex Neuman van der Hans wrote: > I'm sure I could think of a couple of drastic solutions (firewalling > them, bouncing everything to the ISP CEO's home address, etc.) that > wouldn't really solve your problem. > > Are you sure the spacing is right in your spam.blacklist.rules? I always > use tabs just in case, although I've heard you can use any whitespace. > Are you restarting MailScanner when you make the changes? Is the > "default" line at the end? Yes/yes/yes. I use spam.blacklist.rules all the time, so I am sure that I am entering the details correctly. However I would assume that MailScanner does in fact ignore any angle brackets around an address. > I really hate it when clueless admins do this. They should quit > their job, donate their severance check to charity, and choose another > profession :) In this case the problem is with the infected corporate client of the ISP. They are ironically using MailScanner, but obviously haven't configured it correctly. By receiving the bounces I can see exactly which of their computers is infected. But so far I have not been able to get any response from the corporate client. Now I just need to persuade their ISP to close them down for a little while (weeks? months?) until they get their act together. > Jim Holland wrote: > > Hi Julian > > > > I have a user who is receiving numerous erroneous bounces of "cleaned" > > viruses from a large local ISP. The viruses are spoofing her address. > > The envelope sender address according to the log file is the null address > > <>, although when received by the user it has the envelope address > > MAILER-DAEMON@mango.zw that is added by our own system (mango.zw) after > > receipt. I have tried the following in spam.blacklist.rules: > > > > From: <> and To: user@mango.zw yes > > and > > From: MAILER-DAEMON@mango.zw and To: user@mango.zw yes > > > > but, not surprisingly, neither of these work. Can you suggest any way to > > make such a rule work? Or would it need to be a new feature? I do think > > it would be very useful to be able to use <> if it cannot be done at the > > moment. > > > > I am not using SpamAssassin (don't have enough horsepower) so cannot use > > that. And I don't want to block other mail from the major local ISP that > > is sending this junk. > > > > For the moment I will just try getting them on the phone once more . . . > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > > > Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From jrudd at ucsc.edu Wed Apr 19 01:47:37 2006 From: jrudd at ucsc.edu (John Rudd) Date: Wed Apr 19 01:48:18 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <5a29d1da587619659b75e23111da9f04@ucsc.edu> On Apr 18, 2006, at 4:48 PM, Jim Holland wrote: > On Tue, 18 Apr 2006, John Rudd wrote: > >> Be careful, you're required by RFC (I forget which one) to treat <> >> as a >> valid address (it essentially means >> "MAILER-DAEMON@the.originating.host", and the reason yours is being >> inserted is probably that your MTA is qualifying and canocializing and >> such). I don't know if the RFC-Ignorant RBL has a case for people who >> reject <> or not, but it wouldn't surprise me. > > We are only trying to block mail from the null address to this > particular > user who is being bombarded by these junk notices. I don't think > anyone > would complain about taking action to protect yourself! Of course we > are > normally quite happy to accept mail from <> as it is the standard way > of > avoiding bounce loops. I mainly meant "don't reject/bounce, make sure you silently discard them". You don't want any outside host to see you refusing them, if that makes sense. From ssilva at sgvwater.com Wed Apr 19 03:22:57 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 19 03:23:24 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <44454331.6050409@thehostmasters.com> References: <44454331.6050409@thehostmasters.com> Message-ID: Rob Morin spake the following on 4/18/2006 12:51 PM: > Hello.... > > I will be creating an MX(mailscanner Machine) all on its own to crunch > away all those bad little emails... as the current MS is taking too much > resources on my other machine.... > > So the question is, aside form OS which will be Debian and the hardware.... > > What setup should i do with respect to install MS and associated apps... > > Apt-get or source/compile/install... > > any other important things is should check out or know? > > Thanks too all.. > Your call. Do you want to stay current with any updates as soon as they come out, or do you want to wait for the package maintainers to release the newer versions. I'm not bagging on any package maintainers, as I know most of them have regular jobs, but it is up to you to decide. I don't spend more than an hour a month keeping current with the source packages. Julian has made the process very easy with his all in one package of Clam-AV and spamassassin, and the MailScanner package. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Wed Apr 19 08:39:31 2006 From: res at ausics.net (Res) Date: Wed Apr 19 08:39:43 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: Hi, On Tue, 18 Apr 2006, Kai Schaetzl wrote: > Res wrote on Mon, 17 Apr 2006 13:36:22 +1000 (EST): > >> Since enforcing PTR checks, like I said 90% of the crap is now rejected > > By simply checking if a PTR record exists? You are then getting spam from > weird locations ;-) All big German providers have PTR for their dynamic IP > space and what I get from the big US providers like charter, comcast, shaw > and such, they all have PTR. Actually that's a good thing since I can > block them all by domain instead of collecting their IP ranges :-) hehehe yes it is a good thing comcast.net 550 #$#@ off spamming scum beats having 500 lines of various IP's im bound to miss many of anyway :) > I could reject maybe 10% by a "need PTR" policy - if I'm lucky. thats still 10% less spam :) I find the vast majority of no ptr's (and spam) comes from asia we'd reject as much mail in one day from china as we would all of comcast shaw roadrunner and aol combined, and as months go by it gets worse, where as only 12 months ago I outright entirely blocked shaw and roadrunner and comcast because the spam from them in one day was more than asia gave me in a month, now the tide has turned, do not get much from Europe or au/nz. -- Cheers Res From res at ausics.net Wed Apr 19 08:43:53 2006 From: res at ausics.net (Res) Date: Wed Apr 19 08:44:02 2006 Subject: greylisting? In-Reply-To: <44455F53.1000003@osubucks.org> References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> <44455F53.1000003@osubucks.org> Message-ID: On Tue, 18 Apr 2006, Chris Sweeney wrote: > If you are blocking by domain from the TR then you are possibly > rejecting legit email as all of the ones you listed also provide > commercial services. I myself get my fiber from Time Warner Cable.... Yes, but lets face it, not may carriers gives a damn about spam complaints and in the US they sure as hell ignore it, or maybe they just ignore complaints from those of us who dont live in the US, however when you take out their entire domain like we did a year ago to shaw and rr, well that certainly got their attention, and satisfactory co-operation, now comcast however is a complete lost cause, they remain blocked today and I dont care, because until they deal with their spamming scum users they wont be using any of our resources. -- Cheers Res From martinh at solid-state-logic.com Wed Apr 19 08:56:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 19 08:56:18 2006 Subject: DCC Score In-Reply-To: <444522D1.60107@trayerproducts.com> Message-ID: <007901c66386$b8b5fda0$3004010a@martinhlaptop> Rod In the SA rules - default score will be in /usr/local/share/spamassassin/50_scores.cf If you want to change it - alter your spam.assassin.prefs.conf with the new score.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rodney Green > Sent: 18 April 2006 18:33 > To: mailscanner@lists.mailscanner.info > Subject: DCC Score > > > Hello, > > Where is score for DCC configured? > > Thanks, > Rod > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Apr 19 09:02:26 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 19 09:02:36 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <44454331.6050409@thehostmasters.com> Message-ID: <007a01c66387$9921c5e0$3004010a@martinhlaptop> Rob As for the apt or source - depends on how often you want to update....the apt's can be a little behind a the monthly source updates..if you're happy with apt for everything - esp moving to unstable then it's prob to stick with that. For the machine itself - make sure you've got at least 1GB per CPU (that includes HT as two CPUs etc). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 18 April 2006 20:51 > To: MailScanner discussion > Subject: Changin MX machine to it's own, recommendations please... > > Hello.... > > I will be creating an MX(mailscanner Machine) all on its own to crunch > away all those bad little emails... as the current MS is taking too much > resources on my other machine.... > > So the question is, aside form OS which will be Debian and the > hardware.... > > What setup should i do with respect to install MS and associated apps... > > Apt-get or source/compile/install... > > any other important things is should check out or know? > > Thanks too all.. > > -- > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Sylvain.Phaneuf at imsu.ox.ac.uk Wed Apr 19 09:26:01 2006 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Wed Apr 19 09:26:17 2006 Subject: Ignore Spam Whitelist If Recipients Exceed.... In-Reply-To: <4444F9C2.FEA8.00EB.0@imsu.ox.ac.uk> References: <4444F9C2.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <44460229.FEA8.00EB.0@imsu.ox.ac.uk> Any suggestions on this please? Sylvain >>> On 18/04/2006 at 14:37, in message <4444F9C2.FEA8.00EB.0@imsu.ox.ac.uk>, Sylvain.Phaneuf@imsu.ox.ac.uk wrote: > Hi everyone, > > This is my annual message to the list. Mailscanner is too d*** good, I > don't can't find anything that goes wrong... > > We have come across a few messages lately that were flagged as spam > while the sender was on our whitelist. I wonder what is the current > wisdom on this... here it goes: > > we have kept the default setting for: > Ignore Spam Whitelist If Recipients Exceed = 20 > > This morning someone we trust (!???) forwarded a message to 45 people - > she had received that message from someone she trusts (!!??!). It turns > out that the original message triggered two SA rules (MSGID_DOLLARS = > Message-Id has pattern used in spam and MSGID_OUTLOOK_INVALID = > Message-Id is fake (in Outlook Express format)). Other than that the > message was cleaned and we feel we should have let it go without > flagging it as spam. We are very careful to what we had to our > whitelist. > > Should we raise our "Ignore Spam Whitelist If Recipients Exceed" to a > bigger number? What do people do out there? > > Looking forward to reading your suggestions all. > > Thanks again to all the regulars, and to Julian! > > Sylvain > > > From smf at f2s.com Wed Apr 19 09:54:41 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Apr 19 09:52:27 2006 Subject: greylisting? In-Reply-To: References: <44405D60.3040002@fractalweb.com> <4440B730.2060207@coders.co.uk> <4440E677.8000007@blacknight.ie> Message-ID: <1145436881.8435.312.camel@localhost.localdomain> Hi Kai, On Tue, 2006-04-18 at 23:31 +0200, Kai Schaetzl wrote: > Res wrote on Mon, 17 Apr 2006 13:36:22 +1000 (EST): > > > Since enforcing PTR checks, like I said 90% of the crap is now rejected > > By simply checking if a PTR record exists? You are then getting spam from > weird locations ;-) All big German providers have PTR for their dynamic IP > space and what I get from the big US providers like charter, comcast, shaw > and such, they all have PTR. Actually that's a good thing since I can > block them all by domain instead of collecting their IP ranges :-) > I could reject maybe 10% by a "need PTR" policy - if I'm lucky. I've been messing around with miltering a lot lately and I came up with what I think is quite a good way to deal with dynamic IP ranges from cable/DSL providers etc. that spew out junk from injected/trojan machines without resorting to using a blacklist (which doesn't list all the possible ranges anyway) or manually listing lots of IP ranges: 1) Check the PTR record (no lookup required Sendmail already does this). - TEMPFAIL the connection if no record exists. 2) Check the A record for the hostname returned by the reverse lookup. - (Optional), TEMPFAIL the connection if no record exists. 3) Run a series of regexp tests against the hostname and REJECT the message if any match: - Hex encoded IP address appears within the hostname - all IP octets appear within the hostname (fwd/rev) - IP address without the .'s appears within the hostname (fwd/rev) - Last two octets appears within the hostname (fwd/rev) - Last octet appears within the hostname - Hostname contains any of the following (.adsl. .dsl. .dip. .ddns.) I'm not sure I'd ever dare run anything like this on a production system -- but using this and the URI blacklisting was almost 100% effective in rejecting all junk from our spam trap at the MTA level (the only messages left were joe-job bounce-backs). I'm going to see if I can create some SpamAssassin rules to achieve the same sort of thing using the first untrusted Received header and see how effective it might be using mass-check against a corpus. Cheers, Steve. From smf at f2s.com Wed Apr 19 09:56:45 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Apr 19 09:54:32 2006 Subject: OT: URI Blacklisting at MTA Level Message-ID: <1145437006.8435.315.camel@localhost.localdomain> Hi All, I posted the message below to the SURBL and URIBL lists a couple of days ago, I thought I'd re-post here as I'm using it in front of MailScanner to reduce the overall system load: > I've written a basic Sendmail milter in Perl using Sendmail::PMilter > which uses the SpamAssassin libraries with just the 20_uri_tests.cf > rules file (so it is relatively light) to strip the URI's from a > message > and then check them against multi.surbl.org and black.uribl.com and > reject any messages that contains blacklisted URI's. > > It's rough code at the moment - there's no whitelisting or any > start/stop scripts for it yet and this is my first attempt at anything > in Perl - I've been running it on our spam trap for a while now and > it's > worked very well, I have not tried it on a production system yet. > > I'm posting it here in case anyone finds this useful and for comment - > It can be downloaded from http://www.fsl.com/support/milter-uri.pl -- > installation instructions are in the file. Kind regards, Steve. From pete at enitech.com.au Wed Apr 19 13:23:47 2006 From: pete at enitech.com.au (Pete Russell) Date: Wed Apr 19 13:23:56 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> Message-ID: <44462BD3.40208@enitech.com.au> Res wrote: > only confirms what many ppl think, wietse is bernstein 'the second' Yeah start learning Exim i think - postfix has an erratic development that reflects its author's attitude - personaly i would like to be one less postfix user that Julian has to try and support. I would really like to be able to split emails for each recipient too. From martin.lyberg at gmail.com Wed Apr 19 13:54:04 2006 From: martin.lyberg at gmail.com (Martin) Date: Wed Apr 19 13:54:22 2006 Subject: Forward virus, not quarantine? In-Reply-To: <032001c662f1$966af470$3004010a@martinhlaptop> References: <032001c662f1$966af470$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote: > If you install mailwatch on top of MailScanner it will give you a nice > interface to release emails etc... Martin, I've installed mailwatch now, still some minor issues to fix, but it certainly looks good. Thanks for the tip! / Martin From martin.lyberg at gmail.com Wed Apr 19 13:57:24 2006 From: martin.lyberg at gmail.com (Martin) Date: Wed Apr 19 14:00:07 2006 Subject: MailScanner + Postfix = message doubles Message-ID: Hi, I've problem with message doubles when running MailScanner + Postfix and relaying for our internal exchangeserver. It happens sometimes, and sometimes not. Is there an easy solution to this? I've searched the archives and found some similar posts, but it didn't helped me. I really want to stick with Postfix. Any hints where to start? / Martin From rpoe at plattesheriff.org Wed Apr 19 15:33:54 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Apr 19 15:34:25 2006 Subject: MailScanner Future Message-ID: <44460406.65ED.00A2.0@plattesheriff.org> I had a quick question regarding MailScanner's future. I noticed that there is now a company that provides either installation services, and possibly a new product (for $) that installs all kinds of goodies on servers automagically. What about the core of MailScanner. Will it remain Open Source, or is the future going to see a "Closing of the Source" and eventually see MailScanner become a commercial product? I'm not trying to stir anything up .. But it is a legitimate question. :) From john at tradoc.fr Wed Apr 19 15:53:37 2006 From: john at tradoc.fr (John Wilcock) Date: Wed Apr 19 15:53:46 2006 Subject: MailScanner + Postfix = message doubles In-Reply-To: References: Message-ID: <44464EF1.4030500@tradoc.fr> Martin wrote: > I've problem with message doubles when running MailScanner + Postfix and > relaying for our internal exchangeserver. It happens sometimes, and > sometimes not. This was a problem with the dual postfix configuration that used to be recommended for MailScanner. For some time now the preferred solution is a single instance of postfix using the hold queue method described in http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation Provided you're using a recent-ish version of MailScanner and you've followed the instructions on the Wiki you shouldn't be seeing any duplicates. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From dhawal at netmagicsolutions.com Wed Apr 19 15:56:48 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Apr 19 15:56:34 2006 Subject: MailScanner + Postfix = message doubles In-Reply-To: References: Message-ID: <44464FB0.2040707@netmagicsolutions.com> Martin wrote: > Hi, > > I've problem with message doubles when running MailScanner + Postfix and > relaying for our internal exchangeserver. It happens sometimes, and > sometimes not. > > Is there an easy solution to this? I've searched the archives and found > some similar posts, but it didn't helped me. > > I really want to stick with Postfix. > > Any hints where to start? > > / Martin 1. Check if they are really doubles, do this by comparing the message headers. 2. Check you lock type in mailscanner, for postfix it is recommended that you leave it to the default (i think it ought to be 'blank'). 3. Check if your POP/IMAP server is responsible for this mess. 4. Are you using a cisco pix in front of your server.. if so, disable the fixup-protocol for smtp. Send the following details: OS? postfix version? MailScanner version? Post some logs pertaining to this problem - dhawal From drew at themarshalls.co.uk Wed Apr 19 16:33:14 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Apr 19 16:33:24 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <44462BD3.40208@enitech.com.au> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <44462BD3.40208@enitech.com.au> Message-ID: <63830.194.70.180.170.1145460794.squirrel@webmail.r-bit.net> On Wed, April 19, 2006 13:23, Pete Russell wrote: > Res wrote: >> only confirms what many ppl think, wietse is bernstein 'the second' > > Yeah start learning Exim i think - postfix has an erratic development > that reflects its author's attitude - personaly i would like to be one > less postfix user that Julian has to try and support. I would really > like to be able to split emails for each recipient too. I have to say I am tempted too but at the risk of starting a holy war, I like the Postfix security. I am not suggesting Exim isn't secure but I read somewhere on the Exim site it's own authers thought it was 'pretty secure' and 'pretty' doesn't fil me with total confidence. Certainly I struggle to get my head round Sendmail's configs and I got fed up with patching several years a go :-( What a choice, keep patching up the old trusty but leaking boat (Who's builder keeps changing the jointing methods so you can't use the same repair methods), jump ship to a boat that looks quite nice with a consistant joint but with a hull that might not be quite as strong or to the boat that is a classic design but every so often develops a design fault that needs urgent attention and it's controls don't make steering it any easier. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dhawal at netmagicsolutions.com Wed Apr 19 16:44:29 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Apr 19 16:44:13 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <44432F03.4090907@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> Message-ID: <44465ADD.2030806@netmagicsolutions.com> Top Posting.. in continuation to my previous mail I searched for some more stuff from Wietse, this time related to qpsmtpd. My quest here is to ensure that postfix and mailscanner play nice with each other from a technical (which i believe it does currently but is bound to break with future postfix releases) and also from a political point of view, since both products will benefit from this (postfix users have an alternative to amavis and mailscanner users enjoy official postfix support).. I haven't seen Julian on the list for quite some time but i assume he'll have something important to say on this topic. - dhawal Quoting Wietse: =============== A reasonably MTA-independent submission interface would look like this, if implemented as (stdin + exit status) which is script-friendly though not maximally robust (like an SMTP-like interface would be). First a block of envelope headers: protocol_name: SMTP helo_name: client hostname client_name: client hostname client_address: [ipv4address] or [ipv6:ipv6address] client_port: port number sasl_method: plain sasl_username: you sasl_sender: size: 12345 ccert_subject: solaris9.porcupine.org ccert_issuer: Wietse Venema ccert_fingerprint: C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04 encryption_protocol: TLSv1/SSLv3 encryption_cipher: DHE-RSA-AES256-SHA encryption_keysize: 256 sender: <> or address dsn-envelope-id: dsn-return-option: full or headers recipient: address (<> not allowed) dsn-notify-options: never, or comma-separated list of fail, delay, success dsn-orig-rcpt: original recipient After a blank line, the standard RFC2822 content: headers.... blank body... Where the blank and body... are optional. The exit status is 0 for success. All other status codes mean that the operation failed. We have to do much of this anyway when mail archival support is added, so I would like to get it right once. Now this is not the whole story: this submission interface cannot be exposed to untrusted users of they could bypass all the safety checks that are built into smtpd, pickup, postdrop and cleanup. So it has to be implemented as a set-gid helper that checks an authorization list. If the caller is trusted, then it passes a file descriptor to a Postfix daemon process that does the actual work. I don't intend to use set-uid programs within Postfix. Wietse =============== Dhawal Doshy wrote: > Dhawal Doshy wrote: >> Drew Marshall writes: >>> On 14 Apr 2006, at 18:28, Mike Jakubik wrote: >>>> Dhawal Doshy wrote: >>>>> This mail was also posted by the OP to the postfix-users list and >>>>> is now being discussed by the postfix authors 'wietse' and >>>>> 'viktor' for better integration (read: compliant to the postfix >>>>> internal architecture) between postfix and mailscanner.. >>>>> I request all mailscanner+postfix users to follow this thread on >>>>> the postfix-users lists and voice your technical opinions, if any. >>>> >>>> Its sad to see that one of the best MTAs and content scanners, does >>>> not get along so well.. Apparently Postfix 2.3 will make changes >>>> that will break MailScanner functionality :( >>> >>> Very sad indeed. Interestingly I am running the current release (Non >>> stable) of 2.3 and it works fine with MailScanner so I await to see >>> what happens with the 'new queue format'. >>> Drew >> >> No it won't (Julian will find a better workaround) and it shouldn't, i >> would request all postfix users to subscribe to the postfix-users list >> and convince the developers to document postfix queue internals so >> that this matter is resolved once and for all.. >> At the least ensure that someone of use who understands postfix really >> well, (i don't) follows up with viktor and wietse on this.. >> - dhawal > > We now have postfix+mailscanner working perfectly fine, but is likely to > break in future releases due to internal changes in the postfix queue > working.. hence i took the liberty of sending this mail to the postfix > users list. Constructive comments are welcome from postfix and > non-postfix users: > ============== > MailScanner currently works in this fashion: > Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue > ==> local delivery or relay > > From what i understand, the part where mailscanner re-queues mails to > the postfix incoming queue is the questionable part.. > > So what conclusion do we (the non-programmer postfix users) draw from > your discussion? What are the changes expected that i need to > communicate to the mailscanner development team? > > Finally, what would be required to make mailscanner an approved > Content-Scanner for postfix. > ============== > > > This is the reply from Wietse: > ============== > It takes a stable EXTERNAL interface, so that non-Postfix software is > immune to changes in Postfix INTERNAL details. > > For example, software that speak SMTP is largely immune to changes in > Postfix internal details, because SMTP is well defined. > > Absent precisely formulated requirements I can't define an external > interface for content management. > > Wietse > ============== > > > A search on the postfix archive gave me this mail from Wietse: > ============== > The question is 100% academic. Like other Postfix internals, Postfix > queue details will not be published until they stop changing. > Until then I want to have the freedom to make changes without having > to jump horrible hoops in order to avoid breaking other people's > software. > > To give you an idea of what it would take to make mailscanner safe > with the PRESENT queue implementation: > > 1) The Postfix queue would have to be changed from a three-state > incoming/active/deferred organization to a four-state organization > of unfiltered/incoming/active/deferred. > > 2) All four queues MUST BE in the same file system. Otherwise mail > will be corrupted or lost. > > 3) A modified cleanup server drops new mail into the "unfiltered" > queue and notifies mailscanner, while the unmodified cleanup server > drops locally forwarded mail into the incoming queue and informs > the queue manager as usual. > > 4) Mailscanner MUST NOT move queue files except by renaming them > between Postfix queue directories. Otherwise mail will be corrupted > or lost. > > 5) Mailscanner MUST maintain the relationship between the file name > and the file inode number. Otherwise mail will be corrupted or > lost. > > 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take > irreversible actions, or actions that may require undo operations > after a system crash. Otherwise mail will be corrupted or lost. > > Specifically: > > 8) Mailscanner MUST NOT modify queue files. If content needs to be > updates, Mailscanner MUST create a new queue file and delete the > original only after the new file has been committed to stable > storage. Otherwise mail will be corrupted or lost. > > 9) When creating a queue file, Mailscanner MUST adhere to the > convention that the file permissions are set to "executable" only > after the file contents are safely stored. Otherwise mail will be > corrupted or lost. > > 10) Mailscanner should never touch a queue file that has an advisory > lock (flock or fcntl lock, depending on the system environment). > Otherwise mail will be corrupted or lost. > > But again, all this is academic, because I will never support > non-standard interfaces for content inspection in Postfix. > > Wietse > ============== From realmcking at gmail.com Wed Apr 19 16:50:49 2006 From: realmcking at gmail.com (Mark McCoy) Date: Wed Apr 19 16:50:54 2006 Subject: Solaris 10: won't start via init script In-Reply-To: References: <71437982F5B13A4D9A5B2669BDB89EE403A84D30@ISS-CL-EX-V1.soton.ac.uk> Message-ID: On 4/16/06, randyf@sibernet.com wrote: > > > On Sat, 15 Apr 2006, Jeff A. Earickson wrote: > > > Yes, but it still supports legacy scripts in /etc/init.d so the script > > that I used with Solaris 9 ought to work. > > Yes, your legacy script should work (verify it by running: "svcs -a | > grep legacy_run" and see if it is in the list), but there may be > dependancies on other services that are controlled by SMF, such as > sendmail. Also, if you are using the standard Solaris distributed Perl, > you are now using a 5.8 perl variant (depending on your patch level), so > you may require the reinstallation of some perl modules (or changing the > /usr/bin/perl link), but at a minimum, may need to recompile the required > MailScanner Perl Modules. > > And as sendmail is now an SMF service, you won't be able to manage how > it is run by changing init.d scripts, but instead needs to have the > methods changed. I have a manifest that can be used as a replacement to > the Solaris sendmail manifest, that will create and use the mqueue and > mqueue.in directories, as well as start and stop MailScanner (it is even > zone aware). If anyone thinks this would be usefull, or maybe put it in > the contributed space, I will happily send it along. > > ---- Randy Thanks Randy, that would be great! We're not on Sol10 yet, but looking to move there in the future... -- Mark McCoy -- Professional Unix geek If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy. - James Madison, fourth US president (1751-1836) From ssilva at sgvwater.com Wed Apr 19 18:32:28 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 19 18:32:53 2006 Subject: MailScanner Future In-Reply-To: <44460406.65ED.00A2.0@plattesheriff.org> References: <44460406.65ED.00A2.0@plattesheriff.org> Message-ID: Rob Poe spake the following on 4/19/2006 7:33 AM: > I had a quick question regarding MailScanner's future. > > I noticed that there is now a company that provides either installation services, and possibly a new product (for $) that installs all kinds of goodies on servers automagically. What about the core of MailScanner. Will it remain Open Source, or is the future going to see a "Closing of the Source" and eventually see MailScanner become a commercial product? > > I'm not trying to stir anything up .. But it is a legitimate question. :) > > > > > I can't answer for Julian's future intentions, but he has stated in the past that the core will remain free, and the extra bells and whistles of the DefenderMX product will justify its purchase and support contracts to those who require it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Wed Apr 19 19:11:35 2006 From: alex at nkpanama.com (Alex Neuman) Date: Wed Apr 19 19:13:38 2006 Subject: Can the null address be specified in a ruleset? Message-ID: <200604191811.k3JIBRMl000610@nkserver.nkpanama.com> Do you know of a good way to silently discard these messages selectively? From alex at nkpanama.com Wed Apr 19 19:11:46 2006 From: alex at nkpanama.com (Alex Neuman) Date: Wed Apr 19 19:15:01 2006 Subject: greylisting? Message-ID: <200604191811.k3JIBRMt000610@nkserver.nkpanama.com> I believe you're right on every count. I did, however, place an explanatory webpage on the mta reject message, so that the sysadmins on the verge of acquiring a clue can have the problem fixed. -----Original Message----- From: "Res" Sent: 04/18/06 2:46:53 AM To: "MailScanner discussion" Subject: Re: greylisting? On Mon, 17 Apr 2006, Alex Neuman van der Hans wrote: > Res wrote: >>> >>> How much of RFC1912? >> >> >> "Every Internet-reachable host should have a name." >> >> Since enforcing PTR checks, like I said 90% of the crap is now rejected >> we've done it for years with no regrets and only about a dozen or so >> complaints in all that time, >> >> > > You're right. AOL is enforcing it. Why can't we? :D AOL only started about a year ago, I've been doing it for over 5 or 6 years, the results speak for themselves. If you run a network where the system admins are incompetant and do not do their job properly by ensuring every host has a hostname, be it dsl, dialup, a hosting server or a key server in a NOC, its just plain lazyness, and they should be dismissed as such. -- Cheers Res -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From victor at pixelmagicfx.com Wed Apr 19 20:59:53 2006 From: victor at pixelmagicfx.com (Victor DiMichina) Date: Wed Apr 19 21:00:06 2006 Subject: DCC Score In-Reply-To: <444522D1.60107@trayerproducts.com> References: <444522D1.60107@trayerproducts.com> Message-ID: <444696B9.4070104@pixelmagicfx.com> Rodney Green wrote: > > > Hello, > > Where is score for DCC configured? > Mine always scores 2.17, if I understand the question correctly. Vic From damian at workgroupsolutions.com Wed Apr 19 22:57:31 2006 From: damian at workgroupsolutions.com (Damian Mendoza) Date: Wed Apr 19 22:57:36 2006 Subject: AOL in Spamcop RBL Message-ID: <0C941442AC84A8449448BA2207DD4F4D0CD26E@core01.workgroupsolutions.com> AOL IP addresses are in the spamcop.net database 64.12.137.5 64.12.137.4 64.12.137.7 64.12.137.8 Regards, Damian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060419/f936e1a0/attachment.html From pete at enitech.com.au Wed Apr 19 23:03:21 2006 From: pete at enitech.com.au (Peter Russell) Date: Wed Apr 19 23:03:35 2006 Subject: MailScanner Future In-Reply-To: References: <44460406.65ED.00A2.0@plattesheriff.org> Message-ID: <4446B3A9.4050105@enitech.com.au> Scott Silva wrote: > Rob Poe spake the following on 4/19/2006 7:33 AM: > >>I had a quick question regarding MailScanner's future. >> >>I noticed that there is now a company that provides either installation services, and possibly a new product (for $) that installs all kinds of goodies on servers automagically. What about the core of MailScanner. Will it remain Open Source, or is the future going to see a "Closing of the Source" and eventually see MailScanner become a commercial product? >> >>I'm not trying to stir anything up .. But it is a legitimate question. :) >> >> >> >> >> > > I can't answer for Julian's future intentions, but he has stated in the past > that the core will remain free, and the extra bells and whistles of the > DefenderMX product will justify its purchase and support contracts to those > who require it. > I cant speak for him either, but its not free, Julian spends a lot of time developing it. If you are a commercial user you should consider making a donation. Whatever that donation is its gonna be a LOT less than any licensing for any commercial products. From Marc.Dufresne at parks.on.ca Thu Apr 20 00:07:27 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Thu Apr 20 00:13:05 2006 Subject: mailscanner-4.50-15_1. blocking hotmail domain Message-ID: I recently upgraded to mailscanner-4.50-15_1. Just had numerous complaints that we are not able to receive e-mails from anyone from hotmail.com. I had to add the hotmail.com domain to /etc/mail/spamassassin/spam.whitelist.rules in order for us to receive e-mails from anyone on hotmail.com. Why has this changed? I never had to add this before? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From ssilva at sgvwater.com Thu Apr 20 00:40:51 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 20 00:41:24 2006 Subject: MailScanner Future In-Reply-To: <4446B3A9.4050105@enitech.com.au> References: <44460406.65ED.00A2.0@plattesheriff.org> <4446B3A9.4050105@enitech.com.au> Message-ID: Peter Russell spake the following on 4/19/2006 3:03 PM: > > > Scott Silva wrote: >> Rob Poe spake the following on 4/19/2006 7:33 AM: >> >>> I had a quick question regarding MailScanner's future. >>> >>> I noticed that there is now a company that provides either >>> installation services, and possibly a new product (for $) that >>> installs all kinds of goodies on servers automagically. What about >>> the core of MailScanner. Will it remain Open Source, or is the >>> future going to see a "Closing of the Source" and eventually see >>> MailScanner become a commercial product? >>> >>> I'm not trying to stir anything up .. But it is a legitimate >>> question. :) >>> >>> >>> >>> >>> >> >> I can't answer for Julian's future intentions, but he has stated in >> the past >> that the core will remain free, and the extra bells and whistles of the >> DefenderMX product will justify its purchase and support contracts to >> those >> who require it. >> > I cant speak for him either, but its not free, Julian spends a lot of > time developing it. If you are a commercial user you should consider > making a donation. Whatever that donation is its gonna be a LOT less > than any licensing for any commercial products. I meant free as in the normal definition of open source software. IE .. "Free as in speech, not free as in beer". -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Apr 20 00:46:08 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 20 00:46:25 2006 Subject: mailscanner-4.50-15_1. blocking hotmail domain In-Reply-To: References: Message-ID: Marc Dufresne spake the following on 4/19/2006 4:07 PM: > I recently upgraded to mailscanner-4.50-15_1. Just had numerous > complaints that we are not able to receive e-mails from anyone from > hotmail.com. > > I had to add the hotmail.com domain to > /etc/mail/spamassassin/spam.whitelist.rules in order for us to receive > e-mails from anyone on hotmail.com. > > Why has this changed? I never had to add this before? > You would have to add some headers for the spam scores to get any good ideas of why it hit as spam. MailScanner doesn't decide if something is spam or not. It is decided by whatever parameters it is fed, like output from spamassassin or spam lists. For my money, I would only whitelist the actual addresses that you want and not hotmail as a whole. Many spammers live there.. And will happily pound your server with their garbage. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From michele at blacknight.ie Thu Apr 20 01:01:11 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Thu Apr 20 01:01:23 2006 Subject: mailscanner-4.50-15_1. blocking hotmail domain In-Reply-To: References: Message-ID: <4446CF47.80208@blacknight.ie> Marc Dufresne wrote: > Why has this changed? I never had to add this before? > > Whitelisting hotmail.com is _not_ a good a idea, as you will be flooded with junk. If legitimate mail from hotmail.com addresses is being blocked you need to know why. Whitelisting is not the solution :) What do your logs say? Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From steve.swaney at fsl.com Thu Apr 20 01:24:52 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Apr 20 01:24:59 2006 Subject: MailScanner Future In-Reply-To: <4446B3A9.4050105@enitech.com.au> Message-ID: <05e401c66410$d807c500$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Peter Russell > Sent: Wednesday, April 19, 2006 6:03 PM > To: MailScanner discussion > Subject: Re: MailScanner Future > > > > Scott Silva wrote: > > Rob Poe spake the following on 4/19/2006 7:33 AM: > > > >>I had a quick question regarding MailScanner's future. > >> > >>I noticed that there is now a company that provides either installation > services, and possibly a new product (for $) that installs all kinds of > goodies on servers automagically. What about the core of MailScanner. > Will it remain Open Source, or is the future going to see a "Closing of > the Source" and eventually see MailScanner become a commercial product? > >> > >>I'm not trying to stir anything up .. But it is a legitimate question. > :) > >> > >> > >> > >> > >> > > > > I can't answer for Julian's future intentions, but he has stated in the > past > > that the core will remain free, and the extra bells and whistles of the > > DefenderMX product will justify its purchase and support contracts to > those > > who require it. > > > I cant speak for him either, but its not free, Julian spends a lot of > time developing it. If you are a commercial user you should consider > making a donation. Whatever that donation is its gonna be a LOT less > than any licensing for any commercial products. > -- I can't agree more. If you use the open source version and you or your company can afford a donation to Julian, it a small price to pay for the long hours he puts in on improving and supporting MailScanner. And of course you can always buy the book :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From michele at blacknight.ie Thu Apr 20 01:32:15 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Thu Apr 20 01:32:17 2006 Subject: MailScanner Future In-Reply-To: <4446B3A9.4050105@enitech.com.au> References: <44460406.65ED.00A2.0@plattesheriff.org> <4446B3A9.4050105@enitech.com.au> Message-ID: <4446D68F.2030600@blacknight.ie> Peter Russell wrote: > I cant speak for him either, but its not free, Julian spends a lot of > time developing it. If you are a commercial user you should consider > making a donation. Whatever that donation is its gonna be a LOT less > than any licensing for any commercial products. Agreed. Buy merchandise from the website. Julian's also running adsense on the wiki these days as well M -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From pete at enitech.com.au Thu Apr 20 01:49:26 2006 From: pete at enitech.com.au (Peter Russell) Date: Thu Apr 20 01:49:41 2006 Subject: MailScanner Future In-Reply-To: References: <44460406.65ED.00A2.0@plattesheriff.org> <4446B3A9.4050105@enitech.com.au> Message-ID: <4446DA96.80601@enitech.com.au> > I meant free as in the normal definition of open source software. IE .. > "Free as in speech, not free as in beer". Maybe, but the end result is there is no practical distiction, only an academic one. (not necessarily with you, but in general). I know its the whole great big philosophical debate, but in the end developers end up putting in heaps of effort, we benifit enourmously (in a commercial environment) and they get no reward. I know Julian doesnt raise this or complain - but this is one project i would hate the see the developer say "this is using up sso much of my time, the satisfaction is diminishing, and i dont make any money...whats the point?" With so many users of this wonderful product, some small contributions from commercial users it could add up to something worthwhile? justathought :) From leah at frauerpower.com Thu Apr 20 05:50:58 2006 From: leah at frauerpower.com (Leah Cunningham) Date: Thu Apr 20 06:02:40 2006 Subject: SpamAssassin user prefs w/DB and MailScanner Message-ID: <200604200056.02160.leah@frauerpower.com> I've been starting to deploy MailScanner on several servers and have been quite pleased so far. I am doing a migration now from a server that was utilizing the SpamAssassin user prefs features to allow users to set custom whitelists, blacklists, and other settings. These were being stored in a mysql backend. Some relevant old spamassassin settings: user_scores_dsn DBI:mysql:sqmaildb:somehost.example.net:3306 use_bayes 1 bayes_auto_learn 0 bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:sqmaildb:somehost.example.net:3306 auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn DBI:mysql:sqmaildb:somehost.example.net:3306 Does anyone have any experience integrating this type of configuration w/MailScanner, or pointers to docs? -- Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada From martin.lyberg at gmail.com Thu Apr 20 08:06:51 2006 From: martin.lyberg at gmail.com (Martin) Date: Thu Apr 20 08:07:24 2006 Subject: MailScanner + Postfix = message doubles In-Reply-To: <44464EF1.4030500@tradoc.fr> References: <44464EF1.4030500@tradoc.fr> Message-ID: John Wilcock wrote: > This was a problem with the dual postfix configuration that used to be > recommended for MailScanner. For some time now the preferred solution is > a single instance of postfix using the hold queue method described in > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation > > Provided you're using a recent-ish version of MailScanner and you've > followed the instructions on the Wiki you shouldn't be seeing any > duplicates. John, The setup is as the link as you provided. I'm using mailwatch now to see if i can catch any dublicates. I got some responses from users last week saying that they've recieved messagedoubles. Will post if it occurs again. Thank you From ram at netcore.co.in Thu Apr 20 08:11:41 2006 From: ram at netcore.co.in (Ramprasad) Date: Thu Apr 20 08:11:23 2006 Subject: Mailscanner ignores "MCP Checks = no" Message-ID: <1145517101.21102.7.camel@darkstar.netcore.co.in> I am running Mailscanner 4.50 on centos. In my Mailscanner.conf I have MCP Checks = no yes when I start logging time I can see in my maillog lines like these --------- Apr 20 12:38:50 rs4 MailScanner[3599]: MCP Checks completed at 464021787 bytes per second Apr 20 12:38:54 rs4 MailScanner[3560]: Spam Checks completed at 2449 bytes per second Apr 20 12:38:59 rs4 MailScanner[3560]: Virus Scanning completed at 233986 bytes per second Apr 20 12:39:0 --------------- Are MCP checks happening after all ? Thanks Ram From martin.lyberg at gmail.com Thu Apr 20 08:14:02 2006 From: martin.lyberg at gmail.com (Martin) Date: Thu Apr 20 08:14:16 2006 Subject: MailScanner + Postfix = message doubles In-Reply-To: <44464FB0.2040707@netmagicsolutions.com> References: <44464FB0.2040707@netmagicsolutions.com> Message-ID: Dhawal Doshy wrote: > 1. Check if they are really doubles, do this by comparing the message > headers. I've installed mailwatch, and will let you know if i catch any doubles again. > 2. Check you lock type in mailscanner, for postfix it is recommended > that you leave it to the default (i think it ought to be 'blank'). Lock type is blank. > 3. Check if your POP/IMAP server is responsible for this mess. Hard to tell, i'm relaying for an internal exchange. > 4. Are you using a cisco pix in front of your server.. if so, disable > the fixup-protocol for smtp. No cisco. > > Send the following details: > OS? > postfix version? > MailScanner version? Debian stable + testing Postfix 2.2.10 MailScanner 4.51.5 > Post some logs pertaining to this problem No logs available at this time. Will provide more info if it occurs again. Thank you From lucky at the-luckyduck.de Thu Apr 20 09:24:25 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Thu Apr 20 09:24:26 2006 Subject: seperating recipient based whitelisting for virus and spam checks In-Reply-To: <20060418141114.GU4210@luckyduck.tux> References: <20060418141114.GU4210@luckyduck.tux> Message-ID: <20060420082424.GQ4220@luckyduck.tux> On Tue, Apr 18, 2006 at 04:11:14PM +0200, Jan Brinkmann wrote: > Hi, > > Jules told me a few days ago how to enable / disable spam checking for > certain recipients. I wrote a custom function (DoWeScan) which checks an sql > database based on the 'todomain' field in the message. In the MailScanner.conf, > the Scan Messages setting calls this function. This works fine, > but it enables or disables all checks based on the settings in the > database. Now, I tried to go one step further to make it possible to > give users more options to select from. I tried to go the way Jules > recommended (i.e. I wrote two more custom functions), for the 'Virus Scanning' and > 'Spam Checks' settings, but it doesnt work as expected. I tried the > following things: > > - Scan Messages = no > Virus Scanning = &DoWeVirusScan > Spam Checks = &DoWeSpamScan > > Result: No messages are scanned at all. > > - Scan Messages = yes > > Result: no matter what i set in the database for spam or virus checks, > every message gets scanned > > - Scan Messages = &DoWeScan , where DoWeScan checks if either the > spamfilter, the virusscanner or both features should be enabled. > > Result: if one of these things is active, both checks are enabled. this is > because the DoWeScan function contains an inclusive or logic. > > > My question now is, can I enable / disable spam and virus checks > indepently? Ok, once again. Yesterday Jules told me that if 'Scan Messages' ist set to yes and all mails still get virus scanned, my DoWeVirusScan function always returns 1. I tested everything, and changed something in DoWeSpamScan. That worked, as I told Jules. Now, DoWeVirusScan still doesnt work. I also tried to add 'return 0' , so DoWeVirusScan statically returns 0, but still the same behaviour. All mails get virus scanned. The only way to stop this, is to add 'Virus Scanning = no' into the MailScanner.conf. I dont know where the problem is, maybe someone else does?: DoWeVirusScan.pm: ----------------- package MailScanner::CustomConfig; use DBI; use DBD::mysql; use strict 'vars'; use strict 'refs'; no strict 'subs'; # Allow bare words for parameter %'s use vars qw($VERSION); ### The package version, both in 1.23 style *and* usable by MakeMaker: $VERSION = substr q$Revision: 1.1.2.1 $, 10; my ($dsn, $dbh, $sth); sub InitDoWeVirusScan { } sub EndDoWeVirusScan { } # sub DoWeVirusScan { MailScanner::Log::InfoLog("DoWeVirusScan start"); $dsn = "DBI:mysql:database=kundencenter;host=localhost"; $dbh = DBI->connect($dsn, "root", "xxxxx") or die("Couldn't connect"); my($message) = @_; my @td = @{$message->{todomain}}; my $todomain = $td[0]; $sth = $dbh->prepare("SELECT virusfilter FROM mailscanner_dowescan WHERE id like ?"); $sth->bind_param(1,$todomain); $sth->execute(); my $virusfilter; $sth->bind_columns(undef, \$virusfilter); my $ret = 0; while ( $sth->fetch ) { if ( $virusfilter eq 1 ) { $ret = 1; } } $sth->finish(); $dbh->disconnect(); MailScanner::Log::InfoLog("Return $ret"); MailScanner::Log::InfoLog("DoWeVirusScan end"); return $ret; } 1; The related settings in the MailScanner.conf: --------------------------------------------- Scan Messages = yes Virus Scanning = &DoWeVirusScan As you can see in the following log, DoWeVirusScan returns 0 for this message: ------------------------------------------------------------------------------ Apr 20 10:15:09 linux MailScanner[14202]: DoWeVirusScan start Apr 20 10:15:09 linux MailScanner[14202]: Return 0 Apr 20 10:15:09 linux MailScanner[14202]: DoWeVirusScan end Now, the related maillog entries, when i'm receiving a mail with an eicar.com test signature: Apr 20 10:15:08 linux postfix/smtpd[14295]: B124318AC01B: client=the-luckyduck.de[217.160.134.226] Apr 20 10:15:08 linux postfix/cleanup[14072]: B124318AC01B: hold: header Received: from the-luckyduck.de (the-luckyduck.de [217.160.134.226])??(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))??(No client certificate requested)??by dagobert.vegasystems.de (Postfi from the-luckyduck.de[217.160.134.226]; from= to= proto=ESMTP helo= Apr 20 10:15:08 linux postfix/cleanup[14072]: B124318AC01B: hold: header Received: from host-80-70-179-83.vegasystems.de (localhost) [80.70.179.83]by the-luckyduck.dewith esmtpsa(tls_cipher TLSv1:DHE-RSA-AES256-SHA:256)(Exim 4.54 #1 (Gentoo Linux 1.4))id 1FWURU-0002iF-Cb; from the-luckyduck.de[217.160.134.226]; from= to= proto=ESMTP helo= Apr 20 10:15:08 linux postfix/cleanup[14072]: B124318AC01B: message-id=<20060420081438.GP4220@luckyduck.tux> Apr 20 10:15:08 linux postfix/smtpd[14295]: disconnect from the-luckyduck.de[217.160.134.226] Apr 20 10:15:09 linux MailScanner[14202]: DoWeVirusScan start Apr 20 10:15:09 linux MailScanner[14202]: Return 0 Apr 20 10:15:09 linux MailScanner[14202]: DoWeVirusScan end Apr 20 10:15:09 linux MailScanner[14202]: New Batch: Scanning 1 messages, 1609 bytes Apr 20 10:15:09 linux MailScanner[14202]: Virus and Content Scanning: Starting Apr 20 10:15:11 linux MailScanner[14202]: Scan started at Thu Apr 20 10:15:11 2006 Apr 20 10:15:11 linux MailScanner[14202]: Database version: 2006-04-20_01 Apr 20 10:15:11 linux MailScanner[14202]: ./B124318AC01B.86252/eicar.com: Infected: EICAR_Test_File [Libra] Apr 20 10:15:11 linux MailScanner[14202]: Virus Scanning: F-Secure found virus EICAR_Test_File Apr 20 10:15:11 linux MailScanner[14202]: ./B124318AC01B.86252/eicar.com: Infected: EICAR Test File [Orion] Apr 20 10:15:11 linux MailScanner[14202]: Virus Scanning: F-Secure found virus EICAR Test File Apr 20 10:15:11 linux MailScanner[14202]: ./B124318AC01B.86252/eicar.com: Infected: EICAR-Test-File [AVP] Apr 20 10:15:11 linux MailScanner[14202]: Virus Scanning: F-Secure found virus EICAR-Test-File Apr 20 10:15:11 linux MailScanner[14202]: Scan ended at Thu Apr 20 10:15:11 2006 Apr 20 10:15:11 linux MailScanner[14202]: 3 files scanned Apr 20 10:15:11 linux MailScanner[14202]: 1 file infected Apr 20 10:15:11 linux MailScanner[14202]: Virus Scanning: F-Secure found 1 infections Apr 20 10:15:11 linux MailScanner[14202]: ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./B124318AC01B.86252/eicar.com Apr 20 10:15:11 linux MailScanner[14202]: Virus Scanning: ClamAV Module found 1 infections Apr 20 10:15:11 linux MailScanner[14202]: DoWeVirusScan start Apr 20 10:15:11 linux MailScanner[14202]: Return 0 Apr 20 10:15:11 linux MailScanner[14202]: DoWeVirusScan end Apr 20 10:15:11 linux MailScanner[14202]: Virus Scanning: Found 1 viruses Apr 20 10:15:11 linux MailScanner[14202]: Filename Checks: Windows/DOS Executable (B124318AC01B.86252 eicar.com) Apr 20 10:15:11 linux MailScanner[14202]: Other Checks: Found 1 problems Apr 20 10:15:11 linux MailScanner[14202]: Requeue: B124318AC01B.86252 to E6EB418AC02C Apr 20 10:15:11 linux MailScanner[14202]: Cleaned: Delivered 1 cleaned messages Apr 20 10:15:11 linux MailScanner[14202]: Batch (1 message) processed in 2.58 seconds Apr 20 10:15:11 linux postfix/qmgr[10607]: E6EB418AC02C: from=, size=2497, nrcpt=1 (queue active) Apr 20 10:15:11 linux postfix/pipe[14085]: E6EB418AC02C: to=, relay=maildrop, delay=5, status=sent (trans-it.de) Apr 20 10:15:11 linux postfix/qmgr[10607]: E6EB418AC02C: removed And that's the hole problem. Looking at the return value (0), the mail shouldnt get scanned for viruses. I also tried to return 'no', and 0 statically, but all mails still get virus scanned as long as I put Virus Scanning = &DoWeVirusScan into the MailScanner.conf. I'm using Mailscanner 4.52.2. Thanks a lot for any feedback. From lucky at the-luckyduck.de Thu Apr 20 09:33:17 2006 From: lucky at the-luckyduck.de (Jan Brinkmann) Date: Thu Apr 20 09:33:19 2006 Subject: SpamAssassin user prefs w/DB and MailScanner In-Reply-To: <200604200056.02160.leah@frauerpower.com> References: <200604200056.02160.leah@frauerpower.com> Message-ID: <20060420083317.GR4220@luckyduck.tux> On Thu, Apr 20, 2006 at 12:50:58AM -0400, Leah Cunningham wrote: > I've been starting to deploy MailScanner on several servers and have been > quite pleased so far. I am doing a migration now from a server that was > utilizing the SpamAssassin user prefs features to allow users to set custom > whitelists, blacklists, and other settings. These were being stored in a > mysql backend. Some relevant old spamassassin settings: > > user_scores_dsn DBI:mysql:sqmaildb:somehost.example.net:3306 > use_bayes 1 > bayes_auto_learn 0 > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > bayes_sql_dsn DBI:mysql:sqmaildb:somehost.example.net:3306 > auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList > user_awl_dsn DBI:mysql:sqmaildb:somehost.example.net:3306 > > Does anyone have any experience integrating this type of configuration > w/MailScanner, or pointers to docs? You can do this using CustumFunctions. Take a look into for example '/optMailScanner/lib/MailScanner/CustomFunctions'. There is a file called MyExample.pm. You have to write a function, which looks up the settings in the database. Then you return either 0 for no or 1 for yes from your function. Scan Messages should be set to yes, and for example Virus Scanning could be set to &YourCustomFunction : Scan Messages = yes Virus Scanning = &YourCustomFunction From dhawal at netmagicsolutions.com Thu Apr 20 09:51:24 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 20 09:51:08 2006 Subject: Mailscanner ignores "MCP Checks = no" In-Reply-To: <1145517101.21102.7.camel@darkstar.netcore.co.in> References: <1145517101.21102.7.camel@darkstar.netcore.co.in> Message-ID: <44474B8C.2090004@netmagicsolutions.com> Ramprasad wrote: > I am running Mailscanner 4.50 on centos. > In my Mailscanner.conf I have MCP Checks = no > yes when I start logging time I can see in my maillog lines like these > > --------- > > Apr 20 12:38:50 rs4 MailScanner[3599]: MCP Checks completed at 464021787 > bytes per second > Apr 20 12:38:54 rs4 MailScanner[3560]: Spam Checks completed at 2449 > bytes per second > Apr 20 12:38:59 rs4 MailScanner[3560]: Virus Scanning completed at > 233986 bytes per second > Apr 20 12:39:0 > > --------------- > > Are MCP checks happening after all ? No.. This is a known bug (with no side effects, except logging) which Julian has earlier acknowledged.. the solution for now is to live with the extra logging ;). > Thanks > Ram - dhawal From dhawal at netmagicsolutions.com Thu Apr 20 10:04:03 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 20 10:04:01 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <200604191811.k3JIBRMl000610@nkserver.nkpanama.com> References: <200604191811.k3JIBRMl000610@nkserver.nkpanama.com> Message-ID: <44474E83.30804@netmagicsolutions.com> Alex Neuman wrote: > Do you know of a good way to silently discard these messages selectively? Can be done if you are using simple 'mailscanner' blacklists (not SQL OR ByDomain) with a rules like this. Is Definitely Spam = %rules-dir%/is.definitely.spam.rules Definite Spam Is High Scoring = yes %rules-dir%/is.definitely.spam.rules ==================================== From: postmaster@* and To: joe-jobbed@domain.tld yes From: mailer-daemon@* and To: joe-jobbed@domain.tld yes Another way to do it would be at the delivery level.. say procmail / maildrop etc.. Write a rule to dump such mails in to folder (so as to not lose any valid bounces) OR simply /dev/null them. - dhawal From mailscanner at mango.zw Thu Apr 20 10:19:27 2006 From: mailscanner at mango.zw (Jim Holland) Date: Thu Apr 20 10:26:09 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <44474E83.30804@netmagicsolutions.com> Message-ID: On Thu, 20 Apr 2006, Dhawal Doshy wrote: > Alex Neuman wrote: > > Do you know of a good way to silently discard these messages selectively? > > Can be done if you are using simple 'mailscanner' blacklists (not SQL OR > ByDomain) with a rules like this. > > Is Definitely Spam = %rules-dir%/is.definitely.spam.rules > Definite Spam Is High Scoring = yes > > %rules-dir%/is.definitely.spam.rules > ==================================== > From: postmaster@* and To: joe-jobbed@domain.tld yes > From: mailer-daemon@* and To: joe-jobbed@domain.tld yes This is why I first started this thread. The problem is that as MailScanner looks at the envelope sender address, which is the null address <>, the above rules simply don't work in this case. I am therefore proposing that Julian provide the additional functionality of allowing rules such as: From: <> and To: joe-jobbed@domain.tld yes which would at least give them some temporary respite from the problem, while unfortunately blocking any genuine bounces from other systems at the same time. A deliberate joe job mostly requires the person to change their address, as it can go on for years in some cases. (We had to drop one of our subdomains when it was seriously joe-jobbed.) > Another way to do it would be at the delivery level.. say procmail / > maildrop etc.. Write a rule to dump such mails in to folder (so as to > not lose any valid bounces) OR simply /dev/null them. I think some kind of custom filter such as the above is the correct solution. For the moment however I am just using my contacts with their upstream ISP to try to get it resolved. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From ja at conviator.com Thu Apr 20 10:38:31 2006 From: ja at conviator.com (Jan Agermose) Date: Thu Apr 20 10:38:39 2006 Subject: LDAP stopped working Message-ID: <6B59FCF2EFD0334A8147A1BB463F111E010BB24A@mail-17ps.atlarge.net> Hi I'm running defenderMX on a centos box, and just updated the box, running up2date. Now LDAP does not start - no error messages. Does anyone have an idea - what to check, how to get it running again? Mvh Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060420/6b922c9b/attachment.html From dhawal at netmagicsolutions.com Thu Apr 20 10:45:25 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 20 10:45:17 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: References: Message-ID: <44475835.8050007@netmagicsolutions.com> Jim Holland wrote: > On Thu, 20 Apr 2006, Dhawal Doshy wrote: > >> Alex Neuman wrote: >>> Do you know of a good way to silently discard these messages selectively? >> Can be done if you are using simple 'mailscanner' blacklists (not SQL OR >> ByDomain) with a rules like this. >> >> Is Definitely Spam = %rules-dir%/is.definitely.spam.rules >> Definite Spam Is High Scoring = yes >> >> %rules-dir%/is.definitely.spam.rules >> ==================================== >> From: postmaster@* and To: joe-jobbed@domain.tld yes >> From: mailer-daemon@* and To: joe-jobbed@domain.tld yes > > This is why I first started this thread. The problem is that as > MailScanner looks at the envelope sender address, which is the null > address <>, the above rules simply don't work in this case. I am > therefore proposing that Julian provide the additional functionality of > allowing rules such as: Of course, you are right.. i didn't remember the part that mailscanner will only check envelope sender. How about a meta rule at the spamassassin level to take care of such things? say: header __postmaster_rule From =~ /\bpostmaster\@*$/i header __joejobbed_rule To =~ /\bjoe\@domain\.tld\b/i meta DELME_RULE (__postmaster_rule && __joejobbed_rule) - dhawal > From: <> and To: joe-jobbed@domain.tld yes > > which would at least give them some temporary respite from the problem, > while unfortunately blocking any genuine bounces from other systems at the > same time. A deliberate joe job mostly requires the person to change > their address, as it can go on for years in some cases. (We had to drop > one of our subdomains when it was seriously joe-jobbed.) > >> Another way to do it would be at the delivery level.. say procmail / >> maildrop etc.. Write a rule to dump such mails in to folder (so as to >> not lose any valid bounces) OR simply /dev/null them. > > I think some kind of custom filter such as the above is the correct > solution. For the moment however I am just using my contacts with > their upstream ISP to try to get it resolved. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service From joerg.pichel at sdm.de Thu Apr 20 11:17:14 2006 From: joerg.pichel at sdm.de (joerg.pichel@sdm.de) Date: Thu Apr 20 11:17:18 2006 Subject: MailScanner 4.52.2 destroys exim 4.61 spool files Message-ID: <7503800E154BBA4F9A51B59ABA981A2002CCD505@mucmail1.sdm.de> We use exim together with MailScanner (4.52.2). Exim receives messages at TCP-25 and stores it into the in-spool. Mailscanner processes this in-spool queue und delivers back to exim (out-spool). I recently upgraded from exim 4.60 to exim 4.61 which extends the spool file format of the *-H files. The problem is, that the spool files in the out-spool are no longer readable neither bei exim (4.61 says: "Format error in spool file") nor bei MailScanner ("Found invalid queue files") itself. I assume that MailScanner can't deal with the new format of the *-H files from exim 4.61. Example: Head of the original H-file with correct format: ################################### 1FWVj8-0004N0-Gl-H root 0 0 1145526330 0 -helo_name buf202.internetdsl.tpnet.pl -host_address 83.18.161.202.3963 -host_name buf202.internetdsl.tpnet.pl -interface_address 192.76.162.230.25 -received_protocol smtp -aclc 1 143 X-sdm-Check-DNSbl-Warning: 83.18.161.202 is listed in dnsbl.sorbs.net (Exploitable Server See: http://www.sorbs.net/lookup.shtml?83.18.161.202) -aclm 0 0 -aclm 1 143 X-sdm-Check-DNSbl-Warning: 83.18.161.202 is listed in dnsbl.sorbs.net (Exploitable Server See: http://www.sorbs.net/lookup.shtml?83.18.161.202) -aclm 2 2 30 -body_linecount 505 -deliver_firsttime XX 1 someone@sdm.de 179P Received: by world2.sdm.de (MTA) via smtp for ... ################################### Head of the crunched H-file in the out-spool after beeing processed by MailScanner: ################################### 1FWVj8-0004N0-Gl-H root 0 0 1145526330 0 -host_address 83.18.161.202.3963 -aclc 1 143 -helo_name buf202.internetdsl.tpnet.pl -host_name buf202.internetdsl.tpnet.pl -interface_address 192.76.162.230.25 -received_protocol smtp NN 83.18.161.202 -aclm 0 0 179P Received: by world2.sdm.de (MTA) via smtp for ... ################################### Joerg Pichel -- Joerg.Pichel@sdm.de From steve.swaney at fsl.com Thu Apr 20 13:32:47 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Apr 20 13:32:57 2006 Subject: MailScanner + Postfix = message doubles In-Reply-To: Message-ID: <075a01c66476$8816c530$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin > Sent: Thursday, April 20, 2006 3:14 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner + Postfix = message doubles > > Dhawal Doshy wrote: > > > 1. Check if they are really doubles, do this by comparing the message > > headers. > > I've installed mailwatch, and will let you know if i catch any doubles > again. > > > 2. Check you lock type in mailscanner, for postfix it is recommended > > that you leave it to the default (i think it ought to be 'blank'). > > Lock type is blank. > > > 3. Check if your POP/IMAP server is responsible for this mess. > > Hard to tell, i'm relaying for an internal exchange. > > > 4. Are you using a cisco pix in front of your server.. if so, disable > > the fixup-protocol for smtp. > > No cisco. > > > > > Send the following details: > > OS? > > postfix version? > > MailScanner version? > > Debian stable + testing > Postfix 2.2.10 > MailScanner 4.51.5 > Please update your MailScanner. Version 4.51.5 had a know problem with duplicate messages. This was fixed in 4.51.6 and later versions. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From steve.swaney at fsl.com Thu Apr 20 14:21:26 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Apr 20 14:21:34 2006 Subject: Can the null address be specified in a ruleset? In-Reply-To: <44475835.8050007@netmagicsolutions.com> Message-ID: <077c01c6647d$544622d0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dhawal Doshy > Sent: Thursday, April 20, 2006 5:45 AM > To: MailScanner discussion > Subject: Re: Can the null address be specified in a ruleset? > > Jim Holland wrote: > > On Thu, 20 Apr 2006, Dhawal Doshy wrote: > > > >> Alex Neuman wrote: > >>> Do you know of a good way to silently discard these messages > selectively? > >> Can be done if you are using simple 'mailscanner' blacklists (not SQL > OR > >> ByDomain) with a rules like this. > >> > >> Is Definitely Spam = %rules-dir%/is.definitely.spam.rules > >> Definite Spam Is High Scoring = yes > >> > >> %rules-dir%/is.definitely.spam.rules > >> ==================================== > >> From: postmaster@* and To: joe-jobbed@domain.tld yes > >> From: mailer-daemon@* and To: joe-jobbed@domain.tld yes > > > > This is why I first started this thread. The problem is that as > > MailScanner looks at the envelope sender address, which is the null > > address <>, the above rules simply don't work in this case. I am > > therefore proposing that Julian provide the additional functionality of > > allowing rules such as: > > Of course, you are right.. i didn't remember the part that mailscanner > will only check envelope sender. > > How about a meta rule at the spamassassin level to take care of such > things? say: > header __postmaster_rule From =~ /\bpostmaster\@*$/i > header __joejobbed_rule To =~ /\bjoe\@domain\.tld\b/i > meta DELME_RULE (__postmaster_rule && __joejobbed_rule) > > - dhawal > > > From: <> and To: joe-jobbed@domain.tld yes > > > > which would at least give them some temporary respite from the problem, > > while unfortunately blocking any genuine bounces from other systems at > the > > same time. A deliberate joe job mostly requires the person to change > > their address, as it can go on for years in some cases. (We had to drop > > one of our subdomains when it was seriously joe-jobbed.) > > > >> Another way to do it would be at the delivery level.. say procmail / > >> maildrop etc.. Write a rule to dump such mails in to folder (so as to > >> not lose any valid bounces) OR simply /dev/null them. > > > > I think some kind of custom filter such as the above is the correct > > solution. For the moment however I am just using my contacts with > > their upstream ISP to try to get it resolved. > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service The real problem is that the volume of messages (hundreds of thousands) resulting from a joe-job can overwhelm a gateway if they are accepted by the MTA. If a domain is getting heavily joe-jobbed and you are handling email for several domains, the best way to survive is to setup a separate gateway to handle email for the domain that's under attack. On the new gateway, configure the MTA to drop email that's from "<>". We had several customers who have survived joe-job attacks using this technique. Real email for the domain was even delivered with little delay. For Sendmail the instructions on how to do this can be found in the List Archives: http://article.gmane.org/gmane.mail.virus.mailscanner/7776/match=joe+job. I can probably find the mc file hack to build this the needed cf file correctly so if you need it, please email me off list. If you need to get a MailScanner gateway up and running real fast feel free to download DefenderMX from our web server. It takes about an hour to install including the OS installation. The demo license is good for 30 days. To modify the sendmail configuration with the joe-job hack you'll need to edit /opt/Fortress/defaults/incoming.mc to add the hack, then make the cf file: cd /opt/Fortress/defaults/ m4 incoming.mc > incoming.cf Then restart MailScanner: service MailScanner restart Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From alex at nkpanama.com Thu Apr 20 14:44:33 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu Apr 20 14:45:19 2006 Subject: MailScanner Future Message-ID: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> I've already asked most of my clients to buy the book. I'm including the cost of the book in all future installs so that all my clients will contribute. I'll try to visit the wiki more often and click on ads... :) -----Original Message----- >From: "Michele Neylon :: Blacknight.ie" >Sent: 04/19/06 7:32:15 PM >Buy merchandise from the website. Julian's also running adsense on the >wiki these days as well From chardlist at chard.net Thu Apr 20 16:01:42 2006 From: chardlist at chard.net (chardlist) Date: Thu Apr 20 16:02:27 2006 Subject: Memory Usage on MS Processes seems high Message-ID: <002501c6648b$576beb80$0202fea9@sangria> My MailScanner processes are each using 79MB of ram. This seems high. Is it, or is this about normal? I see in wiki that the range should be 20-60MB. Stats are MS 4.50.14 on RedHat 9 Msg volume of ~15,000/day 2GB Ram 2.8 Ghz Pentium 4 Bayes is through MySql Thanks for your time and help in responding, -Brendan From leah at frauerpower.com Thu Apr 20 16:21:33 2006 From: leah at frauerpower.com (Leah Cunningham) Date: Thu Apr 20 16:08:55 2006 Subject: SpamAssassin user prefs w/DB and MailScanner In-Reply-To: <20060420083317.GR4220@luckyduck.tux> References: <200604200056.02160.leah@frauerpower.com> <20060420083317.GR4220@luckyduck.tux> Message-ID: <200604201121.34106.leah@frauerpower.com> On Thursday 20 April 2006 04:33, Jan Brinkmann wrote: > On Thu, Apr 20, 2006 at 12:50:58AM -0400, Leah Cunningham wrote: > > I've been starting to deploy MailScanner on several servers and have been > > quite pleased so far. I am doing a migration now from a server that was > > utilizing the SpamAssassin user prefs features to allow users to set > > custom whitelists, blacklists, and other settings. These were being > > stored in a mysql backend. Some relevant old spamassassin settings: > > > > user_scores_dsn > > DBI:mysql:sqmaildb:somehost.example.net:3306 use_bayes 1 > > bayes_auto_learn 0 > > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > > bayes_sql_dsn > > DBI:mysql:sqmaildb:somehost.example.net:3306 auto_whitelist_factory > > Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn > > DBI:mysql:sqmaildb:somehost.example.net:3306 > > > > Does anyone have any experience integrating this type of configuration > > w/MailScanner, or pointers to docs? > > You can do this using CustumFunctions. Take a look into for example > '/optMailScanner/lib/MailScanner/CustomFunctions'. There is a file > called MyExample.pm. You have to write a function, which looks up the > settings in the database. Then you return either 0 for no or 1 for yes > from your function. Scan Messages should be set to yes, and for example > Virus Scanning could be set to &YourCustomFunction : > > Scan Messages = yes > Virus Scanning = &YourCustomFunction Ah, I had been hoping that you could just add the spamassassin settings to do the user prefs lookups. Is there another way to implement user level preferences in MailScanner that would end up being similar to the SpamAssassin user prefs functionality. Basically, I want to be able to allow each user to have their own white and black lists that only apply to mail sent to their address, at a minimum. It would be nice if each user can set their own spam scoring prefs, etc. Leah -- Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada From shuttlebox at gmail.com Thu Apr 20 16:16:52 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Apr 20 16:16:54 2006 Subject: Memory Usage on MS Processes seems high In-Reply-To: <002501c6648b$576beb80$0202fea9@sangria> References: <002501c6648b$576beb80$0202fea9@sangria> Message-ID: <625385e30604200816i1a92ef0cwa009d5d9ae924d10@mail.gmail.com> On 4/20/06, chardlist wrote: > My MailScanner processes are each using 79MB of ram. This seems high. Is > it, or is this about normal? I see in wiki that the range should be > 20-60MB. Do you use any large rules with SA? My MS processes average 40 MB. -- /peter From dhawal at netmagicsolutions.com Thu Apr 20 16:18:08 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Apr 20 16:17:55 2006 Subject: SpamAssassin user prefs w/DB and MailScanner In-Reply-To: <200604201121.34106.leah@frauerpower.com> References: <200604200056.02160.leah@frauerpower.com> <20060420083317.GR4220@luckyduck.tux> <200604201121.34106.leah@frauerpower.com> Message-ID: <4447A630.3060109@netmagicsolutions.com> Leah Cunningham wrote: > On Thursday 20 April 2006 04:33, Jan Brinkmann wrote: >> On Thu, Apr 20, 2006 at 12:50:58AM -0400, Leah Cunningham wrote: >>> I've been starting to deploy MailScanner on several servers and have been >>> quite pleased so far. I am doing a migration now from a server that was >>> utilizing the SpamAssassin user prefs features to allow users to set >>> custom whitelists, blacklists, and other settings. These were being >>> stored in a mysql backend. Some relevant old spamassassin settings: >>> >>> user_scores_dsn >>> DBI:mysql:sqmaildb:somehost.example.net:3306 use_bayes 1 >>> bayes_auto_learn 0 >>> bayes_store_module Mail::SpamAssassin::BayesStore::SQL >>> bayes_sql_dsn >>> DBI:mysql:sqmaildb:somehost.example.net:3306 auto_whitelist_factory >>> Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn >>> DBI:mysql:sqmaildb:somehost.example.net:3306 >>> >>> Does anyone have any experience integrating this type of configuration >>> w/MailScanner, or pointers to docs? >> You can do this using CustumFunctions. Take a look into for example >> '/optMailScanner/lib/MailScanner/CustomFunctions'. There is a file >> called MyExample.pm. You have to write a function, which looks up the >> settings in the database. Then you return either 0 for no or 1 for yes >> from your function. Scan Messages should be set to yes, and for example >> Virus Scanning could be set to &YourCustomFunction : >> >> Scan Messages = yes >> Virus Scanning = &YourCustomFunction > > Ah, I had been hoping that you could just add the spamassassin settings to do > the user prefs lookups. > > Is there another way to implement user level preferences in MailScanner that > would end up being similar to the SpamAssassin user prefs functionality. > Basically, I want to be able to allow each user to have their own white and > black lists that only apply to mail sent to their address, at a minimum. It > would be nice if each user can set their own spam scoring prefs, etc. > > Leah See http://mailwatch.sf.net, it can do per-user / per-domain blacklists and whitelists (MySQL based, so that you can use the same list on multiple servers). MailWatch can also have per-user spam scoring, letting you define the regular 'spam score' and 'high spam score'.. (this too is stored in a MySQL database). Other than that, mailscanner (currently) doesn't support per-user bayes/awl. - dhawal From martinh at solid-state-logic.com Thu Apr 20 16:18:36 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 20 16:18:44 2006 Subject: Memory Usage on MS Processes seems high In-Reply-To: <002501c6648b$576beb80$0202fea9@sangria> Message-ID: <016a01c6648d$b1e4dc50$3004010a@martinhlaptop> Brendan Wiki might be outdated - dependant on number of SA rules used and any new features MS is using.. As long as you aren't swapping (and you should be ok with 2GB ram, depending on howm uch space the tmpfs for the MS working is using) you're fine. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of chardlist > Sent: 20 April 2006 16:02 > To: 'MailScanner discussion' > Subject: Memory Usage on MS Processes seems high > > My MailScanner processes are each using 79MB of ram. This seems high. Is > it, or is this about normal? I see in wiki that the range should be > 20-60MB. > > Stats are > > MS 4.50.14 on RedHat 9 > Msg volume of ~15,000/day > 2GB Ram > 2.8 Ghz Pentium 4 > Bayes is through MySql > > Thanks for your time and help in responding, > -Brendan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Apr 20 16:25:19 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 20 16:25:35 2006 Subject: SpamAssassin user prefs w/DB and MailScanner In-Reply-To: <200604201121.34106.leah@frauerpower.com> Message-ID: <016b01c6648e$a41cc3c0$3004010a@martinhlaptop> Leah First thing you'll have to do is split the email into individual recipients which can only be done on sendmail or exim to the best of my knowledge. (see http://www.fsl.com/support/QuarantineReport.tar.gz for howto). A lot of ISPs run MS without per-user stuff and have no issues..but splitting the email and using the customfunction you should be able to do white/blacklisting on a per recipient address basis - calling the function from "Is Definitely Spam" and "Is Definitely NOT Spam" settings. SA scoring/rules on a per user basis is NOT possible. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Leah Cunningham > Sent: 20 April 2006 16:22 > To: mailscanner@lists.mailscanner.info > Subject: Re: SpamAssassin user prefs w/DB and MailScanner > > On Thursday 20 April 2006 04:33, Jan Brinkmann wrote: > > On Thu, Apr 20, 2006 at 12:50:58AM -0400, Leah Cunningham wrote: > > > I've been starting to deploy MailScanner on several servers and have > been > > > quite pleased so far. I am doing a migration now from a server that > was > > > utilizing the SpamAssassin user prefs features to allow users to set > > > custom whitelists, blacklists, and other settings. These were being > > > stored in a mysql backend. Some relevant old spamassassin settings: > > > > > > user_scores_dsn > > > DBI:mysql:sqmaildb:somehost.example.net:3306 use_bayes 1 > > > bayes_auto_learn 0 > > > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > > > bayes_sql_dsn > > > DBI:mysql:sqmaildb:somehost.example.net:3306 auto_whitelist_factory > > > Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn > > > DBI:mysql:sqmaildb:somehost.example.net:3306 > > > > > > Does anyone have any experience integrating this type of configuration > > > w/MailScanner, or pointers to docs? > > > > You can do this using CustumFunctions. Take a look into for example > > '/optMailScanner/lib/MailScanner/CustomFunctions'. There is a file > > called MyExample.pm. You have to write a function, which looks up the > > settings in the database. Then you return either 0 for no or 1 for yes > > from your function. Scan Messages should be set to yes, and for example > > Virus Scanning could be set to &YourCustomFunction : > > > > Scan Messages = yes > > Virus Scanning = &YourCustomFunction > > Ah, I had been hoping that you could just add the spamassassin settings to > do > the user prefs lookups. > > Is there another way to implement user level preferences in MailScanner > that > would end up being similar to the SpamAssassin user prefs functionality. > Basically, I want to be able to allow each user to have their own white > and > black lists that only apply to mail sent to their address, at a minimum. > It > would be nice if each user can set their own spam scoring prefs, etc. > > Leah > > -- > Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 > Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From chardlist at chard.net Thu Apr 20 17:00:03 2006 From: chardlist at chard.net (chardlist) Date: Thu Apr 20 17:00:49 2006 Subject: Memory Usage on MS Processes seems high In-Reply-To: <625385e30604200816i1a92ef0cwa009d5d9ae924d10@mail.gmail.com> Message-ID: <003801c66493$7df4e790$0202fea9@sangria> I run about 30 SARE rulesets, but they only total about 1.7MB in size As I said, our bayes is run through MySql. It has 505,600 bayes_seen records and 205,300 bayes_tokens. A cron job runs nightly to tidy that up. -Brendan -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Thursday, April 20, 2006 10:17 AM To: MailScanner discussion Subject: Re: Memory Usage on MS Processes seems high On 4/20/06, chardlist wrote: > My MailScanner processes are each using 79MB of ram. This seems high. Is > it, or is this about normal? I see in wiki that the range should be > 20-60MB. Do you use any large rules with SA? My MS processes average 40 MB. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From leah at frauerpower.com Thu Apr 20 17:13:58 2006 From: leah at frauerpower.com (Leah Cunningham) Date: Thu Apr 20 17:02:21 2006 Subject: SpamAssassin user prefs w/DB and MailScanner In-Reply-To: <4447A630.3060109@netmagicsolutions.com> References: <200604200056.02160.leah@frauerpower.com> <200604201121.34106.leah@frauerpower.com> <4447A630.3060109@netmagicsolutions.com> Message-ID: <200604201213.58655.leah@frauerpower.com> On Thursday 20 April 2006 11:18, Dhawal Doshy wrote: > Leah Cunningham wrote: > > On Thursday 20 April 2006 04:33, Jan Brinkmann wrote: > >> On Thu, Apr 20, 2006 at 12:50:58AM -0400, Leah Cunningham wrote: > See http://mailwatch.sf.net, it can do per-user / per-domain blacklists > and whitelists (MySQL based, so that you can use the same list on > multiple servers). I had just started looking at that. It looks like it will come close to letting us duplicate some of the functionality, thanks. > MailWatch can also have per-user spam scoring, letting you define the > regular 'spam score' and 'high spam score'.. (this too is stored in a > MySQL database). Any docs on that that you know of. I've got the book too, so I'll check. > Other than that, mailscanner (currently) doesn't support per-user > bayes/awl. Okay, thanks for the pointers. Leah -- Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada From Marc.Dufresne at parks.on.ca Thu Apr 20 17:04:35 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Thu Apr 20 17:07:13 2006 Subject: mailscanner-4.50-15_1. blocking hotmail domain Message-ID: This started happening only when I upgraded to 4.50-15_1. I tested e-mail connectivity from my own hotmail account. When I issue tail -f /var/log/maillog I see my e-mail coming in, but it is just queued by mailscanner, its never sent to the intended recipient(which is me). If I disable mailscanner and only allow sendmail to process inbound mail, I recevie the e-mail. As soon as I enable mailscanner, hotmail e-mails are just queued and not delivered. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> michele@blacknight.ie 4/19/2006 8:01 PM >>> Marc Dufresne wrote: > Why has this changed? I never had to add this before? > > Whitelisting hotmail.com is _not_ a good a idea, as you will be flooded with junk. If legitimate mail from hotmail.com addresses is being blocked you need to know why. Whitelisting is not the solution :) What do your logs say? Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From mike at tc3net.com Thu Apr 20 17:19:54 2006 From: mike at tc3net.com (Michael Baird) Date: Thu Apr 20 17:20:06 2006 Subject: SpamAssassin user prefs w/DB and MailScanner In-Reply-To: <016b01c6648e$a41cc3c0$3004010a@martinhlaptop> References: <016b01c6648e$a41cc3c0$3004010a@martinhlaptop> Message-ID: <1145549995.12427.4.camel@mike-new2.tc3net.com> Martin, I handle SA scoring/rules on a per user basis using MailScanner to score the messages. I have a web interface which generates procmail rules based on users selected criteria. I have mailscanner score each message with stars, but have my procmail recipe handle each individual users settings, as well as subject rewriting. It may be ugly but it does allow individual users to specify different thresholds. Ex. SPAMLEVEL=xxxxxxxxxx SPAMTAG=*****SPAM***** :0 *$ ^X-Spam-Level: $SPAMLEVEL { :0 * ^Subject:[ ]*\/[^ ].* { SUBJECT=$MATCH } :0 fw | formail -I "Subject: $SPAMTAG $SUBJECT" :0 $DEFAULT } Regards Michael Baird > Leah > > First thing you'll have to do is split the email into individual recipients > which can only be done on sendmail or exim to the best of my knowledge. > > (see http://www.fsl.com/support/QuarantineReport.tar.gz for howto). > > A lot of ISPs run MS without per-user stuff and have no issues..but > splitting the email and using the customfunction you should be able to do > white/blacklisting on a per recipient address basis - calling the function > from "Is Definitely Spam" and "Is Definitely NOT Spam" settings. > > SA scoring/rules on a per user basis is NOT possible. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Leah Cunningham > > Sent: 20 April 2006 16:22 > > To: mailscanner@lists.mailscanner.info > > Subject: Re: SpamAssassin user prefs w/DB and MailScanner > > > > On Thursday 20 April 2006 04:33, Jan Brinkmann wrote: > > > On Thu, Apr 20, 2006 at 12:50:58AM -0400, Leah Cunningham wrote: > > > > I've been starting to deploy MailScanner on several servers and have > > been > > > > quite pleased so far. I am doing a migration now from a server that > > was > > > > utilizing the SpamAssassin user prefs features to allow users to set > > > > custom whitelists, blacklists, and other settings. These were being > > > > stored in a mysql backend. Some relevant old spamassassin settings: > > > > > > > > user_scores_dsn > > > > DBI:mysql:sqmaildb:somehost.example.net:3306 use_bayes 1 > > > > bayes_auto_learn 0 > > > > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > > > > bayes_sql_dsn > > > > DBI:mysql:sqmaildb:somehost.example.net:3306 auto_whitelist_factory > > > > Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn > > > > DBI:mysql:sqmaildb:somehost.example.net:3306 > > > > > > > > Does anyone have any experience integrating this type of configuration > > > > w/MailScanner, or pointers to docs? > > > > > > You can do this using CustumFunctions. Take a look into for example > > > '/optMailScanner/lib/MailScanner/CustomFunctions'. There is a file > > > called MyExample.pm. You have to write a function, which looks up the > > > settings in the database. Then you return either 0 for no or 1 for yes > > > from your function. Scan Messages should be set to yes, and for example > > > Virus Scanning could be set to &YourCustomFunction : > > > > > > Scan Messages = yes > > > Virus Scanning = &YourCustomFunction > > > > Ah, I had been hoping that you could just add the spamassassin settings to > > do > > the user prefs lookups. > > > > Is there another way to implement user level preferences in MailScanner > > that > > would end up being similar to the SpamAssassin user prefs functionality. > > Basically, I want to be able to allow each user to have their own white > > and > > black lists that only apply to mail sent to their address, at a minimum. > > It > > would be nice if each user can set their own spam scoring prefs, etc. > > > > Leah > > > > -- > > Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 > > Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Thu Apr 20 17:24:16 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 20 17:24:41 2006 Subject: mailscanner-4.50-15_1. blocking hotmail domain In-Reply-To: Message-ID: <019501c66496$de349da0$3004010a@martinhlaptop> Marc What have you got for the "Use TNEF Contents" - if hotmail are sending RFT rubbish then I remember 4.50 have fun with this... What happens if you go to 4.52.2? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marc Dufresne > Sent: 20 April 2006 17:05 > To: michele@blacknight.ie; MailScanner discussion > Subject: Re: mailscanner-4.50-15_1. blocking hotmail domain > > This started happening only when I upgraded to 4.50-15_1. > > I tested e-mail connectivity from my own hotmail account. When I issue > tail -f /var/log/maillog I see my e-mail coming in, but it is just > queued by mailscanner, its never sent to the intended recipient(which is > me). > > If I disable mailscanner and only allow sendmail to process inbound > mail, I recevie the e-mail. As soon as I enable mailscanner, hotmail > e-mails are just queued and not delivered. > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> michele@blacknight.ie 4/19/2006 8:01 PM >>> > Marc Dufresne wrote: > > > Why has this changed? I never had to add this before? > > > > > > Whitelisting hotmail.com is _not_ a good a idea, as you will be > flooded > with junk. > > If legitimate mail from hotmail.com addresses is being blocked you > need > to know why. Whitelisting is not the solution :) > > What do your logs say? > > Michele > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Apr 20 17:27:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 20 17:27:52 2006 Subject: SpamAssassin user prefs w/DB and MailScanner In-Reply-To: <1145549995.12427.4.camel@mike-new2.tc3net.com> Message-ID: <019601c66497$58fb47a0$3004010a@martinhlaptop> Micheal Well yeah you can do that I guess, but you can't new SA rules for a particular user or change the score of a rule... Or has been pointed out you can get MailWatch to do some of the work on the email gateway where MS runs.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Michael Baird > Sent: 20 April 2006 17:20 > To: MailScanner discussion > Subject: RE: SpamAssassin user prefs w/DB and MailScanner > > Martin, I handle SA scoring/rules on a per user basis using MailScanner > to score the messages. I have a web interface which generates procmail > rules based on users selected criteria. I have mailscanner score each > message with stars, but have my procmail recipe handle each individual > users settings, as well as subject rewriting. It may be ugly but it does > allow individual users to specify different thresholds. > > Ex. > SPAMLEVEL=xxxxxxxxxx > SPAMTAG=*****SPAM***** > :0 > *$ ^X-Spam-Level: $SPAMLEVEL > { > :0 > * ^Subject:[ ]*\/[^ ].* > { > SUBJECT=$MATCH > } > :0 fw > | formail -I "Subject: $SPAMTAG $SUBJECT" > :0 > $DEFAULT > } > > Regards > Michael Baird > > > Leah > > > > First thing you'll have to do is split the email into individual > recipients > > which can only be done on sendmail or exim to the best of my knowledge. > > > > (see http://www.fsl.com/support/QuarantineReport.tar.gz for howto). > > > > A lot of ISPs run MS without per-user stuff and have no issues..but > > splitting the email and using the customfunction you should be able to > do > > white/blacklisting on a per recipient address basis - calling the > function > > from "Is Definitely Spam" and "Is Definitely NOT Spam" settings. > > > > SA scoring/rules on a per user basis is NOT possible. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Leah Cunningham > > > Sent: 20 April 2006 16:22 > > > To: mailscanner@lists.mailscanner.info > > > Subject: Re: SpamAssassin user prefs w/DB and MailScanner > > > > > > On Thursday 20 April 2006 04:33, Jan Brinkmann wrote: > > > > On Thu, Apr 20, 2006 at 12:50:58AM -0400, Leah Cunningham wrote: > > > > > I've been starting to deploy MailScanner on several servers and > have > > > been > > > > > quite pleased so far. I am doing a migration now from a server > that > > > was > > > > > utilizing the SpamAssassin user prefs features to allow users to > set > > > > > custom whitelists, blacklists, and other settings. These were > being > > > > > stored in a mysql backend. Some relevant old spamassassin > settings: > > > > > > > > > > user_scores_dsn > > > > > DBI:mysql:sqmaildb:somehost.example.net:3306 use_bayes 1 > > > > > bayes_auto_learn 0 > > > > > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > > > > > bayes_sql_dsn > > > > > DBI:mysql:sqmaildb:somehost.example.net:3306 > auto_whitelist_factory > > > > > Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn > > > > > DBI:mysql:sqmaildb:somehost.example.net:3306 > > > > > > > > > > Does anyone have any experience integrating this type of > configuration > > > > > w/MailScanner, or pointers to docs? > > > > > > > > You can do this using CustumFunctions. Take a look into for example > > > > '/optMailScanner/lib/MailScanner/CustomFunctions'. There is a file > > > > called MyExample.pm. You have to write a function, which looks up > the > > > > settings in the database. Then you return either 0 for no or 1 for > yes > > > > from your function. Scan Messages should be set to yes, and for > example > > > > Virus Scanning could be set to &YourCustomFunction : > > > > > > > > Scan Messages = yes > > > > Virus Scanning = &YourCustomFunction > > > > > > Ah, I had been hoping that you could just add the spamassassin > settings to > > > do > > > the user prefs lookups. > > > > > > Is there another way to implement user level preferences in > MailScanner > > > that > > > would end up being similar to the SpamAssassin user prefs > functionality. > > > Basically, I want to be able to allow each user to have their own > white > > > and > > > black lists that only apply to mail sent to their address, at a > minimum. > > > It > > > would be nice if each user can set their own spam scoring prefs, etc. > > > > > > Leah > > > > > > -- > > > Leah Cunningham : d416-585-9971x692 : d416-703-5977 : m416-559-6511 > > > Frauerpower! Co. : www.frauerpower.com : Toronto, ON Canada > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Apr 20 17:58:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 20 17:58:50 2006 Subject: MailScanner Future In-Reply-To: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> Message-ID: <4447BDC1.8080201@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There may be some news on this subject in the near future. What I want differs somewhat from what other people I am involved with want, but I'm quite prepared to put my foot down and not piss everyone off just to make money from it. You folks are one of my most important resources; not only the beta testing and maintaining the wiki, but also steering the direction of my work. It wouldn't be the product it is today without all the ideas for new features that you create. By the way the only merchandise I make money from is the book. Everything else is sold at cost price (except for $1 profit per item). But keep buying the other stuff as well, it makes very good walking advertising for me. If you want to donate money by buying something (useful in companies) then just buy the book. Or even maybe a few copies so that everyone involved with managing your email system has their own copy. I can always create a pretty printed CD with the latest version on it so that you have something physical delivered if you would like to donate a higher figure, I'm registered for tax purposes in the USA as well as the UK and have access to a bank account in both countries. I'll keep you all posted as and when there is any news. Alex Neuman wrote: > I've already asked most of my clients to buy the book. I'm including the cost of the book in all future installs so that all my clients will contribute. I'll try to visit the wiki more often and click on ads... :) > > > -----Original Message----- > >From: "Michele Neylon :: Blacknight.ie" > >Sent: 04/19/06 7:32:15 PM > >Buy merchandise from the website. Julian's also running adsense on the > >wiki these days as well > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBREe9wxH2WUcUFbZUEQJm9wCgqV2/aivP9umYvT8RAdZCTJZtxd0AnjaU 1eRr+DW/qSdnMWfiOe26Ef4O =q+VR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mikej at rogers.com Thu Apr 20 18:33:38 2006 From: mikej at rogers.com (Mike Jakubik) Date: Thu Apr 20 18:33:22 2006 Subject: MailScanner Future In-Reply-To: <4447BDC1.8080201@ecs.soton.ac.uk> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> Message-ID: <4447C5F2.5000102@rogers.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > There may be some news on this subject in the near future. What I want > differs somewhat from what other people I am involved with want, but I'm > quite prepared to put my foot down and not piss everyone off just to > make money from it. You folks are one of my most important resources; > not only the beta testing and maintaining the wiki, but also steering > the direction of my work. It wouldn't be the product it is today without > all the ideas for new features that you create. > This is interesting to me, as i am working on developing a commercial product based on MS. If there is a possibility of a license change, i would appreciate being informed of this, as i would have to look in to alternatives, such as amavisd-new, but i would much prefer to use MS :) If the license does not change, and my product is successful, i will be more than happy to donate money. Thanks, and keep up the good work! From Denis.Beauchemin at USherbrooke.ca Thu Apr 20 19:08:35 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Apr 20 19:09:13 2006 Subject: Memory Usage on MS Processes seems high In-Reply-To: <002501c6648b$576beb80$0202fea9@sangria> References: <002501c6648b$576beb80$0202fea9@sangria> Message-ID: <4447CE23.1040406@USherbrooke.ca> chardlist a ?crit : > My MailScanner processes are each using 79MB of ram. This seems high. Is > it, or is this about normal? I see in wiki that the range should be > 20-60MB. > My MS processes on my external servers use about 85MB each while the MS processes on my internal servers use about 55MB each. There is a big difference in the number of SA rulesets I use: cd /etc/mail/spamassassin; grep -i ^score *cf | wc -l 2197 on external servers and 568 on internal ones. Same thing for the local rules: cd /etc/MailScanner/rules/; grep -v '^#' *|wc -l 1646 on external servers and 269 on internal ones. bayes_seen is at 159MB and bayes_toks is around 20MB everywhere. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060420/935a7881/smime.bin From remy at unix-asp.com Thu Apr 20 19:43:03 2006 From: remy at unix-asp.com (Remy de Ruysscher) Date: Thu Apr 20 19:43:14 2006 Subject: MailScanner Future In-Reply-To: Message-ID: <200604201843.k3KIhDFn031860@bkserver.blacknight.ie> Hi Julian, Thank you again for such a great product. What I normally do is, when I install MailScanner for a company, I give them the MailScanner book along with the installation. In this way they Can make a small contribution for your great work. This is the least I can do ;). So all you guys follow this example please! Regards, Remy. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: donderdag 20 april 2006 18:59 > To: MailScanner discussion > Subject: Re: MailScanner Future > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > There may be some news on this subject in the near future. > What I want differs somewhat from what other people I am > involved with want, but I'm quite prepared to put my foot > down and not piss everyone off just to make money from it. > You folks are one of my most important resources; not only > the beta testing and maintaining the wiki, but also steering > the direction of my work. It wouldn't be the product it is > today without all the ideas for new features that you create. > > By the way the only merchandise I make money from is the book. > Everything else is sold at cost price (except for $1 profit > per item). > But keep buying the other stuff as well, it makes very good > walking advertising for me. If you want to donate money by > buying something (useful in companies) then just buy the > book. Or even maybe a few copies so that everyone involved > with managing your email system has their own copy. > > I can always create a pretty printed CD with the latest > version on it so that you have something physical delivered > if you would like to donate a higher figure, I'm registered > for tax purposes in the USA as well as the UK and have access > to a bank account in both countries. > > I'll keep you all posted as and when there is any news. > > Alex Neuman wrote: > > I've already asked most of my clients to buy the book. I'm > including > > the cost of the book in all future installs so that all my clients > > will contribute. I'll try to visit the wiki more often and click on > > ads... :) > > > > > > -----Original Message----- > > >From: "Michele Neylon :: Blacknight.ie" > > >Sent: 04/19/06 7:32:15 PM > > >Buy merchandise from the website. Julian's also > running adsense on the > > >wiki these days as well > > > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBREe9wxH2WUcUFbZUEQJm9wCgqV2/aivP9umYvT8RAdZCTJZtxd0AnjaU > 1eRr+DW/qSdnMWfiOe26Ef4O > =q+VR > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Apr 20 20:29:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 20 20:29:22 2006 Subject: MailScanner Future In-Reply-To: <4447C5F2.5000102@rogers.com> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> <4447C5F2.5000102@rogers.com> Message-ID: <4447E108.6020901@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Jakubik wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> There may be some news on this subject in the near future. What I >> want differs somewhat from what other people I am involved with want, >> but I'm quite prepared to put my foot down and not piss everyone off >> just to make money from it. You folks are one of my most important >> resources; not only the beta testing and maintaining the wiki, but >> also steering the direction of my work. It wouldn't be the product it >> is today without all the ideas for new features that you create. >> > > This is interesting to me, as i am working on developing a commercial > product based on MS. If there is a possibility of a license change, i > would appreciate being informed of this, as i would have to look in to > alternatives, such as amavisd-new, but i would much prefer to use MS > :) If the license does not change, and my product is successful, i > will be more than happy to donate money. I am very much against changing the licence. All that would result is a very large number of very pissed off people (you lot). I don't want that, even if it costs me a lot of potential money. I want to work with you, not against you. I am just about coming to the point of calling off the commercialisation completely, as I don't think it can be done without either pissing off all of you guys, or the folks at Fort Systems Ltd who are good friends of mine, or both. I think I might offer then a few hundred quid for their time so far, and part company. > > Thanks, and keep up the good work! > Thanks, comments like that are much appreciated :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBREfhCRH2WUcUFbZUEQKIegCcCfwPa2mS0yhsijzSqv9AMPP+DFYAn2T7 KDvt3UM08IgJ09jjR50gKOdn =SYEK -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Apr 20 20:34:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 20 20:34:40 2006 Subject: Missed anything important? Message-ID: <4447E246.2080101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just marked everything in the list as "read". Anything important I have missed? From what I hear you have been getting on just fine without me, which is always good news for me. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBREfiRxH2WUcUFbZUEQJZfgCgw0WniYZItbemyJ0xZXHAebysCSQAnRwO 21ePLWeu57U4+pJRM8JJtAEj =GiI2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From csweeney at osubucks.org Thu Apr 20 20:42:14 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Thu Apr 20 20:42:40 2006 Subject: MailScanner Future In-Reply-To: <4447E108.6020901@ecs.soton.ac.uk> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> <4447C5F2.5000102@rogers.com> <4447E108.6020901@ecs.soton.ac.uk> Message-ID: <4447E416.2010502@osubucks.org> I know you put a lot of hard work into MailScanner and most of us appreciate it more then we say. Without going commercial though perhaps a good way to get something out of it is to make "suggestions" for its use. Rather then turn commercial in which many of us, me included could not afford to go most likely, perhaps come up with a list of what you think is a good amount to donate for its use and development. What I am trying to say is instead of just asking to buy the book or donate something put up a page with what you feel would be a fair amount to donate. Say if you are a small user with 1-10 users maybe $50/year 11-25 $100/yr and so on. Might not make you rich but perhaps if you just laid out some expectations for donations you might get more support that way without going commercial. All this talk is making me feel guilty though as right now I haven't had the extra cash to donate to you myself :( Chris Julian Field wrote: > > I think I might offer then a few hundred quid for their time so far, and > part company. > > >> Thanks, and keep up the good work! > >> > Thanks, comments like that are much appreciated :-) > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.siddall at elirion.net Thu Apr 20 20:51:18 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Apr 20 20:51:54 2006 Subject: Missed anything important? In-Reply-To: <4447E246.2080101@ecs.soton.ac.uk> References: <4447E246.2080101@ecs.soton.ac.uk> Message-ID: <4447E636.4010209@elirion.net> Julian Field wrote: > I have just marked everything in the list as "read". Anything important > I have missed? > Dhawal Doshy posted a couple of messages from the Postfix list about a possible documented queue interface. It sounds like Wietse is seriously considering supporting the pragmatic approach that MailScanner uses, but wants some input on developing a secure, robust interface. (Dhawal's posts indicate Wietse has put some thought into what's required, but doesn't want to do all the work himself.) Dhawal also pointed out that qpsmtpd also uses a queue level interface to Postfix, and will also be broken by the upcoming changes to Postfix's queue implementation. Regards, Richard Siddall From richard.siddall at elirion.net Thu Apr 20 21:02:56 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Apr 20 21:03:22 2006 Subject: Feature request: native qmail support In-Reply-To: <443E55B3.9020303@netmagicsolutions.com> References: <443E55B3.9020303@netmagicsolutions.com> Message-ID: <4447E8F0.4040802@elirion.net> Dhawal Doshy wrote: [snip] > > If you think this is doable, i can send you the necessary files/diffs > from the latest version of openprotect. > If you've got diffs for an updated qmail/MailScanner integration, I'd be interested in seeing them. Regards, Richard Siddall From jethro.binks at strath.ac.uk Thu Apr 20 21:03:38 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu Apr 20 21:03:41 2006 Subject: Missed anything important? In-Reply-To: <4447E636.4010209@elirion.net> References: <4447E246.2080101@ecs.soton.ac.uk> <4447E636.4010209@elirion.net> Message-ID: <20060420210244.E31617@defjam.cc.strath.ac.uk> On Thu, 20 Apr 2006, Richard Siddall wrote: > Julian Field wrote: > > I have just marked everything in the list as "read". Anything important > > I have missed? > > > > Dhawal Doshy posted a couple of messages from the Postfix list about a > possible documented queue interface. It sounds like Wietse is seriously > considering supporting the pragmatic approach that MailScanner uses, but > wants some input on developing a secure, robust interface. (Dhawal's > posts indicate Wietse has put some thought into what's required, but > doesn't want to do all the work himself.) There is also an issue with the latest version of Exim (4.62 I think) which changes the queue file format slightly. Posted today or yesterday. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From richard.siddall at elirion.net Thu Apr 20 21:08:33 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Apr 20 21:09:03 2006 Subject: Feature request: native qmail support In-Reply-To: <443E55B3.9020303@netmagicsolutions.com> References: <443E55B3.9020303@netmagicsolutions.com> Message-ID: <4447EA41.1090802@elirion.net> Dhawal Doshy wrote: [snip] > d. /etc/sysconfig/MailScanner doesn't have the qmail related parameters. [snip] When I was trying, unsuccessfully, to install OpenProtect, one of the hurdles I ran into was the lack of qmail support in /etc/rc.d/init.d/MailScanner. It occurred to me that I could rewrite the file so it was more modular, something along the lines of: if [ -f /usr/lib/MailScanner/startup/$INCOMING_MTA ] source /usr/lib/MailScanner/startup/$INCOMING_MTA fi In other words, read in a script that defines shell subroutines to start, stop, restart, and give the status of the incoming and outgoing MTAs. (You'd have two MTAs in split systems where you use something like qpsmtpd for incoming mail with a Postfix or qmail delivery queue.) Regards, Richard Siddall From jaearick at colby.edu Thu Apr 20 21:50:30 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Apr 20 21:53:36 2006 Subject: MailScanner Future (aka money) In-Reply-To: <4447BDC1.8080201@ecs.soton.ac.uk> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> Message-ID: On Thu, 20 Apr 2006, Julian Field wrote: > By the way the only merchandise I make money from is the book. > Everything else is sold at cost price (except for $1 profit per item). > But keep buying the other stuff as well, it makes very good walking > advertising for me. If you want to donate money by buying something > (useful in companies) then just buy the book. Or even maybe a few copies > so that everyone involved with managing your email system has their own > copy. > > I can always create a pretty printed CD with the latest version on it so > that you have something physical delivered if you would like to donate a > higher figure, I'm registered for tax purposes in the USA as well as the > UK and have access to a bank account in both countries. Ahah! Now we are getting somewhere... I have no particular interest in buying a book (even though I did) because we are just cutting down trees, cluttering my bookshelf, and I won't read it that much anyway. The list and webpage is more up-to-date. Much better is the idea of buying a CD with a pretty label on it. You can charge us more because it is "software", we get a deliverable item that the business guys understand, and I can put in my safe for emergencies to make my boss happy. Your profit margin for donations goes up. I remember that when I made my feeble donation long ago, I had to jump thru hoops with the business guys to do it. Remember how it was done? Credit card? The people here always want to do Purchase Orders; you probably can't do that. Some mechanism (other than Paypal) that business guys understand would be a good addition to your webpage. Jeff Earickson Colby College From mailscanner at mango.zw Thu Apr 20 21:54:35 2006 From: mailscanner at mango.zw (Jim Holland) Date: Thu Apr 20 21:58:20 2006 Subject: Missed anything important? In-Reply-To: <4447E246.2080101@ecs.soton.ac.uk> Message-ID: Hi Julian Welcome back! On Thu, 20 Apr 2006, Julian Field wrote: > I have just marked everything in the list as "read". Anything important > I have missed? Perhaps "important" is a little presumptious on my part, but there were a couple of issues that I had hoped to draw your attention to: (a) Messages stuck in queue See threads: Solved? Re: Still stuck in queue, version 4.52.2 mail scanner stuck I think the problem arises with highly compressible compressed files that cause ClamAV to exceed the limit set by "Virus Scanner Timeout". Two suggestions: Include the SMTP id of the message in the "Commercial scanner clamav timed out" and "Virus Scanning: Denial Of Service attack detected" log lines to identify the problem message. If a particular message causes a timeout, skip that and continue to process the remainder of the batch - at the moment all the rest of the messages in the batch also get stuck indefinitely. (b) Allow use of null address in rulesets See thread: Can the null address be specified in a ruleset? Suggest new feature to allow rules such as: From: <> and To: user@domain yes Finally - just a few words of appreciation concerning your attitude towards ensuring continuing availability of MailScanner as a non-commercial product. Here in this nearly-ruined country of Zimbabwe one pound Sterling now costs over 400,000 Zimbabwe dollars on the foreign currency black market (which is the only one there is if you are buying). We at MANGO have no chance of getting hold of the currency needed to pay for commercial software. And now I see more and more of the commercial ISPs in the country are using it as well - for themselves and for their corporate clients' mail servers. Thanks once again! Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From chardlist at chard.net Thu Apr 20 22:56:21 2006 From: chardlist at chard.net (chardlist) Date: Thu Apr 20 22:56:38 2006 Subject: Reject non-existant users with exchange and exim Message-ID: <00c901c664c5$443337a0$0202fea9@sangria> In the wiki documentation I see methods how to set up exim routers to scan mail and then pass it along to another server (exchange in this case), but I don't see a way to configure the exchange server and the ms server to communicate about valid addresses so that the mta on the mailscanner server (exim) can reject the message before mailscanner has to deal with it. Right now I am leaving the mailscanner server open to accept any mail to the domain with the exchange server and it's getting a bit out of hand. I realize this is more of an exim question, but I figure this is a good place to start. MS 4.50.14 Exim 4.52 Redhat 9 Thank you, -Brendan From pete at enitech.com.au Thu Apr 20 23:17:58 2006 From: pete at enitech.com.au (Peter Russell) Date: Thu Apr 20 23:18:09 2006 Subject: MailScanner Future (aka money) In-Reply-To: References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> Message-ID: <44480896.2080400@enitech.com.au> . > > I remember that when I made my feeble donation long ago, I had to jump > thru hoops with the business guys to do it. Remember how it was done? > Credit card? The people here always want to do Purchase Orders; you > probably can't do that. Some mechanism (other than Paypal) that > business guys understand would be a good addition to your webpage. Sure he can. You give him a PO, hee gives you an invoice with payment details - he has direct deposit in 2 countries (if i understand his previous post correctly) and paypal or send him a chq. No different from any other supplier - he can supply the software on CD, i bet if you donate enough he could send it on a DVD :) Maybe he could get mem sticks printed with his logo and send these with the software on it? But you're right, the company doesnt like paypal or CC, or at least it seems to be a lot harder to get them to use it - they also seem to ahte the idea of a donation, but love the idea of expesnive licensing or media. From ssilva at sgvwater.com Thu Apr 20 23:43:48 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 20 23:44:15 2006 Subject: MailScanner Future (aka money) In-Reply-To: References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> Message-ID: Jeff A. Earickson spake the following on 4/20/2006 1:50 PM: > On Thu, 20 Apr 2006, Julian Field wrote: > >> By the way the only merchandise I make money from is the book. >> Everything else is sold at cost price (except for $1 profit per item). >> But keep buying the other stuff as well, it makes very good walking >> advertising for me. If you want to donate money by buying something >> (useful in companies) then just buy the book. Or even maybe a few copies >> so that everyone involved with managing your email system has their own >> copy. >> >> I can always create a pretty printed CD with the latest version on it so >> that you have something physical delivered if you would like to donate a >> higher figure, I'm registered for tax purposes in the USA as well as the >> UK and have access to a bank account in both countries. > > Ahah! Now we are getting somewhere... I have no particular interest > in buying a book (even though I did) because we are just cutting down > trees, cluttering my bookshelf, and I won't read it that much anyway. > The list and webpage is more up-to-date. > > Much better is the idea of buying a CD with a pretty label on it. You > can charge us more because it is "software", we get a deliverable item > that the business guys understand, and I can put in my safe for emergencies > to make my boss happy. Your profit margin for donations goes up. > > I remember that when I made my feeble donation long ago, I had to jump > thru hoops with the business guys to do it. Remember how it was done? > Credit card? The people here always want to do Purchase Orders; you > probably can't do that. Some mechanism (other than Paypal) that > business guys understand would be a good addition to your webpage. > > Jeff Earickson > Colby College I second that! My Company would rather pay higher prices to "net 30" vendors than have anything to do with credit cards. We stopped doing business with Dell because they dropped our net 30 P.O. account because of low quantity purchases. I will buy the book soon, but I will have to get it on my own and hope that the company will reimburse me. If not, Julian still deserves the support. I try to make up for it by helping out on the list when I can. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From maillists at conactive.com Fri Apr 21 00:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Apr 21 00:31:21 2006 Subject: Memory Usage on MS Processes seems high In-Reply-To: <003801c66493$7df4e790$0202fea9@sangria> References: <003801c66493$7df4e790$0202fea9@sangria> Message-ID: Chardlist wrote on Thu, 20 Apr 2006 11:00:03 -0500: > I run about 30 SARE rulesets, but they only total about 1.7MB in size Don't believe that makes them only 1.7 MB in memory. ;-) If you want to see how much they really take move them out of the SA directory temporarily and restart MS. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From rob at robhq.com Fri Apr 21 01:07:52 2006 From: rob at robhq.com (Rob Freeman) Date: Fri Apr 21 01:08:20 2006 Subject: Reject non-existant users with exchange and exim In-Reply-To: <00c901c664c5$443337a0$0202fea9@sangria> References: <00c901c664c5$443337a0$0202fea9@sangria> Message-ID: <44482258.5080504@robhq.com> Check out here: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html We use this with a few tweaks to only allow email to our valid exchange users. Rob chardlist wrote: > In the wiki documentation I see methods how to set up exim routers to scan > mail and then pass it along to another server (exchange in this case), but I > don't see a way to configure the exchange server and the ms server to > communicate about valid addresses so that the mta on the mailscanner server > (exim) can reject the message before mailscanner has to deal with it. Right > now I am leaving the mailscanner server open to accept any mail to the > domain with the exchange server and it's getting a bit out of hand. > > I realize this is more of an exim question, but I figure this is a good > place to start. > > MS 4.50.14 > Exim 4.52 > Redhat 9 > > > Thank you, > -Brendan > > From MailScanner at ecs.soton.ac.uk Fri Apr 21 08:36:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 21 08:36:50 2006 Subject: MailScanner Future (aka money) In-Reply-To: References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> Message-ID: <853C980D-301E-4E99-A259-45973EE4331F@ecs.soton.ac.uk> On 20 Apr 2006, at 21:50, Jeff A. Earickson wrote: > On Thu, 20 Apr 2006, Julian Field wrote: > >> By the way the only merchandise I make money from is the book. >> Everything else is sold at cost price (except for $1 profit per >> item). >> But keep buying the other stuff as well, it makes very good walking >> advertising for me. If you want to donate money by buying something >> (useful in companies) then just buy the book. Or even maybe a few >> copies >> so that everyone involved with managing your email system has >> their own >> copy. >> >> I can always create a pretty printed CD with the latest version on >> it so >> that you have something physical delivered if you would like to >> donate a >> higher figure, I'm registered for tax purposes in the USA as well >> as the >> UK and have access to a bank account in both countries. > > Ahah! Now we are getting somewhere... I have no particular interest > in buying a book (even though I did) because we are just cutting down > trees, cluttering my bookshelf, and I won't read it that much anyway. > The list and webpage is more up-to-date. > > Much better is the idea of buying a CD with a pretty label on it. You > can charge us more because it is "software", we get a deliverable item > that the business guys understand, and I can put in my safe for > emergencies > to make my boss happy. Your profit margin for donations goes up. > > I remember that when I made my feeble donation long ago, I had to jump > thru hoops with the business guys to do it. Remember how it was done? > Credit card? The people here always want to do Purchase Orders; you > probably can't do that. Some mechanism (other than Paypal) that > business guys understand would be a good addition to your webpage. I have a volunteer in Fort Systems to send out the invoices and collect the payments, so that much is solved. How much would you like me to charge for the CD? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From gmatt at nerc.ac.uk Fri Apr 21 10:05:33 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Apr 21 10:06:22 2006 Subject: MailScanner Future (aka money) In-Reply-To: References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> Message-ID: <4448A05D.6000204@nerc.ac.uk> Jeff A. Earickson wrote: > > Ahah! Now we are getting somewhere... I have no particular interest > in buying a book (even though I did) because we are just cutting down > trees, .... as opposed to... > Much better is the idea of buying a CD with a pretty label on it. poisoning rivers with cyanide and other heavy metals, at least the trees can be replaced ;) -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From dyioulos at firstbhph.com Fri Apr 21 12:40:25 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Apr 21 12:40:27 2006 Subject: MailScanner Future (aka money) In-Reply-To: <853C980D-301E-4E99-A259-45973EE4331F@ecs.soton.ac.uk> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <853C980D-301E-4E99-A259-45973EE4331F@ecs.soton.ac.uk> Message-ID: <200604210740.26084.dyioulos@firstbhph.com> On Friday April 21 2006 3:36 am, Julian Field wrote: > On 20 Apr 2006, at 21:50, Jeff A. Earickson wrote: > > On Thu, 20 Apr 2006, Julian Field wrote: > >> By the way the only merchandise I make money from is the book. > >> Everything else is sold at cost price (except for $1 profit per > >> item). > >> But keep buying the other stuff as well, it makes very good walking > >> advertising for me. If you want to donate money by buying something > >> (useful in companies) then just buy the book. Or even maybe a few > >> copies > >> so that everyone involved with managing your email system has > >> their own > >> copy. > >> > >> I can always create a pretty printed CD with the latest version on > >> it so > >> that you have something physical delivered if you would like to > >> donate a > >> higher figure, I'm registered for tax purposes in the USA as well > >> as the > >> UK and have access to a bank account in both countries. > > > > Ahah! Now we are getting somewhere... I have no particular interest > > in buying a book (even though I did) because we are just cutting down > > trees, cluttering my bookshelf, and I won't read it that much anyway. > > The list and webpage is more up-to-date. > > > > Much better is the idea of buying a CD with a pretty label on it. You > > can charge us more because it is "software", we get a deliverable item > > that the business guys understand, and I can put in my safe for > > emergencies > > to make my boss happy. Your profit margin for donations goes up. > > > > I remember that when I made my feeble donation long ago, I had to jump > > thru hoops with the business guys to do it. Remember how it was done? > > Credit card? The people here always want to do Purchase Orders; you > > probably can't do that. Some mechanism (other than Paypal) that > > business guys understand would be a good addition to your webpage. > > I have a volunteer in Fort Systems to send out the invoices and > collect the payments, so that much is solved. > How much would you like me to charge for the CD? > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Julian, Maybe you could package MS with the spamassassin/clamav easy install such that a user of the CD could install a "complete" mail system as an option. I think people would go nuts over that. At a minimum, that should be worth 100USD. Add a MailWatch option, charge a bit more, send some dough to Steve, too. Just a thought. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From KLekas at foxriver.com Fri Apr 21 14:29:51 2006 From: KLekas at foxriver.com (Kosta Lekas) Date: Fri Apr 21 14:29:55 2006 Subject: Reject non-existant users with exchange and exim Message-ID: <8D8A77DC1FA09546936E74FC3EEC627A545555@FREXGENEVA-01.frfr.foxriver.com> There is a better way to pull a list of valid users from Exchange. There is a Perl script out there that pulls all the smtp addresses form AD using Net::LDAP. This is what I use to generate a relay_recipient list on Postfix. I'm sure it can be tailored to generate an exim equivalent file/ACL. The script queries an AD container and pulls all smtp addresses. I keep my private distribution groups in a separate OU that gets excluded from the LDAP search, this way I don't have to relay private distribution groups that should only be originating internally. The method Rob has referenced will also work but I find this one to be more elegant. Here is a link to directions on doing this with postfix: http://www2.origogeneris.com:4000/relay_recipients.html Here is a link to the script: http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl Kosta Lekas -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob Freeman Sent: Thursday, April 20, 2006 7:08 PM To: MailScanner discussion Subject: Re: Reject non-existant users with exchange and exim Check out here: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html We use this with a few tweaks to only allow email to our valid exchange users. Rob chardlist wrote: > In the wiki documentation I see methods how to set up exim routers to scan > mail and then pass it along to another server (exchange in this case), but I > don't see a way to configure the exchange server and the ms server to > communicate about valid addresses so that the mta on the mailscanner server > (exim) can reject the message before mailscanner has to deal with it. Right > now I am leaving the mailscanner server open to accept any mail to the > domain with the exchange server and it's getting a bit out of hand. > > I realize this is more of an exim question, but I figure this is a good > place to start. > > MS 4.50.14 > Exim 4.52 > Redhat 9 > > > Thank you, > -Brendan > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From William.Burns at Aeroflex.com Fri Apr 21 14:56:22 2006 From: William.Burns at Aeroflex.com (William.Burns@Aeroflex.com) Date: Fri Apr 21 14:58:02 2006 Subject: MailScanner Future (aka money) In-Reply-To: <200604210740.26084.dyioulos@firstbhph.com> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <853C980D-301E-4E99-A259-45973EE4331F@ecs.soton.ac.uk> <200604210740.26084.dyioulos@firstbhph.com> Message-ID: <4448E486.2@Aeroflex.com> What does defenderMX cost? Dimitri Yioulos wrote: >On Friday April 21 2006 3:36 am, Julian Field wrote: > > >>On 20 Apr 2006, at 21:50, Jeff A. Earickson wrote: >> >> >>>On Thu, 20 Apr 2006, Julian Field wrote: >>> >>> >>>>By the way the only merchandise I make money from is the book. >>>>Everything else is sold at cost price (except for $1 profit per >>>>item). >>>> >>>> >>>> >>I have a volunteer in Fort Systems to send out the invoices and >>collect the payments, so that much is solved. >>How much would you like me to charge for the CD? >>-- >>Julian Field >> >> >Julian, > >Maybe you could package MS with the spamassassin/clamav easy install such that >a user of the CD could install a "complete" mail system as an option. I >think people would go nuts over that. At a minimum, that should be worth >100USD. Add a MailWatch option, charge a bit more, send some dough to Steve, >too. > > Notice: This e-mail is intended solely for use of the individual or entity to which it is addressed and may contain information that is proprietary, privileged, company confidential and/or exempt from disclosure under applicable law. If the reader is not the intended recipient or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. This communication may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you have received this communication in error, please notify the sender by reply e-mail or collect telephone call and delete or destroy all copies of this e-mail message, any physical copies made of this e-mail message and/or any file attachment(s). From steve.swaney at fsl.com Fri Apr 21 16:45:51 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Apr 21 16:46:04 2006 Subject: MailScanner Future (aka money) In-Reply-To: <4448E486.2@Aeroflex.com> Message-ID: <04de01c6655a$ab40cad0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of William.Burns@aeroflex.com > Sent: Friday, April 21, 2006 9:56 AM > To: MailScanner discussion > Subject: Re: MailScanner Future (aka money) > > > What does defenderMX cost? > DefenderMX is licensed by the number of CPU's in the gateway, there is no restriction on the number of mailboxes or domains managed. This typically makes our pricing substantially less than the competition. A one CPU license in the US is $1,390 per server which includes the first year of updates / upgrades and support. Year two support is $395. A two CPU license in the US is $2,490 per server which includes the first year of updates / upgrades and support. Year two support is $735. A four CPU license in the US is $4,890 per server which includes the first year of updates / upgrades and support. Year two support is $1,345. There are discounts for multiple gateways and if multiple gateways are purchased FSL will configure the multiple gateways at no additional charge. Prices outside of the US are slightly higher. Educational organizations receive a 25% discount. Prices are subject to change. For a specific quote please email robin@fsl.com. A fully functional 30 day demo is available for download from our web site. Best regards, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ecasarero at gmail.com Fri Apr 21 16:48:07 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Apr 21 16:48:13 2006 Subject: mail scanner stuck In-Reply-To: References: <7d9b3cf20604181250g5cf100baida1ff5659316e390@mail.gmail.com> Message-ID: <7d9b3cf20604210848p2983f951y8cca43df96231487@mail.gmail.com> I am confused :-S. I followed your instructions, i was able to see the email and the attach, so i send a new mail with the attaches to a "test" box with Mscanner and nothing happened, just scanned and delivered. verrryyy xtrange. then i tryed the same with the box that stucked with the same files. and magically they passed. So i just don?t know what to do. im going to put the q and f on the mqueu.in a see whats happens. tell you later. Regards. 2006/4/18, Jim Holland : > > On Tue, 18 Apr 2006, Eduardo Casarero wrote: > > > jim, i?ve the messages but i just substracted them from the mqueu.in. > > Sizes goes from 400Kb to 7Mb. Aparently they are compressed PPT Power > > Point Presentations. how can i open that mail if i have the > > qfk3HFIQcc008169 and dfk3HFIQcc008169 In the bacht that failed there was > > > 1 email only, i chaged parameters so mailscanner takes 1 by 1 so i found > > this 4 problematic mails. > > If you are happy to just release the message, then stop MailScanner (if > you want to avoid possible error messages), move both of the above files > into /var/spool/mqueue, and then restart MailScanner. > > If you want to scan the message manually, then as far as I know you have > to convert the above back into a single message file. I do that the hard > way: > > cat qfk3HFIQcc008169 dfk3HFIQcc008169 > msg.tmp > edit the headers in msg.tmp: > Delete all lines up to but not including the first Received: > line > Delete all H?? entries at the beginning of lines > Delete the . on the line at the end of the headers. > > You can then scan the message. > > Your comment about the files being compressed PPT Power Point > Presentations > is also very interesting, as PPT files were also amongst the problem > messages that I came across. > > > 2006/4/18, Jim Holland : > > > > > > Hi Martin > > > > > > On Tue, 18 Apr 2006, Martin Hepworth wrote: > > > > > > > I'd look at why the clamavmodule is timing out - does clamscan work > OK > > > > from the command line???? > > > > > > On my system I am not running clamavmodule - just plain clamav. The > error > > > message below was on the system being run by Eduardo Casarero. > > > > > > > RH 7.1 is really really old > > > > > > Soon to be upgraded to Debian Sarge :-) > > > > > > > so it could be problems with either clamAV or the perl module not > > > > working with 7.1. > > > > > > > What happens if you change from the module to the normal clamav > scanner > > > > in MailScanner.conf? > > > > > > See above. > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > > > > > Sent: 17 April 2006 22:41 > > > > > To: MailScanner discussion > > > > > Subject: Re: mail scanner stuck > > > > > > > > > > On Mon, 17 Apr 2006, Eduardo Casarero wrote: > > > > > > > > > > > Date: Mon, 17 Apr 2006 17:33:54 -0300 > > > > > > From: Eduardo Casarero > > > > > > Reply-To: MailScanner discussion > > > > > > > > > To: MailScanner discussion > > > > > > Subject: Re: mail scanner stuck > > > > > > > > > > > > hi, after doing some investigation i found the following: > > > > > > with 4 particular emails: > > > > > > > > > > > in /var/log/maillog: > > > > > > > > > > Apr 17 16:54:22 avas2 MailScanner[4150]: Virus and Content > Scanning: > > > > > Starting > > > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Commercial scanner > > > clamavmodule > > > > > timed out! > > > > > Apr 17 16:59:23 avas2 MailScanner[4150]: Virus Scanning: Denial Of > > > Service > > > > > attack detected! > > > > > > > > > -------------------------------------------------------------------------- > > > > > --- > > > > > > After this last log message the mail scanner rescan of the same > > > email > > > > > > looping. This was logged with 1 child runnig (just for debuggin, > in > > > > > > normal operation runs 6 childs) > > > > > > > > > > . . . > > > > > > > > > > > After this i really don?t know what to do. Cause Clamav is the > only > > > AV > > > > > > on the system and MScanner has a Timeout for AV of 300 segs an > > > clamav > > > > > takes > > > > > > only 37.24 seg. so MScanner cant see that clamav finished or > > > something > > > > > > is missing. > > > > > > > > > > . . . > > > > > > > > > > This seems to be very similar to the problem I wrote about earlier > > > this > > > > > evening in: > > > > > > > > > > Subject: Solved? Re: Still stuck in queue, version 4.52.2 > > > > > > > > > > I would be very interested to know: > > > > > > > > > > The size of the message > > > > > > > > > > What files it contained > > > > > > > > > > Whether the files were compressed, and if so > > > > > what was the uncompressed file size > > > > > > > > > > How many messages were in the batch that failed? > > > > > > > > > > Clearly if the message is one of say 30 in a batch then it is > going to > > > be > > > > > easier for ClamAV to time out on the batch than if there was only > one > > > in > > > > > the batch. My understanding is that the timeout setting applies > to > > > the > > > > > whole batch and not to a single message. > > > > > > > > > > As indicated in my message, I have changed the default for: > > > > > > > > > > Virus Scanner Timeout = > > > > > > > > > > in MailScanner.conf from 300 to 600 seconds to try to avoid this > kind > > > of > > > > > problem. > > > > > > > > > > Regards > > > > > > > > > > Jim Holland > > > > > System Administrator > > > > > MANGO - Zimbabwe's non-profit e-mail service > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > ********************************************************************** > > > > > > > > This email and any files transmitted with it are confidential and > > > > intended solely for the use of the individual or entity to whom they > > > > are addressed. If you have received this email in error please > notify > > > > the system manager. > > > > > > > > This footnote confirms that this email message has been swept > > > > for the presence of computer viruses and is believed to be clean. > > > > > > > > > ********************************************************************** > > > > > > > > > > > > > > Regards > > > > > > Jim Holland > > > System Administrator > > > MANGO - Zimbabwe's non-profit e-mail service > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060421/b3d1ff14/attachment.html From Jan-Peter.Koopmann at seceidos.de Fri Apr 21 17:34:14 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Fri Apr 21 17:34:25 2006 Subject: Reject non-existant users with exchange and exim Message-ID: On Thursday, April 20, 2006 11:56 PM chardlist wrote: > In the wiki documentation I see methods how to set up exim routers to > scan mail and then pass it along to another server (exchange in this > case), but I don't see a way to configure the exchange server and the What version of Exchange? Exchange 2003 is finally able to reject non-valid recipients on RCPT TO. If you use Exchange 2003 all you need to do is enable that option and to a recipient callout in Exim. Otherwise you will need LDAP for Exchange 2000 or Database Export etc. for Exchange 5.5 together with a few tweaks in Exim. Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060421/12606986/smime.bin From t.d.lee at durham.ac.uk Fri Apr 21 18:08:28 2006 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Apr 21 18:08:58 2006 Subject: Virus and filename conflation Message-ID: (MS version 4.50.14) An inbound email for one of our users recently disappeared into a black hole. This turns out to be repeatable. The inbound email had an attachement "enable.jar". The sendmail logs showed: Filename Checks: Very long filename, possible OE attack (...) but the "...", which was, indeed, very long (154 characters) wasn't that "enable.jar", rather of the form "path/to/some/verylongfile(blah).class". Our "filename.rules.conf" has, near the top, the default setting: deny(tab).{150,}(tab)...(tab)... That triggers MS to mark it as a pseudo-virus: Infected Header Value = Found to be infected Therein, I think, lies the problem. The comments around that ".{150,}" rule say: # So very long filenames must be denied regardless of the final extension. so naturally, because of the strength of this comment, it seems wise for us to keep this as "deny". (By contrast, we specifically comment out (i.e implicitly "allow") most of the other "deny" clauses.) But for MS to mark this as a pseudo-virus ("Found to be infected") seems dubious. The "procmail" scripts that many of our users have then use this header value (whose semantics are "I am a nasty virus") to put such emails straight into "/dev/null". In other words, MS has conflated "{Virus?}" and "{Filename?}" issues onto a single "Infected Header Value". 1. How paranoid should we be about the ".{150,}" and its dire warnings? 2. Does MS need (yet) another configuration variable alongside "Infected Header Value"? Have I overlooked something? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From chardlist at chard.net Fri Apr 21 20:31:19 2006 From: chardlist at chard.net (chardlist) Date: Fri Apr 21 20:31:52 2006 Subject: Reject non-existant users with exchange and exim In-Reply-To: Message-ID: <00a501c6657a$2bfb1ad0$0202fea9@sangria> They're all using Exchange 2003. Exim is configured with the following router and transport to handle the domains that I am a gateway for. Where should I put the callout in the Exim configuration file and what should it say? I want to make sure this won't affect the local pop accounts too. Router static_route: driver = manualroute transport = remote_smtp_smart route_data = ${lookup{$domain}lsearch{/etc/staticroutes}} Transport remote_smtp_smart: driver = smtp hosts = ${lookup{$domain}lsearch{/etc/staticroutes}} hosts_override Thank you! -Brendan -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter Sent: Friday, April 21, 2006 11:34 AM To: MailScanner discussion Subject: RE: Reject non-existant users with exchange and exim On Thursday, April 20, 2006 11:56 PM chardlist wrote: > In the wiki documentation I see methods how to set up exim routers to > scan mail and then pass it along to another server (exchange in this > case), but I don't see a way to configure the exchange server and the What version of Exchange? Exchange 2003 is finally able to reject non-valid recipients on RCPT TO. If you use Exchange 2003 all you need to do is enable that option and to a recipient callout in Exim. Otherwise you will need LDAP for Exchange 2000 or Database Export etc. for Exchange 5.5 together with a few tweaks in Exim. Regards, JP From mbneto at gmail.com Fri Apr 21 23:52:42 2006 From: mbneto at gmail.com (mbneto) Date: Fri Apr 21 23:52:46 2006 Subject: MailScanner Future In-Reply-To: <4447BDC1.8080201@ecs.soton.ac.uk> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> Message-ID: <5cf776b80604211552x725d1f7fi2cbb1feee24a2453@mail.gmail.com> Julian, In a recently news I've noticed that the k3b developer asked for donations in order to buy a new computer. He aimed a 1000Euro and got almost 4 times that amount. Why don't you consider doing this? Set a value that would give you the tools/buy the time to develop MailScanner and feel rewarded ($) at the same time? On 4/20/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > There may be some news on this subject in the near future. What I want > differs somewhat from what other people I am involved with want, but I'm > quite prepared to put my foot down and not piss everyone off just to > make money from it. You folks are one of my most important resources; > not only the beta testing and maintaining the wiki, but also steering > the direction of my work. It wouldn't be the product it is today without > all the ideas for new features that you create. > > By the way the only merchandise I make money from is the book. > Everything else is sold at cost price (except for $1 profit per item). > But keep buying the other stuff as well, it makes very good walking > advertising for me. If you want to donate money by buying something > (useful in companies) then just buy the book. Or even maybe a few copies > so that everyone involved with managing your email system has their own > copy. > > I can always create a pretty printed CD with the latest version on it so > that you have something physical delivered if you would like to donate a > higher figure, I'm registered for tax purposes in the USA as well as the > UK and have access to a bank account in both countries. > > I'll keep you all posted as and when there is any news. > > Alex Neuman wrote: > > I've already asked most of my clients to buy the book. I'm including the cost of the book in all future installs so that all my clients will contribute. I'll try to visit the wiki more often and click on ads... :) > > > > > > -----Original Message----- > > >From: "Michele Neylon :: Blacknight.ie" > > >Sent: 04/19/06 7:32:15 PM > > >Buy merchandise from the website. Julian's also running adsense on the > > >wiki these days as well > > > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBREe9wxH2WUcUFbZUEQJm9wCgqV2/aivP9umYvT8RAdZCTJZtxd0AnjaU > 1eRr+DW/qSdnMWfiOe26Ef4O > =q+VR > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ja at conviator.com Sat Apr 22 11:39:00 2006 From: ja at conviator.com (Jan Agermose) Date: Sat Apr 22 11:39:09 2006 Subject: Mailproblem Message-ID: <6B59FCF2EFD0334A8147A1BB463F111E0115F0F8@mail-17ps.atlarge.net> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 534 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060422/368051a6/attachment.gif From Jan-Peter.Koopmann at seceidos.de Sat Apr 22 11:53:42 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Sat Apr 22 11:54:07 2006 Subject: Reject non-existant users with exchange and exim Message-ID: On Friday, April 21, 2006 9:31 PM chardlist wrote: > They're all using Exchange 2003. Fine. Have you configured Exchange to deny mails to non-existent e-mail adresses? You need to enable this on two locations in the system manager. Have a look at the FAQ/Wiki. AFAICR it is described there. > Exim is configured with the following router and transport to handle > the domains that I am a gateway for. Where should I put the callout > in the Exim configuration file and what should it say? I want to > make sure this won't affect the local pop accounts too. Have you had a look at www.exim.org? It should all be described there as well. It has nothing to do with routers/transport but with ACLs. In your RCPT TO ACL you should simply make a recipient callout for all domains that you deliver to your Exchange. Search the exim doc for ACL and callout. Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060422/ee05e09c/smime.bin From steve.swaney at fsl.com Sat Apr 22 12:19:58 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sat Apr 22 12:20:08 2006 Subject: Mailproblem In-Reply-To: <6B59FCF2EFD0334A8147A1BB463F111E0115F0F8@mail-17ps.atlarge.net> Message-ID: <07e601c665fe$b0ce81a0$2901010a@office.fsl> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 534 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060422/b757dde8/attachment.gif From pravin.rane at gmail.com Sun Apr 23 06:50:22 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Sun Apr 23 06:50:28 2006 Subject: MailScanner Feature Request. Message-ID: <13c021a90604222250r687efb18r415182e942d294e0@mail.gmail.com> Hi This is my first posting to Mailscannner list. I am using Qmail + MailScanner + Mailwatch + ClamAV + Spamassassin. My problem is I am getting same messae-Ids for mulitple mails in Mailwatch interface. After searching in Mailwatch FAQ I found the author pointed to counsult with Mailscanner's Author since all this information its getting from MailScanner. Is there any work-arround (Patch) to get unique message-ids?. Since qmail uses same message-ids to different messages if it does not find that inode number. in queue. -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060423/55705468/attachment.html From res at ausics.net Sun Apr 23 10:51:46 2006 From: res at ausics.net (Res) Date: Sun Apr 23 10:51:59 2006 Subject: MailScanner Feature Request. In-Reply-To: <13c021a90604222250r687efb18r415182e942d294e0@mail.gmail.com> References: <13c021a90604222250r687efb18r415182e942d294e0@mail.gmail.com> Message-ID: On Sun, 23 Apr 2006, Pravin Rane wrote: > Hi > > This is my first posting to Mailscannner list. > > I am using Qmail + MailScanner + Mailwatch + ClamAV + Spamassassin. When you get bored one day, maybe you'd like to write a little howto on how to get qmail working with mailscanner :) Res From MailScanner at ecs.soton.ac.uk Sun Apr 23 15:55:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 23 15:55:52 2006 Subject: MailScanner Feature Request. In-Reply-To: References: <13c021a90604222250r687efb18r415182e942d294e0@mail.gmail.com> Message-ID: <444B956A.5080705@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Res wrote: > On Sun, 23 Apr 2006, Pravin Rane wrote: > >> Hi >> >> This is my first posting to Mailscannner list. >> >> I am using Qmail + MailScanner + Mailwatch + ClamAV + Spamassassin. > > When you get bored one day, maybe you'd like to write a little howto > on how to get qmail working with mailscanner :) > Yes, that would be useful. I had no involvement at all in the porting of MailScanner to support Qmail. The only people who know anything about it are the guys (at openprotect?) who wrote it. I'm sure they can help you patch the Qmail source, as that always seems to be needed with Qmail for some daft reason I can't quite understand. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBREuVaxH2WUcUFbZUEQJRAQCgrljyEKkckSpYmS6/auHtQU/0vWIAn15n gj/QDbCcjm9vmGhViDvZ3y0G =3NQD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From root at doctor.nl2k.ab.ca Sun Apr 23 20:25:43 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Apr 23 20:26:19 2006 Subject: New Mail Scanner In-Reply-To: <444B956A.5080705@ecs.soton.ac.uk> References: <13c021a90604222250r687efb18r415182e942d294e0@mail.gmail.com> <444B956A.5080705@ecs.soton.ac.uk> Message-ID: <20060423192543.GA5369@doctor.nl2k.ab.ca> On Sun, Apr 23, 2006 at 03:55:38PM +0100, Julian Field wrote: > So Julian, what is due in the next MAilScanner? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Apr 23 21:34:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 23 21:34:11 2006 Subject: New Mail Scanner In-Reply-To: <20060423192543.GA5369@doctor.nl2k.ab.ca> References: <13c021a90604222250r687efb18r415182e942d294e0@mail.gmail.com> <444B956A.5080705@ecs.soton.ac.uk> <20060423192543.GA5369@doctor.nl2k.ab.ca> Message-ID: <444BE4B9.9060006@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The next release has nothing major new in it yet. I will do the release as it has a couple of bug fixes in it to do with the denial-of-service attack detection code, but that's it so far this month. Other than that, tell me what you would like to see! Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Sun, Apr 23, 2006 at 03:55:38PM +0100, Julian Field wrote: > > > So Julian, what is due in the next MAilScanner? > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBREvkuhH2WUcUFbZUEQK1bgCg5JShevL+P4yAFAkL+s4+EtwlBDkAoOZE FOPvQikOuKI/ECqPXRncqrh0 =b1hb -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From matt at coders.co.uk Sun Apr 23 21:59:58 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sun Apr 23 22:00:10 2006 Subject: New Mail Scanner In-Reply-To: <444BE4B9.9060006@ecs.soton.ac.uk> References: <13c021a90604222250r687efb18r415182e942d294e0@mail.gmail.com> <444B956A.5080705@ecs.soton.ac.uk> <20060423192543.GA5369@doctor.nl2k.ab.ca> <444BE4B9.9060006@ecs.soton.ac.uk> Message-ID: <444BEACE.5020302@coders.co.uk> Julian Field wrote: > The next release has nothing major new in it yet. I will do the release > as it has a couple of bug fixes in it to do with the denial-of-service > attack detection code, but that's it so far this month. > > Other than that, tell me what you would like to see! > One "quickie" if possible: the ability to add a header (and preferably passed to the message object) the original message id if it hits the SA cache. One "may need some thinking about".... the ability to call a function after a message has been archived with the path of the file as the parameter. cheers Matt From adrik at salesmanager.nl Mon Apr 24 08:23:58 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Mon Apr 24 08:24:02 2006 Subject: New Mail Scanner Message-ID: Hi Julian, Did you get anywhere with extracting Embedded Objects from Microsoft Office documents to check filename and filetype? Also support for SpamAssassin to pickup the new rules from sa-update would be nice (check LOCAL_STATE_DIR). Adri. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: zondag 23 april 2006 22:34 > To: MailScanner discussion > Subject: Re: New Mail Scanner > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The next release has nothing major new in it yet. I will do > the release as it has a couple of bug fixes in it to do with > the denial-of-service attack detection code, but that's it so > far this month. > > Other than that, tell me what you would like to see! > > Dave Shariff Yadallee - System Administrator a.k.a. The Root > of the Problem wrote: > > On Sun, Apr 23, 2006 at 03:55:38PM +0100, Julian Field wrote: > > > > > > So Julian, what is due in the next MAilScanner? > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBREvkuhH2WUcUFbZUEQK1bgCg5JShevL+P4yAFAkL+s4+EtwlBDkAoOZE > FOPvQikOuKI/ECqPXRncqrh0 > =b1hb > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Mon Apr 24 09:02:29 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Apr 24 09:02:44 2006 Subject: New Mail Scanner In-Reply-To: <444BE4B9.9060006@ecs.soton.ac.uk> Message-ID: <008c01c66775$707c0b90$3004010a@martinhlaptop> Julian Saupdate support (remember that one from the IRC channel ;-) Exim 4.61 support where the ACL lines in the header has changed slightly.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 23 April 2006 21:34 > To: MailScanner discussion > Subject: Re: New Mail Scanner > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The next release has nothing major new in it yet. I will do the release > as it has a couple of bug fixes in it to do with the denial-of-service > attack detection code, but that's it so far this month. > > Other than that, tell me what you would like to see! > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote: > > On Sun, Apr 23, 2006 at 03:55:38PM +0100, Julian Field wrote: > > > > > > So Julian, what is due in the next MAilScanner? > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBREvkuhH2WUcUFbZUEQK1bgCg5JShevL+P4yAFAkL+s4+EtwlBDkAoOZE > FOPvQikOuKI/ECqPXRncqrh0 > =b1hb > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Apr 24 11:19:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 24 11:19:38 2006 Subject: New Mail Scanner In-Reply-To: <008c01c66775$707c0b90$3004010a@martinhlaptop> References: <008c01c66775$707c0b90$3004010a@martinhlaptop> Message-ID: <6EBE55D0-CE8A-41C8-B722-DF9B0AE79E14@ecs.soton.ac.uk> On 24 Apr 2006, at 09:02, Martin Hepworth wrote: > Saupdate support (remember that one from the IRC channel ;-) Done. New beta out. Can someone tell me more about the change in the Exim header file? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Mon Apr 24 11:29:30 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Apr 24 11:29:37 2006 Subject: FW: MailScanner 4.52.2 destroys exim 4.61 spool files Message-ID: <00a601c66789$f8bf87c0$3004010a@martinhlaptop> Jules A reminder about the ACL changes in exim 4.61 - obviously most people are still running versions before this so the code needs to work for 4.61 and versions previous. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of joerg.pichel@sdm.de > Sent: 20 April 2006 11:17 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner 4.52.2 destroys exim 4.61 spool files > > > We use exim together with MailScanner (4.52.2). Exim receives messages at > TCP-25 and stores it into the in-spool. Mailscanner processes this in- > spool queue und delivers back to exim (out-spool). > > I recently upgraded from exim 4.60 to exim 4.61 which extends the spool > file format of the *-H files. The problem is, that the spool files in the > out-spool are no longer readable neither bei exim (4.61 says: "Format > error in spool file") nor bei MailScanner ("Found invalid queue files") > itself. I assume that MailScanner can't deal with the new format of the *- > H files from exim 4.61. > > > Example: > > Head of the original H-file with correct format: > ################################### > 1FWVj8-0004N0-Gl-H > root 0 0 > > 1145526330 0 > -helo_name buf202.internetdsl.tpnet.pl > -host_address 83.18.161.202.3963 > -host_name buf202.internetdsl.tpnet.pl > -interface_address 192.76.162.230.25 > -received_protocol smtp > -aclc 1 143 > X-sdm-Check-DNSbl-Warning: 83.18.161.202 is listed in dnsbl.sorbs.net > (Exploitable Server See: http://www.sorbs.net/lookup.shtml?83.18.161.202) > -aclm 0 0 > > -aclm 1 143 > X-sdm-Check-DNSbl-Warning: 83.18.161.202 is listed in dnsbl.sorbs.net > (Exploitable Server See: http://www.sorbs.net/lookup.shtml?83.18.161.202) > -aclm 2 2 > 30 > -body_linecount 505 > -deliver_firsttime > XX > 1 > someone@sdm.de > > 179P Received: by world2.sdm.de (MTA) via smtp for ... > > ################################### > > > Head of the crunched H-file in the out-spool after beeing processed by > MailScanner: > ################################### > 1FWVj8-0004N0-Gl-H > root 0 0 > > 1145526330 0 > -host_address 83.18.161.202.3963 > -aclc 1 143 > -helo_name buf202.internetdsl.tpnet.pl > -host_name buf202.internetdsl.tpnet.pl > -interface_address 192.76.162.230.25 > -received_protocol smtp > NN 83.18.161.202 > -aclm 0 0 > > 179P Received: by world2.sdm.de (MTA) via smtp for ... > > ################################### > > > Joerg Pichel > > -- > Joerg.Pichel@sdm.de > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From simon.dick at advantage-interactive.com Mon Apr 24 14:09:02 2006 From: simon.dick at advantage-interactive.com (Simon Dick) Date: Mon Apr 24 14:09:06 2006 Subject: New Mail Scanner In-Reply-To: <6EBE55D0-CE8A-41C8-B722-DF9B0AE79E14@ecs.soton.ac.uk> References: <008c01c66775$707c0b90$3004010a@martinhlaptop> <6EBE55D0-CE8A-41C8-B722-DF9B0AE79E14@ecs.soton.ac.uk> Message-ID: <1145884142.82565.2.camel@laptop.lcn.com> On Mon, 2006-04-24 at 11:19 +0100, Julian Field wrote: > On 24 Apr 2006, at 09:02, Martin Hepworth wrote: > Can someone tell me more about the change in the Exim header file? Try at http://www.exim.org/exim-html-4.61/doc/html/spec_html/ch52.html especially the green sections From dhawal at netmagicsolutions.com Mon Apr 24 14:32:38 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 24 14:32:25 2006 Subject: Feature request: native qmail support In-Reply-To: <4447E8F0.4040802@elirion.net> References: <443E55B3.9020303@netmagicsolutions.com> <4447E8F0.4040802@elirion.net> Message-ID: <444CD376.7030700@netmagicsolutions.com> Richard Siddall wrote: > Dhawal Doshy wrote: > [snip] >> If you think this is doable, i can send you the necessary files/diffs >> from the latest version of openprotect. >> > > If you've got diffs for an updated qmail/MailScanner integration, I'd be > interested in seeing them. > > Regards, > > Richard Siddall Have been quite busy lately.. i'll sent it across as soon as possible. - dhawal From William.Burns at Aeroflex.com Mon Apr 24 14:31:30 2006 From: William.Burns at Aeroflex.com (William.Burns@Aeroflex.com) Date: Mon Apr 24 14:33:36 2006 Subject: MailScanner Future (aka money) In-Reply-To: <04de01c6655a$ab40cad0$2901010a@office.fsl> References: <04de01c6655a$ab40cad0$2901010a@office.fsl> Message-ID: <444CD332.2010705@Aeroflex.com> Thanks Steve. Would it be possible to place bounties on feature requests as a way to attract money for MailScanner? Personally, I think that any/all of these numbers would be appropriate for "media" costs in corporate deployments. Hopefully, book(s) and/or tee-shirts could be thrown-in for the larger dollar amounts. -Bill Stephen Swaney wrote: >>What does defenderMX cost? >> >> >> > >DefenderMX is licensed by the number of CPU's in the gateway, there is no >restriction on the number of mailboxes or domains managed. This typically >makes our pricing substantially less than the competition. > >A one CPU license in the US is $1,390 per server which includes the first >year of updates / upgrades and support. Year two support is $395. > >A two CPU license in the US is $2,490 per server which includes the first >year of updates / upgrades and support. Year two support is $735. > >A four CPU license in the US is $4,890 per server which includes the first >year of updates / upgrades and support. Year two support is $1,345. > >There are discounts for multiple gateways and if multiple gateways are >purchased FSL will configure the multiple gateways at no additional charge. > >Prices outside of the US are slightly higher. > >Educational organizations receive a 25% discount. > >Prices are subject to change. For a specific quote please email >robin@fsl.com. > >A fully functional 30 day demo is available for download from our web site. > >Best regards, > >Steve > >Stephen Swaney >Fort Systems Ltd. >stephen.swaney@fsl.com >www.fsl.com > > Notice: This e-mail is intended solely for use of the individual or entity to which it is addressed and may contain information that is proprietary, privileged, company confidential and/or exempt from disclosure under applicable law. If the reader is not the intended recipient or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. This communication may also contain data subject to the International Traffic in Arms Regulations or U.S. Export Administration Regulations and cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, without the prior approval of the U.S. Department of State or appropriate export licensing authority. If you have received this communication in error, please notify the sender by reply e-mail or collect telephone call and delete or destroy all copies of this e-mail message, any physical copies made of this e-mail message and/or any file attachment(s). From dhawal at netmagicsolutions.com Mon Apr 24 14:41:04 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Apr 24 14:41:30 2006 Subject: postfix + mailscanner WAS: Missed anything important? In-Reply-To: <4447E636.4010209@elirion.net> References: <4447E246.2080101@ecs.soton.ac.uk> <4447E636.4010209@elirion.net> Message-ID: <444CD570.301@netmagicsolutions.com> Richard Siddall wrote: > Julian Field wrote: >> I have just marked everything in the list as "read". Anything important >> I have missed? >> > > Dhawal Doshy posted a couple of messages from the Postfix list about a > possible documented queue interface. It sounds like Wietse is seriously > considering supporting the pragmatic approach that MailScanner uses, but > wants some input on developing a secure, robust interface. (Dhawal's > posts indicate Wietse has put some thought into what's required, but > doesn't want to do all the work himself.) > > Dhawal also pointed out that qpsmtpd also uses a queue level interface > to Postfix, and will also be broken by the upcoming changes to Postfix's > queue implementation. A copy of all communication (sorted) regarding postfix support.. My quest here is to ensure that postfix and mailscanner play nice with each other from a technical (which i believe it does currently but is bound to break with future postfix releases) and also from a political point of view, since both products will benefit from this (postfix users have an alternative to amavis and mailscanner users enjoy official postfix support).. We now have postfix+mailscanner working perfectly fine, but is likely to break in future releases due to internal changes in the postfix queue working.. hence i took the liberty of sending a mail questioning future changes to the postfix users list: My Mail ============== MailScanner currently works in this fashion: Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue ==> local delivery or relay From what i understand, the part where mailscanner re-queues mails to the postfix incoming queue is the questionable part.. So what conclusion do we (the non-programmer postfix users) draw from your discussion? What are the changes expected that i need to communicate to the mailscanner development team? Finally, what would be required to make mailscanner an approved Content-Scanner for postfix. ============== This is the reply from Wietse: ============== It takes a stable EXTERNAL interface, so that non-Postfix software is immune to changes in Postfix INTERNAL details. For example, software that speak SMTP is largely immune to changes in Postfix internal details, because SMTP is well defined. Absent precisely formulated requirements I can't define an external interface for content management. Wietse ============== A search on the postfix archive gave me this mail from Wietse, this mail was dated 01/15/2004: ============== The question is 100% academic. Like other Postfix internals, Postfix queue details will not be published until they stop changing. Until then I want to have the freedom to make changes without having to jump horrible hoops in order to avoid breaking other people's software. To give you an idea of what it would take to make mailscanner safe with the PRESENT queue implementation: 1) The Postfix queue would have to be changed from a three-state incoming/active/deferred organization to a four-state organization of unfiltered/incoming/active/deferred. 2) All four queues MUST BE in the same file system. Otherwise mail will be corrupted or lost. 3) A modified cleanup server drops new mail into the "unfiltered" queue and notifies mailscanner, while the unmodified cleanup server drops locally forwarded mail into the incoming queue and informs the queue manager as usual. 4) Mailscanner MUST NOT move queue files except by renaming them between Postfix queue directories. Otherwise mail will be corrupted or lost. 5) Mailscanner MUST maintain the relationship between the file name and the file inode number. Otherwise mail will be corrupted or lost. 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take irreversible actions, or actions that may require undo operations after a system crash. Otherwise mail will be corrupted or lost. Specifically: 8) Mailscanner MUST NOT modify queue files. If content needs to be updates, Mailscanner MUST create a new queue file and delete the original only after the new file has been committed to stable storage. Otherwise mail will be corrupted or lost. 9) When creating a queue file, Mailscanner MUST adhere to the convention that the file permissions are set to "executable" only after the file contents are safely stored. Otherwise mail will be corrupted or lost. 10) Mailscanner should never touch a queue file that has an advisory lock (flock or fcntl lock, depending on the system environment). Otherwise mail will be corrupted or lost. But again, all this is academic, because I will never support non-standard interfaces for content inspection in Postfix. Wietse ============== Also here is what he had to say on the qpsmtpd interface to postfix. =============== A reasonably MTA-independent submission interface would look like this, if implemented as (stdin + exit status) which is script-friendly though not maximally robust (like an SMTP-like interface would be). First a block of envelope headers: protocol_name: SMTP helo_name: client hostname client_name: client hostname client_address: [ipv4address] or [ipv6:ipv6address] client_port: port number sasl_method: plain sasl_username: you sasl_sender: size: 12345 ccert_subject: solaris9.porcupine.org ccert_issuer: Wietse Venema ccert_fingerprint: C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04 encryption_protocol: TLSv1/SSLv3 encryption_cipher: DHE-RSA-AES256-SHA encryption_keysize: 256 sender: <> or address dsn-envelope-id: dsn-return-option: full or headers recipient: address (<> not allowed) dsn-notify-options: never, or comma-separated list of fail, delay, success dsn-orig-rcpt: original recipient After a blank line, the standard RFC2822 content: headers.... blank body... Where the blank and body... are optional. The exit status is 0 for success. All other status codes mean that the operation failed. We have to do much of this anyway when mail archival support is added, so I would like to get it right once. Now this is not the whole story: this submission interface cannot be exposed to untrusted users of they could bypass all the safety checks that are built into smtpd, pickup, postdrop and cleanup. So it has to be implemented as a set-gid helper that checks an authorization list. If the caller is trusted, then it passes a file descriptor to a Postfix daemon process that does the actual work. I don't intend to use set-uid programs within Postfix. Wietse =============== - dhawal > Regards, > > Richard Siddall From martinh at solid-state-logic.com Mon Apr 24 14:45:01 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Apr 24 14:45:14 2006 Subject: Beta 4.53.3 Message-ID: <00d801c667a5$49125200$3004010a@martinhlaptop> Julian Small problem on this - lib/dr-wrapper hasn't got the execute bits set so update_virus_scanners complains it can't access the file.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Apr 24 15:28:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 24 15:29:01 2006 Subject: Beta 4.53.3 In-Reply-To: <00d801c667a5$49125200$3004010a@martinhlaptop> References: <00d801c667a5$49125200$3004010a@martinhlaptop> Message-ID: Many thanks for spotting that. I recently moved code repository servers, and changed from CVS to Subversion at the same time. That created a whole raft of special little problems :-( On 24 Apr 2006, at 14:45, Martin Hepworth wrote: > > Julian > > Small problem on this - lib/dr-wrapper hasn't got the execute bits > set so > update_virus_scanners complains it can't access the file.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From richard.siddall at elirion.net Mon Apr 24 15:40:40 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Mon Apr 24 15:44:28 2006 Subject: Features for next beta Message-ID: <444CE368.5090002@elirion.net> Julian, You asked for suggestions for features for the next beta. On March 16th Phil Randal posted a script to download supplemental signatures for ClamAV from http://www.sanesecurity.com/clamav/. I'm not sure it's a good idea, but this could be integrated into update_virus_scanners, either as an optional modification to the ClamAV update or as the first in a set of supplemental signature updaters. Regards, Richard Siddall From prandal at herefordshire.gov.uk Mon Apr 24 16:01:12 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Apr 24 16:04:11 2006 Subject: Features for next beta Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580C59243C@isabella.herefordshire.gov.uk> I'd hold off doing anything about that for a while. There's a lot of discussion on the ClamAV Users' mailing list at the moment about Steve Basford's phishing database and it's possible that he will change things to reduce the load on his site, which would likely break any current scripts. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Richard Siddall > Sent: 24 April 2006 15:41 > To: MailScanner discussion > Subject: Features for next beta > > Julian, > > You asked for suggestions for features for the next beta. > > On March 16th Phil Randal posted a script to download supplemental > signatures for ClamAV from http://www.sanesecurity.com/clamav/. > > I'm not sure it's a good idea, but this could be integrated into > update_virus_scanners, either as an optional modification to > the ClamAV > update or as the first in a set of supplemental signature updaters. > > Regards, > > Richard Siddall > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From aholmes at appiaservices.com Mon Apr 24 16:49:58 2006 From: aholmes at appiaservices.com (Alan Holmes) Date: Mon Apr 24 16:49:53 2006 Subject: not enforcing message size limits Message-ID: <007a01c667b6$bd8e3480$1301a8c0@Alanslaptop> I can not get mailscanner to enforce the message size limits. I originally started out wanting to limit minimum attachment sizes but that was not working, so in the course of troubleshooting I decided to limit maximum message size to 1000 bytes. However I can still send messages of any size. The log messages seem to suggest that mailscanner is not scanning the messages. I feel like there is some kind of global setting that I am missing. Apr 24 11:37:56 localhost postfix/smtpd[5968]: connect from ppp-X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*] Apr 24 11:37:56 localhost postfix/smtpd[5968]: E45B0E795E: client=ppp-X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*] Apr 24 11:38:00 localhost postfix/smtpd[5968]: 48AB0E795E: client=ppp-X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*] Apr 24 11:38:00 localhost postfix/cleanup[5971]: 48AB0E795E: hold: header Received: from dopey (ppp-X.X.X.X.dsl.chcgil.ameritech.net [*.*.*.*])??by mail01.nowhere.nowhere.com (Postfix) with ESMTP id 48AB0E795E??for ; Mon, 24 Apr 2006 11:38:0 from ppp-X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*]; from= to= proto=ESMTP helo= Apr 24 11:38:00 localhost postfix/cleanup[5971]: 48AB0E795E: message-id=<20060424163800.48AB0E795E@mail01.nowhere.nowhere.com> Apr 24 11:38:00 localhost postfix/smtpd[5968]: disconnect from ppp-X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*] Apr 24 11:38:01 localhost MailScanner[5190]: New Batch: Forwarding 1 unscanned messages, 3458 bytes Apr 24 11:38:01 localhost MailScanner[5190]: Requeue: 48AB0E795E.C0CEE to D0F6CE7964 Apr 24 11:38:01 localhost postfix/qmgr[3250]: D0F6CE7964: from=, size=3194, nrcpt=1 (queue active) Apr 24 11:38:01 localhost MailScanner[5190]: Unscanned: Delivered 1 messages Apr 24 11:38:01 localhost MailScanner[5190]: Virus and Content Scanning: Starting Apr 24 11:38:01 localhost postfix/smtp[5978]: D0F6CE7964: to=, relay=nowhere.nowhere.com[X.X.X.X], delay=1, status=sent (250 ok 1145892934 qp 14826) Apr 24 11:38:01 localhost postfix/qmgr[3250]: D0F6CE7964: removed Any help is appreciated. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060424/c7a04d5a/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 24 16:51:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 24 16:51:58 2006 Subject: MailScanner 4.52.2 destroys exim 4.61 spool files In-Reply-To: <00a601c66789$f8bf87c0$3004010a@martinhlaptop> References: <00a601c66789$f8bf87c0$3004010a@martinhlaptop> Message-ID: <3B7A0814-1E57-40A6-A22C-7E45A3131A4E@ecs.soton.ac.uk> On 24 Apr 2006, at 11:29, Martin Hepworth wrote: > A reminder about the ACL changes in exim 4.61 - obviously most > people are > still running versions before this so the code needs to work for > 4.61 and > versions previous. Please try the attached patch for /usr/lib/MailScanner/MailScanner/ Exim.pm. Let me know how you get on. It should work with old and new versions of Exim. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Exim.pm.patch.gz Type: application/x-gzip Size: 1019 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060424/f0c768ee/Exim.pm.patch.gz -------------- next part -------------- -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From MailScanner at ecs.soton.ac.uk Mon Apr 24 17:01:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 24 17:01:24 2006 Subject: not enforcing message size limits In-Reply-To: <007a01c667b6$bd8e3480$1301a8c0@Alanslaptop> References: <007a01c667b6$bd8e3480$1301a8c0@Alanslaptop> Message-ID: <7E2A9967-DE8F-40DE-A95B-3A14DCA71334@ecs.soton.ac.uk> Sounds like you have something switched off in any of these: Scan Messages = Virus Scanning = Dangerous Content Checks = On 24 Apr 2006, at 16:49, Alan Holmes wrote: > I can not get mailscanner to enforce the message size limits. I > originally started out wanting to limit minimum attachment sizes > but that was not working, so in the course of troubleshooting I > decided to limit maximum message size to 1000 bytes. However I can > still send messages of any size. > > The log messages seem to suggest that mailscanner is not scanning > the messages. I feel like there is some kind of global setting that > I am missing. > > > Apr 24 11:37:56 localhost postfix/smtpd[5968]: connect from ppp- > X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*] > Apr 24 11:37:56 localhost postfix/smtpd[5968]: E45B0E795E: > client=ppp-X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*] > Apr 24 11:38:00 localhost postfix/smtpd[5968]: 48AB0E795E: > client=ppp-X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*] > Apr 24 11:38:00 localhost postfix/cleanup[5971]: 48AB0E795E: hold: > header Received: from dopey (ppp-X.X.X.X.dsl.chcgil.ameritech.net > [*.*.*.*])??by mail01.nowhere.nowhere.com (Postfix) with ESMTP id > 48AB0E795E??for ; Mon, 24 Apr 2006 11:38:0 from ppp- > X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*]; from= > to= proto=ESMTP helo= > Apr 24 11:38:00 localhost postfix/cleanup[5971]: 48AB0E795E: > message-id=<20060424163800.48AB0E795E@mail01.nowhere.nowhere.com> > Apr 24 11:38:00 localhost postfix/smtpd[5968]: disconnect from ppp- > X.X.X.X.dsl.chcgil.ameritech.net[*.*.*.*] > Apr 24 11:38:01 localhost MailScanner[5190]: New Batch: Forwarding > 1 unscanned messages, 3458 bytes > Apr 24 11:38:01 localhost MailScanner[5190]: Requeue: > 48AB0E795E.C0CEE to D0F6CE7964 > Apr 24 11:38:01 localhost postfix/qmgr[3250]: D0F6CE7964: > from=, size=3194, nrcpt=1 (queue active) > Apr 24 11:38:01 localhost MailScanner[5190]: Unscanned: Delivered 1 > messages > Apr 24 11:38:01 localhost MailScanner[5190]: Virus and Content > Scanning: Starting > Apr 24 11:38:01 localhost postfix/smtp[5978]: D0F6CE7964: > to=, relay=nowhere.nowhere.com[X.X.X.X], delay=1, > status=sent (250 ok 1145892934 qp 14826) > Apr 24 11:38:01 localhost postfix/qmgr[3250]: D0F6CE7964: removed > > > Any help is appreciated. > > Thanks > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060424/6da77abb/attachment.html From richard.siddall at elirion.net Mon Apr 24 17:04:46 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Mon Apr 24 17:05:40 2006 Subject: Features for next beta In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580C59243C@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580C59243C@isabella.herefordshire.gov.uk> Message-ID: <444CF71E.8000905@elirion.net> Randal, Phil wrote: > I'd hold off doing anything about that for a while. > > There's a lot of discussion on the ClamAV Users' mailing list at the > moment about Steve Basford's phishing database and it's possible that he > will change things to reduce the load on his site, which would likely > break any current scripts. > > Cheers, > > Phil > Phil, Have you come across any other supplemental signatures for ClamAV? I'd hate to see Julian implement something that just works with Steve Basford's site, and then find half a dozen more sites that need to be checked for updates. Not that Julian should be implementing anything at this point. Regards, Richard Siddall From aholmes at appiaservices.com Mon Apr 24 17:53:27 2006 From: aholmes at appiaservices.com (Alan Holmes) Date: Mon Apr 24 17:53:22 2006 Subject: not enforcing message size limits In-Reply-To: <7E2A9967-DE8F-40DE-A95B-3A14DCA71334@ecs.soton.ac.uk> Message-ID: <00ac01c667bf$9c35e4f0$1301a8c0@Alanslaptop> That was the problem. Dangerous Content Checks was set to no. Thanks! ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, April 24, 2006 11:01 AM To: MailScanner discussion Subject: Re: not enforcing message size limits Sounds like you have something switched off in any of these: Scan Messages = Virus Scanning = Dangerous Content Checks = From glenn.steen at gmail.com Mon Apr 24 18:21:17 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 24 18:21:19 2006 Subject: Qmail repeated Message-ID In-Reply-To: <13c021a90604180805r675617c1gab6add71196ae6c6@mail.gmail.com> References: <13c021a90604180805r675617c1gab6add71196ae6c6@mail.gmail.com> Message-ID: <223f97700604241021o1e40ab61t25f6aa2935b5558d@mail.gmail.com> On 18/04/06, Pravin Rane wrote: > Hi > > This is my first posting to Mailscannner list. > > I am using Qmail + MailScanner + Mailwatch + ClamAV + Spamassassin. > > My problem is I am getting same messae-Ids for mulitple mails in Mailwatch > interface. After searching in Mailwatch FAQ I found the author pointed to > counsult with Mailscanner's Author since all this information its getting > from MailScanner. > > Is there any work-arround (Patch) to get unique message-ids?. Since qmail > uses same message-ids to different messages if it does not find that inode > no. in queue. > > > > Regards > > Pravin Rane > (Sorry for the late reply.... I've been in the mountains (Skiing... downhill.... formerly broken leg smarting as h*ll, but still.... Wonderful!:-)) This is pretty much the same problem Postfix used to have, and the solution would be the same. I suggest you contact the maintainers of the Qmail port (Openprotect, is it?) and suggest they do a similar fix as Jules did for Postfix. In the meantime, you can ... alleviate ... the problem by configuring your system so that it is sure to have a high degree of i-node consumption (pretty much everything on one partition/filesystem). Will not cure it completely, but might at least make it not that frequent. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Apr 24 18:45:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 24 18:45:44 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> Message-ID: <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> On 17/04/06, Res wrote: > only confirms what many ppl think, wietse is bernstein 'the second' > > > On Mon, 17 Apr 2006, Dhawal Doshy wrote: > > > Dhawal Doshy wrote: > >> Drew Marshall writes: > >>> On 14 Apr 2006, at 18:28, Mike Jakubik wrote: > >>>> Dhawal Doshy wrote: > >>>>> This mail was also posted by the OP to the postfix-users list and is > >>>>> now being discussed by the postfix authors 'wietse' and 'viktor' for > >>>>> better integration (read: compliant to the postfix internal > >>>>> architecture) between postfix and mailscanner.. > >>>>> I request all mailscanner+postfix users to follow this thread on the > >>>>> postfix-users lists and voice your technical opinions, if any. > >>>> > >>>> Its sad to see that one of the best MTAs and content scanners, does not > >>>> get along so well.. Apparently Postfix 2.3 will make changes that will > >>>> break MailScanner functionality :( > >>> > >>> Very sad indeed. Interestingly I am running the current release (Non > >>> stable) of 2.3 and it works fine with MailScanner so I await to see what > >>> happens with the 'new queue format'. > >>> Drew > >> > >> No it won't (Julian will find a better workaround) and it shouldn't, i > >> would request all postfix users to subscribe to the postfix-users list and > >> convince the developers to document postfix queue internals so that this > >> matter is resolved once and for all.. > >> At the least ensure that someone of use who understands postfix really > >> well, (i don't) follows up with viktor and wietse on this.. > >> - dhawal > > > > We now have postfix+mailscanner working perfectly fine, but is likely to > > break in future releases due to internal changes in the postfix queue > > working.. hence i took the liberty of sending this mail to the postfix users > > list. Constructive comments are welcome from postfix and non-postfix users: > > ============== > > MailScanner currently works in this fashion: > > Internet ==> postfix ==> hold queue ==> MailScanner ==> Incoming queue ==> > > local delivery or relay > > > > From what i understand, the part where mailscanner re-queues mails to the > > postfix incoming queue is the questionable part.. > > > > So what conclusion do we (the non-programmer postfix users) draw from your > > discussion? What are the changes expected that i need to communicate to the > > mailscanner development team? > > > > Finally, what would be required to make mailscanner an approved > > Content-Scanner for postfix. > > ============== > > > > > > This is the reply from Wietse: > > ============== > > It takes a stable EXTERNAL interface, so that non-Postfix software is immune > > to changes in Postfix INTERNAL details. > > > > For example, software that speak SMTP is largely immune to changes in Postfix > > internal details, because SMTP is well defined. > > > > Absent precisely formulated requirements I can't define an external interface > > for content management. > > > > Wietse > > ============== > > > > > > A search on the postfix archive gave me this mail from Wietse: > > ============== > > The question is 100% academic. Like other Postfix internals, Postfix > > queue details will not be published until they stop changing. > > Until then I want to have the freedom to make changes without having > > to jump horrible hoops in order to avoid breaking other people's > > software. > > > > To give you an idea of what it would take to make mailscanner safe > > with the PRESENT queue implementation: > > > > 1) The Postfix queue would have to be changed from a three-state > > incoming/active/deferred organization to a four-state organization > > of unfiltered/incoming/active/deferred. > > > > 2) All four queues MUST BE in the same file system. Otherwise mail > > will be corrupted or lost. > > > > 3) A modified cleanup server drops new mail into the "unfiltered" > > queue and notifies mailscanner, while the unmodified cleanup server > > drops locally forwarded mail into the incoming queue and informs > > the queue manager as usual. > > > > 4) Mailscanner MUST NOT move queue files except by renaming them > > between Postfix queue directories. Otherwise mail will be corrupted > > or lost. > > > > 5) Mailscanner MUST maintain the relationship between the file name > > and the file inode number. Otherwise mail will be corrupted or > > lost. > > > > 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take > > irreversible actions, or actions that may require undo operations > > after a system crash. Otherwise mail will be corrupted or lost. > > > > Specifically: > > > > 8) Mailscanner MUST NOT modify queue files. If content needs to be > > updates, Mailscanner MUST create a new queue file and delete the > > original only after the new file has been committed to stable > > storage. Otherwise mail will be corrupted or lost. > > > > 9) When creating a queue file, Mailscanner MUST adhere to the > > convention that the file permissions are set to "executable" only > > after the file contents are safely stored. Otherwise mail will be > > corrupted or lost. > > > > 10) Mailscanner should never touch a queue file that has an advisory > > lock (flock or fcntl lock, depending on the system environment). > > Otherwise mail will be corrupted or lost. > > > > But again, all this is academic, because I will never support > > non-standard interfaces for content inspection in Postfix. > > > > Wietse > > ============== > > > > -- > Cheers > Res Oh yes. And to think that I opted for PF over qmail to not have to deal with such an opinionated developer:-). Anyway, looking at the points Wietse stipulates, I think Jules pretty much follow all/most of them already... So for now at least, things a alright:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rpoe at plattesheriff.org Mon Apr 24 18:57:26 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Apr 24 18:57:52 2006 Subject: Summer of Code Message-ID: <444CCB35.65ED.00A2.0@plattesheriff.org> Julian, It seems that Google is hosting the "Summer of Code" again this year. Have you thought about signing up MailScanner for that? From glenn.steen at gmail.com Mon Apr 24 19:31:29 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 24 19:31:33 2006 Subject: mail scanner stuck In-Reply-To: <7d9b3cf20604210848p2983f951y8cca43df96231487@mail.gmail.com> References: <7d9b3cf20604181250g5cf100baida1ff5659316e390@mail.gmail.com> <7d9b3cf20604210848p2983f951y8cca43df96231487@mail.gmail.com> Message-ID: <223f97700604241131r5101e48fp464283e6ae8c9ac5@mail.gmail.com> On 21/04/06, Eduardo Casarero wrote: > I am confused :-S. I followed your instructions, i was able to see the email > and the attach, so i send a new mail with the attaches to a "test" box with > Mscanner and nothing happened, just scanned and delivered. verrryyy xtrange. > then i tryed the same with the box that stucked with the same files. and > magically they passed. So i just don?t know what to do. im going to put the > q and f on the mqueu.in a see whats happens. tell you later. > > Regards. > (snip) Might be a good idea to provide Jules with the raw queue files too... Just in case this is a genuine bug:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From nerijus at users.sourceforge.net Mon Apr 24 19:32:56 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Mon Apr 24 19:40:16 2006 Subject: New Mail Scanner In-Reply-To: <444BE4B9.9060006@ecs.soton.ac.uk> References: <13c021a90604222250r687efb18r415182e942d294e0@mail.gmail.com> <444B956A.5080705@ecs.soton.ac.uk><20060423192543.GA5369@doctor.nl2k.ab.ca> <444BE4B9.9060006@ecs.soton.ac.uk> Message-ID: <20060424184002.514B0D4B9@mx.dtiltas.lt> On Sun, 23 Apr 2006 21:34:01 +0100 Julian Field wrote: > Other than that, tell me what you would like to see! avast! Linux Home Edition support. http://www.avast.com/eng/avast-for-linux-workstation.html Regards, Nerijus From nerijus at users.sourceforge.net Mon Apr 24 19:54:33 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Mon Apr 24 20:00:15 2006 Subject: Beta 4.53.3 In-Reply-To: References: <00d801c667a5$49125200$3004010a@martinhlaptop> Message-ID: <20060424190001.23D70D1FA@mx.dtiltas.lt> Hello, While we are at this, there are lots of files which should not be executable: All files in root directory - COPYING, INSTALL... Everything in docs/ - probably a good idea to run chmod -R a-x docs; chmod -R a+X docs The same for etc, lib/MailScanner (probably except lib/MailScanner/ConfigDefs.pl ?) directories and var/MailScanner.pid file. Regards, Nerijus On Mon, 24 Apr 2006 15:28:47 +0100 Julian Field wrote: > Many thanks for spotting that. > I recently moved code repository servers, and changed from CVS to > Subversion at the same time. That created a whole raft of special > little problems :-( > > On 24 Apr 2006, at 14:45, Martin Hepworth wrote: > > > Small problem on this - lib/dr-wrapper hasn't got the execute bits > > set so > > update_virus_scanners complains it can't access the file.. From mikej at rogers.com Mon Apr 24 21:20:00 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Apr 24 21:19:42 2006 Subject: MailScanner Future In-Reply-To: <4447E108.6020901@ecs.soton.ac.uk> References: <200604201344.k3KDiQUi013308@nkserver.nkpanama.com> <4447BDC1.8080201@ecs.soton.ac.uk> <4447C5F2.5000102@rogers.com> <4447E108.6020901@ecs.soton.ac.uk> Message-ID: <444D32F0.20307@rogers.com> Julian Field wrote: > I am very much against changing the licence. All that would result is a > very large number of very pissed off people (you lot). I don't want > that, even if it costs me a lot of potential money. I want to work with > you, not against you. > > Good to hear. > I am just about coming to the point of calling off the commercialisation > completely, as I don't think it can be done without either pissing off > all of you guys, or the folks at Fort Systems Ltd who are good friends > of mine, or both. > I think the best outcome for all is for you to continue making MS a flexible "framework". Let the commercial interests deal with pretty interfaces, etc. After all, this is what they are selling and competing with, a full solution. I am a one man company, and i have managed to whip up a fully functioning solution, with a nice web interface. Of course, its still a beta and not being sold to the general public. Also, a little off topic, but of importance to me since i chose to use postfix, what do you think will be the future of MS and postfix? I hear 2.3 will bring in incompatibilities. I would hate to switch MTAs, as postfix is really wonderful. From campbell at cnpapers.com Mon Apr 24 21:23:23 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Apr 24 21:23:42 2006 Subject: OT newaliases Message-ID: <001301c667dc$ef6b71e0$0705000a@DDF5DW71> Just wondering about the newaliases command: Can someone tell me whether running the newaliases command just rebuilds the aliases database or does it reload it also after rebuilding it. Can this be run at anytime as opposed to stopping and starting it MS after a new alias is added for sendmail? The man page is very specific on this. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers From miguelk at konsultex.com.br Mon Apr 24 22:04:25 2006 From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy) Date: Mon Apr 24 22:01:57 2006 Subject: OT newaliases In-Reply-To: <001301c667dc$ef6b71e0$0705000a@DDF5DW71> References: <001301c667dc$ef6b71e0$0705000a@DDF5DW71> Message-ID: <444D3D59.7030705@konsultex.com.br> Steve; I run it as needed and it rrebuilds and eloads. Miguel Steve Campbell wrote: > Just wondering about the newaliases command: > > Can someone tell me whether running the newaliases command just > rebuilds the aliases database or does it reload it also after > rebuilding it. > > Can this be run at anytime as opposed to stopping and starting it MS > after a new alias is added for sendmail? The man page is very specific > on this. > > Thanks > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. From shuttlebox at gmail.com Mon Apr 24 22:10:35 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 24 22:10:38 2006 Subject: OT newaliases In-Reply-To: <001301c667dc$ef6b71e0$0705000a@DDF5DW71> References: <001301c667dc$ef6b71e0$0705000a@DDF5DW71> Message-ID: <625385e30604241410g25af9c18tedd75d0c4386fa37@mail.gmail.com> On 4/24/06, Steve Campbell wrote: > Just wondering about the newaliases command: > > Can someone tell me whether running the newaliases command just rebuilds the > aliases database or does it reload it also after rebuilding it. > > Can this be run at anytime as opposed to stopping and starting it MS after a > new alias is added for sendmail? The man page is very specific on this. Sendmail always picks up changes in the db-files, you don't have to do anything extra but to build the db, in this case run newaliases. -- /peter From neb9002 at gmail.com Tue Apr 25 01:29:37 2006 From: neb9002 at gmail.com (Harris S) Date: Tue Apr 25 01:29:40 2006 Subject: Recursive archive attachment expansion and filetype/name checks Message-ID: <4fac50550604241729u16efcb61r4b3773c8778db3e3@mail.gmail.com> Hello! I am migrating my organisation's mail filters to MailScanner from an outdated Postfix/Amavisd/Spamassassin installation and stumbled upon a problem. The install is on an OpenBSD 3.8 box. The system seems unable to detect executable files contained in archives (gz at least), either by filetype or filename. No messages on STDERR, STDOUT and/or syslog. Is it capable of recursively unpacking an archive and applying the filetype/name restrictions checks to files contained? Regards, Harris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/cc8b66a2/attachment.html From neb9002 at gmail.com Tue Apr 25 01:47:14 2006 From: neb9002 at gmail.com (Harris S) Date: Tue Apr 25 01:47:15 2006 Subject: Recursive archive attachment expansion and filetype/name checks Message-ID: <4fac50550604241747i6bf43871mf6ffbbe5181bc4c6@mail.gmail.com> Omited details: Mailscanner version: 4.52.2 Spamassassin 3.0.4 Perl v5.8.6 built for i386-openbsd default @INC prioritises openbsd compiled modules vs MS OBSD specific modifications sed path fixes applied Installation customisation paths fixed on all MS conf files (and no errors generated) Tests performed directly attached filetypes: detected ok directly attached filenames: detected ok gz directly attached: FAILED - propable cause the 'file' identification as 'compressed' as opposed to 'archive' Does this have a baring on my problem? - Does the unpacking initiation depend on the 'file' output? Deny Filetype = compressed provided a succesful identification by MS Win32/EXE gzipped: FAILED Thanks again Harris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/1bacf4aa/attachment-0001.html From MailScanner at ecs.soton.ac.uk Tue Apr 25 08:44:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 08:44:29 2006 Subject: Recursive archive attachment expansion and filetype/name checks In-Reply-To: <4fac50550604241729u16efcb61r4b3773c8778db3e3@mail.gmail.com> References: <4fac50550604241729u16efcb61r4b3773c8778db3e3@mail.gmail.com> Message-ID: On 25 Apr 2006, at 01:29, Harris S wrote: > Hello! > > I am migrating my organisation's mail filters to MailScanner from > an outdated Postfix/Amavisd/Spamassassin installation and stumbled > upon a problem. > > The install is on an OpenBSD 3.8 box. > > The system seems unable to detect executable files contained in > archives (gz at least), either by filetype or filename. No messages > on STDERR, STDOUT and/or syslog. It should syslog. Don't expect anything on stderr or stdout. > > Is it capable of recursively unpacking an archive and applying the > filetype/name restrictions checks to files contained? > Most definitely. Look for "filetype" in MailScanner.conf. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Tue Apr 25 09:30:16 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 25 09:30:31 2006 Subject: MailScanner 4.52.2 destroys exim 4.61 spool files In-Reply-To: <3B7A0814-1E57-40A6-A22C-7E45A3131A4E@ecs.soton.ac.uk> Message-ID: <00e601c66842$7c712d40$3004010a@martinhlaptop> Jules This works ok on exim < 4.61, as I haven't upgraded to 4.61 yet I can't say if that bit works, but as far as I can see you've broken anything.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 24 April 2006 16:52 > To: MailScanner discussion > Subject: Re: MailScanner 4.52.2 destroys exim 4.61 spool files > > On 24 Apr 2006, at 11:29, Martin Hepworth wrote: > > A reminder about the ACL changes in exim 4.61 - obviously most > > people are > > still running versions before this so the code needs to work for > > 4.61 and > > versions previous. > > Please try the attached patch for /usr/lib/MailScanner/MailScanner/ > Exim.pm. > Let me know how you get on. It should work with old and new versions > of Exim. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Tue Apr 25 09:34:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 25 09:34:10 2006 Subject: MailScanner 4.52.2 destroys exim 4.61 spool files In-Reply-To: <00e601c66842$7c712d40$3004010a@martinhlaptop> Message-ID: <00e701c66843$01fc0930$3004010a@martinhlaptop> I mean you've broken anything.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > Sent: 25 April 2006 09:30 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.52.2 destroys exim 4.61 spool files > > Jules > > This works ok on exim < 4.61, as I haven't upgraded to 4.61 yet I can't > say > if that bit works, but as far as I can see you've broken anything.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Julian Field > > Sent: 24 April 2006 16:52 > > To: MailScanner discussion > > Subject: Re: MailScanner 4.52.2 destroys exim 4.61 spool files > > > > On 24 Apr 2006, at 11:29, Martin Hepworth wrote: > > > A reminder about the ACL changes in exim 4.61 - obviously most > > > people are > > > still running versions before this so the code needs to work for > > > 4.61 and > > > versions previous. > > > > Please try the attached patch for /usr/lib/MailScanner/MailScanner/ > > Exim.pm. > > Let me know how you get on. It should work with old and new versions > > of Exim. > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Tue Apr 25 09:34:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 25 09:34:47 2006 Subject: MailScanner 4.52.2 destroys exim 4.61 spool files In-Reply-To: <00e601c66842$7c712d40$3004010a@martinhlaptop> Message-ID: <00e801c66843$0c9c5f70$3004010a@martinhlaptop> Bother NOT broken anything.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > Sent: 25 April 2006 09:30 > To: 'MailScanner discussion' > Subject: RE: MailScanner 4.52.2 destroys exim 4.61 spool files > > Jules > > This works ok on exim < 4.61, as I haven't upgraded to 4.61 yet I can't > say > if that bit works, but as far as I can see you've broken anything.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Julian Field > > Sent: 24 April 2006 16:52 > > To: MailScanner discussion > > Subject: Re: MailScanner 4.52.2 destroys exim 4.61 spool files > > > > On 24 Apr 2006, at 11:29, Martin Hepworth wrote: > > > A reminder about the ACL changes in exim 4.61 - obviously most > > > people are > > > still running versions before this so the code needs to work for > > > 4.61 and > > > versions previous. > > > > Please try the attached patch for /usr/lib/MailScanner/MailScanner/ > > Exim.pm. > > Let me know how you get on. It should work with old and new versions > > of Exim. > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Tue Apr 25 10:31:20 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Apr 25 10:30:00 2006 Subject: OT newaliases In-Reply-To: <001301c667dc$ef6b71e0$0705000a@DDF5DW71> References: <001301c667dc$ef6b71e0$0705000a@DDF5DW71> Message-ID: Steve Campbell wrote on Mon, 24 Apr 2006 16:23:23 -0400: > or does it reload it also after rebuilding it. There is no "reloading" done because sendmail doesn't "load" that database. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From joerg.pichel at sdm.de Tue Apr 25 10:33:58 2006 From: joerg.pichel at sdm.de (joerg.pichel@sdm.de) Date: Tue Apr 25 10:34:05 2006 Subject: AW: MailScanner 4.52.2 destroys exim 4.61 spool files Message-ID: <7503800E154BBA4F9A51B59ABA981A2002DDD813@mucmail1.sdm.de> Well done! Until now six messages have been successfully transfered with patched MailScanner 4.52.2 and exim 4.61. I will raise the flag when there are any further format problems. Joerg -- Joerg Pichel mailto:joerg.pichel@sdm.de sd&m AG http://www.sdm.de software design & management Carl-Wery-Str. 42, D-81739 Muenchen, Germany Tel +49 89 63812-112, Fax -555 -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Julian Field Gesendet: Montag, 24. April 2006 17:52 An: MailScanner discussion Betreff: Re: MailScanner 4.52.2 destroys exim 4.61 spool files On 24 Apr 2006, at 11:29, Martin Hepworth wrote: > A reminder about the ACL changes in exim 4.61 - obviously most people > are still running versions before this so the code needs to work for > 4.61 and > versions previous. Please try the attached patch for /usr/lib/MailScanner/MailScanner/ Exim.pm. Let me know how you get on. It should work with old and new versions of Exim. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From neb9002 at gmail.com Tue Apr 25 11:52:59 2006 From: neb9002 at gmail.com (Harris S) Date: Tue Apr 25 11:53:03 2006 Subject: Recursive archive attachment expansion and filetype/name checks Message-ID: <4fac50550604250352gbb50c3dscc2a9f77695155f3@mail.gmail.com> In-Reply-To=4fac50550604241729u16efcb61r4b3773c8778db3e3@mail.gmail.com Hello Julian, Thank you for your prompt reply :-) However, I think I have nailed it down (although I would appreciate it if you told me I did a mistake going into such lengths.... I hope not :-S ) The MS code does not deal yet with gz (or tgz..) and it does not effectively identify the file as an archive (Idea - At the expense of compatibility with W32 platforms, could the 'file' system be used to identify archives instead of the small $buffer code snippet?) It turns out that the Archive::Zip module will not expand gz archives anyway, so even if the system was able to identify it, it would not be able to expand it. (Archive::Extract, I did not particularly like it, but what about using as a last resort?) As gzip can only pack one archive at a time, and with the proliferation of winZip which does autoexpand gz's (ok... XP native zip support is far more dangerous), I thought I should have a go at hacking the code. Below is the result of this morning's effort (and hopefully to a live system today) :-) Regards, Harris ----------------------------------------------- 1747c1747 < my($cyclecounter, $rarerror); --- > my($cyclecounter, $rarerror, $gziperror); 1906a1907,1908 > # Added by Harris > $buffer eq "\x1f\x8b\x08\x08" || 1931c1933,1943 < # If unpacking as a zip failed, try it as a rar --- > # If unpacking as a zip failed, try it as a gzip > > # GZIP unpacking > # Added by Harris > > $gziperror = ""; > #print STDERR "About to unpack gzip $part\n"; > $gziperror = $this->UnpackGzip($part, $explodeinto); > #print STDERR "* * * * * * * UnpackGzip $part returned $ziperror\n"; > # If unpacking as a gzip failed, try it as a rar > 2400a2413,2430 > > # Unpack a gzip file into the named directory. > # Return 1 if an error occurred, else 0. > # Return 0 on success. > sub UnpackGzip { > my($this, $gzipname, $explodeinto) = @_; > > my($gzip); > > #print STDERR "Unpacking $gzipname\n"; > return 1 if -s "$explodeinto/$gzipname" == 4_237_4; # zip of death? > return 1 unless $gzip = SafePipe( "gunzip -d -S $explodeinto/$gzipname -o gzip_out $gzipname 2>/dev/null", 10); > > return 0; > } > > > From martin.lyberg at gmail.com Tue Apr 25 13:00:08 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue Apr 25 13:00:37 2006 Subject: MailScanner and MySQL Message-ID: Hi, This may be a little OT, but i noticed a problem today on my debian testbox. I'm running Mailscanner, Postfix, Mailwatch and MySQL. When i reboot, MailScanner starts before MySQL, which gives me the following error in the maillog: MailScanner[1658]: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) I have to restart mailscanner in order to get it to connect to MySQL. Is there a easy way to either change start order of the services or make a little script to check if mysql is running before starting mailscanner? Thanks in advance. / Martin From alex at nkpanama.com Tue Apr 25 13:06:41 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 25 13:07:42 2006 Subject: MailScanner and MySQL In-Reply-To: References: Message-ID: <444E10D1.5090904@nkpanama.com> Martin escribi?: > Hi, > > This may be a little OT, but i noticed a problem today on my debian > testbox. I'm running Mailscanner, Postfix, Mailwatch and MySQL. > > When i reboot, MailScanner starts before MySQL, which gives me the > following error in the maillog: > > MailScanner[1658]: Unable to initialise database connection: Can't > connect to local MySQL server through socket > '/var/run/mysqld/mysqld.sock' (2) > > I have to restart mailscanner in order to get it to connect to MySQL. > Is there a easy way to either change start order of the services or > make a little script to check if mysql is running before starting > mailscanner? > > Thanks in advance. > > / Martin > Don't usually work with Debian, but with most distros services are started alphabetically or with scripts preceded by S01-S99. My guess is that Ma (in MailScanner) goes before My (in MySQL) - so you should probably look in some form of an /etc/rc type folder for these files. For more info try: http://www.debian.org/doc/debian-policy/ch-opersys.html http://www.debian.org/doc/manuals/securing-debian-howto/ap-harden-step.en.html http://floppix.ccai.com/rc.html http://www.debian-administration.org/articles/212 From shuttlebox at gmail.com Tue Apr 25 13:10:07 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Apr 25 13:10:09 2006 Subject: MailScanner and MySQL In-Reply-To: References: Message-ID: <625385e30604250510v4e361668w6dbeafdc64f7335e@mail.gmail.com> On 4/25/06, Martin wrote: > Hi, > > This may be a little OT, but i noticed a problem today on my debian > testbox. I'm running Mailscanner, Postfix, Mailwatch and MySQL. > > When i reboot, MailScanner starts before MySQL, which gives me the > following error in the maillog: > > MailScanner[1658]: Unable to initialise database connection: Can't > connect to local MySQL server through socket > '/var/run/mysqld/mysqld.sock' (2) > > I have to restart mailscanner in order to get it to connect to MySQL. Is > there a easy way to either change start order of the services or make a > little script to check if mysql is running before starting mailscanner? The scripts are run in numerical order so MySQL should have a lower number than MailScanner in your case. Look in /etc/rc3.d for Sxxmysql and similar. My answer is based on Solaris, maybe Debian uses another startup procedure. -- /peter From james at grayonline.id.au Tue Apr 25 13:18:19 2006 From: james at grayonline.id.au (James Gray) Date: Tue Apr 25 13:20:20 2006 Subject: MailScanner and MySQL In-Reply-To: References: Message-ID: <200604252218.23996.james@grayonline.id.au> On Tue, 25 Apr 2006 22:00, Martin wrote: > Hi, > > This may be a little OT, but i noticed a problem today on my debian > testbox. I'm running Mailscanner, Postfix, Mailwatch and MySQL. > > When i reboot, MailScanner starts before MySQL, which gives me the > following error in the maillog: > > MailScanner[1658]: Unable to initialise database connection: Can't > connect to local MySQL server through socket > '/var/run/mysqld/mysqld.sock' (2) > > I have to restart mailscanner in order to get it to connect to MySQL. Is > there a easy way to either change start order of the services or make a > little script to check if mysql is running before starting mailscanner? If your system uses SysV type startup (Linux, Solaris, most Unixes in fact) then simply change the number for the "S??mailscanner" script in the /etc/rc?.d directories to be higher than the number for the MySQL process. For BSD type startup, I'll leave that to other more experienced (although I'm embarrassed to admit, I maintain a swath of fBSD MailScanner installations :P - just never had the need to poke around the startup process). You could always add a "while...do...done" loop to poll port 3306 (mysql) on the local interface in the mailscanner startup script, and not continue until you get a valid response from MySQL. For this sort of task, I generally employ "hping3" (http://wiki.hping.org/home) as you can test the raw TCP flags and make sure you're getting a "SYN+ACK" back from MySQL, not a "RST+ACK" or something else. HTH, James -- Fertility is hereditary. If your parents didn't have any children, neither will you. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/1acd883d/attachment.bin From martin.lyberg at gmail.com Tue Apr 25 13:26:31 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue Apr 25 13:26:49 2006 Subject: MailScanner and MySQL - SOLVED In-Reply-To: <625385e30604250510v4e361668w6dbeafdc64f7335e@mail.gmail.com> References: <625385e30604250510v4e361668w6dbeafdc64f7335e@mail.gmail.com> Message-ID: shuttlebox wrote: > The scripts are run in numerical order so MySQL should have a lower > number than MailScanner in your case. Look in /etc/rc3.d for Sxxmysql > and similar. My answer is based on Solaris, maybe Debian uses another > startup procedure. Thanks for help guys. The problem is solved. I changed the SXX in runlevel 2 (that's the level for debian) to start after mysql is done. Works now. Cheers / Martin From james at grayonline.id.au Tue Apr 25 13:40:23 2006 From: james at grayonline.id.au (James Gray) Date: Tue Apr 25 13:40:44 2006 Subject: MailScanner and MySQL In-Reply-To: <200604252218.23996.james@grayonline.id.au> References: <200604252218.23996.james@grayonline.id.au> Message-ID: <200604252240.23647.james@grayonline.id.au> On Tue, 25 Apr 2006 22:18, James Gray wrote: > On Tue, 25 Apr 2006 22:00, Martin wrote: > > Hi, > > > > This may be a little OT, but i noticed a problem today on my debian > > testbox. I'm running Mailscanner, Postfix, Mailwatch and MySQL. GAH! You said it was debain...my bad. Use the "update-rc.d" tool, as root, to modify the sequence of things so that mysql starts before mailscanner. In the debian world, the ONLY run level that is used (by default) is 2. So, unless you've customised /etc/inittab to start a different run level, all the info you need will be in /etc/rc2.d/. On my debian (sarge) servers, mysql and mailscanner both start as item 20: #ls /etc/rc2.d ... S20mailscanner S20mysql ... So, to move mailscanner to start later, you'd cast the following spell (as root): #update-rc.d -f mailscanner remove #update-rc.d mailscanner start 30 2 3 4 5 . stop 15 0 6 . This will start mailscanner in run levels 2-5, and stop it in runlevels 0 and 6 (halt and reboot respectively). The "ID" of the startup is now 30 and shutdown order is 15 which on my systems will stop mailscanner at the same time it stops fetchmail, but BEFORE it stops exim (stops at 19) and mysql (stops at 20). So the start sequence now looks like this: /etc/rc2.d/: ... S20exim4 S20exim4.out S20mysql ... S30mailscanner And the shutdown resembles this: /etc/rc0.d/: K15fetchmail K15mailscanner ... K19exim4 K19exim4.out K20mysql See how it works? Sorry about the bum steer with my last. Too much beer and wine on a public holiday is my excuse (http://en.wikipedia.org/wiki/Anzac_Day - "Lest we forget") Cheers, James -- A musical reviewer admitted he always praised the first show of a new theatrical season. "Who am I to stone the first cast?" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/8465429b/attachment.bin From MailScanner at ecs.soton.ac.uk Tue Apr 25 13:51:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 13:51:21 2006 Subject: Recursive archive attachment expansion and filetype/name checks In-Reply-To: <4fac50550604250352gbb50c3dscc2a9f77695155f3@mail.gmail.com> References: <4fac50550604250352gbb50c3dscc2a9f77695155f3@mail.gmail.com> Message-ID: <3AE6B3F0-E7F2-4516-B416-764B3FE62C43@ecs.soton.ac.uk> On 25 Apr 2006, at 11:52, Harris S wrote: > In-Reply- > To=4fac50550604241729u16efcb61r4b3773c8778db3e3@mail.gmail.com > > Hello Julian, > > Thank you for your prompt reply :-) > > However, I think I have nailed it down (although I would appreciate it > if you told me I did a mistake going into such lengths.... I hope not > :-S ) > > > The MS code does not deal yet with gz (or tgz..) and it does not > effectively identify the file as an archive (Idea - At the expense of > compatibility with W32 platforms, could the 'file' system be used to > identify archives instead of the small $buffer code snippet?) It's just that, as it has to do it for every file (in every archive or not) in every message, it will slow things down quite a bit. And a lot of people don't do file content (using the "file" command) checking at all, so I can't guarantee the existence of the file command setting. I have also not done it for tar.gz or tgz as no viruses or malware exist that use this. And it is only one layer of defence among many. In my experience, mail that *only* triggers on the tar.gz or tgz contents doesn't exist. Any malware of this sort triggers loads of other traps too. But I completely agree with you that it is not perfect in this respect. > It turns out that the Archive::Zip module will not expand gz archives > anyway, so even if the system was able to identify it, it would not be > able to expand it. > (Archive::Extract, I did not particularly like it, but what about > using as a last resort?) Haven't come across Archive::Extract, I will have to take a look. This processing is done a lot and so needs to be fast. > As gzip can only pack one archive at a time, and with the > proliferation of winZip which does autoexpand gz's (ok... XP native > zip support is far more dangerous), I thought I should have a go at > hacking the code. Thanks for that. I'm not sure I'll use your code, I tend to reimplement in my own style so that I can be sure I get all the attack countermeasures in place correctly. > Below is the result of this morning's effort (and hopefully to a live > system today) :-) Please do let me know how you get on, this sounds like a good idea. > ----------------------------------------------- > > 1747c1747 > < my($cyclecounter, $rarerror); > --- >> my($cyclecounter, $rarerror, $gziperror); > 1906a1907,1908 >> # Added by Harris >> $buffer eq "\x1f\x8b\x08\x08" || > 1931c1933,1943 > < # If unpacking as a zip failed, try it as a rar > --- >> # If unpacking as a zip failed, try it as a gzip >> >> # GZIP unpacking >> # Added by Harris >> >> $gziperror = ""; >> #print STDERR "About to unpack gzip $part\n"; >> $gziperror = $this->UnpackGzip($part, $explodeinto); >> #print STDERR "* * * * * * * UnpackGzip $part returned >> $ziperror\n"; >> # If unpacking as a gzip failed, try it as a rar >> > 2400a2413,2430 >> >> # Unpack a gzip file into the named directory. >> # Return 1 if an error occurred, else 0. >> # Return 0 on success. >> sub UnpackGzip { >> my($this, $gzipname, $explodeinto) = @_; >> >> my($gzip); >> >> #print STDERR "Unpacking $gzipname\n"; >> return 1 if -s "$explodeinto/$gzipname" == 4_237_4; # zip of death? >> return 1 unless $gzip = SafePipe( "gunzip -d -S $explodeinto/ >> $gzipname -o gzip_out $gzipname 2>/dev/null", 10); >> >> return 0; >> } >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Tue Apr 25 14:08:16 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 25 14:09:39 2006 Subject: MailScanner and MySQL In-Reply-To: <200604252240.23647.james@grayonline.id.au> References: <200604252218.23996.james@grayonline.id.au> <200604252240.23647.james@grayonline.id.au> Message-ID: <444E1F40.4060205@nkpanama.com> James Gray escribi?: > #update-rc.d -f mailscanner remove > #update-rc.d mailscanner start 30 2 3 4 5 . stop 15 0 6 . > :) It used to be you could tell what *ix a person "came from" by looking at .bash_history (if they even *used* bash), from their ps syntax (ps ax, ps -aex, ps -ax, etc.), and so forth. It seems nowadays the distinction is more about debianized vs. redhatized vs. roll-your-own startup/config files. Once you get used to doing things a certain way, there's a definite "fish out of water" feeling when you have to troubleshoot a "different" box. That's one of the reasons I appreciate the diversity inherent in FOSS, particularly with MailScanner. Everybody's got their own recipe (mta choice, SA plugin choice, av choice, distro choice, architecture choice, etc.) and, with a pinch of this and a dash of that, and a few minutes in a preheated CPU, we all get excellent results in the end. Whenever you wind up cooking an exotic meal there's sure to be someone on the list that's tried a few of the same ingredients you're having trouble with; and even if there isn't, you usually get enough advice to solve the problem on your own or to, at least, have the product taste like chicken ;) Cheers, Alex From campbell at cnpapers.com Tue Apr 25 14:15:23 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Apr 25 14:15:40 2006 Subject: OT newaliases References: <001301c667dc$ef6b71e0$0705000a@DDF5DW71> Message-ID: <003301c6686a$503524c0$0705000a@DDF5DW71> Thanks very much to all who enlightened me. Steve ----- Original Message ----- From: "Kai Schaetzl" To: Sent: Tuesday, April 25, 2006 5:31 AM Subject: Re: OT newaliases > Steve Campbell wrote on Mon, 24 Apr 2006 16:23:23 -0400: > >> or does it reload it also after rebuilding it. > > There is no "reloading" done because sendmail doesn't "load" that > database. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Tue Apr 25 14:17:30 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Apr 25 14:20:17 2006 Subject: install.sh, Convert::BinHex, no "make test"? Message-ID: Julian, I was attempting to build and install the various perl modules for mailscanner by hand, and Convert-BinHex-1.119 fails "make test" miserably on my system (Solaris 10, perl 5.8.8 compiled with Sun's Studio10 compiler, GNU make): % perl Makefile.PL Checking if your kit is complete... Looks good Writing Makefile for Convert::BinHex % gmake cp lib/Convert/BinHex.pm blib/lib/Convert/BinHex.pm Manifying blib/man3/Convert::BinHex.3 % gmake test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/comp2bin....Can't locate package Exporter for @Checker::ISA at t/comp2bin.t line 3. Undefined subroutine &main::check called at t/comp2bin.t line 75. t/comp2bin....dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED tests 1-9 Failed 9/9 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/comp2bin.t 255 65280 9 18 200.00% 1-9 Failed 1/1 test scripts, 0.00% okay. 9/9 subtests failed, 0.00% okay. gmake: *** [test_dynamic] Error 255 I was really impressed that it failed ** 200% ** of its tests. Now that's bad!! So I wondered why the MailScanner install.sh script didn't bomb out the same way. I discovered that the "make test" argument for perlinstmod() is set to "no" for Convert-BinHex-1.119 -- the only perl module to suffer this indignity. Harrumph. What's going on here? I'm not wild about non-functional perl modules buried in a MailScanner install... Jeff Earickson Colby College From martinh at solid-state-logic.com Tue Apr 25 14:26:50 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 25 14:26:57 2006 Subject: MailScanner and MySQL - SOLVED In-Reply-To: Message-ID: <013701c6686b$e90a17e0$3004010a@martinhlaptop> Martin Another thing I do is put a 20 second wait start the start of the mailScanner start script. This makes sure mysql is up and running before MS starts. I've had one reboot where even though mysql should have started before mailscanner starts, the box was so fast mysql hadn't quite some up before MS started....this lead to alsorts of fun as there as a stuck MS process that wouldn't release on the mysql....I had to kill -15 it, after much confusion about what processed were running etc. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin > Sent: 25 April 2006 13:27 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner and MySQL - SOLVED > > shuttlebox wrote: > > > The scripts are run in numerical order so MySQL should have a lower > > number than MailScanner in your case. Look in /etc/rc3.d for Sxxmysql > > and similar. My answer is based on Solaris, maybe Debian uses another > > startup procedure. > > Thanks for help guys. The problem is solved. > > I changed the SXX in runlevel 2 (that's the level for debian) to start > after mysql is done. > > Works now. > > Cheers > > / Martin > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From alex at nkpanama.com Tue Apr 25 14:31:05 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 25 14:31:29 2006 Subject: install.sh, Convert::BinHex, no "make test"? In-Reply-To: References: Message-ID: <444E2499.9060401@nkpanama.com> Jeff A. Earickson escribi?: > I'm not wild about non-functional perl modules buried in > a MailScanner install... > I've never seen Convert::BinHex get past "make test", ever. I have never seen it give me problems, either. IANAP, so I blame "make test" - ergo, in my ignorant mind, the tests are broken, the program's fine. ;) From martin.lyberg at gmail.com Tue Apr 25 14:49:50 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue Apr 25 14:50:13 2006 Subject: MailScanner and MySQL In-Reply-To: <200604252240.23647.james@grayonline.id.au> References: <200604252218.23996.james@grayonline.id.au> <200604252240.23647.james@grayonline.id.au> Message-ID: James Gray wrote: > GAH! You said it was debain...my bad. > > Use the "update-rc.d" tool, as root, to modify the sequence of things so > that mysql starts before mailscanner. > > In the debian world, the ONLY run level that is used (by default) is 2. So, > unless you've customised /etc/inittab to start a different run level, all > the info you need will be in /etc/rc2.d/. > > On my debian (sarge) servers, mysql and mailscanner both start as item 20: > #ls /etc/rc2.d > ... > S20mailscanner > S20mysql > ... > > So, to move mailscanner to start later, you'd cast the following spell (as > root): > #update-rc.d -f mailscanner remove > #update-rc.d mailscanner start 30 2 3 4 5 . stop 15 0 6 . James, No worries :) I'm glad you posted this example. I will try to do the change the "correct" way. Thank you From rob at thehostmasters.com Tue Apr 25 14:55:03 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 25 14:55:09 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <007a01c66387$9921c5e0$3004010a@martinhlaptop> References: <007a01c66387$9921c5e0$3004010a@martinhlaptop> Message-ID: <444E2A37.70504@thehostmasters.com> Ok so i have the new virgin machine up and running, now i want to install Mailscanner.... but on the downloads section i only find debian packages and other packages for other OSs, but no tarball or source? Am i missing something??? I see the tarball to install SA & Clam(i figure i would do that by apt-get) but i wanted to make sure i can keep up with changes of MS itself... if i do Debian package, i will have to wait a month or so or longer between updates, right? Not apt-get but downloading the actual package... What happend to the source install? What should i do? Thanks in advance! :) Have a great day! Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Martin Hepworth wrote: > Rob > > As for the apt or source - depends on how often you want to update....the > apt's can be a little behind a the monthly source updates..if you're happy > with apt for everything - esp moving to unstable then it's prob to stick > with that. > > For the machine itself - make sure you've got at least 1GB per CPU (that > includes HT as two CPUs etc). > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >> Sent: 18 April 2006 20:51 >> To: MailScanner discussion >> Subject: Changin MX machine to it's own, recommendations please... >> >> Hello.... >> >> I will be creating an MX(mailscanner Machine) all on its own to crunch >> away all those bad little emails... as the current MS is taking too much >> resources on my other machine.... >> >> So the question is, aside form OS which will be Debian and the >> hardware.... >> >> What setup should i do with respect to install MS and associated apps... >> >> Apt-get or source/compile/install... >> >> any other important things is should check out or know? >> >> Thanks too all.. >> >> -- >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From martin.lyberg at gmail.com Tue Apr 25 14:53:22 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue Apr 25 14:55:19 2006 Subject: MailScanner and MySQL - SOLVED In-Reply-To: <013701c6686b$e90a17e0$3004010a@martinhlaptop> References: <013701c6686b$e90a17e0$3004010a@martinhlaptop> Message-ID: Martin Hepworth wrote: > Martin > Another thing I do is put a 20 second wait start the start of the > mailScanner start script. This makes sure mysql is up and running before MS > starts. I've had one reboot where even though mysql should have started > before mailscanner starts, the box was so fast mysql hadn't quite some up > before MS started....this lead to alsorts of fun as there as a stuck MS > process that wouldn't release on the mysql....I had to kill -15 it, after > much confusion about what processed were running etc. Martin, Thanks, but isn't this what the start-order suppose to do: Wait to start the next item until the previous is started? I'm not quite sure of this, but i thought this is the way it's supposed to work? Thank you From martinh at solid-state-logic.com Tue Apr 25 14:59:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 25 14:59:25 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E2A37.70504@thehostmasters.com> Message-ID: <013b01c66870$70632750$3004010a@martinhlaptop> Rob Look for the solaris/BSD/other unix one.. Latest stable is at.. http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 .52.2-1.tar.gz -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Morin > Sent: 25 April 2006 14:55 > To: MailScanner discussion > Subject: Re: Changin MX machine to it's own, recommendations please... > > Ok so i have the new virgin machine up and running, now i want to > install Mailscanner.... but on the downloads section i only find debian > packages and other packages for other OSs, but no tarball or source? Am > i missing something??? > > I see the tarball to install SA & Clam(i figure i would do that by > apt-get) but i wanted to make sure i can keep up with changes of MS > itself... if i do Debian package, i will have to wait a month or so or > longer between updates, right? Not apt-get but downloading the actual > package... > > What happend to the source install? > What should i do? > > Thanks in advance! > > :) > > Have a great day! > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Martin Hepworth wrote: > > Rob > > > > As for the apt or source - depends on how often you want to > update....the > > apt's can be a little behind a the monthly source updates..if you're > happy > > with apt for everything - esp moving to unstable then it's prob to stick > > with that. > > > > For the machine itself - make sure you've got at least 1GB per CPU (that > > includes HT as two CPUs etc). > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin > >> Sent: 18 April 2006 20:51 > >> To: MailScanner discussion > >> Subject: Changin MX machine to it's own, recommendations please... > >> > >> Hello.... > >> > >> I will be creating an MX(mailscanner Machine) all on its own to crunch > >> away all those bad little emails... as the current MS is taking too > much > >> resources on my other machine.... > >> > >> So the question is, aside form OS which will be Debian and the > >> hardware.... > >> > >> What setup should i do with respect to install MS and associated > apps... > >> > >> Apt-get or source/compile/install... > >> > >> any other important things is should check out or know? > >> > >> Thanks too all.. > >> > >> -- > >> > >> Rob Morin > >> Dido InterNet Inc. > >> Montreal, Canada > >> Http://www.dido.ca > >> 514-990-4444 > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rob at thehostmasters.com Tue Apr 25 15:08:03 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 25 15:08:06 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <013b01c66870$70632750$3004010a@martinhlaptop> References: <013b01c66870$70632750$3004010a@martinhlaptop> Message-ID: <444E2D43.8020008@thehostmasters.com> Ahhh, ok cool, i guess i should go have a coffee now.... :) So for updates to this package , i simply re-install over or is there another way? say the next update/ version comes out of MS 4.54 say, so i download the same install package? Thanks for your fast reply! :) Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Martin Hepworth wrote: > Rob > > Look for the solaris/BSD/other unix one.. > > Latest stable is at.. > > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 > .52.2-1.tar.gz > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >> Sent: 25 April 2006 14:55 >> To: MailScanner discussion >> Subject: Re: Changin MX machine to it's own, recommendations please... >> >> Ok so i have the new virgin machine up and running, now i want to >> install Mailscanner.... but on the downloads section i only find debian >> packages and other packages for other OSs, but no tarball or source? Am >> i missing something??? >> >> I see the tarball to install SA & Clam(i figure i would do that by >> apt-get) but i wanted to make sure i can keep up with changes of MS >> itself... if i do Debian package, i will have to wait a month or so or >> longer between updates, right? Not apt-get but downloading the actual >> package... >> >> What happend to the source install? >> What should i do? >> >> Thanks in advance! >> >> :) >> >> Have a great day! >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> >> >> Martin Hepworth wrote: >> >>> Rob >>> >>> As for the apt or source - depends on how often you want to >>> >> update....the >> >>> apt's can be a little behind a the monthly source updates..if you're >>> >> happy >> >>> with apt for everything - esp moving to unstable then it's prob to stick >>> with that. >>> >>> For the machine itself - make sure you've got at least 1GB per CPU (that >>> includes HT as two CPUs etc). >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>> Sent: 18 April 2006 20:51 >>>> To: MailScanner discussion >>>> Subject: Changin MX machine to it's own, recommendations please... >>>> >>>> Hello.... >>>> >>>> I will be creating an MX(mailscanner Machine) all on its own to crunch >>>> away all those bad little emails... as the current MS is taking too >>>> >> much >> >>>> resources on my other machine.... >>>> >>>> So the question is, aside form OS which will be Debian and the >>>> hardware.... >>>> >>>> What setup should i do with respect to install MS and associated >>>> >> apps... >> >>>> Apt-get or source/compile/install... >>>> >>>> any other important things is should check out or know? >>>> >>>> Thanks too all.. >>>> >>>> -- >>>> >>>> Rob Morin >>>> Dido InterNet Inc. >>>> Montreal, Canada >>>> Http://www.dido.ca >>>> 514-990-4444 >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From martinh at solid-state-logic.com Tue Apr 25 15:09:15 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Apr 25 15:09:25 2006 Subject: MailScanner and MySQL - SOLVED In-Reply-To: Message-ID: <013c01c66871$d6575a80$3004010a@martinhlaptop> Martin Well yes it can do, but for example if mysql is on a fast machine (mine is a 2.8ghz PIV SATA based thing - so not that fast by this months standards).... Mysql will 'start' & daemonise and hand back to the init process. BUT in reality it's still starting and isn't ready to accept connections for a few more seconds. IF MailScanner or whatever comes along very quickly after mysql start it can get stuck trying to connect and failing. This has only happened to be once when I tore down a mysql DB without shutting it down nice....but it's a real nice gotcha... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin > Sent: 25 April 2006 14:53 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner and MySQL - SOLVED > > Martin Hepworth wrote: > > > Martin > > Another thing I do is put a 20 second wait start the start of the > > mailScanner start script. This makes sure mysql is up and running before > MS > > starts. I've had one reboot where even though mysql should have started > > before mailscanner starts, the box was so fast mysql hadn't quite some > up > > before MS started....this lead to alsorts of fun as there as a stuck MS > > process that wouldn't release on the mysql....I had to kill -15 it, > after > > much confusion about what processed were running etc. > > Martin, > > Thanks, but isn't this what the start-order suppose to do: Wait to start > the next item until the previous is started? > > I'm not quite sure of this, but i thought this is the way it's supposed > to work? > > Thank you > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From marco at bofh.polaroid.com Tue Apr 25 15:30:26 2006 From: marco at bofh.polaroid.com (Marco Benton) Date: Tue Apr 25 15:45:24 2006 Subject: install.sh, Convert::BinHex, no "make test"? In-Reply-To: References: Message-ID: <2do1i3-g1u.ln1@stargate.polaroid.com> Jeff A. Earickson wrote: > Julian, > > I was attempting to build and install the various perl modules > for mailscanner by hand, and Convert-BinHex-1.119 fails > "make test" miserably on my system (Solaris 10, perl 5.8.8 compiled > with Sun's Studio10 compiler, GNU make): > > % perl Makefile.PL > Checking if your kit is complete... > Looks good > Writing Makefile for Convert::BinHex > % gmake > cp lib/Convert/BinHex.pm blib/lib/Convert/BinHex.pm > Manifying blib/man3/Convert::BinHex.3 > % gmake test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/comp2bin....Can't locate package Exporter for @Checker::ISA at > t/comp2bin.t line 3. > Undefined subroutine &main::check called at t/comp2bin.t line 75. > t/comp2bin....dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 1-9 > Failed 9/9 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed <.... snip ....> to make the "make test" happy edit t/Checker.pm and add "require Exporter;" at the top. From diego.fabara at alegropcs.com Tue Apr 25 15:49:19 2006 From: diego.fabara at alegropcs.com (Diego Fabara) Date: Tue Apr 25 15:49:28 2006 Subject: Emails per minute Message-ID: How can I to control the outgoing emails per minute ?? I have aleatory times between 1500 and 5000 or more emails in short times period in one day. This could be cause make that my sever is listed in RBLs Is possible control this ?? /dfv INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS. From MailScanner at ecs.soton.ac.uk Tue Apr 25 15:20:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 15:49:48 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E2D43.8020008@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> Message-ID: My recommended route that the "other" distribution takes is to install it into /opt/MailScanner-/ So you get the new version set up (there is a "upgrade_MailScanner_conf" and also a "upgrade_languages_conf" tools that do all the hard work for you), you can just switch over by moving a softlink /opt/MailScanner from the old version to the new version. So say you have /opt/MailScanner-4.52.2/ and ln -s MailScanner-4.52.2 /opt/MailScanner then you install the new version into /opt/MailScanner-4.54.1/ and then rm -f /opt/MailScanner ln -s MailScanner-4.54.1 /opt/MailScanner Then just stop and start MailScanner and it will start up the new one. Keep your old ones installed until you decide to do any housekeeping, there's no harm in leaving the old versions installed. To install it, unpack the tar.gz file and cd into it and ./install.sh. On 25 Apr 2006, at 15:08, Rob Morin wrote: > So for updates to this package , i simply re-install over or is > there another way? say the next update/ version comes out of MS > 4.54 say, so i download the same install package? > > Martin Hepworth wrote: >> Rob >> >> Look for the solaris/BSD/other unix one.. >> >> Latest stable is at.. >> >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner- >> install-4 >> .52.2-1.tar.gz >> >> >> >> -- >> Martin Hepworth Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>> Sent: 25 April 2006 14:55 >>> To: MailScanner discussion >>> Subject: Re: Changin MX machine to it's own, recommendations >>> please... >>> >>> Ok so i have the new virgin machine up and running, now i want to >>> install Mailscanner.... but on the downloads section i only find >>> debian >>> packages and other packages for other OSs, but no tarball or >>> source? Am >>> i missing something??? >>> >>> I see the tarball to install SA & Clam(i figure i would do that by >>> apt-get) but i wanted to make sure i can keep up with changes of MS >>> itself... if i do Debian package, i will have to wait a month or >>> so or >>> longer between updates, right? Not apt-get but downloading the >>> actual >>> package... >>> >>> What happend to the source install? >>> What should i do? >>> >>> Thanks in advance! >>> >>> :) >>> >>> Have a great day! >>> >>> Rob Morin >>> Dido InterNet Inc. >>> Montreal, Canada >>> Http://www.dido.ca >>> 514-990-4444 >>> >>> >>> >>> Martin Hepworth wrote: >>> >>>> Rob >>>> >>>> As for the apt or source - depends on how often you want to >>>> >>> update....the >>> >>>> apt's can be a little behind a the monthly source updates..if >>>> you're >>>> >>> happy >>> >>>> with apt for everything - esp moving to unstable then it's prob >>>> to stick >>>> with that. >>>> >>>> For the machine itself - make sure you've got at least 1GB per >>>> CPU (that >>>> includes HT as two CPUs etc). >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner- >>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>> Sent: 18 April 2006 20:51 >>>>> To: MailScanner discussion >>>>> Subject: Changin MX machine to it's own, recommendations please... >>>>> >>>>> Hello.... >>>>> >>>>> I will be creating an MX(mailscanner Machine) all on its own >>>>> to crunch >>>>> away all those bad little emails... as the current MS is taking >>>>> too >>>>> >>> much >>> >>>>> resources on my other machine.... >>>>> >>>>> So the question is, aside form OS which will be Debian and the >>>>> hardware.... >>>>> >>>>> What setup should i do with respect to install MS and associated >>>>> >>> apps... >>> >>>>> Apt-get or source/compile/install... >>>>> >>>>> any other important things is should check out or know? >>>>> >>>>> Thanks too all.. >>>>> >>>>> -- >>>>> >>>>> Rob Morin >>>>> Dido InterNet Inc. >>>>> Montreal, Canada >>>>> Http://www.dido.ca >>>>> 514-990-4444 >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> ******************************************************************* >>>> *** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom >>>> they >>>> are addressed. If you have received this email in error please >>>> notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ******************************************************************* >>>> *** >>>> >>>> >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ********************************************************************* >> * >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************* >> * >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at mango.zw Tue Apr 25 15:49:48 2006 From: mailscanner at mango.zw (Jim Holland) Date: Tue Apr 25 15:54:25 2006 Subject: Recursive archive attachment expansion and filetype/name checks In-Reply-To: <3AE6B3F0-E7F2-4516-B416-764B3FE62C43@ecs.soton.ac.uk> Message-ID: Hi Julian On Tue, 25 Apr 2006, Julian Field wrote: > I have also not done it for tar.gz or tgz as no viruses or malware > exist that use this. I am sure the Black Hats will be reading this with interest :-) Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From diego.fabara at alegropcs.com Tue Apr 25 16:14:45 2006 From: diego.fabara at alegropcs.com (Diego Fabara) Date: Tue Apr 25 16:14:52 2006 Subject: Misdirected bounces Message-ID: How I can control the Misdirected bounces ?? INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS. From jwilliams at courtesymortgage.com Tue Apr 25 16:39:05 2006 From: jwilliams at courtesymortgage.com (Jason Williams) Date: Tue Apr 25 16:37:38 2006 Subject: Recommended SpamAssassin Rules (for RDJ) Message-ID: <01BCE961CD5E4146B83F920FC6A4F2351F7118@cmexchange01.CourtesyMortgage.local> Just curious here, what rules people liked to use with SpamAssassin. I also use RDJ for SA. Right now, im using: 70_sare_evilnum0 70_sare_random 70_sare_stocks 70_sare_unsub I know there are a lot more, but thought I'd ask here for a list of recommendations, before I start downloading a bunch of rules. Just trying to make my Spam detection that much better. Thanks, Jason -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/f19b75b5/attachment.html From mkettler at evi-inc.com Tue Apr 25 16:40:10 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 25 16:40:33 2006 Subject: Misdirected bounces In-Reply-To: References: Message-ID: <444E42DA.7070200@evi-inc.com> Diego Fabara wrote: > How I can control the Misdirected bounces ?? Validate recipients at your MTA. Tell us which MTA you're using and we can probably help you configure it. Venturing a guess from your mail headers, you seem to be using sendmail, and that feeds into some kind of Microsoft "server". Look into using milter-ahead on your sendmail box. This will cause sendmail to validate the destination address with your Microsoft box before accepting the message. From mkettler at evi-inc.com Tue Apr 25 16:55:47 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 25 16:55:59 2006 Subject: Recommended SpamAssassin Rules (for RDJ) In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F7118@cmexchange01.CourtesyMortgage.local> References: <01BCE961CD5E4146B83F920FC6A4F2351F7118@cmexchange01.CourtesyMortgage.local> Message-ID: <444E4683.4070807@evi-inc.com> Jason Williams wrote: > Just curious here, what rules people liked to use with SpamAssassin. I > also use RDJ for SA. > > Right now, im using: > > 70_sare_evilnum0 > 70_sare_random > 70_sare_stocks > 70_sare_unsub > > I know there are a lot more, but thought I'd ask here for a list of > recommendations, before I start downloading a bunch of rules. > I like all of the above, plus: 70_sare_obfu0 70_sare_specific Others I use but I think are less important: 70_sare_html0 70_sare_uri0 70_sare_adult 70_sare_genlsubj0 Some folks also get good results from: 70_sare_oem.cf See also: the thread "standard vs SARE rules" from the spamassassin-users list, just a few days ago circa April 21, 2006. From ok at monkeytower.net Tue Apr 25 17:24:57 2006 From: ok at monkeytower.net (Olaf Klein - monkeytower internet agency) Date: Tue Apr 25 17:25:00 2006 Subject: no delivery (Found invalid queue files) on dual exim setup Message-ID: hello, i have a problem with MailScanner (MailScanner-4.52.2) on FreeBSD6.0 STABLE with dual Exim (exim-4.61_1) (w/ mysql and XAMS web-config) setup: since upgrading all ports about 10 days ago MailScanner just writes: MailScanner[xxxx]: New Batch: Found invalid queue files: 1FYPMa-000JyM-3y 1FYPMY-000JyL-Vq 1FYPNA-000Jzn-D0 ... into /var/log/maillog and mails don't get delivered any more. i tried deleting all configs and installed (portupgrade -rRf) all new from scratch, same effect! any one any idea? thanks in advance. .olaf klein. From dchee at uci.edu Tue Apr 25 18:27:15 2006 From: dchee at uci.edu (Derek Chee) Date: Tue Apr 25 18:27:22 2006 Subject: Stock image spam blocking Message-ID: <0588B0DA-82E3-4217-A19B-666F3DFFF500@uci.edu> Hi, We've been getting bombarded recently with a lot of the embedded GIF image OTCBB stock, pump and dump spam. The one with the random subject, from and sender lines. Has anybody had any luck creating SpamAssassin rules that would help boost the score? Or better yet a good RBL that blocks them? For RBLs, we only run the Spamhaus lists. Being a university, we can't run a very aggressive RBL list as it would cause too many complaints about blocking legitimate email. -- Derek Derek Chee (dchee@uci.edu) Network & Support Programming Network & Academic Computing Services University of California, Irvine From suporte at setinet.com.br Tue Apr 25 22:35:13 2006 From: suporte at setinet.com.br (Suporte) Date: Tue Apr 25 18:35:31 2006 Subject: queue.in winmail.dat Message-ID: <003b01c668b0$2400e8d0$140aa8c0@Note> Hi. I use Qmail Server and having some problems. Many times in queue.in directory, some files have inside a winmail.dat attach. Then, Mailscanner broken down and dont send any mail more, trying all the same file and exiting.. as a loop. The only message in log: Spam Checks: Starting Spam Checks completed at 0 bytes per second Expanding TNEF archive at /var/spool/MailScanner/incoming/24798/585124/winmail.dat MailScanner E-Mail Virus Scanner version 4.45.4 starting... Spam Checks: Starting Spam Checks completed at 0 bytes per second Expanding TNEF archive at /var/spool/MailScanner/incoming/24798/585124/winmail.dat MailScanner E-Mail Virus Scanner version 4.45.4 starting... If i go to /var/qmail/queue.in/mess and remove the file with winail.dat inside, all the others files starting to delivery and Mailscanner comes up again. What's wrong? Thanks -------------------------------------------------------------------- Esta mensagem foi verificada pelo sistema de anti-v?rus e anti-spam. Seti Seguran?a e Tecnologia na Internet - suporte@setinet.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/67bacdb6/attachment.html From diego.fabara at alegropcs.com Tue Apr 25 18:39:55 2006 From: diego.fabara at alegropcs.com (Diego Fabara) Date: Tue Apr 25 18:40:23 2006 Subject: Misdirected bounces Message-ID: Sendmail 8.13, and my mailScanner is a mail gateway with maillertable redirects to mydomain.com -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Martes, 25 de Abril de 2006 10:40 To: MailScanner discussion Subject: Re: Misdirected bounces Diego Fabara wrote: > How I can control the Misdirected bounces ?? Validate recipients at your MTA. Tell us which MTA you're using and we can probably help you configure it. Venturing a guess from your mail headers, you seem to be using sendmail, and that feeds into some kind of Microsoft "server". Look into using milter-ahead on your sendmail box. This will cause sendmail to validate the destination address with your Microsoft box before accepting the message. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3447 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/9805e6e7/smime.bin From rob at thehostmasters.com Tue Apr 25 18:45:02 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 25 18:45:08 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E2D43.8020008@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> Message-ID: <444E601E.8080106@thehostmasters.com> ok so this is where i am at, so far... installed postfix via apt-get V 2.1.5-9 install SA & Clamav via apt-get V3.0.3 & 0.84 respectively... installed MS via install.sh postfix complained about owners of queue dirs so i turned of chroot ?? modified postfix main.cf as instructed in docs to make it work with MS added a test domain to postfixe's transport and relay_domains, not sure if this is correct as i need an email to come in get scanned and spit it out to the pop machine for the users.... But it seems to work.... started MS with /opt/Mailscanner/bin/check_mailscanner Sent a test email and when i received it a final destination all seemed ok, i saw the headers in the email saying it was scanned by that new machine.... I could not figure out how to stop MS as no init.d script is used because i installed form source, so to speak... so i made a simply script to kill the MS PID and then restart via check_mailscanner is there anything else i am missing other than configuring rules du jour now to get my stuff for SA? Any comments greatly appreciated.... Thanks to all and have a great day(or evening depending on where you are) :) Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Rob Morin wrote: > Ahhh, ok cool, i guess i should go have a coffee now.... :) > > So for updates to this package , i simply re-install over or is there > another way? say the next update/ version comes out of MS 4.54 say, so > i download the same install package? > > Thanks for your fast reply! > > :) > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Martin Hepworth wrote: >> Rob >> >> Look for the solaris/BSD/other unix one.. >> >> Latest stable is at.. >> >> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 >> >> .52.2-1.tar.gz >> >> >> >> -- >> Martin Hepworth Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>> Sent: 25 April 2006 14:55 >>> To: MailScanner discussion >>> Subject: Re: Changin MX machine to it's own, recommendations please... >>> >>> Ok so i have the new virgin machine up and running, now i want to >>> install Mailscanner.... but on the downloads section i only find debian >>> packages and other packages for other OSs, but no tarball or source? Am >>> i missing something??? >>> >>> I see the tarball to install SA & Clam(i figure i would do that by >>> apt-get) but i wanted to make sure i can keep up with changes of MS >>> itself... if i do Debian package, i will have to wait a month or so or >>> longer between updates, right? Not apt-get but downloading the actual >>> package... >>> >>> What happend to the source install? >>> What should i do? >>> >>> Thanks in advance! >>> >>> :) >>> >>> Have a great day! >>> >>> Rob Morin >>> Dido InterNet Inc. >>> Montreal, Canada >>> Http://www.dido.ca >>> 514-990-4444 >>> >>> >>> >>> Martin Hepworth wrote: >>> >>>> Rob >>>> >>>> As for the apt or source - depends on how often you want to >>>> >>> update....the >>> >>>> apt's can be a little behind a the monthly source updates..if you're >>>> >>> happy >>> >>>> with apt for everything - esp moving to unstable then it's prob to >>>> stick >>>> with that. >>>> >>>> For the machine itself - make sure you've got at least 1GB per CPU >>>> (that >>>> includes HT as two CPUs etc). >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>> Sent: 18 April 2006 20:51 >>>>> To: MailScanner discussion >>>>> Subject: Changin MX machine to it's own, recommendations please... >>>>> >>>>> Hello.... >>>>> >>>>> I will be creating an MX(mailscanner Machine) all on its own to >>>>> crunch >>>>> away all those bad little emails... as the current MS is taking too >>>>> >>> much >>> >>>>> resources on my other machine.... >>>>> >>>>> So the question is, aside form OS which will be Debian and the >>>>> hardware.... >>>>> >>>>> What setup should i do with respect to install MS and associated >>>>> >>> apps... >>> >>>>> Apt-get or source/compile/install... >>>>> >>>>> any other important things is should check out or know? >>>>> >>>>> Thanks too all.. >>>>> >>>>> -- >>>>> >>>>> Rob Morin >>>>> Dido InterNet Inc. >>>>> Montreal, Canada >>>>> Http://www.dido.ca >>>>> 514-990-4444 >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> >>>> ********************************************************************** >>>> >>>> >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> > From rob at thehostmasters.com Tue Apr 25 18:48:02 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 25 18:48:05 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> Message-ID: <444E60D2.3090107@thehostmasters.com> Thanks for clearing that up Julian, i feel more comfortable now.... And keep up the good work.... once i get all this working, i assure you i shall be getting "The BOOK" Thanks once again... :) Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Julian Field wrote: > My recommended route that the "other" distribution takes is to install > it into /opt/MailScanner-/ > So you get the new version set up (there is a > "upgrade_MailScanner_conf" and also a "upgrade_languages_conf" tools > that do all the hard work for you), you can just switch over by moving > a softlink /opt/MailScanner from the old version to the new version. > > So say you have > /opt/MailScanner-4.52.2/ > and > ln -s MailScanner-4.52.2 /opt/MailScanner > > then you install the new version into /opt/MailScanner-4.54.1/ > and then > rm -f /opt/MailScanner > ln -s MailScanner-4.54.1 /opt/MailScanner > > Then just stop and start MailScanner and it will start up the new one. > Keep your old ones installed until you decide to do any housekeeping, > there's no harm in leaving the old versions installed. > > To install it, unpack the tar.gz file and cd into it and ./install.sh. > > On 25 Apr 2006, at 15:08, Rob Morin wrote: > >> So for updates to this package , i simply re-install over or is there >> another way? say the next update/ version comes out of MS 4.54 say, >> so i download the same install package? >> >> Martin Hepworth wrote: >>> Rob >>> >>> Look for the solaris/BSD/other unix one.. >>> >>> Latest stable is at.. >>> >>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 >>> >>> .52.2-1.tar.gz >>> >>> >>> >>> -- >>> Martin Hepworth Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>> Sent: 25 April 2006 14:55 >>>> To: MailScanner discussion >>>> Subject: Re: Changin MX machine to it's own, recommendations please... >>>> >>>> Ok so i have the new virgin machine up and running, now i want to >>>> install Mailscanner.... but on the downloads section i only find >>>> debian >>>> packages and other packages for other OSs, but no tarball or >>>> source? Am >>>> i missing something??? >>>> >>>> I see the tarball to install SA & Clam(i figure i would do that by >>>> apt-get) but i wanted to make sure i can keep up with changes of MS >>>> itself... if i do Debian package, i will have to wait a month or so or >>>> longer between updates, right? Not apt-get but downloading the actual >>>> package... >>>> >>>> What happend to the source install? >>>> What should i do? >>>> >>>> Thanks in advance! >>>> >>>> :) >>>> >>>> Have a great day! >>>> >>>> Rob Morin >>>> Dido InterNet Inc. >>>> Montreal, Canada >>>> Http://www.dido.ca >>>> 514-990-4444 >>>> >>>> >>>> >>>> Martin Hepworth wrote: >>>> >>>>> Rob >>>>> >>>>> As for the apt or source - depends on how often you want to >>>>> >>>> update....the >>>> >>>>> apt's can be a little behind a the monthly source updates..if you're >>>>> >>>> happy >>>> >>>>> with apt for everything - esp moving to unstable then it's prob to >>>>> stick >>>>> with that. >>>>> >>>>> For the machine itself - make sure you've got at least 1GB per CPU >>>>> (that >>>>> includes HT as two CPUs etc). >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner- >>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>> Sent: 18 April 2006 20:51 >>>>>> To: MailScanner discussion >>>>>> Subject: Changin MX machine to it's own, recommendations please... >>>>>> >>>>>> Hello.... >>>>>> >>>>>> I will be creating an MX(mailscanner Machine) all on its own to >>>>>> crunch >>>>>> away all those bad little emails... as the current MS is taking too >>>>>> >>>> much >>>> >>>>>> resources on my other machine.... >>>>>> >>>>>> So the question is, aside form OS which will be Debian and the >>>>>> hardware.... >>>>>> >>>>>> What setup should i do with respect to install MS and associated >>>>>> >>>> apps... >>>> >>>>>> Apt-get or source/compile/install... >>>>>> >>>>>> any other important things is should check out or know? >>>>>> >>>>>> Thanks too all.. >>>>>> >>>>>> -- >>>>>> >>>>>> Rob Morin >>>>>> Dido InterNet Inc. >>>>>> Montreal, Canada >>>>>> Http://www.dido.ca >>>>>> 514-990-4444 >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>> ********************************************************************** >>>>> >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ********************************************************************** >>>>> >>>>> >>>>> >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Apr 25 18:47:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 18:48:10 2006 Subject: no delivery (Found invalid queue files) on dual exim setup In-Reply-To: References: Message-ID: <444E60C8.5080201@ecs.soton.ac.uk> This is a very timely question. Exim have slightly changed the format of the header (-H) files in 4.61. I published a patch yesterday that addressed this problem. To save you looking, I have included the patch in this message again. Olaf Klein - monkeytower internet agency wrote: > hello, > > i have a problem with MailScanner (MailScanner-4.52.2) on FreeBSD6.0 STABLE > with dual Exim (exim-4.61_1) (w/ mysql and XAMS web-config) setup: > > since upgrading all ports about 10 days ago MailScanner just writes: > > MailScanner[xxxx]: New Batch: Found invalid queue files: > 1FYPMa-000JyM-3y 1FYPMY-000JyL-Vq 1FYPNA-000Jzn-D0 ... > > into /var/log/maillog and mails don't get delivered any more. > > i tried deleting all configs and installed (portupgrade -rRf) all new > from scratch, same effect! > > any one any idea? > > thanks in advance. > > > .olaf klein. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- A non-text attachment was scrubbed... Name: Exim.pm.patch.gz Type: application/x-gzip Size: 1019 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/85e283bb/Exim.pm.patch.gz From ecasarero at gmail.com Tue Apr 25 19:07:38 2006 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Apr 25 19:07:47 2006 Subject: queue.in winmail.dat In-Reply-To: <003b01c668b0$2400e8d0$140aa8c0@Note> References: <003b01c668b0$2400e8d0$140aa8c0@Note> Message-ID: <7d9b3cf20604251107i2088cb99l78c9d919cd473986@mail.gmail.com> hi, i've the same problem with other type of files, (office attach), try to send this files to the anti virus by hand, in debug mode, so you see if the AV is the problem. Hope this help. Regards. Eduardo. 2006/4/25, Suporte : > > Hi. > I use Qmail Server and having some problems. > Many times in queue.in directory, some files have inside a winmail.datattach. > Then, Mailscanner broken down and dont send any mail more, trying all the > same file and exiting.. as a loop. > The only message in log: > > Spam Checks: Starting > Spam Checks completed at 0 bytes per second > Expanding TNEF archive at > /var/spool/MailScanner/incoming/24798/585124/winmail.dat > MailScanner E-Mail Virus Scanner version 4.45.4 starting... > > Spam Checks: Starting > Spam Checks completed at 0 bytes per second > Expanding TNEF archive at > /var/spool/MailScanner/incoming/24798/585124/winmail.dat > MailScanner E-Mail Virus Scanner version 4.45.4 starting... > > > If i go to /var/qmail/queue.in/mess and remove the file with winail.datinside, all the others files starting to delivery and Mailscanner comes up > again. > What's wrong? > > Thanks > > > > -------------------------------------------------------------------- > Esta mensagem foi verificada pelo sistema de anti-v?rus e anti-spam. > Seti Seguran?a e Tecnologia na Internet - suporte@setinet.com.br > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060425/aebbb11a/attachment.html From mkettler at evi-inc.com Tue Apr 25 19:26:02 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 25 19:26:18 2006 Subject: Misdirected bounces In-Reply-To: References: Message-ID: <444E69BA.2060201@evi-inc.com> Diego Fabara wrote: > Sendmail 8.13, and my mailScanner is a mail gateway with maillertable > redirects to mydomain.com In that case, I'd suggest looking at milter-ahead. It's the easy and straightforward way to do it, although not the most efficient. (It's not horribly inefficient, but there are lighter-weight ways.) http://www.milter.info/sendmail/milter-ahead/ That said, it does cost 90 euro for a site-license of milter-ahead. Another way would be to switch to something using LDAP that can query your MicroSoft AD servers. This way sendmail knows exactly what users are real and won't blindly accept all users. However, I'm no fan of MicroSoft, so I'm not well versed in AD or how to hook all this together. There is one last way, which is painful in terms of maintenance but works well for small sites. You could stop using mailertable and create local aliases that forward the mail to your server. (ie: alias user@mydomain.com to user@internalserver.mydomain.com) This unfortunately means every time you add a user, you need to add them to your MicroSoft setup, and add an alias to sendmail. However, if you're dealing with 5 users, it's not so bad. From rob at thehostmasters.com Tue Apr 25 19:31:35 2006 From: rob at thehostmasters.com (Rob Morin) Date: Tue Apr 25 19:31:38 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E60D2.3090107@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> Message-ID: <444E6B07.8040905@thehostmasters.com> Actually also one more question.... bayse, should i use it? if so i know there is some cleaning that has to be done.... any pointers/suggestions? Thanks... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Rob Morin wrote: > > Thanks for clearing that up Julian, i feel more comfortable now.... > > And keep up the good work.... once i get all this working, i assure > you i shall be getting "The BOOK" > > Thanks once again... > > :) > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Julian Field wrote: >> My recommended route that the "other" distribution takes is to >> install it into /opt/MailScanner-/ >> So you get the new version set up (there is a >> "upgrade_MailScanner_conf" and also a "upgrade_languages_conf" tools >> that do all the hard work for you), you can just switch over by >> moving a softlink /opt/MailScanner from the old version to the new >> version. >> >> So say you have >> /opt/MailScanner-4.52.2/ >> and >> ln -s MailScanner-4.52.2 /opt/MailScanner >> >> then you install the new version into /opt/MailScanner-4.54.1/ >> and then >> rm -f /opt/MailScanner >> ln -s MailScanner-4.54.1 /opt/MailScanner >> >> Then just stop and start MailScanner and it will start up the new >> one. Keep your old ones installed until you decide to do any >> housekeeping, there's no harm in leaving the old versions installed. >> >> To install it, unpack the tar.gz file and cd into it and ./install.sh. >> >> On 25 Apr 2006, at 15:08, Rob Morin wrote: >> >>> So for updates to this package , i simply re-install over or is >>> there another way? say the next update/ version comes out of MS 4.54 >>> say, so i download the same install package? >>> >>> Martin Hepworth wrote: >>>> Rob >>>> >>>> Look for the solaris/BSD/other unix one.. >>>> >>>> Latest stable is at.. >>>> >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 >>>> >>>> .52.2-1.tar.gz >>>> >>>> >>>> >>>> -- >>>> Martin Hepworth Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>> Sent: 25 April 2006 14:55 >>>>> To: MailScanner discussion >>>>> Subject: Re: Changin MX machine to it's own, recommendations >>>>> please... >>>>> >>>>> Ok so i have the new virgin machine up and running, now i want to >>>>> install Mailscanner.... but on the downloads section i only find >>>>> debian >>>>> packages and other packages for other OSs, but no tarball or >>>>> source? Am >>>>> i missing something??? >>>>> >>>>> I see the tarball to install SA & Clam(i figure i would do that by >>>>> apt-get) but i wanted to make sure i can keep up with changes of MS >>>>> itself... if i do Debian package, i will have to wait a month or >>>>> so or >>>>> longer between updates, right? Not apt-get but downloading the actual >>>>> package... >>>>> >>>>> What happend to the source install? >>>>> What should i do? >>>>> >>>>> Thanks in advance! >>>>> >>>>> :) >>>>> >>>>> Have a great day! >>>>> >>>>> Rob Morin >>>>> Dido InterNet Inc. >>>>> Montreal, Canada >>>>> Http://www.dido.ca >>>>> 514-990-4444 >>>>> >>>>> >>>>> >>>>> Martin Hepworth wrote: >>>>> >>>>>> Rob >>>>>> >>>>>> As for the apt or source - depends on how often you want to >>>>>> >>>>> update....the >>>>> >>>>>> apt's can be a little behind a the monthly source updates..if you're >>>>>> >>>>> happy >>>>> >>>>>> with apt for everything - esp moving to unstable then it's prob >>>>>> to stick >>>>>> with that. >>>>>> >>>>>> For the machine itself - make sure you've got at least 1GB per >>>>>> CPU (that >>>>>> includes HT as two CPUs etc). >>>>>> >>>>>> -- >>>>>> Martin Hepworth >>>>>> Snr Systems Administrator >>>>>> Solid State Logic >>>>>> Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>> [mailto:mailscanner- >>>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>>> Sent: 18 April 2006 20:51 >>>>>>> To: MailScanner discussion >>>>>>> Subject: Changin MX machine to it's own, recommendations please... >>>>>>> >>>>>>> Hello.... >>>>>>> >>>>>>> I will be creating an MX(mailscanner Machine) all on its own to >>>>>>> crunch >>>>>>> away all those bad little emails... as the current MS is taking too >>>>>>> >>>>> much >>>>> >>>>>>> resources on my other machine.... >>>>>>> >>>>>>> So the question is, aside form OS which will be Debian and the >>>>>>> hardware.... >>>>>>> >>>>>>> What setup should i do with respect to install MS and associated >>>>>>> >>>>> apps... >>>>> >>>>>>> Apt-get or source/compile/install... >>>>>>> >>>>>>> any other important things is should check out or know? >>>>>>> >>>>>>> Thanks too all.. >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Rob Morin >>>>>>> Dido InterNet Inc. >>>>>>> Montreal, Canada >>>>>>> Http://www.dido.ca >>>>>>> 514-990-4444 >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> This email and any files transmitted with it are confidential and >>>>>> intended solely for the use of the individual or entity to whom they >>>>>> are addressed. If you have received this email in error please >>>>>> notify >>>>>> the system manager. >>>>>> >>>>>> This footnote confirms that this email message has been swept >>>>>> for the presence of computer viruses and is believed to be clean. >>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>>> ********************************************************************** >>>> >>>> This email and any files transmitted with it are confidential and >>>> intended solely for the use of the individual or entity to whom they >>>> are addressed. If you have received this email in error please notify >>>> the system manager. >>>> >>>> This footnote confirms that this email message has been swept >>>> for the presence of computer viruses and is believed to be clean. >>>> ********************************************************************** >>>> >>>> >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> --Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > From mkettler at evi-inc.com Tue Apr 25 19:35:26 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 25 19:35:41 2006 Subject: Stock image spam blocking In-Reply-To: <0588B0DA-82E3-4217-A19B-666F3DFFF500@uci.edu> References: <0588B0DA-82E3-4217-A19B-666F3DFFF500@uci.edu> Message-ID: <444E6BEE.7090904@evi-inc.com> Derek Chee wrote: > Hi, > > We've been getting bombarded recently with a lot of the embedded GIF > image OTCBB stock, pump and dump spam. The one with the random subject, > from and sender lines. > > Has anybody had any luck creating SpamAssassin rules that would help > boost the score? Or better yet a good RBL that blocks them? For RBLs, > we only run the Spamhaus lists. Being a university, we can't run a very > aggressive RBL list as it would cause too many complaints about blocking > legitimate email. > the SARE stock ruleset helps here. As do hash-based tests like Razor and DCC. Finally, many seem to be sent from DUL listed hosts. The most recent one I got here scored with: X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=18.206, required 5, autolearn=spam, BAYES_80 2.00, EXTRA_MPART_TYPE 1.09, HELO_DYNAMIC_IPADDR2 3.82, HTML_90_100 0.11, HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00, INFO_GREYLIST_NOTDELAYED -0.00, MIME_HTML_MOSTLY 1.10, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_SORBS_DUL 2.05, SARE_GIF_ATTACH 0.75, SARE_GIF_STOX 1.66) So we have a good variety of optional SA bits at work here: Razor: 2.50 RBLs: 2.05 SARE: 2.41 Both SARE_GIF_ATTACH and SARE_GIF_STOX live in: http://www.rulesemporium.com/rules/70_sare_stocks.cf From MailScanner at ecs.soton.ac.uk Tue Apr 25 19:41:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 19:41:17 2006 Subject: AW: MailScanner 4.52.2 destroys exim 4.61 spool files In-Reply-To: <7503800E154BBA4F9A51B59ABA981A2002DDD813@mucmail1.sdm.de> References: <7503800E154BBA4F9A51B59ABA981A2002DDD813@mucmail1.sdm.de> Message-ID: <444E6D3F.601@ecs.soton.ac.uk> I have just released beta 4.53.4 which includes this patch. joerg.pichel@sdm.de wrote: > Well done! Until now six messages have been successfully transfered with patched MailScanner 4.52.2 and exim 4.61. > > I will raise the flag when there are any further format problems. > > > Joerg > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Apr 25 19:42:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 19:42:27 2006 Subject: Recursive archive attachment expansion and filetype/name checks In-Reply-To: <4fac50550604250352gbb50c3dscc2a9f77695155f3@mail.gmail.com> References: <4fac50550604250352gbb50c3dscc2a9f77695155f3@mail.gmail.com> Message-ID: <444E6D88.1080605@ecs.soton.ac.uk> I have just released 4.53.4 which includes support for .Z and .gz files. These are generated by compress and gzip respectively. Harris S wrote: > In-Reply-To=4fac50550604241729u16efcb61r4b3773c8778db3e3@mail.gmail.com > > Hello Julian, > > Thank you for your prompt reply :-) > > However, I think I have nailed it down (although I would appreciate it > if you told me I did a mistake going into such lengths.... I hope not > :-S ) > > > The MS code does not deal yet with gz (or tgz..) and it does not > effectively identify the file as an archive (Idea - At the expense of > compatibility with W32 platforms, could the 'file' system be used to > identify archives instead of the small $buffer code snippet?) > > It turns out that the Archive::Zip module will not expand gz archives > anyway, so even if the system was able to identify it, it would not be > able to expand it. > (Archive::Extract, I did not particularly like it, but what about > using as a last resort?) > > As gzip can only pack one archive at a time, and with the > proliferation of winZip which does autoexpand gz's (ok... XP native > zip support is far more dangerous), I thought I should have a go at > hacking the code. > > Below is the result of this morning's effort (and hopefully to a live > system today) :-) > > Regards, > > Harris > ----------------------------------------------- > > 1747c1747 > < my($cyclecounter, $rarerror); > --- > >> my($cyclecounter, $rarerror, $gziperror); >> > 1906a1907,1908 > >> # Added by Harris >> $buffer eq "\x1f\x8b\x08\x08" || >> > 1931c1933,1943 > < # If unpacking as a zip failed, try it as a rar > --- > >> # If unpacking as a zip failed, try it as a gzip >> >> # GZIP unpacking >> # Added by Harris >> >> $gziperror = ""; >> #print STDERR "About to unpack gzip $part\n"; >> $gziperror = $this->UnpackGzip($part, $explodeinto); >> #print STDERR "* * * * * * * UnpackGzip $part returned $ziperror\n"; >> # If unpacking as a gzip failed, try it as a rar >> >> > 2400a2413,2430 > >> # Unpack a gzip file into the named directory. >> # Return 1 if an error occurred, else 0. >> # Return 0 on success. >> sub UnpackGzip { >> my($this, $gzipname, $explodeinto) = @_; >> >> my($gzip); >> >> #print STDERR "Unpacking $gzipname\n"; >> return 1 if -s "$explodeinto/$gzipname" == 4_237_4; # zip of death? >> return 1 unless $gzip = SafePipe( "gunzip -d -S $explodeinto/$gzipname -o gzip_out $gzipname 2>/dev/null", 10); >> >> return 0; >> } >> >> >> >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Apr 25 19:46:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 19:46:51 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E6B07.8040905@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> Message-ID: <444E6E94.3070607@ecs.soton.ac.uk> Opinion is divided on that. Personally I use it and found it sort of useful. I could survive without it though. Also, while I'm here. Stopping MailScanner. Just kill the process listed in the PID file, and all the others will shut down of their own accord. If you do a "ps ax" after doing the kill, you will see it is "killing children". "ps ax" will show you what each process is doing at any time. If you want to restart MailScanner, do a kill of the parent of the process group (i.e. what's listed in the pid file), then wait at least 30 seconds, then check_MailScanner to start them up again. You need at least 30 seconds for all the children to die. Don't kill -9 them, they'll leave a mess behind them; given a natural death, they tidy up on the way to the grave. Rob Morin wrote: > Actually also one more question.... bayse, should i use it? if so i > know there is some cleaning that has to be done.... any > pointers/suggestions? > > Thanks... > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Rob Morin wrote: >> >> Thanks for clearing that up Julian, i feel more comfortable now.... >> >> And keep up the good work.... once i get all this working, i assure >> you i shall be getting "The BOOK" >> >> Thanks once again... >> >> :) >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> >> >> Julian Field wrote: >>> My recommended route that the "other" distribution takes is to >>> install it into /opt/MailScanner-/ >>> So you get the new version set up (there is a >>> "upgrade_MailScanner_conf" and also a "upgrade_languages_conf" tools >>> that do all the hard work for you), you can just switch over by >>> moving a softlink /opt/MailScanner from the old version to the new >>> version. >>> >>> So say you have >>> /opt/MailScanner-4.52.2/ >>> and >>> ln -s MailScanner-4.52.2 /opt/MailScanner >>> >>> then you install the new version into /opt/MailScanner-4.54.1/ >>> and then >>> rm -f /opt/MailScanner >>> ln -s MailScanner-4.54.1 /opt/MailScanner >>> >>> Then just stop and start MailScanner and it will start up the new >>> one. Keep your old ones installed until you decide to do any >>> housekeeping, there's no harm in leaving the old versions installed. >>> >>> To install it, unpack the tar.gz file and cd into it and ./install.sh. >>> >>> On 25 Apr 2006, at 15:08, Rob Morin wrote: >>> >>>> So for updates to this package , i simply re-install over or is >>>> there another way? say the next update/ version comes out of MS >>>> 4.54 say, so i download the same install package? >>>> >>>> Martin Hepworth wrote: >>>>> Rob >>>>> >>>>> Look for the solaris/BSD/other unix one.. >>>>> >>>>> Latest stable is at.. >>>>> >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 >>>>> >>>>> .52.2-1.tar.gz >>>>> >>>>> >>>>> >>>>> -- >>>>> Martin Hepworth Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner- >>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>> Sent: 25 April 2006 14:55 >>>>>> To: MailScanner discussion >>>>>> Subject: Re: Changin MX machine to it's own, recommendations >>>>>> please... >>>>>> >>>>>> Ok so i have the new virgin machine up and running, now i want to >>>>>> install Mailscanner.... but on the downloads section i only find >>>>>> debian >>>>>> packages and other packages for other OSs, but no tarball or >>>>>> source? Am >>>>>> i missing something??? >>>>>> >>>>>> I see the tarball to install SA & Clam(i figure i would do that by >>>>>> apt-get) but i wanted to make sure i can keep up with changes of MS >>>>>> itself... if i do Debian package, i will have to wait a month or >>>>>> so or >>>>>> longer between updates, right? Not apt-get but downloading the >>>>>> actual >>>>>> package... >>>>>> >>>>>> What happend to the source install? >>>>>> What should i do? >>>>>> >>>>>> Thanks in advance! >>>>>> >>>>>> :) >>>>>> >>>>>> Have a great day! >>>>>> >>>>>> Rob Morin >>>>>> Dido InterNet Inc. >>>>>> Montreal, Canada >>>>>> Http://www.dido.ca >>>>>> 514-990-4444 >>>>>> >>>>>> >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Rob >>>>>>> >>>>>>> As for the apt or source - depends on how often you want to >>>>>>> >>>>>> update....the >>>>>> >>>>>>> apt's can be a little behind a the monthly source updates..if >>>>>>> you're >>>>>>> >>>>>> happy >>>>>> >>>>>>> with apt for everything - esp moving to unstable then it's prob >>>>>>> to stick >>>>>>> with that. >>>>>>> >>>>>>> For the machine itself - make sure you've got at least 1GB per >>>>>>> CPU (that >>>>>>> includes HT as two CPUs etc). >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>>> [mailto:mailscanner- >>>>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>>>> Sent: 18 April 2006 20:51 >>>>>>>> To: MailScanner discussion >>>>>>>> Subject: Changin MX machine to it's own, recommendations please... >>>>>>>> >>>>>>>> Hello.... >>>>>>>> >>>>>>>> I will be creating an MX(mailscanner Machine) all on its own >>>>>>>> to crunch >>>>>>>> away all those bad little emails... as the current MS is taking >>>>>>>> too >>>>>>>> >>>>>> much >>>>>> >>>>>>>> resources on my other machine.... >>>>>>>> >>>>>>>> So the question is, aside form OS which will be Debian and the >>>>>>>> hardware.... >>>>>>>> >>>>>>>> What setup should i do with respect to install MS and associated >>>>>>>> >>>>>> apps... >>>>>> >>>>>>>> Apt-get or source/compile/install... >>>>>>>> >>>>>>>> any other important things is should check out or know? >>>>>>>> >>>>>>>> Thanks too all.. >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Rob Morin >>>>>>>> Dido InterNet Inc. >>>>>>>> Montreal, Canada >>>>>>>> Http://www.dido.ca >>>>>>>> 514-990-4444 >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom >>>>>>> they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> ********************************************************************** >>>>> >>>>> >>>>> >>>> >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Apr 25 20:07:26 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 20:07:39 2006 Subject: Beta release 4.53.4 Message-ID: <444E736E.5010603@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released 4.53.4 beta. This includes - - Exim 4.61 support - - Gunzip and uncompress support for filename and filetype checking - - sa-update support including a cron job as well - - Denial-of-Service attack improvements and fixes - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRE5zcBH2WUcUFbZUEQJE8wCguj0NyJSnks8GeYXlIw4RKRdh/6EAn3sT ssWFgs08nzwJBsBaZNTP4D6w =JjDf -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From alex at nkpanama.com Tue Apr 25 20:07:36 2006 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 25 20:07:55 2006 Subject: queue.in winmail.dat In-Reply-To: <003b01c668b0$2400e8d0$140aa8c0@Note> References: <003b01c668b0$2400e8d0$140aa8c0@Note> Message-ID: <444E7378.4060802@nkpanama.com> Suporte escribi?: > If i go to /var/qmail/queue.in/mess and remove the file with > winail.dat inside, all the others files starting to delivery and > Mailscanner comes up again. > What's wrong? > You may be having a problem with the tnef expander. Check MailScanner.conf and read the comments regarding TNEF. You may also want to upgrade; new options are available that fix issues with "winmail.dat" files that (to my knowledge) other e-mail scanning solutions don't "fix". From MailScanner at ecs.soton.ac.uk Tue Apr 25 20:25:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 25 20:25:10 2006 Subject: queue.in winmail.dat In-Reply-To: <444E7378.4060802@nkpanama.com> References: <003b01c668b0$2400e8d0$140aa8c0@Note> <444E7378.4060802@nkpanama.com> Message-ID: <444E778C.2010103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: > Suporte escribi?: >> If i go to /var/qmail/queue.in/mess and remove the file with >> winail.dat inside, all the others files starting to delivery and >> Mailscanner comes up again. >> What's wrong? >> > You may be having a problem with the tnef expander. Check > MailScanner.conf and read the comments regarding TNEF. You may also > want to upgrade; new options are available that fix issues with > "winmail.dat" files that (to my knowledge) other e-mail scanning > solutions don't "fix". Yes, MailScanner will now add or replace the winmail.dat file with the files contained in it. That way none of your external customers get to see winmail.dat files they can't use, regardless of the configuration of your internal mail users. More happy customers ==> more profit ==> more money for donations to MailScanner :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRE53jRH2WUcUFbZUEQJ2nwCeNsRv+QzRH8LPCuXLC9tfJtUho1IAoPR5 yHxuznvOVjTEW7l3rOZ00rKk =iOr3 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From jrudd at ucsc.edu Tue Apr 25 21:36:51 2006 From: jrudd at ucsc.edu (John Rudd) Date: Tue Apr 25 21:34:55 2006 Subject: Stock image spam blocking In-Reply-To: <444E6BEE.7090904@evi-inc.com> References: <0588B0DA-82E3-4217-A19B-666F3DFFF500@uci.edu> <444E6BEE.7090904@evi-inc.com> Message-ID: <67649949ab7076239f54964d81083f92@ucsc.edu> On Apr 25, 2006, at 11:35, Matt Kettler wrote: > Derek Chee wrote: >> Hi, >> >> We've been getting bombarded recently with a lot of the embedded GIF >> image OTCBB stock, pump and dump spam. The one with the random >> subject, >> from and sender lines. >> >> Has anybody had any luck creating SpamAssassin rules that would help >> boost the score? Or better yet a good RBL that blocks them? For >> RBLs, >> we only run the Spamhaus lists. Being a university, we can't run a >> very >> aggressive RBL list as it would cause too many complaints about >> blocking >> legitimate email. >> > > the SARE stock ruleset helps here. As do hash-based tests like Razor > and DCC. As has been pointed out, the hash based tests aren't going to catch all image spam, because the spammers are smart enough to make small changes to images that aren't caught by the human eye, but which do produce unique hash results (meaning that they aren't caught by hash based systems). As I mentioned last week, someone over on the mimedefang list is working on a OCR perl module for feeding those images to, so that you can get a bunch of text. The suggestion on the list is to then attach that text to the message, so that when you feed it to Spam Assassin, it gets picked up by bayes (both for training and scoring). It might be a good thing to cross-pollenate into MailScanner. > Finally, many seem to be sent from DUL listed hosts. I recently took the stuff Steve Freegard posted to this list (under the topic about Greylisting) and converted it to code for use with MIMEDefang. It's doing a great job of catching all sorts of dynamic and dial-up type host names. Here's what he suggested, and my comments: > 1) Check the PTR record (no lookup required Sendmail already does > this). > - TEMPFAIL the connection if no record exists. > > 2) Check the A record for the hostname returned by the reverse lookup. > - (Optional), TEMPFAIL the connection if no record exists. I do both of these. _AND_ if the A record does exist, but doesn't match the relay's IP address, I give a permanent failure instead of a tempfail. > 3) Run a series of regexp tests against the hostname and REJECT the > message if any match: > - Hex encoded IP address appears within the hostname > - all IP octets appear within the hostname (fwd/rev) > - IP address without the .'s appears within the hostname (fwd/rev) > - Last two octets appears within the hostname (fwd/rev) > - Last octet appears within the hostname > - Hostname contains any of the following (.adsl. .dsl. .dip. .ddns.) The regex's I use here are: elsif ( ($hostname =~ /(catv|cable|dsl|adsl|dhcp|ddns)/ ) || ($hostname =~ /(dial-?up|dynamic|static|$e|$j)/ ) || ($hostname =~ /($a.?0*$b|$b.?0*$c|$c.?0*$d)/ ) || ($hostname =~ /($e.?0*$d|$d.?0*$c|$c.?0*$b)/ ) || ($hostname =~ /($f.?0*$g|$g.?0*$h|$h.?0*$i)/ ) || ($hostname =~ /($j.?0*$i|$i.?0*$h|$h.?0*$g)/ ) ) { ($a-$d are the dexicmal octets, $e is the entire IP address as a single decimal value, $f-$i are the hex octets, and $j is the entire IP address as a single hex value ... though, $j is technically redundant since it wont be distinct from $f$g$h$i, and all has been converted to lower case, including the hostname) So, I eliminated dip ... I was uncomfortable with it being too generic, and all of the hosts I saw that had it were caught by other parts of this (or by the greet_pause, or by having given me my own host name as their HELO string). Same with "if the last octet is in the hostname" -- it was identifying hosts that looked like they were non-dial-up/dynamic/end-user addresses (server-XX.someplace.com for example). So, my version of his #3 is: - all hostname checks for IP addrs are done in both decimal and hex - if any pair of octets is in the IP address, separated by any 1 character (or not), and including any leading zero padding (that I saw in some such hostnames), in forward or reverse order - if the entire hex IP address, or the total decimal value of the IP address appears - if the hostname contains catv cable dsl dhcp ddns dialup dial-up dynamic or static (I don't require the leading and trailing .'s). (and, yeah, in my regexp I put both dsl and adsl, even though dsl is sufficient, I did it just for mental completeness ... besides, they line up all pretty that way ... or mostly anyway). I do all of that in filter_sender, so it happens after SMTP-AUTH, so this check is after a check that basically says "don't worry about the DNS things if they did an SMTP-AUTH, or they come from one of my own IP addresses". The error I give for this case instructs the sender (assuming it bounces back to a human) to use their ISP's email server instead of connecting directly to ours. Since I started these checks, it has mostly impacted my mail flow by: greatly reducing the number of hosts caught by SBL and XBL (they're now being caught by these checks, which happen before the SBL and XBL checks (I use delaychecks)), and reducing the number of messages I am having to catch via spamassassin (which improves my system load by quite a bit). And, looking at the greet_pause results, it looks like 90% of those would be caught by the above rules as well. So, I may start to relax the greet_pause a little. If you want to see the full code, it's at http://www.rudd.cc/mimedefang-filter note: I use this at home, not yet at work, and I no longer use mailscanner at home; you could use them together ... if you did, I would modify filter_begin to remove the virus checking, and modify filter_end to remove the spamassassin stuff. From pete at enitech.com.au Wed Apr 26 00:39:58 2006 From: pete at enitech.com.au (Peter Russell) Date: Wed Apr 26 00:40:11 2006 Subject: Recommended SpamAssassin Rules (for RDJ) In-Reply-To: <444E4683.4070807@evi-inc.com> References: <01BCE961CD5E4146B83F920FC6A4F2351F7118@cmexchange01.CourtesyMortgage.local> <444E4683.4070807@evi-inc.com> Message-ID: <444EB34E.4070108@enitech.com.au> Matt Kettler wrote: > Jason Williams wrote: >> Just curious here, what rules people liked to use with SpamAssassin. I >> also use RDJ for SA. I rely on user tips to configure RDJ too and my trusted rulesets is; TRUSTED_RULESETS=" TRIPWIRE EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 SARE_ RANDOM RANDOMVAL SARE_ADULT SARE_BML SARE_URI0 SARE_URI_ENG SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER0 SARE_HEADER2 SARE_CODING SARE_SPECIFIC SARE_REDIRECT_POST300 SARE_GENLSUBJ SARE_UNSUB SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST SARE_WHITELIST_SPF SARE_WHITELIST_RCVD ZMI_GERMAN" From joerg.pichel at sdm.de Wed Apr 26 07:46:02 2006 From: joerg.pichel at sdm.de (joerg.pichel@sdm.de) Date: Wed Apr 26 07:46:09 2006 Subject: MailScanner 4.52.2 destroys exim 4.61 spool files Message-ID: <7503800E154BBA4F9A51B59ABA981A2002DDD93E@mucmail1.sdm.de> Your patch seems to work soundly. Our patched backup MX (for the spammers) has empty in- and out-queues what means that the spool file format was ok everytime. Today I will patch MailScanner on our master MX and upgrade it to exim 4.61. Joerg -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, April 25, 2006 8:41 PM To: MailScanner discussion Subject: Re: AW: MailScanner 4.52.2 destroys exim 4.61 spool files I have just released beta 4.53.4 which includes this patch. joerg.pichel@sdm.de wrote: > Well done! Until now six messages have been successfully transfered with patched MailScanner 4.52.2 and exim 4.61. > > I will raise the flag when there are any further format problems. > > From pravin.rane at gmail.com Wed Apr 26 07:47:50 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Wed Apr 26 07:47:53 2006 Subject: queue.in winmail.dat In-Reply-To: <444E778C.2010103@ecs.soton.ac.uk> References: <003b01c668b0$2400e8d0$140aa8c0@Note> <444E7378.4060802@nkpanama.com> <444E778C.2010103@ecs.soton.ac.uk> Message-ID: <13c021a90604252347p9bc3a59ofdb73ae7698cad52@mail.gmail.com> Rather than using Mailscanner internal tnef use the external one. It solved my problem Download TNEF from http://sourceforge.net/projects/tnef/ In Mailscanner conf file do following changes TNEF Expander = internal <- Remove this TNEF Expander = /usr/bin/tnef --maxsize=100000000 <- Use this Regards Pravin Rane On 4/26/06, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Alex Neuman wrote: > > Suporte escribi?: > >> If i go to /var/qmail/queue.in/mess and remove the file with > >> winail.dat inside, all the others files starting to delivery and > >> Mailscanner comes up again. > >> What's wrong? > >> > > You may be having a problem with the tnef expander. Check > > MailScanner.conf and read the comments regarding TNEF. You may also > > want to upgrade; new options are available that fix issues with > > "winmail.dat" files that (to my knowledge) other e-mail scanning > > solutions don't "fix". > Yes, MailScanner will now add or replace the winmail.dat file with the > files contained in it. That way none of your external customers get to > see winmail.dat files they can't use, regardless of the configuration of > your internal mail users. > > More happy customers ==> more profit ==> more money for donations to > MailScanner :-) > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRE53jRH2WUcUFbZUEQJ2nwCeNsRv+QzRH8LPCuXLC9tfJtUho1IAoPR5 > yHxuznvOVjTEW7l3rOZ00rKk > =iOr3 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060426/bb8b8e89/attachment.html From martinh at solid-state-logic.com Wed Apr 26 09:08:16 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 26 09:08:36 2006 Subject: Misdirected bounces In-Reply-To: Message-ID: <012c01c66908$946b1b60$3004010a@martinhlaptop> Theres a nice SA ruleset for this... http://www.timj.co.uk/linux/bogus-virus-warnings.cf BUT you'll need to turn a couple of these off by adding the following to spam.assassin.prefs.conf.. # stop MS based email systems getting nuked by the bogus virus warning rules.. score VIRUS_WARNING15 0 score VIRUS_WARNING28 0 score VIRUS_WARNING33 0 score VIRUS_WARNING62 0 score VIRUS_WARNING66 0 score VIRUS_WARNING226 0 score VIRUS_WARNING250 0 score VIRUS_WARNING300 0 score VIRUS_WARNING326 0 score VIRUS_WARNING339 0 score VIRUS_WARNING340 0 This is due to people who run v.old versions of MS that bounce viruses/spam by default... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Diego Fabara > Sent: 25 April 2006 16:15 > To: mailscanner@lists.mailscanner.info > Subject: Misdirected bounces > > How I can control the Misdirected bounces ?? > > > > > INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA > INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE > TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE > LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED > DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS > ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU > AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Jan-Peter.Koopmann at seceidos.de Wed Apr 26 09:09:38 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Apr 26 09:09:50 2006 Subject: FreeBSD Port 4.52.2_1 Message-ID: Hi, I just submitted a quick fix for 4.52.2. It incorporates Julians fix for Exim 4.61 (I just hope it does not introduce new problems) and contains fixes suggested by Lars Kristiansen (thanks again!). Hopefully it will be committed soon. Kind regards, JP From martinh at solid-state-logic.com Wed Apr 26 09:13:04 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 26 09:13:11 2006 Subject: Recommended SpamAssassin Rules (for RDJ) In-Reply-To: <01BCE961CD5E4146B83F920FC6A4F2351F7118@cmexchange01.CourtesyMortgage.local> Message-ID: <012d01c66909$3e733e80$3004010a@martinhlaptop> Jason There's a thing in the wiki about this.....nut basically I run all the ones listed in rulesemporium.com and a few others from James Grey... http://files.grayonline.id.au/ If you need the rulesdujour config for James's rules let me know off list.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jason Williams > Sent: 25 April 2006 16:39 > To: MailScanner discussion > Subject: Recommended SpamAssassin Rules (for RDJ) > > Just curious here, what rules people liked to use with SpamAssassin. I > also use RDJ for SA. > > Right now, im using: > > 70_sare_evilnum0 > 70_sare_random > 70_sare_stocks > 70_sare_unsub > > I know there are a lot more, but thought I'd ask here for a list of > recommendations, before I start downloading a bunch of rules. > > Just trying to make my Spam detection that much better. > > Thanks, > > Jason > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner , and is > believed to be clean. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Apr 26 09:57:54 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 26 09:58:21 2006 Subject: FreeBSD Port 4.52.2_1 In-Reply-To: Message-ID: <014101c6690f$83744960$3004010a@martinhlaptop> JP Wouldn't it have been to wait a week and do 4.53? Or are people complaining^Wrequesting Lars' fixes and the exim update? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter > Sent: 26 April 2006 09:10 > To: MailScanner discussion > Subject: FreeBSD Port 4.52.2_1 > > Hi, > > I just submitted a quick fix for 4.52.2. It incorporates Julians fix for > Exim 4.61 (I just hope it does not introduce new problems) and contains > fixes suggested by Lars Kristiansen (thanks again!). Hopefully it will be > committed soon. > > > Kind regards, > JP > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Cleveland at winnefox.org Wed Apr 26 13:21:02 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Apr 26 13:20:21 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> Hello, I'm running Mailscanner v.4.52.2 with postfix on a redhat 4.0 AS server. Yesterday, I got over 5000 bounce messages from the server, all messages trying to be send to a zipmail.com.br domain. In my logwatch message this morning, I noticed this: 120343658 bytes transferred 53041 messages sent 1 messages expired and returned to sender 5 resent messages 20271 messages removed from queue I checked my server here: http://www.abuse.net/relay.html and all tests for being an open relay were negative. Any ideas what may be wrong? - jody From csweeney at osubucks.org Wed Apr 26 13:38:51 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Wed Apr 26 13:37:21 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> Message-ID: <444F69DB.2000002@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How many messages do you send in a normal day? is 53041 messages sent NORMAL for you? It could be someone is forging email to look like it is coming from your domain and thats why you are getting all the bounce messages, or it that number is high, then someone is.... Jody Cleveland wrote: > Hello, > > I'm running Mailscanner v.4.52.2 with postfix on a redhat 4.0 AS server. > > Yesterday, I got over 5000 bounce messages from the server, all messages > trying to be send to a zipmail.com.br domain. In my logwatch message > this morning, I noticed this: > > 120343658 bytes transferred > 53041 messages sent > 1 messages expired and returned to sender > 5 resent messages > 20271 messages removed from queue > > I checked my server here: http://www.abuse.net/relay.html and all tests > for being an open relay were negative. > > Any ideas what may be wrong? > > - jody - -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFET2naS9AMNDUYgIcRAsEzAKDYr9ttQDiORNY7nPE4cwDKSlu6KQCeKam5 /zDwA1EDTD6sS5bS5+6Pajg= =jqwz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060426/feb2c134/attachment.html From csweeney at osubucks.org Wed Apr 26 13:43:23 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Wed Apr 26 13:41:51 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> Message-ID: <444F6AEB.1090403@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also is the domain you are talking about the winnefox.org domain you sent this message from? If so check out http://www.dnsreport.com/tools/dnsreport.ch?domain=winnefox.org you got a few things that need fixed. You also have not published an SPF record and that might help with some of your problems. www.openspf.org Jody Cleveland wrote: > Hello, > > I'm running Mailscanner v.4.52.2 with postfix on a redhat 4.0 AS server. > > Yesterday, I got over 5000 bounce messages from the server, all messages > trying to be send to a zipmail.com.br domain. In my logwatch message > this morning, I noticed this: > > 120343658 bytes transferred > 53041 messages sent > 1 messages expired and returned to sender > 5 resent messages > 20271 messages removed from queue > > I checked my server here: http://www.abuse.net/relay.html and all tests > for being an open relay were negative. > > Any ideas what may be wrong? > > - jody - -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFET2rqS9AMNDUYgIcRApn7AKCC4oGGdON0TyaJl72C7tsCoWbx9wCg1I7N Fn1bysLwka5YY38llIDnZv0= =L/aX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060426/ffd5394c/attachment.html From martinh at solid-state-logic.com Wed Apr 26 13:47:22 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 26 13:47:30 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> Message-ID: <001801c6692f$8fe00340$3004010a@martinhlaptop> Jody You sure they are actually from your server and not someone else's server bouncing back invalid email addresses to the alleged sender in a joe-job style thing. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jody Cleveland > Sent: 26 April 2006 13:21 > To: MailScanner discussion > Subject: Is someone spamming through me? > > Hello, > > I'm running Mailscanner v.4.52.2 with postfix on a redhat 4.0 AS server. > > Yesterday, I got over 5000 bounce messages from the server, all messages > trying to be send to a zipmail.com.br domain. In my logwatch message > this morning, I noticed this: > > 120343658 bytes transferred > 53041 messages sent > 1 messages expired and returned to sender > 5 resent messages > 20271 messages removed from queue > > I checked my server here: http://www.abuse.net/relay.html and all tests > for being an open relay were negative. > > Any ideas what may be wrong? > > - jody > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Cleveland at winnefox.org Wed Apr 26 13:59:36 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Apr 26 13:58:50 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356B81@magneto.wals.local> > How many messages do you send in a normal day? is > > 53041 messages sent NORMAL for you? > > It could be someone is forging email to look like it is coming from > your domain and thats why you are getting all the bounce messages, or > it that number is high, then someone is.... Normally, there are only 3000 to 6000 messages that come in. absolutely none are sent from that machine. It merely routes mail in so mailscanner can do it's thing, then gets moved on to the exchange server. - jody From rob at thehostmasters.com Wed Apr 26 14:04:44 2006 From: rob at thehostmasters.com (Rob Morin) Date: Wed Apr 26 14:04:49 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> Message-ID: <444F6FEC.1050803@thehostmasters.com> I have had this experience many times..... and it was always the same answer. An exploitable PHP script allows a bad person to spam via your server, the return address is your servers web user probably and that is probably aliased to you..... so you get all the bounces.... Its hard to fin these scripts... this is why in MS i make sure that i scan all outgoing mail too, especially from root or the web user... If you do a mailq, who are the emails from? nobody, www-data, apache? if so then its is a bad script of sorts that allows "\n or \r" in the input variables.... i suggest you use modsecurity for Apache... it will help, and make sure that your clients use Variable input validation! My 2 cents! Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Jody Cleveland wrote: > Hello, > > I'm running Mailscanner v.4.52.2 with postfix on a redhat 4.0 AS server. > > Yesterday, I got over 5000 bounce messages from the server, all messages > trying to be send to a zipmail.com.br domain. In my logwatch message > this morning, I noticed this: > > 120343658 bytes transferred > 53041 messages sent > 1 messages expired and returned to sender > 5 resent messages > 20271 messages removed from queue > > I checked my server here: http://www.abuse.net/relay.html and all tests > for being an open relay were negative. > > Any ideas what may be wrong? > > - jody > From Cleveland at winnefox.org Wed Apr 26 14:16:07 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Apr 26 14:15:40 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356B83@magneto.wals.local> Hello, > You sure they are actually from your server and not someone > else's server > bouncing back invalid email addresses to the alleged sender > in a joe-job > style thing. How do I check if that's the case? I looked at the maillog, and see a lot of these: Apr 23 08:25:50 mystique postfix/qmgr[2324]: 964A8839FDA: to=, relay=none, delay=104247, status=deferred (delivery temporarily suspended: connect to smtp.zipmail.com.br[200.221.11.147]: server dropped connection without sending the initial SMTP greeting) - jody From diego.fabara at alegropcs.com Wed Apr 26 14:00:15 2006 From: diego.fabara at alegropcs.com (Diego Fabara) Date: Wed Apr 26 14:17:00 2006 Subject: a lot of mails Message-ID: How can I to control the in/out emails per minute ?? I have aleatory times between 1500 and 5000 or more emails (in/out) in short times period in one day. This could be cause make that my sever is listed in RBLs Is possible control this ?? INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS. From Jan-Peter.Koopmann at seceidos.de Wed Apr 26 14:17:00 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Apr 26 14:17:17 2006 Subject: FreeBSD Port 4.52.2_1 Message-ID: On Wednesday, April 26, 2006 10:58 AM Martin Hepworth wrote: > JP > > Wouldn't it have been to wait a week and do 4.53? > > Or are people complaining^Wrequesting Lars' fixes and the exim update? Lars' fixes: Not really yet. Exim: Yes. :-) If people do portupgrades they suddenly have a non-working system. It was not really that much work and is already in the process of being committed. Mit freundlichen Gr??en Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Gesch?ftsf?hrer -- Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 http://www.seceidos.de | SIP: 43@voip.seceidos.de -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060426/414df9a3/smime.bin From martinh at solid-state-logic.com Wed Apr 26 14:24:10 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 26 14:24:18 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B83@magneto.wals.local> Message-ID: <001c01c66934$b43bed80$3004010a@martinhlaptop> Jody Have a look at the headers for where the actual email initially came from - if you've got MailWatch then it's easy, if not you'll have a trap a spool file and look at that. Of if you've got an actual example that got delivered. As someone else said could be an exploitable php or application hole, I've had this with awstats.pl before and php code. But first of all you need to figure out which machine is really generating these emails. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jody Cleveland > Sent: 26 April 2006 14:16 > To: MailScanner discussion > Subject: RE: Is someone spamming through me? > > Hello, > > > You sure they are actually from your server and not someone > > else's server > > bouncing back invalid email addresses to the alleged sender > > in a joe-job > > style thing. > > How do I check if that's the case? I looked at the maillog, and see a > lot of these: > > Apr 23 08:25:50 mystique postfix/qmgr[2324]: 964A8839FDA: > to=, relay=none, delay=104247, status=deferred > (delivery temporarily suspended: connect to > smtp.zipmail.com.br[200.221.11.147]: server dropped connection without > sending the initial SMTP greeting) > > - jody > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Cleveland at winnefox.org Wed Apr 26 14:25:22 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Apr 26 14:24:35 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356B92@magneto.wals.local> Hello, > I have had this experience many times..... and it was always the same > answer. An exploitable PHP script allows a bad person to > spam via your server, the return address is your servers web user probably > and that is probably aliased to you..... so you get all the bounces.... I have it setup that I get server messages, so that's why I get those. Now, is this most likely a webform I have on that server that people are using? Is there a way to test those forms? > Its hard to fin these scripts... this is why in MS i make sure that i > scan all outgoing mail too, especially from root or the web user... That sounds like a good idea. What do I need to do to my existing setup to get MS to scan outgoing mail? As far as this problem, what will that do to help me? Does it prevent messages like that from going out? > If you do a mailq, who are the emails from? nobody, www-data, > apache? if so then its is a bad script of sorts that allows "\n or \r" > in the input variables.... Unfortunately, there aren't any there right now. But, yesterday I cleared out the que and looked at the headers. They all said they were coming from a hotmail address. - jody From martinh at solid-state-logic.com Wed Apr 26 14:26:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 26 14:26:34 2006 Subject: a lot of mails In-Reply-To: Message-ID: <001d01c66935$01819310$3004010a@martinhlaptop> Diego Depends on the MTA.....MailScanner does no delivery of email... You'd only get listed in RBL's if the email was spam... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Diego Fabara > Sent: 26 April 2006 14:00 > To: mailscanner@lists.mailscanner.info > Subject: a lot of mails > > > How can I to control the in/out emails per minute ?? > I have aleatory times between 1500 and 5000 or more emails (in/out) in > short times period in one day. This could be cause make that my sever is > listed in RBLs Is possible control this ?? > > > > INFORMACION CONFIDENCIAL: SE PROHIBE LA DIFUSION O PUBLICACION DE ESTA > INFORMACION A TERCEROS SIN LA AUTORIZACION EXPRESA Y POR ESCRITO DE > TELECSA. ESTA INFORMACION DEBE SER GUARDADA CON SEGURIDADES CUANDO NO SE > LA ESTE UTILIZANDO. SI USTED NO ES EL DESTINATARIO DE ESTE EMAIL, USTED > DEBERA DEVOLVERLO AL EMISOR Y NO PODRA LEER, COPIAR O DISTRIBUIR SUS > ANEXOS. CUALQUIER OPINION EXPRESADA EN ESTE MENSAJE, CORRESPONDE A SU > AUTOR Y NO NECESARIAMENTE A TELECSA-ALEGRO PCS. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From csweeney at osubucks.org Wed Apr 26 14:30:53 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Wed Apr 26 14:29:22 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B81@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356B81@magneto.wals.local> Message-ID: <444F760D.70607@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Looking at your DNS record you have 3 MX servers. What server is this you posted the log snip from? Jody Cleveland wrote: >> How many messages do you send in a normal day? is >> >> 53041 messages sent NORMAL for you? >> >> It could be someone is forging email to look like it is coming from >> your domain and thats why you are getting all the bounce messages, or >> it that number is high, then someone is.... > > Normally, there are only 3000 to 6000 messages that come in. absolutely > none are sent from that machine. It merely routes mail in so mailscanner > can do it's thing, then gets moved on to the exchange server. > > - jody - -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFET3YNS9AMNDUYgIcRAlRpAKDgxjvPtMzJ/ZuYBoXUAONpySso7ACgu7EC 3YonMOMDhMMf3D4A+jPyQNI= =bQSh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060426/ad3247e9/attachment.html From Cleveland at winnefox.org Wed Apr 26 14:43:02 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Apr 26 14:42:11 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356B97@magneto.wals.local> > Unfortunately, there aren't any there right now. But, yesterday I > cleared out the que and looked at the headers. They all said they were > coming from a hotmail address. I stand corrected. They are coming from apache@mystique.winnefox.org. From Cleveland at winnefox.org Wed Apr 26 14:54:12 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Apr 26 14:53:21 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356B9D@magneto.wals.local> > Looking at your DNS record you have 3 MX servers. What server is this > you posted the log snip from? This is mystique. It's mainly a fall back if there's a problem with the main one. Mail goes to destiny, mailscanner does it's thing, then forwards it on to the exchange server. This one's there in case there's a problem with destiny. - jody From csweeney at osubucks.org Wed Apr 26 15:00:28 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Wed Apr 26 14:59:04 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B97@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356B97@magneto.wals.local> Message-ID: <444F7CFC.7000702@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OK first problem I see if you are running a development version of Squirrel Mail on that machine that has known security holes. I would recommend you downgrade to the latest stable version, or if you want to run development version's then you need to keep up daily on updates that address issues with it. 1.5.1 was released back in Feb 19, 2006 so you are behind. The latest stable release is 1.4.6...I would personally go this way on a public machine. Also this may not be the only problem, what else is running on that machine? Are there forums or forms?? Chris Jody Cleveland wrote: >> Unfortunately, there aren't any there right now. But, yesterday I >> cleared out the que and looked at the headers. They all said >> they were coming from a hotmail address. > > I stand corrected. They are coming from > apache@mystique.winnefox.org. - -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFET3z8S9AMNDUYgIcRAkmzAJ9kJaFQoYvuDar9bRS2aF9ytpvv3gCg8BC7 h0G7Jy00gjopnoMTatd1Srg= =/gR6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060426/744e7d39/attachment.html From martinh at solid-state-logic.com Wed Apr 26 15:00:37 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Apr 26 15:00:47 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B97@magneto.wals.local> Message-ID: <003901c66939$cbcc1600$3004010a@martinhlaptop> Jody Yeah - someones exploiting a hole on the web server...could be perl, could be php....could be a real problem to identify...;-( Are all these scripts etc under you control or a customers.... If it's your control, I'd recommend you upgrade all the programs that the webserver is running...all the php based programs, all the perl based stuff.. If you can identify when this started you may be able to spot what program they are calling through the website by looking at the apache logs at that time. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jody Cleveland > Sent: 26 April 2006 14:43 > To: MailScanner discussion > Subject: RE: Is someone spamming through me? > > > Unfortunately, there aren't any there right now. But, yesterday I > > cleared out the que and looked at the headers. They all said they were > > coming from a hotmail address. > > I stand corrected. They are coming from apache@mystique.winnefox.org. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Cleveland at winnefox.org Wed Apr 26 15:01:40 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Apr 26 15:00:52 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356BA4@magneto.wals.local> > Have a look at the headers for where the actual email > initially came from - if you've got MailWatch then it's easy, if not you'll have a > trap a spool file and look at that. It looks like it's coming from apache. > As someone else said could be an exploitable php or > application hole, I've had this with awstats.pl before and php code. Is there anything I can test for to try to determine which application or php is the offender? - jody From campbell at cnpapers.com Wed Apr 26 15:25:12 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Apr 26 15:25:36 2006 Subject: Is someone spamming through me? References: <9720CA43F755A148BF65B6618B90CB94356BA4@magneto.wals.local> Message-ID: <009901c6693d$3d5e4e70$0705000a@DDF5DW71> ----- Original Message ----- From: "Jody Cleveland" To: "MailScanner discussion" Sent: Wednesday, April 26, 2006 10:01 AM Subject: RE: Is someone spamming through me? >> Have a look at the headers for where the actual email >> initially came from - if you've got MailWatch then it's easy, if not > you'll have a >> trap a spool file and look at that. > > It looks like it's coming from apache. > >> As someone else said could be an exploitable php or >> application hole, I've had this with awstats.pl before and php code. > > Is there anything I can test for to try to determine which application > or php is the offender? > You aren't using one of the versions of formmail.php are you? This had a bunch of holes in it at one time, and as I recall, the cgi version was recommended as a replacement (or vice-versa). If you are, there is supposed to be a PHP script that is better, although I haven't used it yet at http://www.leveltendesign.com/L10Apps/Fm/index.php Steve Campbell campbell@cnpapers.com Charleston Newspapers > - jody > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Denis.Beauchemin at USherbrooke.ca Wed Apr 26 15:27:51 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Apr 26 15:28:13 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356BA4@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356BA4@magneto.wals.local> Message-ID: <444F8367.6000401@USherbrooke.ca> Jody Cleveland a ?crit : > Is there anything I can test for to try to determine which application > or php is the offender? > > Jody, There must be a log about the email being sent even though it was not scanned by MS. I would have a look at Apache's log at the time the email was sent. If you're lucky you will see what page was fetched at that moment. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060426/a666c6d1/smime.bin From miguelk at konsultex.com.br Wed Apr 26 15:41:04 2006 From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy) Date: Wed Apr 26 15:38:38 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356B71@magneto.wals.local> Message-ID: <444F8680.1040406@konsultex.com.br> Jody; You could check to see if by any chance your web server is working as a proxy. I had this problem 2 years ago. The problem was an unneeded "ProxyPass on"directive in httpd.conf Miguel Jody Cleveland wrote: >Hello, > >I'm running Mailscanner v.4.52.2 with postfix on a redhat 4.0 AS server. > >Yesterday, I got over 5000 bounce messages from the server, all messages >trying to be send to a zipmail.com.br domain. In my logwatch message >this morning, I noticed this: > > 120343658 bytes transferred > 53041 messages sent > 1 messages expired and returned to sender > 5 resent messages > 20271 messages removed from queue > >I checked my server here: http://www.abuse.net/relay.html and all tests >for being an open relay were negative. > >Any ideas what may be wrong? > >- jody > > -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. From Cleveland at winnefox.org Wed Apr 26 16:18:52 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Apr 26 16:18:03 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356BCA@magneto.wals.local> > You aren't using one of the versions of formmail.php are you? > This had a bunch of holes in it at one time, and as I recall, the cgi > version was recommended as a replacement (or vice-versa). > > If you are, there is supposed to be a PHP script that is > better, although I haven't used it yet at > > http://www.leveltendesign.com/L10Apps/Fm/index.php Aha! I am using an older version of that script from 1999. not sure if that's the culprit or not, but I'll definitely update that. Thanks for the tip! - jody From MailScanner at ecs.soton.ac.uk Wed Apr 26 17:31:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 26 17:31:14 2006 Subject: Less string phishing net? Message-ID: <8256CF73-55E8-4AFF-9581-57379C808F71@ecs.soton.ac.uk> Is anyone out there using my new less-strict phishing net? I would very much like to hear some feedback about it. Thanks, Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Marc.Dufresne at parks.on.ca Wed Apr 26 13:04:33 2006 From: Marc.Dufresne at parks.on.ca (Marc Dufresne) Date: Wed Apr 26 17:33:33 2006 Subject: mailscanner-4.50-15_1. blocking hotmail domain Message-ID: Sorry I haven't responded. I noticed freebsd has the newer mailscanner port. Will try that this weekend. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> martinh@solid-state-logic.com 4/20/2006 12:24:16 PM >>> Marc What have you got for the "Use TNEF Contents" - if hotmail are sending RFT rubbish then I remember 4.50 have fun with this... What happens if you go to 4.52.2? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marc Dufresne > Sent: 20 April 2006 17:05 > To: michele@blacknight.ie; MailScanner discussion > Subject: Re: mailscanner-4.50-15_1. blocking hotmail domain > > This started happening only when I upgraded to 4.50-15_1. > > I tested e-mail connectivity from my own hotmail account. When I issue > tail -f /var/log/maillog I see my e-mail coming in, but it is just > queued by mailscanner, its never sent to the intended recipient(which is > me). > > If I disable mailscanner and only allow sendmail to process inbound > mail, I recevie the e-mail. As soon as I enable mailscanner, hotmail > e-mails are just queued and not delivered. > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> michele@blacknight.ie 4/19/2006 8:01 PM >>> > Marc Dufresne wrote: > > > Why has this changed? I never had to add this before? > > > > > > Whitelisting hotmail.com is _not_ a good a idea, as you will be > flooded > with junk. > > If legitimate mail from hotmail.com addresses is being blocked you > need > to know why. Whitelisting is not the solution :) > > What do your logs say? > > Michele > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:Marc Dufresne TEL;WORK:613-543-3704 ORG:;Information Technology TEL;PREF;FAX:613-543-2847 EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca N:Dufresne;Marc TITLE:Corporate IT Officer END:VCARD From MailScanner at ecs.soton.ac.uk Wed Apr 26 19:14:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 26 19:14:57 2006 Subject: Less strict phishing net? In-Reply-To: <8256CF73-55E8-4AFF-9581-57379C808F71@ecs.soton.ac.uk> References: <8256CF73-55E8-4AFF-9581-57379C808F71@ecs.soton.ac.uk> Message-ID: <444FB896.5080809@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry, brain fart. Should of course been Less "strict", not sure where "string" came from... Julian Field wrote: > Is anyone out there using my new less-strict phishing net? > I would very much like to hear some feedback about it. > > Thanks, > Jules. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRE+4lxH2WUcUFbZUEQIo2wCfQLvt4zd20wk5LkqWM3z2CgOJVhcAoLgh WXMJWHJWcrqyrh219o261mLN =BaPs -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at yeticomputers.com Wed Apr 26 19:50:59 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Wed Apr 26 19:51:08 2006 Subject: Less strict phishing net? In-Reply-To: <444FB896.5080809@ecs.soton.ac.uk> References: <8256CF73-55E8-4AFF-9581-57379C808F71@ecs.soton.ac.uk> <444FB896.5080809@ecs.soton.ac.uk> Message-ID: <444FC113.5030509@yeticomputers.com> I'm using it, and it's done a great job reducing false positives. I've not had a single complaint since I enabled the feature. My traffic is quite low by some people's standards (about 30,000 processed mails per month with about 10 times that rejected at the MTA level) but so far, so good. Rick Julian Field wrote: > Sorry, brain fart. Should of course been Less "strict", not sure where > "string" came from... > > Julian Field wrote: > > >Is anyone out there using my new less-strict phishing net? > >I would very much like to hear some feedback about it. > > >Thanks, > >Jules. > > From neb9002 at gmail.com Wed Apr 26 22:57:05 2006 From: neb9002 at gmail.com (Harris S) Date: Wed Apr 26 22:57:08 2006 Subject: Recursive archive attachment expansion and filetype/name checks Message-ID: <4fac50550604261457o4f695d8dt6dbd0bf2b866dc66@mail.gmail.com> Hello, Julian!, First of all, let me apologise for not getting back earlier on, but going live with a brand new platfrom (OpenBSD 3.8, MS 4.52.2 - managed by daemontools, djbDNS, SPamassassin 3.0.4-OBSDpkg, ClamAV 0.88.1-OBSDpkg) is always something that needs planning and attention to detail prior to and especially after the first few moments of deployment to live. Been busy to say the least... First indications are good. Flawless operation and good performance! A couple of observations though a) During the first few messages, every child uses considerable processing power (~60-65% on P4 Xeon 3.06Mhz) which subsequently calms down and works like a charm with minimum processor usage. I suppose it is a result of runtime compilation of perl modules which then stay cached for the lifetime of the child process (???). b) On OpenBSD with the OpenBSD 3.8 ClamAV 0.88.1 "package", the clamavmodule did not compile/execute despite my efforts. I will have to check it out later on. I am currently running with just clamav and I have to admit that it is heavy on the processors and slow in invocation. Has anybody succeeded with a similar config? I will try and publish a guide for OpenBSD as I have not seen one lying around... Back to your replies though... Glad to hear there is a new version out but unfortunately did not have time to switch and test. Otherwise, I submitted the alterations I did, for you to have a look, just in case I was doing something insane! I know that the code has a number of "issues" (e.g. forced decompressed filename to avoid sanitisation) and by no means it compares to the elegant and careful approach which you seem to adopt (e.g. cleaning up potentially doggy filenames :-) ) However, although I do respect your comments about "popularity" of exploits, I have to admit that when you look at it from a policy point of view, statistics sometimes are not relevant. In the environment I work, we are opting to enforce policies that are designed to address existing and future vectors of attack. It has paid off many times. Frequently commercial programs cannot satisfy this kind of logic either :-). All in all, Excellent work! Regards, Haris P.S> I believe that the last of the filename rules in "filename.rules.conf", designed to catch double extensions needs a fix. It should read "...\s+.." as opposed to "...\s*..." which in error intercepts files with double extensions like MyWordDocument.XYZ.doc - where XYZ is a version number.... From MailScanner at ecs.soton.ac.uk Thu Apr 27 08:50:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 08:51:01 2006 Subject: Recursive archive attachment expansion and filetype/name checks In-Reply-To: <4fac50550604261457o4f695d8dt6dbd0bf2b866dc66@mail.gmail.com> References: <4fac50550604261457o4f695d8dt6dbd0bf2b866dc66@mail.gmail.com> Message-ID: On 26 Apr 2006, at 22:57, Harris S wrote: > Hello, Julian!, > > First of all, let me apologise for not getting back earlier on, but > going live with a brand new platfrom (OpenBSD 3.8, MS 4.52.2 - managed > by daemontools, djbDNS, SPamassassin 3.0.4-OBSDpkg, ClamAV > 0.88.1-OBSDpkg) is always something that needs planning and attention > to detail prior to and especially after the first few moments of > deployment to live. Been busy to say the least... > > First indications are good. Flawless operation and good performance! > > A couple of observations though > > a) During the first few messages, every child uses considerable > processing power (~60-65% on P4 Xeon 3.06Mhz) which subsequently calms > down and works like a charm with minimum processor usage. I suppose it > is a result of runtime compilation of perl modules which then stay > cached for the lifetime of the child process (???). I think that's probably it, yes. > b) On OpenBSD with the OpenBSD 3.8 ClamAV 0.88.1 "package", the > clamavmodule did not compile/execute despite my efforts. I will have > to check it out later on. I am currently running with just clamav and > I have to admit that it is heavy on the processors and slow in > invocation. Has anybody succeeded with a similar config? > > I will try and publish a guide for OpenBSD as I have not seen one > lying around... > > Back to your replies though... > > Glad to hear there is a new version out but unfortunately did not have > time to switch and test. > > Otherwise, I submitted the alterations I did, for you to have a look, > just in case I was doing something insane! I know that the code has a > number of "issues" (e.g. forced decompressed filename to avoid > sanitisation) and by no means it compares to the elegant and careful > approach which you seem to adopt (e.g. cleaning up potentially doggy > filenames :-) ) > > However, although I do respect your comments about "popularity" of > exploits, I have to admit that when you look at it from a policy point > of view, statistics sometimes are not relevant. > > In the environment I work, we are opting to enforce policies that are > designed to address existing and future vectors of attack. It has paid > off many times. > Frequently commercial programs cannot satisfy this kind of logic > either :-). > > All in all, Excellent work! Thankyou! > P.S> I believe that the last of the filename rules in > "filename.rules.conf", designed to catch double extensions needs a > fix. It should read "...\s+.." as opposed to "...\s*..." which in > error intercepts files with double extensions like > MyWordDocument.XYZ.doc - where XYZ is a version number.... It is exactly as I intended it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu Apr 27 13:32:38 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 27 13:32:36 2006 Subject: Feature Request: MailScannerWebBug Message-ID: I noticed that I get lots of errors "File does not exist: /squirrelmail-1.4.0/src/MailScannerWebBug" and some such when people read mail via webmail. The term "MailScannerWebBug" is obviously what gets replaced for webbugs. I would like to have this configurable. Not sure exactly, how. Maybe: - remove the tag at all - leave the source blank or with # - replace with a URL Also, the detection seems to be a bit "dumb". It triggers on every 0 or 1 pixel gif, no matter if it's a webbug or not. F.i. it triggers on: http://anon.doubleclick.edgesuite.net/anon.dleclick/cms/EMEA/Palm/295666/N ew/magic.gif http://www.visualit.co.uk:81/OT000cGFsbUBhbmFlc3RoZXNpZS5uZXQA.GIF http://ems6.net/r/?E=XTC-V1N-FQU8O-DD-GU8KF-2 http://www.enews.nu/cp/0406-2/images/spacer.gif http://www.paypal.com/images/pixel.gif The last two clearly are not web bugs, but spacer.gifs. So, if someone is reading these in html the layout may be garbled. A check might be advisable here (not for 0 pixel images, of course). Not sure, what to check, though. Maybe always leave alone things like "pixel" and "spacer"? (= have a positive list) The identification strings vary from digits to letters and if they are mostly letters I don't see a way to distinguish them from normal names. - Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Thu Apr 27 13:55:56 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 27 13:56:12 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: References: Message-ID: <223f97700604270555v5be22f01la8a9a6428ea6d363@mail.gmail.com> On 27/04/06, Kai Schaetzl wrote: > I noticed that I get lots of errors "File does not exist: > /squirrelmail-1.4.0/src/MailScannerWebBug" and some such when people read > mail via webmail. The term "MailScannerWebBug" is obviously what gets > replaced for webbugs. I would like to have this configurable. Not sure > exactly, how. Maybe: > - remove the tag at all > - leave the source blank or with # > - replace with a URL > > Also, the detection seems to be a bit "dumb". It triggers on every 0 or 1 > pixel gif, no matter if it's a webbug or not. F.i. it triggers on: > http://anon.doubleclick.edgesuite.net/anon.dleclick/cms/EMEA/Palm/295666/N > ew/magic.gif > http://www.visualit.co.uk:81/OT000cGFsbUBhbmFlc3RoZXNpZS5uZXQA.GIF > http://ems6.net/r/?E=XTC-V1N-FQU8O-DD-GU8KF-2 > http://www.enews.nu/cp/0406-2/images/spacer.gif > http://www.paypal.com/images/pixel.gif > > The last two clearly are not web bugs, but spacer.gifs. So, if someone is > reading these in html the layout may be garbled. A check might be > advisable here (not for 0 pixel images, of course). Not sure, what to > check, though. Maybe always leave alone things like "pixel" and "spacer"? > (= have a positive list) The identification strings vary from digits to > letters and if they are mostly letters I don't see a way to distinguish > them from normal names. > Really? The only thing differentiating them are the name. They're (for all intents and purposes) web bugs, and should be squashed. Opening a possible avenue for these critters to bypass the (then perceived, but not received) security check would be, to say the least, horrible. If they care about placement.... well send it in a PDF then. Or use embedded CSS. One may take a more ironic/sarcastic approach: If they're dumb enough to use spacer gifs, they get what they deserve.... Spacer gifs should be in space along with all the other spacers, not in HTML-encoded emails:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gborders at jlewiscooper.com Thu Apr 27 14:04:15 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Apr 27 14:02:23 2006 Subject: Stock image spam blocking In-Reply-To: <67649949ab7076239f54964d81083f92@ucsc.edu> References: <0588B0DA-82E3-4217-A19B-666F3DFFF500@uci.edu> <444E6BEE.7090904@evi-inc.com> <67649949ab7076239f54964d81083f92@ucsc.edu> Message-ID: <4450C14F.20809@jlewiscooper.com> John Rudd wrote: > > On Apr 25, 2006, at 11:35, Matt Kettler wrote: > >> Derek Chee wrote: >>> Hi, >>> >>> We've been getting bombarded recently with a lot of the embedded GIF >>> image OTCBB stock, pump and dump spam. The one with the random >>> subject, >>> from and sender lines. >>> >>> Has anybody had any luck creating SpamAssassin rules that would help >>> boost the score? Or better yet a good RBL that blocks them? For RBLs, >>> we only run the Spamhaus lists. Being a university, we can't run a >>> very >>> aggressive RBL list as it would cause too many complaints about >>> blocking >>> legitimate email. >>> >> >> the SARE stock ruleset helps here. As do hash-based tests like Razor >> and DCC. > > As has been pointed out, the hash based tests aren't going to catch > all image spam, because the spammers are smart enough to make small > changes to images that aren't caught by the human eye, but which do > produce unique hash results (meaning that they aren't caught by hash > based systems). As I mentioned last week, someone over on the > mimedefang list is working on a OCR perl module for feeding those > images to, so that you can get a bunch of text. The suggestion on the > list is to then attach that text to the message, so that when you feed > it to Spam Assassin, it gets picked up by bayes (both for training and > scoring). Here's a thought, how about using the identify command from the ImageMagick package. (http://www.magickwand.org/) With the the -verbose option, it gives back a lot of info on the image, including a "signature" string that could be used to feed SA. Here's a sample output of a random image I have handy: [user@develop]# identify -verbose gb.jpg Image: gb.jpg Format: JPEG (Joint Photographic Experts Group JFIF format) Geometry: 2550x4200 Class: DirectClass Type: TrueColor Endianess: Undefined Colorspace: RGB Channel depth: Red: 8-bits Green: 8-bits Blue: 8-bits Channel statistics: Red: Min: 92 (0.360784) Max: 255 (1) Mean: 241.566 (0.947317) Standard deviation: 17.3827 (0.0681675) Green: Min: 84 (0.329412) Max: 255 (1) Mean: 239.353 (0.93864) Standard deviation: 19.6521 (0.0770672) Blue: Min: 81 (0.317647) Max: 255 (1) Mean: 234.329 (0.918937) Standard deviation: 20.5236 (0.0804845) Colors: 13126 Rendering-intent: Undefined Resolution: 300x300 Units: PixelsPerInch Filesize: 436kb Interlace: None Background Color: white Border Color: #DFDFDF Matte Color: grey74 Dispose: Undefined Iterations: 0 Compression: JPEG Quality: 32 Orientation: Undefined Comment: LEAD Technologies Inc. V1.01 JPEG-Colorspace: 2 JPEG-Sampling-factors: 1x1,1x1,1x1 Signature: 3fb7fe8ae960ad9879b90c25bc88da1f5c76e51937fc407437bc8549e37f605f Tainted: False User Time: 5.340u Elapsed Time: 0:06 Pixels per second: 2.0mb Version: ImageMagick 6.2.5 02/13/06 Q16 file:/usr/share/ImageMagick-6.2.5/doc/index.html -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060427/1872a80e/attachment.html From mrm at medicine.wisc.edu Thu Apr 27 14:30:07 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Thu Apr 27 14:31:02 2006 Subject: Do some spammers ignore MX ptrs? Message-ID: I'm offloading just Mailscanner services from an overloaded email store machine to a new machine and am doing so by pointing the MX record for the domain to the new machine. The A ptr still points to the old system so that none of the other services this machine provides get interupted. All legitimate email and most spam is going to the new system like it's supposed to and it then gets relayed to the old store machine, but I'm noticing quite a bit of spam is still being sent directly to the old system. Does some spam software ignore the MX ptr and go to the A ptr instead, or is this more likely to be a DNS cache issue on the sending systems that will hopefully clear itself out over a few days? Mike From jethro.binks at strath.ac.uk Thu Apr 27 14:43:57 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu Apr 27 14:43:59 2006 Subject: Do some spammers ignore MX ptrs? In-Reply-To: References: Message-ID: <20060427144157.J49619@defjam.cc.strath.ac.uk> On Thu, 27 Apr 2006, Michael Masse wrote: > I'm offloading just Mailscanner services from an overloaded email store > machine to a new machine and am doing so by pointing the MX record for > the domain to the new machine. The A ptr still points to the old system > so that none of the other services this machine provides get interupted. > All legitimate email and most spam is going to the new system like it's > supposed to and it then gets relayed to the old store machine, but I'm > noticing quite a bit of spam is still being sent directly to the old > system. Does some spam software ignore the MX ptr and go to the A ptr > instead, or is this more likely to be a DNS cache issue on the sending > systems that will hopefully clear itself out over a few days? Both. Don't run an SMTP listener on the machine bound to that IP address if you don't want it to receive mail, or limit who can talk to it by means of firewalls/MTA restrictions/etc. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From drew at themarshalls.co.uk Thu Apr 27 14:51:22 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Apr 27 14:51:35 2006 Subject: Do some spammers ignore MX ptrs? In-Reply-To: References: Message-ID: <44978.194.70.180.170.1146145882.squirrel@webmail.r-bit.net> On Thu, April 27, 2006 14:30, Michael Masse wrote: > I'm offloading just Mailscanner services from an overloaded email store > machine to a new machine and am doing so by pointing the MX record for > the domain to the new machine. The A ptr still points to the old > system so that none of the other services this machine provides get > interupted. All legitimate email and most spam is going to the new > system like it's supposed to and it then gets relayed to the old store > machine, but I'm noticing quite a bit of spam is still being sent > directly to the old system. Does some spam software ignore the MX > ptr and go to the A ptr instead, or is this more likely to be a DNS > cache issue on the sending systems that will hopefully clear itself out > over a few days? I would suggest some and some. Once a Spammer has found your machine, they are likely to keep sending to it. Your best bet would be firewall port 25 to the old machine for everything except the new machine's IP address. That will stop them and ensure that you can safely remove/ disable MailScanner from the old machine as all your mail will have to go via the new one. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From brent.bolin at gmail.com Thu Apr 27 15:16:56 2006 From: brent.bolin at gmail.com (BB) Date: Thu Apr 27 15:17:13 2006 Subject: Do some spammers ignore MX ptrs? In-Reply-To: References: Message-ID: <787dcac20604270716r767dd18ew6e7b03b11923964b@mail.gmail.com> I think some do. I have a secondary MX record for a domain hosted by my ISP. Legitimate traffic really should never be delivered to this server when the primary waited zero server is up. Looks to me all mail coming from this secondary is spam. Think the spammers hope the backup relay does not filter for spam, which appears to be true. And then the primary accepts all from the secondary. I blacklist all mail from this secondary. Been doing this for three years without any problems. Your issue might also be related to DNS. On 4/27/06, Michael Masse wrote: > > I'm offloading just Mailscanner services from an overloaded email store > machine to a new machine and am doing so by pointing the MX record for > the domain to the new machine. The A ptr still points to the old > system so that none of the other services this machine provides get > interupted. All legitimate email and most spam is going to the new > system like it's supposed to and it then gets relayed to the old store > machine, but I'm noticing quite a bit of spam is still being sent > directly to the old system. Does some spam software ignore the MX > ptr and go to the A ptr instead, or is this more likely to be a DNS > cache issue on the sending systems that will hopefully clear itself out > over a few days? > > Mike > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060427/5c9d1dfb/attachment.html From csweeney at osubucks.org Thu Apr 27 15:22:15 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Thu Apr 27 15:20:48 2006 Subject: Do some spammers ignore MX ptrs? In-Reply-To: <787dcac20604270716r767dd18ew6e7b03b11923964b@mail.gmail.com> References: <787dcac20604270716r767dd18ew6e7b03b11923964b@mail.gmail.com> Message-ID: <4450D397.1020404@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why have a secondary of you are going to just blacklist everything from it? Why not save the power and just have one MX then? BB wrote: > I think some do. I have a secondary MX record for a domain hosted > by my ISP. Legitimate traffic really should never be delivered to > this server when the primary waited zero server is up. > > Looks to me all mail coming from this secondary is spam. Think the > spammers hope the backup relay does not filter for spam, which > appears to be true. And then the primary accepts all from the > secondary. > > I blacklist all mail from this secondary. > > Been doing this for three years without any problems. > > Your issue might also be related to DNS. > > On 4/27/06, * Michael Masse* > wrote: > > I'm offloading just Mailscanner services from an overloaded > email store > machine to a new machine and am doing so by pointing the MX > record for > the domain to the new machine. The A ptr still points to the old > system so that none of the other services this machine provides get > interupted. All legitimate email and most spam is going to > the new > system like it's supposed to and it then gets relayed to the old > store > machine, but I'm noticing quite a bit of spam is still being sent > directly to the old system. Does some spam software ignore > the MX > ptr and go to the A ptr instead, or is this more likely to be a DNS > cache issue on the sending systems that will hopefully clear > itself out > over a few days? > > Mike > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , > and is > believed to be clean. - -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEUNOXS9AMNDUYgIcRAufkAKCL9ExreEyYzjAlPKtSDrWnhlXfnQCeMOtL G88NiER8nHRfm1AQnasttE4= =G1lS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060427/9d194692/attachment.html From rob at thehostmasters.com Thu Apr 27 15:27:51 2006 From: rob at thehostmasters.com (Rob Morin) Date: Thu Apr 27 15:28:30 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356BCA@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356BCA@magneto.wals.local> Message-ID: <4450D4E7.3060307@thehostmasters.com> Some quick things you should check for.... it is possible for a bad person to exploit that script and then install files on your server. These files would be in /var/tmp or /tmp These files would send out mass emails... the email lists would be updated by the user as one of those cripts uses wget to retreive new spam lists and run those.... A very popular spammer is a guy that send emails as or to "cartoes@ocarteiro.com.br" 1st thing to do is.... Is look for files with similar names as below in /tmp /var/tmp or whatever else you use as a tmp dir These files night also be in users home dir....... These files will spam people pretending to be PayPal, and also just plain old spamming for some website too... drwxr-xr-x 5 root root 4096 Mar 2 16:43 . drwxr-xr-x 43 root root 8192 Apr 10 09:10 .. -rw-r--r-- 1 root root 29798 Mar 2 15:44 PAYpalHacks -rw-r--r-- 1 root root 193643 Mar 1 11:00 Paypal-cgi-updates-HACK-SUPERCHUTEtar.gz -rw-r--r-- 1 root root 18978 Mar 1 11:01 mailer-Superchute-Hack.tar.gz drwxr-xr-x 6 www-data www-data 4096 Feb 27 15:19 redirect.paypal.com -rw-r--r-- 1 vu2177 vu2177 121197 Feb 27 14:14 redirect.paypal.zip -rw-r--r-- 1 vu2177 vu2177 16250 Mar 2 15:54 shell.php And try to find any files that do not belong in those temp dirs.... 2nd thing to do is simple , yet effective against any scripts that try to retrieve files from the outside... find the following files and do this.... chmod 700 each file Some of these files might not be where they are on my Debian system, by they should be there and chmoding them 700 will prevent anyone except root to use them. Its important that you do this.... /usr/bin/lynx.stable /usr/bin/netkit-ftp /usr/bin/telnet.netkit /usr/bin/ssh /usr/bin/wget Also go and get CHKrootKit at http://www.chkrootkit.org/ after installing it put it in a cronjob to run each hour..... make sure you rename the file to something like blabla or the hacker might find it and disable it if he gets on before its run... The above should keep you busy for a while.... Also please install modsecurity! Have a great day! Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Jody Cleveland wrote: >> You aren't using one of the versions of formmail.php are you? >> This had a bunch of holes in it at one time, and as I recall, the cgi >> version was recommended as a replacement (or vice-versa). >> >> If you are, there is supposed to be a PHP script that is >> better, although I haven't used it yet at >> >> http://www.leveltendesign.com/L10Apps/Fm/index.php >> > > Aha! I am using an older version of that script from 1999. not sure if > that's the culprit or not, but I'll definitely update that. > > Thanks for the tip! > > - jody > From maillists at conactive.com Thu Apr 27 15:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 27 15:29:23 2006 Subject: Stock image spam blocking In-Reply-To: <4450C14F.20809@jlewiscooper.com> References: <0588B0DA-82E3-4217-A19B-666F3DFFF500@uci.edu> <444E6BEE.7090904@evi-inc.com> <67649949ab7076239f54964d81083f92@ucsc.edu> <4450C14F.20809@jlewiscooper.com> Message-ID: Greg Borders wrote on Thu, 27 Apr 2006 09:04:15 -0400: > With the the -verbose > option, it gives back a lot of info on the image, including a > "signature" string that could be used to feed SA. But, what is that string? Looks like an md5 hash. So, you hit the same problem again. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 27 15:31:16 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 27 15:29:26 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: <223f97700604270555v5be22f01la8a9a6428ea6d363@mail.gmail.com> References: <223f97700604270555v5be22f01la8a9a6428ea6d363@mail.gmail.com> Message-ID: Glenn Steen wrote on Thu, 27 Apr 2006 14:55:56 +0200: > Really? The only thing differentiating them are the name. In which way? One could come up with a regexp matching the given examples, sure. But it won't fit for other cases. One could just use fggghklreb.gif as a web bug and there's no way to distinguish it from a "necessary" image. They're (for > all intents and purposes) web bugs, and should be squashed. spacer gifs are sure not web bugs. My stance on this is that *I* don't like HTML mail at all. However, if one wants to see it he should be able to do so without garbled layout. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Thu Apr 27 15:37:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 15:37:19 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: References: Message-ID: Okay, I've written this for you. There is a new configuration option "Allowed Web Bug Filenames" which is a space or comma-separated list of filenames or bits of filenames. If the filename in the web bug location (just the filename, not any directories or host names) matches the list of allowed web bug filenames, then it is ignored. A suitable setting might be Allowed Web Bug Filenames = spacer pixel.gif pixel.png On 27 Apr 2006, at 13:32, Kai Schaetzl wrote: > I noticed that I get lots of errors "File does not exist: > /squirrelmail-1.4.0/src/MailScannerWebBug" and some such when > people read > mail via webmail. The term "MailScannerWebBug" is obviously what gets > replaced for webbugs. I would like to have this configurable. Not sure > exactly, how. Maybe: > - remove the tag at all > - leave the source blank or with # > - replace with a URL > > Also, the detection seems to be a bit "dumb". It triggers on every > 0 or 1 > pixel gif, no matter if it's a webbug or not. F.i. it triggers on: > http://anon.doubleclick.edgesuite.net/anon.dleclick/cms/EMEA/Palm/ > 295666/N > ew/magic.gif > http://www.visualit.co.uk:81/OT000cGFsbUBhbmFlc3RoZXNpZS5uZXQA.GIF > http://ems6.net/r/?E=XTC-V1N-FQU8O-DD-GU8KF-2 > http://www.enews.nu/cp/0406-2/images/spacer.gif > http://www.paypal.com/images/pixel.gif > > The last two clearly are not web bugs, but spacer.gifs. So, if > someone is > reading these in html the layout may be garbled. A check might be > advisable here (not for 0 pixel images, of course). Not sure, what to > check, though. Maybe always leave alone things like "pixel" and > "spacer"? > (= have a positive list) The identification strings vary from > digits to > letters and if they are mostly letters I don't see a way to > distinguish > them from normal names. > > - > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cobalt-users1 at fishnet.co.uk Thu Apr 27 15:41:17 2006 From: cobalt-users1 at fishnet.co.uk (cobalt-users1@fishnet.co.uk) Date: Thu Apr 27 15:41:26 2006 Subject: Do some spammers ignore MX ptrs? In-Reply-To: Message-ID: <4450E61D.19912.4D2D30E0@cobalt-users1.fishnet.co.uk> On 27 Apr 2006 at 8:30, Michael Masse wrote: > I'm offloading just Mailscanner services from an overloaded email store > machine to a new machine and am doing so by pointing the MX record for > the domain to the new machine. The A ptr still points to the old > system so that none of the other services this machine provides get > interupted. All legitimate email and most spam is going to the new > system like it's supposed to and it then gets relayed to the old store > machine, but I'm noticing quite a bit of spam is still being sent > directly to the old system. Does some spam software ignore the MX > ptr and go to the A ptr instead, or is this more likely to be a DNS > cache issue on the sending systems that will hopefully clear itself out > over a few days? Hi, Its not just spammers but bad programmers as well. Several years ago I noticed that behaviour in some Windows email systems. It may have been fixed now. I never put an A record in for domain unless there is a very good reason. Ian -- ------------------------------------------------------------- Ian Gibbons Fish.Net Ltd Providing Internet Solutions http://www.fishnet.co.uk e-mail IanGibbons@fishnet.co.uk Tel +44 (0)1457 819600 Fax +44 (0)1457 819602 ------------------------------------------------------------- From glenn.steen at gmail.com Thu Apr 27 15:57:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 27 15:57:11 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: References: Message-ID: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> On 27/04/06, Julian Field wrote: > Okay, I've written this for you. There is a new configuration option > "Allowed Web Bug Filenames" which is a space or comma-separated list > of filenames or bits of filenames. If the filename in the web bug > location (just the filename, not any directories or host names) > matches the list of allowed web bug filenames, then it is ignored. > > A suitable setting might be > Allowed Web Bug Filenames = spacer pixel.gif pixel.png > Are you planning to make that the default, or will it be ? BTW, what config option number was that? Perhaps we should have a 300-option "celebration":-):-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Apr 27 16:11:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 16:11:21 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> References: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> Message-ID: <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> On 27 Apr 2006, at 15:57, Glenn Steen wrote: > On 27/04/06, Julian Field wrote: >> Okay, I've written this for you. There is a new configuration option >> "Allowed Web Bug Filenames" which is a space or comma-separated list >> of filenames or bits of filenames. If the filename in the web bug >> location (just the filename, not any directories or host names) >> matches the list of allowed web bug filenames, then it is ignored. >> >> A suitable setting might be >> Allowed Web Bug Filenames = spacer pixel.gif pixel.png >> I've changed it to "Ignored Web Bug Filenames" as that explains its purpose rather better. > Are you planning to make that the default, or will it be string>? The feature will be disabled by default. > BTW, what config option number was that? Perhaps we should have a > 300-option "celebration":-):-). It's option number 281, including the settings for the default % variables%. I'm nearly there, not long to go now :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Thu Apr 27 16:17:38 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 27 16:17:40 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> References: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> Message-ID: <223f97700604270817k54d6f364v6dd516557c01e275@mail.gmail.com> On 27/04/06, Julian Field wrote: > On 27 Apr 2006, at 15:57, Glenn Steen wrote: (snip) > > I've changed it to "Ignored Web Bug Filenames" as that explains its > purpose rather better. Excellent. > > Are you planning to make that the default, or will it be > string>? > > The feature will be disabled by default. Again, excellent. Thank you. > > > BTW, what config option number was that? Perhaps we should have a > > 300-option "celebration":-):-). > > It's option number 281, including the settings for the default % > variables%. > > I'm nearly there, not long to go now :-) :-) .... Must speed up development of that "network pipe" thing then.... Plan is to make it carry beverages:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brent.bolin at gmail.com Thu Apr 27 16:18:53 2006 From: brent.bolin at gmail.com (BB) Date: Thu Apr 27 16:18:56 2006 Subject: Do some spammers ignore MX ptrs? In-Reply-To: <4450E61D.19912.4D2D30E0@cobalt-users1.fishnet.co.uk> References: <4450E61D.19912.4D2D30E0@cobalt-users1.fishnet.co.uk> Message-ID: <787dcac20604270818t728303b0kc9386c0b7fc0ec3f@mail.gmail.com> 1. Its hosted by the ISP and doesn't cost anything 2. Its a great filter rule On 4/27/06, cobalt-users1@fishnet.co.uk wrote: > > On 27 Apr 2006 at 8:30, Michael Masse wrote: > > > I'm offloading just Mailscanner services from an overloaded email store > > machine to a new machine and am doing so by pointing the MX record for > > the domain to the new machine. The A ptr still points to the old > > system so that none of the other services this machine provides get > > interupted. All legitimate email and most spam is going to the new > > system like it's supposed to and it then gets relayed to the old store > > machine, but I'm noticing quite a bit of spam is still being sent > > directly to the old system. Does some spam software ignore the MX > > ptr and go to the A ptr instead, or is this more likely to be a DNS > > cache issue on the sending systems that will hopefully clear itself out > > over a few days? > > Hi, > > Its not just spammers but bad programmers as well. Several years ago I > noticed that behaviour > in some Windows email systems. It may have been fixed now. > > I never put an A record in for domain unless there is a very good reason. > > Ian > -- > ------------------------------------------------------------- > Ian Gibbons > Fish.Net Ltd Providing Internet Solutions > http://www.fishnet.co.uk e-mail IanGibbons@fishnet.co.uk > Tel +44 (0)1457 819600 Fax +44 (0)1457 819602 > ------------------------------------------------------------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060427/f0f8d11e/attachment.html From steve.swaney at fsl.com Thu Apr 27 17:06:04 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Apr 27 17:06:22 2006 Subject: Off topic - Spam Increase Message-ID: <063901c66a14$808444c0$2901010a@office.fsl> I just received this post from a very reputable source. I thought it worth posting to the list in case you need some statistics to help buy the book: On Wed, Apr 26, 2006 at, Someone wrote: > Around 2000 we turned off (de-MXed) two domains that were receiving > 140,000 spams per day. > > Around Feb of 2003, I got curious, and turned them on again. > > 600,000 spams per day. > > A month later, 1,000,000. > > Now it's hovering around 6-8 million. My calculations indicate that's a 4,286% to 5,714% increase in 6 years! Good this we have MailScanner, SpamAssassin and all the extras :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From marlo at raidbr.com.br Thu Apr 27 17:10:52 2006 From: marlo at raidbr.com.br (marlo - raidbr) Date: Thu Apr 27 17:10:41 2006 Subject: EMAIL SERVER QMAIL PROBLEM Message-ID: <1146154252.6513.6.camel@localhost.localdomain> Good Afternoon When the server sends an email to another server and returns this error message: "Disallowed breakage found in to header name - potential virus". Someone know what is this problem? ----------------------------------------------------------------------- Boa Tarde Quando o servidor envia um email para o outro servidor retorna uma mensagem de erro " Disallowed breakage found in header name - potential virus ". Alguem saberia qual o problema ? Marlo From jaearick at colby.edu Thu Apr 27 17:21:19 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Apr 27 17:30:17 2006 Subject: Do some spammers ignore MX ptrs? In-Reply-To: References: Message-ID: Hi, If your A and MX records don't match for your domain, then AOL will rate-limit your email to them. I recently went thru this experience when I moved my mail service and goofed on DNS. It was painful. Jeff Earickson Colby College On Thu, 27 Apr 2006, Michael Masse wrote: > Date: Thu, 27 Apr 2006 08:30:07 -0500 > From: Michael Masse > Reply-To: MailScanner discussion > To: " > Subject: Do some spammers ignore MX ptrs? > > I'm offloading just Mailscanner services from an overloaded email store > machine to a new machine and am doing so by pointing the MX record for > the domain to the new machine. The A ptr still points to the old > system so that none of the other services this machine provides get > interupted. All legitimate email and most spam is going to the new > system like it's supposed to and it then gets relayed to the old store > machine, but I'm noticing quite a bit of spam is still being sent > directly to the old system. Does some spam software ignore the MX > ptr and go to the A ptr instead, or is this more likely to be a DNS > cache issue on the sending systems that will hopefully clear itself out > over a few days? > > Mike > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rpoe at plattesheriff.org Thu Apr 27 17:30:23 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Thu Apr 27 17:30:52 2006 Subject: Off topic - Spam Increase In-Reply-To: <063901c66a14$808444c0$2901010a@office.fsl> References: <063901c66a14$808444c0$2901010a@office.fsl> Message-ID: <4450AB4E.65ED.00A2.0@plattesheriff.org> I have a client with a very old (years old) domain (whois lists Record created on 03-Jul-1997) That domain receives over 2500 spams per day through a secondary MX (that runs several blacklists .. the spams the secondary receives are what make it through the rather restrive RBLs. Thanks to SA and MailScanner, only 6 got through to the primary MX in the last 4 days. That domain also receives 2800 spams per day through a primary MX (not counting the 6 over the 4 day sample period from the secondary MX). They only leave that domain open for older customers of theirs who still (after 4 years) send email to that domain. Most of the spam received by that domain are randomly flung harvesting spams, or dictionary attack spams. The primary MX has much less restrictive RBLs, as they have a very large worldwide company as a client of theirs, and if emails bounced from the big big company to theirs, well .. that would be bad. :) Here's today's totals per MailWatch Processed: 1,090 32.8Mb Clean: 796 73.0% Viruses: 0 0.0% Top Virus: None Blocked files: 0 0.0% Others: 0 0.0% Spam: 39 3.6% High Scoring Spam: 255 23.4% MCP: 0 0.0% High Scoring MCP: 0 0.0% They have almost 0 false positives, and almost no spam that IS spam gets through .. On Wed, Apr 26, 2006 at, Someone wrote: > Around 2000 we turned off (de-MXed) two domains that were receiving > 140,000 spams per day. > > Around Feb of 2003, I got curious, and turned them on again. > > 600,000 spams per day. > > A month later, 1,000,000. > > Now it's hovering around 6-8 million. My calculations indicate that's a 4,286% to 5,714% increase in 6 years! Good this we have MailScanner, SpamAssassin and all the extras :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Thu Apr 27 17:43:09 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 27 17:43:19 2006 Subject: Off topic - Spam Increase In-Reply-To: <063901c66a14$808444c0$2901010a@office.fsl> Message-ID: <016101c66a19$aa9361b0$3004010a@martinhlaptop> Steve More info from a good source - me ;-) I started here in Sep 2000 - average number of emails per month (say 30 days) was 7,000 (including spam). In and out... Now we're getting ~16,000 messages per day! Only 7-800 (hundred yes) actual non spam emails (in and outbound in both totals). So a 60x increase in about the same period as your source nearly all of it is spam! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: 27 April 2006 17:06 > To: 'MailScanner discussion' > Subject: Off topic - Spam Increase > > I just received this post from a very reputable source. I thought it worth > posting to the list in case you need some statistics to help buy the book: > > On Wed, Apr 26, 2006 at, Someone wrote: > > > Around 2000 we turned off (de-MXed) two domains that were receiving > > 140,000 spams per day. > > > > Around Feb of 2003, I got curious, and turned them on again. > > > > 600,000 spams per day. > > > > A month later, 1,000,000. > > > > Now it's hovering around 6-8 million. > > My calculations indicate that's a 4,286% to 5,714% increase in 6 years! > Good > this we have MailScanner, SpamAssassin and all the extras :) > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Apr 27 17:54:28 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Apr 27 17:54:46 2006 Subject: Off topic - Spam Increase In-Reply-To: <016101c66a19$aa9361b0$3004010a@martinhlaptop> Message-ID: <016201c66a1b$411452b0$3004010a@martinhlaptop> I hate replying to myself but I just did more maths.... 6.25% of my email traffic is 'nonspam'...(also viruses etc in that) Now of we got rid off all this traffic I wonder how much money the telco's would save in not moving crud about???? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > Sent: 27 April 2006 17:43 > To: 'MailScanner discussion' > Subject: RE: Off topic - Spam Increase > > Steve > > More info from a good source - me ;-) > > I started here in Sep 2000 - average number of emails per month (say 30 > days) was 7,000 (including spam). In and out... > > Now we're getting ~16,000 messages per day! Only 7-800 (hundred yes) > actual > non spam emails (in and outbound in both totals). > > So a 60x increase in about the same period as your source nearly all of it > is spam! > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > > Sent: 27 April 2006 17:06 > > To: 'MailScanner discussion' > > Subject: Off topic - Spam Increase > > > > I just received this post from a very reputable source. I thought it > worth > > posting to the list in case you need some statistics to help buy the > book: > > > > On Wed, Apr 26, 2006 at, Someone wrote: > > > > > Around 2000 we turned off (de-MXed) two domains that were receiving > > > 140,000 spams per day. > > > > > > Around Feb of 2003, I got curious, and turned them on again. > > > > > > 600,000 spams per day. > > > > > > A month later, 1,000,000. > > > > > > Now it's hovering around 6-8 million. > > > > My calculations indicate that's a 4,286% to 5,714% increase in 6 years! > > Good > > this we have MailScanner, SpamAssassin and all the extras :) > > > > Steve > > > > Stephen Swaney > > Fort Systems Ltd. > > stephen.swaney@fsl.com > > www.fsl.com > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Apr 27 18:22:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 18:23:03 2006 Subject: 4.53.5 beta release Message-ID: <4450FDE9.6060307@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just put out a new beta containing all the new features I have written over the past couple of days. There are quite a few new things: - - List of ignored filenames in Web Bug trap. - - Optional multiplier (k, m or g) for numeric values in MailScanner.conf. - - Numeric IP addresses in phishing.safe.sites.conf list. - - Support for Exim 4.61 and above. - - Support for sa-update and a cron job to call it every night. - - Checks for available disk space. More info in the Change Log. If some of you could try it before I do the stable release on the 1st May, that would be greatly appreciated. Appears to work okay for me. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFD96xH2WUcUFbZUEQK2RQCgymn5x9u7/NvViIZ8yQkomUWfS5gAoMaa 8at/jdNzcoSN1Bxcg4WY4bjN =xQ5C -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From maillists at conactive.com Thu Apr 27 18:31:28 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 27 18:29:36 2006 Subject: Less strict phishing net? In-Reply-To: <444FB896.5080809@ecs.soton.ac.uk> References: <8256CF73-55E8-4AFF-9581-57379C808F71@ecs.soton.ac.uk> <444FB896.5080809@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 26 Apr 2006 19:14:46 +0100: > not sure where > "string" came from... stringent ? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 27 18:31:28 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 27 18:29:40 2006 Subject: Off topic - Spam Increase In-Reply-To: <063901c66a14$808444c0$2901010a@office.fsl> References: <063901c66a14$808444c0$2901010a@office.fsl> Message-ID: Stephen Swaney wrote on Thu, 27 Apr 2006 12:06:04 -0400: > > Around 2000 we turned off (de-MXed) two domains that were receiving > > 140,000 spams per day. I had to do the same with a joe-job domain of a client around the same time. It was getting like ten-thousand bounces per hour. I not only de-mxed it, but also removed the "pure" domain from dns, so only www.domain still existed. If there is no MX you will still get the mail. It's unbelievable that they are still getting "bespammed" after years, although a good portion of mail servers will not take them at all because the sender domain is non-existant. We also moved it to the root dns servers which is possible with .de domains, so that our nameservers got relieved. By coincidence I just changed that today to make the domain available for mail again but point to 127.0.0.1. I hope that finally dries it out. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Apr 27 18:31:28 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 27 18:29:42 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> References: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Thu, 27 Apr 2006 16:11:02 +0100: > >> A suitable setting might be > >> Allowed Web Bug Filenames = spacer pixel.gif pixel.png > >> Thanks, Julian, I'll try with the next beta or normal release. > I've changed it to "Ignored Web Bug Filenames" as that explains its > purpose rather better. I do not mind what it is named. But I just compared to to fiel names/types and there we have: Allow Filenames = although the purpose of the rule is a bit different, so your new naming may fit better to understand it. > > > Are you planning to make that the default, or will it be > string>? > > The feature will be disabled by default. Of course, that's reasonable. May I repoint you to the main reason of my enquiry, though? I think it's worthwhile to get rid of those 404's each time a webmail user reads such a mail. For the time being I just touched a file there, don't know what the browser will make out of this. But it would be better to be able to either supply no URL or remove the tag or supply a URL of your own choice somewhere where that one pixel graphic can be fetched by the browser. If I can configure this in MailScanner that's much more convenient than adding some file to each webmail package. Browsers may also deny rendering "MailScannerWebBug" as an image since there's no appropriate MIME header coming with it. So something like this: Allow WebBugs = yes|disarm|remove (with remove = remove the whole tag) Disarm WebBugs String = "MailScannerWebBug" (default) with possible choices like Disarm WebBugs String = "" (empty) Disarm WebBugs String = "mypixel.gif" (relative path) Disarm WebBugs String = "http://somewhere.somplace.com/mypixel.gif" (absolute path) I'm not sure how "remove" would fit in the "Allow...Tags Convert Danger... " table (around line 792), so this may be too complex or confusing. (Although, the conversion obviously applies to tags that can be "converted" to text, so, it wouldn't apply to images, anyway?) But the Disarm WebBugs String should be easy to add, shouldn't it? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Cleveland at winnefox.org Thu Apr 27 19:19:59 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Thu Apr 27 19:18:30 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356D26@magneto.wals.local> Hello, Thanks for all the great advice! I finished everything up to installing modsecurity. I went into webmin to add chkrootkit to cron, and noticed this: apache Yes /tmp/ctemp/.dat/.kin/up2you >/dev/null 2>&1 I'm guessing that's the culprit? - jody > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Morin > Sent: Thursday, April 27, 2006 9:28 AM > To: MailScanner discussion > Subject: Re: Is someone spamming through me? > > Some quick things you should check for.... it is possible for a bad > person to exploit that script and then install files on your server. > These files would be in /var/tmp or /tmp > > These files would send out mass emails... the email lists would be > updated by the user as one of those cripts uses wget to retreive new > spam lists and run those.... > A very popular spammer is a guy that send emails as or to > "cartoes@ocarteiro.com.br" > > 1st thing to do is.... > > Is look for files with similar names as below in /tmp /var/tmp or > whatever else you use as a tmp dir > > These files night also be in users home dir....... > These files will spam people pretending to be PayPal, and also just > plain old spamming for some website too... > > drwxr-xr-x 5 root root 4096 Mar 2 16:43 . > drwxr-xr-x 43 root root 8192 Apr 10 09:10 .. > -rw-r--r-- 1 root root 29798 Mar 2 15:44 PAYpalHacks > -rw-r--r-- 1 root root 193643 Mar 1 11:00 > Paypal-cgi-updates-HACK-SUPERCHUTEtar.gz > -rw-r--r-- 1 root root 18978 Mar 1 11:01 > mailer-Superchute-Hack.tar.gz > drwxr-xr-x 6 www-data www-data 4096 Feb 27 15:19 > redirect.paypal.com > -rw-r--r-- 1 vu2177 vu2177 121197 Feb 27 14:14 > redirect.paypal.zip > -rw-r--r-- 1 vu2177 vu2177 16250 Mar 2 15:54 shell.php > > And try to find any files that do not belong in those temp dirs.... > > 2nd thing to do is simple , yet effective against any scripts > that try > to retrieve files from the outside... > > find the following files and do this.... > chmod 700 each file > > Some of these files might not be where they are on my Debian > system, by > they should be there and chmoding them 700 will prevent anyone except > root to use them. Its important that you do this.... > > /usr/bin/lynx.stable > > /usr/bin/netkit-ftp > > /usr/bin/telnet.netkit > > /usr/bin/ssh > > /usr/bin/wget > > Also go and get CHKrootKit at http://www.chkrootkit.org/ > > after installing it put it in a cronjob to run each hour..... > make sure > you rename the file to something like blabla or the hacker > might find it > and disable it if he gets on before its run... > > The above should keep you busy for a while.... > > Also please install modsecurity! > > Have a great day! > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 From rob at thehostmasters.com Thu Apr 27 19:34:44 2006 From: rob at thehostmasters.com (Rob Morin) Date: Thu Apr 27 19:34:50 2006 Subject: Is someone spamming through me? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94356D26@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94356D26@magneto.wals.local> Message-ID: <44510EC4.2080307@thehostmasters.com> There ya go... lots of bad scripts name their files and folders with "." in them, thats probably the guy... whats in the file? Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Jody Cleveland wrote: > Hello, > > Thanks for all the great advice! I finished everything up to installing > modsecurity. I went into webmin to add chkrootkit to cron, and noticed > this: > > apache Yes /tmp/ctemp/.dat/.kin/up2you >/dev/null 2>&1 > > I'm guessing that's the culprit? > > - jody > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Rob Morin >> Sent: Thursday, April 27, 2006 9:28 AM >> To: MailScanner discussion >> Subject: Re: Is someone spamming through me? >> >> Some quick things you should check for.... it is possible for a bad >> person to exploit that script and then install files on your server. >> These files would be in /var/tmp or /tmp >> >> These files would send out mass emails... the email lists would be >> updated by the user as one of those cripts uses wget to retreive new >> spam lists and run those.... >> A very popular spammer is a guy that send emails as or to >> "cartoes@ocarteiro.com.br" >> >> 1st thing to do is.... >> >> Is look for files with similar names as below in /tmp /var/tmp or >> whatever else you use as a tmp dir >> >> These files night also be in users home dir....... >> These files will spam people pretending to be PayPal, and also just >> plain old spamming for some website too... >> >> drwxr-xr-x 5 root root 4096 Mar 2 16:43 . >> drwxr-xr-x 43 root root 8192 Apr 10 09:10 .. >> -rw-r--r-- 1 root root 29798 Mar 2 15:44 PAYpalHacks >> -rw-r--r-- 1 root root 193643 Mar 1 11:00 >> Paypal-cgi-updates-HACK-SUPERCHUTEtar.gz >> -rw-r--r-- 1 root root 18978 Mar 1 11:01 >> mailer-Superchute-Hack.tar.gz >> drwxr-xr-x 6 www-data www-data 4096 Feb 27 15:19 >> redirect.paypal.com >> -rw-r--r-- 1 vu2177 vu2177 121197 Feb 27 14:14 >> redirect.paypal.zip >> -rw-r--r-- 1 vu2177 vu2177 16250 Mar 2 15:54 shell.php >> >> And try to find any files that do not belong in those temp dirs.... >> >> 2nd thing to do is simple , yet effective against any scripts >> that try >> to retrieve files from the outside... >> >> find the following files and do this.... >> chmod 700 each file >> >> Some of these files might not be where they are on my Debian >> system, by >> they should be there and chmoding them 700 will prevent anyone except >> root to use them. Its important that you do this.... >> >> /usr/bin/lynx.stable >> >> /usr/bin/netkit-ftp >> >> /usr/bin/telnet.netkit >> >> /usr/bin/ssh >> >> /usr/bin/wget >> >> Also go and get CHKrootKit at http://www.chkrootkit.org/ >> >> after installing it put it in a cronjob to run each hour..... >> make sure >> you rename the file to something like blabla or the hacker >> might find it >> and disable it if he gets on before its run... >> >> The above should keep you busy for a while.... >> >> Also please install modsecurity! >> >> Have a great day! >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> From Cleveland at winnefox.org Thu Apr 27 19:52:20 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Thu Apr 27 19:51:30 2006 Subject: Is someone spamming through me? Message-ID: <9720CA43F755A148BF65B6618B90CB94356D3A@magneto.wals.local> > There ya go... lots of bad scripts name their files and > folders with "." > in them, thats probably the guy... whats in the file? I did a search for 'up2you' and came up with 0 results. So, I'm not sure what happened with it. - jody From kte at nexis.be Thu Apr 27 20:00:35 2006 From: kte at nexis.be (kte@nexis.be) Date: Thu Apr 27 20:00:38 2006 Subject: Good Spam blocking RBL's + greet_pause Message-ID: What are the most spam + another crap mail blocking RBL's from the moment? And what is a goog timeout for the greet_pause in sendmail I have now 5000 ? Thanks Koen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060427/ae891b0d/attachment.html From rob at thehostmasters.com Thu Apr 27 20:12:07 2006 From: rob at thehostmasters.com (Rob Morin) Date: Thu Apr 27 20:12:13 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E6B07.8040905@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E60D2.3090107@thehostmasters.com> <444E6B07.8040905@thehostmasters.com> Message-ID: <44511787.1060502@thehostmasters.com> OK so i have been testing the new machine for the last few days now.... i am seeing spam come through that i do not on the old machine(thats still up and running) I have the same rules as on the old machine and subscribe to SBL+XBL but yet i see spam come through that does not on the older machine.... am i forgetting anything...??? i am seeing emails like this coming through.... Non of these emails get through the older server :( -------------------------------------- http://nsunshinof.com:1000000:http://hsignedyy.com http://nsunshinof.com:1000000:http://pprotocolid.com http://nsunshinof.com:1000000:http://nsunshinof.com http://nsunshinof.com:1000000:http://omazda1mm.com http://nsunshinof.com:1000000:http://ptardisr4.com --------------------------------------- Don't get ripped off by American drug companies any more! Buy in Canada and save! Same drugs, half the price! http://khgiuf.stoutrib.biz/?35318824 ------------------------------------------------------- Dea v r Home O f wne c r , Your cr o edi i t doesn't matter to us ! If you O h WN real e c st d at k e and want IM f ME f DIAT g E c u ash to s y pen h d ANY way you like, or simply wish to L o OWER your monthly p d ayment r s by a third or more, here are the deal i s we have T d ODA p Y : $ 48 k 8 , 000 at a 3 , t 67% f c ixed - rat r e $ 3 x 72 , 000 at a 3 , i 90% v i aria f ble - ra i te $ 49 q 2 , 000 at a 3 , n 21% in t tere c st - only $ 2 k 48 , 000 at a 3 , 3 b 6% f d ixed - rat h e $ 19 k 8 , 000 at a 3 , e 55% v t ariable - ra h te H j urry, when these de d aIs are gone, they are gone ! Don't worry about a a ppro f val, your c h redi n t will not d k isqua c lify you ! ______________________________________________________ Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Rob Morin wrote: > Actually also one more question.... bayse, should i use it? if so i > know there is some cleaning that has to be done.... any > pointers/suggestions? > > Thanks... > > Rob Morin > Dido InterNet Inc. > Montreal, Canada > Http://www.dido.ca > 514-990-4444 > > > > Rob Morin wrote: >> >> Thanks for clearing that up Julian, i feel more comfortable now.... >> >> And keep up the good work.... once i get all this working, i assure >> you i shall be getting "The BOOK" >> >> Thanks once again... >> >> :) >> >> Rob Morin >> Dido InterNet Inc. >> Montreal, Canada >> Http://www.dido.ca >> 514-990-4444 >> >> >> >> Julian Field wrote: >>> My recommended route that the "other" distribution takes is to >>> install it into /opt/MailScanner-/ >>> So you get the new version set up (there is a >>> "upgrade_MailScanner_conf" and also a "upgrade_languages_conf" tools >>> that do all the hard work for you), you can just switch over by >>> moving a softlink /opt/MailScanner from the old version to the new >>> version. >>> >>> So say you have >>> /opt/MailScanner-4.52.2/ >>> and >>> ln -s MailScanner-4.52.2 /opt/MailScanner >>> >>> then you install the new version into /opt/MailScanner-4.54.1/ >>> and then >>> rm -f /opt/MailScanner >>> ln -s MailScanner-4.54.1 /opt/MailScanner >>> >>> Then just stop and start MailScanner and it will start up the new >>> one. Keep your old ones installed until you decide to do any >>> housekeeping, there's no harm in leaving the old versions installed. >>> >>> To install it, unpack the tar.gz file and cd into it and ./install.sh. >>> >>> On 25 Apr 2006, at 15:08, Rob Morin wrote: >>> >>>> So for updates to this package , i simply re-install over or is >>>> there another way? say the next update/ version comes out of MS >>>> 4.54 say, so i download the same install package? >>>> >>>> Martin Hepworth wrote: >>>>> Rob >>>>> >>>>> Look for the solaris/BSD/other unix one.. >>>>> >>>>> Latest stable is at.. >>>>> >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/MailScanner-install-4 >>>>> >>>>> .52.2-1.tar.gz >>>>> >>>>> >>>>> >>>>> -- >>>>> Martin Hepworth Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner- >>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>> Sent: 25 April 2006 14:55 >>>>>> To: MailScanner discussion >>>>>> Subject: Re: Changin MX machine to it's own, recommendations >>>>>> please... >>>>>> >>>>>> Ok so i have the new virgin machine up and running, now i want to >>>>>> install Mailscanner.... but on the downloads section i only find >>>>>> debian >>>>>> packages and other packages for other OSs, but no tarball or >>>>>> source? Am >>>>>> i missing something??? >>>>>> >>>>>> I see the tarball to install SA & Clam(i figure i would do that by >>>>>> apt-get) but i wanted to make sure i can keep up with changes of MS >>>>>> itself... if i do Debian package, i will have to wait a month or >>>>>> so or >>>>>> longer between updates, right? Not apt-get but downloading the >>>>>> actual >>>>>> package... >>>>>> >>>>>> What happend to the source install? >>>>>> What should i do? >>>>>> >>>>>> Thanks in advance! >>>>>> >>>>>> :) >>>>>> >>>>>> Have a great day! >>>>>> >>>>>> Rob Morin >>>>>> Dido InterNet Inc. >>>>>> Montreal, Canada >>>>>> Http://www.dido.ca >>>>>> 514-990-4444 >>>>>> >>>>>> >>>>>> >>>>>> Martin Hepworth wrote: >>>>>> >>>>>>> Rob >>>>>>> >>>>>>> As for the apt or source - depends on how often you want to >>>>>>> >>>>>> update....the >>>>>> >>>>>>> apt's can be a little behind a the monthly source updates..if >>>>>>> you're >>>>>>> >>>>>> happy >>>>>> >>>>>>> with apt for everything - esp moving to unstable then it's prob >>>>>>> to stick >>>>>>> with that. >>>>>>> >>>>>>> For the machine itself - make sure you've got at least 1GB per >>>>>>> CPU (that >>>>>>> includes HT as two CPUs etc). >>>>>>> >>>>>>> -- >>>>>>> Martin Hepworth >>>>>>> Snr Systems Administrator >>>>>>> Solid State Logic >>>>>>> Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>>> [mailto:mailscanner- >>>>>>>> bounces@lists.mailscanner.info] On Behalf Of Rob Morin >>>>>>>> Sent: 18 April 2006 20:51 >>>>>>>> To: MailScanner discussion >>>>>>>> Subject: Changin MX machine to it's own, recommendations please... >>>>>>>> >>>>>>>> Hello.... >>>>>>>> >>>>>>>> I will be creating an MX(mailscanner Machine) all on its own >>>>>>>> to crunch >>>>>>>> away all those bad little emails... as the current MS is taking >>>>>>>> too >>>>>>>> >>>>>> much >>>>>> >>>>>>>> resources on my other machine.... >>>>>>>> >>>>>>>> So the question is, aside form OS which will be Debian and the >>>>>>>> hardware.... >>>>>>>> >>>>>>>> What setup should i do with respect to install MS and associated >>>>>>>> >>>>>> apps... >>>>>> >>>>>>>> Apt-get or source/compile/install... >>>>>>>> >>>>>>>> any other important things is should check out or know? >>>>>>>> >>>>>>>> Thanks too all.. >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Rob Morin >>>>>>>> Dido InterNet Inc. >>>>>>>> Montreal, Canada >>>>>>>> Http://www.dido.ca >>>>>>>> 514-990-4444 >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> This email and any files transmitted with it are confidential and >>>>>>> intended solely for the use of the individual or entity to whom >>>>>>> they >>>>>>> are addressed. If you have received this email in error please >>>>>>> notify >>>>>>> the system manager. >>>>>>> >>>>>>> This footnote confirms that this email message has been swept >>>>>>> for the presence of computer viruses and is believed to be clean. >>>>>>> >>>>>>> ********************************************************************** >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>>> ********************************************************************** >>>>> >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom they >>>>> are addressed. If you have received this email in error please notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> ********************************************************************** >>>>> >>>>> >>>>> >>>> >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > From ssilva at sgvwater.com Thu Apr 27 20:29:09 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 27 20:29:40 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <444E601E.8080106@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E601E.8080106@thehostmasters.com> Message-ID: Rob Morin spake the following on 4/25/2006 10:45 AM: > ok so this is where i am at, so far... > > installed postfix via apt-get V 2.1.5-9 > install SA & Clamav via apt-get V3.0.3 & 0.84 respectively... > > installed MS via install.sh > > postfix complained about owners of queue dirs so i turned of chroot ?? > > modified postfix main.cf as instructed in docs to make it work with MS > > added a test domain to postfixe's transport and relay_domains, not sure > if this is correct as i need an email to come in get scanned and spit it > out to the pop machine for the users.... But it seems to work.... > > started MS with /opt/Mailscanner/bin/check_mailscanner > > Sent a test email and when i received it a final destination all seemed > ok, i saw the headers in the email saying it was scanned by that new > machine.... > > > I could not figure out how to stop MS as no init.d script is used > because i installed form source, so to speak... so i made a simply > script to kill the MS PID and then restart via check_mailscanner > > > is there anything else i am missing other than configuring rules du jour > now to get my stuff for SA? > > Any comments greatly appreciated.... > > Thanks to all and have a great day(or evening depending on where you are) > > :) > You wanted to install MailScanner from source to be current sooner, but you installed old versions of ClamAV and Spamassassin by apt-get. I would think you would want all of it current, especially since spamassassin is now at 3.1.1 and clamav is at 0.86.1. Maybe you should use the install-clam-SA tarball also. Just my 2 cents ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Apr 27 20:34:36 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 27 20:35:25 2006 Subject: MailScanner 4.52.2 destroys exim 4.61 spool files In-Reply-To: <00e801c66843$0c9c5f70$3004010a@martinhlaptop> References: <00e601c66842$7c712d40$3004010a@martinhlaptop> <00e801c66843$0c9c5f70$3004010a@martinhlaptop> Message-ID: Martin Hepworth spake the following on 4/25/2006 1:34 AM: > Bother > > NOT broken anything.... Don't you hate it when you can't get your brain to talk to your fingers fast enough? ;-) > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth >> Sent: 25 April 2006 09:30 >> To: 'MailScanner discussion' >> Subject: RE: MailScanner 4.52.2 destroys exim 4.61 spool files >> >> Jules >> >> This works ok on exim < 4.61, as I haven't upgraded to 4.61 yet I can't >> say >> if that bit works, but as far as I can see you've broken anything.. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Julian Field >>> Sent: 24 April 2006 16:52 >>> To: MailScanner discussion >>> Subject: Re: MailScanner 4.52.2 destroys exim 4.61 spool files >>> >>> On 24 Apr 2006, at 11:29, Martin Hepworth wrote: >>>> A reminder about the ACL changes in exim 4.61 - obviously most >>>> people are >>>> still running versions before this so the code needs to work for >>>> 4.61 and >>>> versions previous. >>> Please try the attached patch for /usr/lib/MailScanner/MailScanner/ >>> Exim.pm. >>> Let me know how you get on. It should work with old and new versions >>> of Exim. >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >> >> >> ********************************************************************** >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> the system manager. >> >> This footnote confirms that this email message has been swept >> for the presence of computer viruses and is believed to be clean. >> >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Apr 27 20:37:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 20:37:31 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: References: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> Message-ID: <44511D6F.3060707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kai Schaetzl wrote: > Julian Field wrote on Thu, 27 Apr 2006 16:11:02 +0100: > > >>>> A suitable setting might be >>>> Allowed Web Bug Filenames = spacer pixel.gif pixel.png >>>> >>>> > > Thanks, Julian, I'll try with the next beta or normal release. > > >> I've changed it to "Ignored Web Bug Filenames" as that explains its >> purpose rather better. >> > > I do not mind what it is named. But I just compared to to fiel names/types > and there we have: > Allow Filenames = > > although the purpose of the rule is a bit different, so your new naming > may fit better to understand it. > > >> >> >>> Are you planning to make that the default, or will it be >> string>? >>> >> >> The feature will be disabled by default. >> > > Of course, that's reasonable. > > May I repoint you to the main reason of my enquiry, though? I think it's > worthwhile to get rid of those 404's each time a webmail user reads such a > mail. For the time being I just touched a file there, don't know what the > browser will make out of this. But it would be better to be able to either > supply no URL or remove the tag or supply a URL of your own choice > somewhere where that one pixel graphic can be fetched by the browser. If I > can configure this in MailScanner that's much more convenient than adding > some file to each webmail package. Browsers may also deny rendering > "MailScannerWebBug" as an image since there's no appropriate MIME header > coming with it. So something like this: > > Allow WebBugs = yes|disarm|remove (with remove = remove the whole tag) > Disarm WebBugs String = "MailScannerWebBug" (default) > > with possible choices like > Disarm WebBugs String = "" (empty) > Disarm WebBugs String = "mypixel.gif" (relative path) > Disarm WebBugs String = "http://somewhere.somplace.com/mypixel.gif" > (absolute path) > > I'm not sure how "remove" would fit in the "Allow...Tags Convert > Danger... " table (around line 792), so this may be too complex or > confusing. (Although, the conversion obviously applies to tags that can be > "converted" to text, so, it wouldn't apply to images, anyway?) > But the Disarm WebBugs String should be easy to add, shouldn't it? > Yes, it is, and it's done. I didn't appreciate that was your main reason for posting. I have created a 51-byte file on the MailScanner web site which is a harmless 1x1 pixel transparent GIF, which will serve as an ideal web bug replacement. The default value if nothing is specified at all is the old string "MailScannerWebBug", and the value in the default MailScanner.conf file is the URL of my transparent GIF. The 282nd option is called "Web Bug Replacement" and is the URL of the image used to replace web bugs. I promise I won't track uses of the transparent GIF image except to count the total number of hits to indicate how widely web bugs are used in total. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFEdcBH2WUcUFbZUEQL2WgCdFPKlyo95tJBZmNQg4mnfNenguIEAoLZR iJLoFrBDqH2cuObpJtscciMA =2oMC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ssilva at sgvwater.com Thu Apr 27 20:42:44 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 27 20:43:49 2006 Subject: Recursive archive attachment expansion and filetype/name checks In-Reply-To: <444E6D88.1080605@ecs.soton.ac.uk> References: <4fac50550604250352gbb50c3dscc2a9f77695155f3@mail.gmail.com> <444E6D88.1080605@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 4/25/2006 11:42 AM: > I have just released 4.53.4 which includes support for .Z and .gz files. > These are generated by compress and gzip respectively. You did that in about 8 hours! And with a regular day job! I am so impressed with your skill and dedication. I think I would have taken more than 8 hours to even plan the attack. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Apr 27 20:45:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 20:45:15 2006 Subject: Good Spam blocking RBL's + greet_pause In-Reply-To: References: Message-ID: <44511F43.1080901@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 kte@nexis.be wrote: > What are the most spam + another crap mail blocking RBL's from the > moment? I use ORDB-RBL and SBL+XBL myself. Very low false positive rate and pretty effective. However, many (most) people recommend you use the default set provided in SpamAssassin instead, and use the scoring system provided there to reduce the false positive rate while using many RBLs. > And what is a goog timeout for the greet_pause in sendmail I have now > 5000 ? I found 6000 caused problems with NTMail, so am now using 3000 or 4000. But you're in the right range, I would leave it alone unless you are getting complaints from anyone. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFEfRBH2WUcUFbZUEQIXnwCgudcjrN299dkWuaq0Rta0BiDgiYsAoPxN 7I9qubOe5Lht66Vh5bD4NFkP =NBpR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rob at thehostmasters.com Thu Apr 27 20:51:21 2006 From: rob at thehostmasters.com (Rob Morin) Date: Thu Apr 27 20:51:27 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E601E.8080106@thehostmasters.com> Message-ID: <445120B9.4010508@thehostmasters.com> If i remove the apt-get packages of SA & Clamav and then use the install from MS, how to i update, just re install again? will it over write my conf files and settings? Thanks. Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Scott Silva wrote: > Rob Morin spake the following on 4/25/2006 10:45 AM: > >> ok so this is where i am at, so far... >> >> installed postfix via apt-get V 2.1.5-9 >> install SA & Clamav via apt-get V3.0.3 & 0.84 respectively... >> >> installed MS via install.sh >> >> postfix complained about owners of queue dirs so i turned of chroot ?? >> >> modified postfix main.cf as instructed in docs to make it work with MS >> >> added a test domain to postfixe's transport and relay_domains, not sure >> if this is correct as i need an email to come in get scanned and spit it >> out to the pop machine for the users.... But it seems to work.... >> >> started MS with /opt/Mailscanner/bin/check_mailscanner >> >> Sent a test email and when i received it a final destination all seemed >> ok, i saw the headers in the email saying it was scanned by that new >> machine.... >> >> >> I could not figure out how to stop MS as no init.d script is used >> because i installed form source, so to speak... so i made a simply >> script to kill the MS PID and then restart via check_mailscanner >> >> >> is there anything else i am missing other than configuring rules du jour >> now to get my stuff for SA? >> >> Any comments greatly appreciated.... >> >> Thanks to all and have a great day(or evening depending on where you are) >> >> :) >> >> > You wanted to install MailScanner from source to be current sooner, but you > installed old versions of ClamAV and Spamassassin by apt-get. I would think > you would want all of it current, especially since spamassassin is now at > 3.1.1 and clamav is at 0.86.1. Maybe you should use the install-clam-SA > tarball also. Just my 2 cents ;-) > > > From MailScanner at ecs.soton.ac.uk Thu Apr 27 20:56:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 20:56:54 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E601E.8080106@thehostmasters.com> Message-ID: <445121F7.4050007@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Rob Morin spake the following on 4/25/2006 10:45 AM: > >> ok so this is where i am at, so far... >> >> installed postfix via apt-get V 2.1.5-9 >> install SA & Clamav via apt-get V3.0.3 & 0.84 respectively... >> >> installed MS via install.sh >> >> postfix complained about owners of queue dirs so i turned of chroot ?? >> >> modified postfix main.cf as instructed in docs to make it work with MS >> >> added a test domain to postfixe's transport and relay_domains, not sure >> if this is correct as i need an email to come in get scanned and spit it >> out to the pop machine for the users.... But it seems to work.... >> >> started MS with /opt/Mailscanner/bin/check_mailscanner >> >> Sent a test email and when i received it a final destination all seemed >> ok, i saw the headers in the email saying it was scanned by that new >> machine.... >> >> >> I could not figure out how to stop MS as no init.d script is used >> because i installed form source, so to speak... so i made a simply >> script to kill the MS PID and then restart via check_mailscanner >> >> >> is there anything else i am missing other than configuring rules du jour >> now to get my stuff for SA? >> >> Any comments greatly appreciated.... >> >> Thanks to all and have a great day(or evening depending on where you are) >> >> :) >> >> > You wanted to install MailScanner from source to be current sooner, but you > installed old versions of ClamAV and Spamassassin by apt-get. I would think > you would want all of it current, especially since spamassassin is now at > 3.1.1 and clamav is at 0.86.1. Maybe you should use the install-clam-SA > tarball also. Just my 2 cents ;-) Definitely get your SpamAssassin and ClamAV up to date using my easy-to-install tarball. This will enable various plugins in SpamAssassin that are not enabled by default in the SA source install. The most important one missing is the URIBL plugin, which will help a lot. My package turns on all this stuff for you. I have just added Razor2 to the list of things done automatically for you as the licence has changed recently. Now to make it download and install the package for you... - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFEh+RH2WUcUFbZUEQIUugCg4SpDF/RPdKR5/k3+jnt8AqsIO8wAn3kO yNYPRf/Yl0BAMvdQdCm6gHsn =+HPu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rob at thehostmasters.com Thu Apr 27 21:09:35 2006 From: rob at thehostmasters.com (Rob Morin) Date: Thu Apr 27 21:09:39 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <445121F7.4050007@ecs.soton.ac.uk> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E601E.8080106@thehostmasters.com> <445121F7.4050007@ecs.soton.ac.uk> Message-ID: <445124FF.3090201@thehostmasters.com> WOW, ok sounds very cool, i will remove SA & Clamav via apt-get and install with your scripty thing... Thanks! Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: > >> Rob Morin spake the following on 4/25/2006 10:45 AM: >> >> >>> ok so this is where i am at, so far... >>> >>> installed postfix via apt-get V 2.1.5-9 >>> install SA & Clamav via apt-get V3.0.3 & 0.84 respectively... >>> >>> installed MS via install.sh >>> >>> postfix complained about owners of queue dirs so i turned of chroot ?? >>> >>> modified postfix main.cf as instructed in docs to make it work with MS >>> >>> added a test domain to postfixe's transport and relay_domains, not sure >>> if this is correct as i need an email to come in get scanned and spit it >>> out to the pop machine for the users.... But it seems to work.... >>> >>> started MS with /opt/Mailscanner/bin/check_mailscanner >>> >>> Sent a test email and when i received it a final destination all seemed >>> ok, i saw the headers in the email saying it was scanned by that new >>> machine.... >>> >>> >>> I could not figure out how to stop MS as no init.d script is used >>> because i installed form source, so to speak... so i made a simply >>> script to kill the MS PID and then restart via check_mailscanner >>> >>> >>> is there anything else i am missing other than configuring rules du jour >>> now to get my stuff for SA? >>> >>> Any comments greatly appreciated.... >>> >>> Thanks to all and have a great day(or evening depending on where you are) >>> >>> :) >>> >>> >>> >> You wanted to install MailScanner from source to be current sooner, but you >> installed old versions of ClamAV and Spamassassin by apt-get. I would think >> you would want all of it current, especially since spamassassin is now at >> 3.1.1 and clamav is at 0.86.1. Maybe you should use the install-clam-SA >> tarball also. Just my 2 cents ;-) >> > Definitely get your SpamAssassin and ClamAV up to date using my > easy-to-install tarball. This will enable various plugins in > SpamAssassin that are not enabled by default in the SA source install. > The most important one missing is the URIBL plugin, which will help a > lot. My package turns on all this stuff for you. I have just added > Razor2 to the list of things done automatically for you as the licence > has changed recently. Now to make it download and install the package > for you... > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFEh+RH2WUcUFbZUEQIUugCg4SpDF/RPdKR5/k3+jnt8AqsIO8wAn3kO > yNYPRf/Yl0BAMvdQdCm6gHsn > =+HPu > -----END PGP SIGNATURE----- > > From jrudd at ucsc.edu Thu Apr 27 21:09:07 2006 From: jrudd at ucsc.edu (John Rudd) Date: Thu Apr 27 21:09:49 2006 Subject: Good Spam blocking RBL's + greet_pause In-Reply-To: References: Message-ID: <356dd4c0f840ad20fe1b1a7ba6cfaec1@ucsc.edu> On Apr 27, 2006, at 12:00 PM, kte@nexis.be wrote: > > What are the most spam + another crap mail blocking RBL's from the > moment? > And what is a goog timeout for the greet_pause in sendmail I have now > 5000 ? > You can safely set the greet_pause up to 15000 without any real problems. I set mine at 30000, but I had to put in exceptions for verizon's mail servers and mac.com's mail servers. As for RBL's, I use SBL and XBL. I'd also recommend looking into a milter which allows you to reject hosts that have no rDNS, their rDNS result doesn't have an A record, and hosts that put parts of their own IP address into their hostname. Just a day or two ago, I posted my mimedefang-filter for use with mimedefang, which does a bunch of that. From MailScanner at ecs.soton.ac.uk Thu Apr 27 21:23:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 21:23:21 2006 Subject: Recursive archive attachment expansion and filetype/name checks In-Reply-To: References: <4fac50550604250352gbb50c3dscc2a9f77695155f3@mail.gmail.com> <444E6D88.1080605@ecs.soton.ac.uk> Message-ID: <4451282D.20005@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 4/25/2006 11:42 AM: > >> I have just released 4.53.4 which includes support for .Z and .gz files. >> These are generated by compress and gzip respectively. >> > You did that in about 8 hours! And with a regular day job! > I am so impressed with your skill and dedication. > 8 hours is slow for me. Some of that must have been sleep :-) I thought I could at least make up by doing .Z as well as .gz to do a thorough job. P.S. Where did the gunzip command line come from in the original "patch" suggestion? It sure doesn't match what the man page said. -o doesn't exist and -S is for supplying suffixes. > I think I would have taken more than 8 hours to even plan the attack. > Let's just say I've been doing this a little while, and I work fast. All contributions for fast solutions always welcome :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFEoLhH2WUcUFbZUEQLFSgCg6cLlYXY9WTzTouMrqruwL+cswbsAoLhM 90HTL87Pjp8wMF/r45nNa6u5 =eHcO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Apr 27 21:27:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 27 21:27:31 2006 Subject: Changin MX machine to it's own, recommendations please... In-Reply-To: <445120B9.4010508@thehostmasters.com> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E601E.8080106@thehostmasters.com> <445120B9.4010508@thehostmasters.com> Message-ID: <44512929.9090102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Updating the Clam+SA package of mine, you just install the new one over the top of the previous one, like my normal upgrades of MailScanner. It won't over-write your conf files and settings, it will just tack on the new loadplugin lines onto the bottom of your old v310.pre file. After installing ClamAV, it will enable it by commenting out the "Example" lines in freshclam.conf and whatever the other conf file is called (clamav or clamd.conf or something like that). Rob Morin wrote: > If i remove the apt-get packages of SA & Clamav and then use the > install from MS, how to i update, just re install again? will it over > write my conf files and settings? > > Scott Silva wrote: >> Rob Morin spake the following on 4/25/2006 10:45 AM: >> >>> ok so this is where i am at, so far... >>> >>> installed postfix via apt-get V 2.1.5-9 >>> install SA & Clamav via apt-get V3.0.3 & 0.84 respectively... >>> >>> installed MS via install.sh >>> >>> postfix complained about owners of queue dirs so i turned of chroot ?? >>> >>> modified postfix main.cf as instructed in docs to make it work with MS >>> >>> added a test domain to postfixe's transport and relay_domains, not sure >>> if this is correct as i need an email to come in get scanned and >>> spit it >>> out to the pop machine for the users.... But it seems to work.... >>> >>> started MS with /opt/Mailscanner/bin/check_mailscanner >>> >>> Sent a test email and when i received it a final destination all seemed >>> ok, i saw the headers in the email saying it was scanned by that new >>> machine.... >>> >>> >>> I could not figure out how to stop MS as no init.d script is used >>> because i installed form source, so to speak... so i made a simply >>> script to kill the MS PID and then restart via check_mailscanner >>> >>> >>> is there anything else i am missing other than configuring rules du >>> jour >>> now to get my stuff for SA? >>> >>> Any comments greatly appreciated.... >>> >>> Thanks to all and have a great day(or evening depending on where you >>> are) >>> >>> :) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFEpKhH2WUcUFbZUEQKBdACeLed9u5WrLPuzHFtJ0kYAEp/1ra8Anive D8keC96ukdsj58vbUOioMGjF =i0Wq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rob at thehostmasters.com Thu Apr 27 21:39:21 2006 From: rob at thehostmasters.com (Rob Morin) Date: Thu Apr 27 21:39:25 2006 Subject: {Spam?} Re: Changin MX machine to it's own, recommendations please... In-Reply-To: <44512929.9090102@ecs.soton.ac.uk> References: <013b01c66870$70632750$3004010a@martinhlaptop> <444E2D43.8020008@thehostmasters.com> <444E601E.8080106@thehostmasters.com> <445120B9.4010508@thehostmasters.com> <44512929.9090102@ecs.soton.ac.uk> Message-ID: <44512BF9.4020708@thehostmasters.com> Very nice, the only thign i was confused about was at the end of your script it said.... I am adding 3 more loadplugin lines to v310.pre to add the missing plugins for RelayCountry, SPF and URIDNSBL. Now go and edit the file /etc/mail/spamassassin/init.pre You need to uncomment (remove the #) the loadplugin lines for DCC and Razor2. but there was no lines that were commented out in init.pre, in v310.pre there was .... ?? Thanks.. Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Updating the Clam+SA package of mine, you just install the new one over > the top of the previous one, like my normal upgrades of MailScanner. It > won't over-write your conf files and settings, it will just tack on the > new loadplugin lines onto the bottom of your old v310.pre file. After > installing ClamAV, it will enable it by commenting out the "Example" > lines in freshclam.conf and whatever the other conf file is called > (clamav or clamd.conf or something like that). > > Rob Morin wrote: > >> If i remove the apt-get packages of SA & Clamav and then use the >> install from MS, how to i update, just re install again? will it over >> write my conf files and settings? >> >> Scott Silva wrote: >> >>> Rob Morin spake the following on 4/25/2006 10:45 AM: >>> >>> >>>> ok so this is where i am at, so far... >>>> >>>> installed postfix via apt-get V 2.1.5-9 >>>> install SA & Clamav via apt-get V3.0.3 & 0.84 respectively... >>>> >>>> installed MS via install.sh >>>> >>>> postfix complained about owners of queue dirs so i turned of chroot ?? >>>> >>>> modified postfix main.cf as instructed in docs to make it work with MS >>>> >>>> added a test domain to postfixe's transport and relay_domains, not sure >>>> if this is correct as i need an email to come in get scanned and >>>> spit it >>>> out to the pop machine for the users.... But it seems to work.... >>>> >>>> started MS with /opt/Mailscanner/bin/check_mailscanner >>>> >>>> Sent a test email and when i received it a final destination all seemed >>>> ok, i saw the headers in the email saying it was scanned by that new >>>> machine.... >>>> >>>> >>>> I could not figure out how to stop MS as no init.d script is used >>>> because i installed form source, so to speak... so i made a simply >>>> script to kill the MS PID and then restart via check_mailscanner >>>> >>>> >>>> is there anything else i am missing other than configuring rules du >>>> jour >>>> now to get my stuff for SA? >>>> >>>> Any comments greatly appreciated.... >>>> >>>> Thanks to all and have a great day(or evening depending on where you >>>> are) >>>> >>>> :) >>>> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.6 (Build 6060) > > iQA/AwUBRFEpKhH2WUcUFbZUEQKBdACeLed9u5WrLPuzHFtJ0kYAEp/1ra8Anive > D8keC96ukdsj58vbUOioMGjF > =i0Wq > -----END PGP SIGNATURE----- > > From steve.swaney at fsl.com Thu Apr 27 23:48:37 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Apr 27 23:49:47 2006 Subject: Good Spam blocking RBL's + greet_pause In-Reply-To: Message-ID: <012a01c66a4c$dce45c90$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of kte@nexis.be > Sent: Thursday, April 27, 2006 3:01 PM > To: mailscanner@lists.mailscanner.info > Subject: Good Spam blocking RBL's + greet_pause > > > What are the most spam + another crap mail blocking RBL's from the moment? > And what is a goog timeout for the greet_pause in sendmail I have now 5000 > ? > > Thanks Koen We have set to 6500. No problems. If there are problems - just whitlist :) Steve Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From res at ausics.net Fri Apr 28 08:31:21 2006 From: res at ausics.net (Res) Date: Fri Apr 28 08:31:38 2006 Subject: Good Spam blocking RBL's + greet_pause In-Reply-To: References: Message-ID: On Thu, 27 Apr 2006, kte@nexis.be wrote: > What are the most spam + another crap mail blocking RBL's from the moment? > > And what is a goog timeout for the greet_pause in sendmail I have now 5000 > ? > > Thanks Koen dnsbl.sorbs.net sbl-xbl.spamhaus.org bl.spamcop.net combined.njabl.org and 3-5K is good ballpark for greet pause so I'd leave that as it is. > -- Cheers Res From glenn.steen at gmail.com Fri Apr 28 08:56:07 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 28 08:56:11 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: <44511D6F.3060707@ecs.soton.ac.uk> References: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> <44511D6F.3060707@ecs.soton.ac.uk> Message-ID: <223f97700604280056u5b860577yf24febad461d119d@mail.gmail.com> On 27/04/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Kai Schaetzl wrote: > > Julian Field wrote on Thu, 27 Apr 2006 16:11:02 +0100: > > > > > >>>> A suitable setting might be > >>>> Allowed Web Bug Filenames = spacer pixel.gif pixel.png > >>>> > >>>> > > > > Thanks, Julian, I'll try with the next beta or normal release. > > > > > >> I've changed it to "Ignored Web Bug Filenames" as that explains its > >> purpose rather better. > >> > > > > I do not mind what it is named. But I just compared to to fiel names/types > > and there we have: > > Allow Filenames = > > > > although the purpose of the rule is a bit different, so your new naming > > may fit better to understand it. > > > > > >> > >> > >>> Are you planning to make that the default, or will it be >>> string>? > >>> > >> > >> The feature will be disabled by default. > >> > > > > Of course, that's reasonable. > > > > May I repoint you to the main reason of my enquiry, though? I think it's > > worthwhile to get rid of those 404's each time a webmail user reads such a > > mail. For the time being I just touched a file there, don't know what the > > browser will make out of this. But it would be better to be able to either > > supply no URL or remove the tag or supply a URL of your own choice > > somewhere where that one pixel graphic can be fetched by the browser. If I > > can configure this in MailScanner that's much more convenient than adding > > some file to each webmail package. Browsers may also deny rendering > > "MailScannerWebBug" as an image since there's no appropriate MIME header > > coming with it. So something like this: > > > > Allow WebBugs = yes|disarm|remove (with remove = remove the whole tag) > > Disarm WebBugs String = "MailScannerWebBug" (default) > > > > with possible choices like > > Disarm WebBugs String = "" (empty) > > Disarm WebBugs String = "mypixel.gif" (relative path) > > Disarm WebBugs String = "http://somewhere.somplace.com/mypixel.gif" > > (absolute path) > > > > I'm not sure how "remove" would fit in the "Allow...Tags Convert > > Danger... " table (around line 792), so this may be too complex or > > confusing. (Although, the conversion obviously applies to tags that can be > > "converted" to text, so, it wouldn't apply to images, anyway?) > > But the Disarm WebBugs String should be easy to add, shouldn't it? > > > Yes, it is, and it's done. I didn't appreciate that was your main reason > for posting. I have created a 51-byte file on the MailScanner web site > which is a harmless 1x1 pixel transparent GIF, which will serve as an > ideal web bug replacement. The default value if nothing is specified at > all is the old string "MailScannerWebBug", and the value in the default > MailScanner.conf file is the URL of my transparent GIF. > > The 282nd option is called "Web Bug Replacement" and is the URL of the > image used to replace web bugs. > > I promise I won't track uses of the transparent GIF image except to > count the total number of hits to indicate how widely web bugs are used > in total. > Ah, this I can both understand(!:-) and appreciate. Might even use it myself. Thanks Kai&Jules. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From P.G.M.Peters at utwente.nl Fri Apr 28 09:13:33 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Fri Apr 28 09:13:39 2006 Subject: country.domains.conf Message-ID: <4451CEAD.6030307@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, > - Numeric IP addresses in phishing.safe.sites.conf list. This line in the beta 4.53.5 announcements triggered something regarding country.domains.conf. Contains country.domains.conf real matches or can regex be used? In .nl there are no real second levels in a domain. Except for digits. In the past personal domains were only given out as name.3-digits.nl. Were 3-digits were 3 random digits. Could these be added to country.domains.conf as a regex or should all 1000 possibilities be added? This is no feature request to add this possibility. There are only a few hundred of these domains (left). - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEUc6telLo80lrIdIRAgUHAJ9giOxuBVPs/iabVTWkaFvsO6ANtACdEkqq Ro0tTOdKZZmuv1YnOA9y34M= =rYDh -----END PGP SIGNATURE----- From martinh at solid-state-logic.com Fri Apr 28 09:31:37 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 28 09:32:00 2006 Subject: MailScanner 4.52.2 destroys exim 4.61 spool files In-Reply-To: Message-ID: <00a601c66a9e$2c4982f0$3004010a@martinhlaptop> Scott Yeah - this darn chair-keyboard interface is a real problem. I wish somebody would do some to fix it....;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: 27 April 2006 20:35 > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner 4.52.2 destroys exim 4.61 spool files > > Martin Hepworth spake the following on 4/25/2006 1:34 AM: > > Bother > > > > NOT broken anything.... > Don't you hate it when you can't get your brain to talk to your fingers > fast > enough? ;-) > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth > >> Sent: 25 April 2006 09:30 > >> To: 'MailScanner discussion' > >> Subject: RE: MailScanner 4.52.2 destroys exim 4.61 spool files > >> > >> Jules > >> > >> This works ok on exim < 4.61, as I haven't upgraded to 4.61 yet I can't > >> say > >> if that bit works, but as far as I can see you've broken anything.. > >> > >> -- > >> Martin Hepworth > >> Snr Systems Administrator > >> Solid State Logic > >> Tel: +44 (0)1865 842300 > >> > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Julian Field > >>> Sent: 24 April 2006 16:52 > >>> To: MailScanner discussion > >>> Subject: Re: MailScanner 4.52.2 destroys exim 4.61 spool files > >>> > >>> On 24 Apr 2006, at 11:29, Martin Hepworth wrote: > >>>> A reminder about the ACL changes in exim 4.61 - obviously most > >>>> people are > >>>> still running versions before this so the code needs to work for > >>>> 4.61 and > >>>> versions previous. > >>> Please try the attached patch for /usr/lib/MailScanner/MailScanner/ > >>> Exim.pm. > >>> Let me know how you get on. It should work with old and new versions > >>> of Exim. > >>> > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by MailScanner, and is > >>> believed to be clean. > >>> MailScanner thanks transtec Computers for their support. > >> > >> > >> ********************************************************************** > >> > >> This email and any files transmitted with it are confidential and > >> intended solely for the use of the individual or entity to whom they > >> are addressed. If you have received this email in error please notify > >> the system manager. > >> > >> This footnote confirms that this email message has been swept > >> for the presence of computer viruses and is believed to be clean. > >> > >> ********************************************************************** > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From matt at coders.co.uk Fri Apr 28 09:43:26 2006 From: matt at coders.co.uk (Matt Hampton) Date: Fri Apr 28 09:43:32 2006 Subject: Good Spam blocking RBL's + greet_pause In-Reply-To: <356dd4c0f840ad20fe1b1a7ba6cfaec1@ucsc.edu> References: <356dd4c0f840ad20fe1b1a7ba6cfaec1@ucsc.edu> Message-ID: <4451D5AE.3080400@coders.co.uk> John Rudd wrote: > > On Apr 27, 2006, at 12:00 PM, kte@nexis.be wrote: > >> >> What are the most spam + another crap mail blocking RBL's from the >> moment? >> And what is a goog timeout for the greet_pause in sendmail I have now >> 5000 ? Mine is set to 5000. I am just scripting something against the mailwatch database to reduce the time for "good" mail servers. > You can safely set the greet_pause up to 15000 without any real > problems. I set mine at 30000, but I had to put in exceptions for > verizon's mail servers and mac.com's mail servers. > I use SpamCop and DSBL. Because of SC's bounce policy I have both of these set to temp fail rather than reject. Any owner of a "good" server will sort the issue out and I therefore reduce the risk of false positives - albeit with a delay. matt From MailScanner at ecs.soton.ac.uk Fri Apr 28 09:58:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 28 09:58:48 2006 Subject: country.domains.conf In-Reply-To: <4451CEAD.6030307@utwente.nl> References: <4451CEAD.6030307@utwente.nl> Message-ID: On 28 Apr 2006, at 09:13, Peter Peters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > >> - Numeric IP addresses in phishing.safe.sites.conf list. > > This line in the beta 4.53.5 announcements triggered something > regarding > country.domains.conf. > > Contains country.domains.conf real matches or can regex be used? > In .nl > there are no real second levels in a domain. Except for digits. In the > past personal domains were only given out as name.3-digits.nl. Were > 3-digits were 3 random digits. Could these be added to > country.domains.conf as a regex or should all 1000 possibilities be > added? All 1000 possibilities need to be added. They are read into a hash so the size of this file has no effect on speed at all. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From neb9002 at gmail.com Fri Apr 28 13:28:46 2006 From: neb9002 at gmail.com (Harris S) Date: Fri Apr 28 13:28:49 2006 Subject: Recursive archive attachment expansion and filetype/name checks Message-ID: <4fac50550604280528l5f4b9dc7g25bd647999913af5@mail.gmail.com> Hello again, the gunzip options were specific to OpenBSD.... Regards H. From maillists at conactive.com Fri Apr 28 13:31:25 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Apr 28 13:29:34 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: <44511D6F.3060707@ecs.soton.ac.uk> References: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> <44511D6F.3060707@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Thu, 27 Apr 2006 20:37:19 +0100: > Yes, it is, and it's done. I didn't appreciate that was your main reason > for posting. I have created a 51-byte file on the MailScanner web site > which is a harmless 1x1 pixel transparent GIF, which will serve as an > ideal web bug replacement. The default value if nothing is specified at > all is the old string "MailScannerWebBug", and the value in the default > MailScanner.conf file is the URL of my transparent GIF. Great, thanks, Julian! This part of the webbugs changes is not in yesterday's beta release, right? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From root at doctor.nl2k.ab.ca Fri Apr 28 13:41:54 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Apr 28 13:42:19 2006 Subject: News from the cesspoll Message-ID: <20060428124154.GA14177@doctor.nl2k.ab.ca> University of Calgary in Canada has devised an e-mail that is spam that can fool filters. Julian waht do you know about this? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 28 13:45:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 28 13:45:31 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: References: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> <44511D6F.3060707@ecs.soton.ac.uk> Message-ID: On 28 Apr 2006, at 13:31, Kai Schaetzl wrote: > Julian Field wrote on Thu, 27 Apr 2006 20:37:19 +0100: > >> Yes, it is, and it's done. I didn't appreciate that was your main >> reason >> for posting. I have created a 51-byte file on the MailScanner web >> site >> which is a harmless 1x1 pixel transparent GIF, which will serve as an >> ideal web bug replacement. The default value if nothing is >> specified at >> all is the old string "MailScannerWebBug", and the value in the >> default >> MailScanner.conf file is the URL of my transparent GIF. > > Great, thanks, Julian! This part of the webbugs changes is not in > yesterday's beta release, right? No it's not, sorry. If I do a beta including it for you, will you give it a go and confirm that it works please? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From martinh at solid-state-logic.com Fri Apr 28 13:50:44 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 28 13:50:52 2006 Subject: News from the cesspoll In-Reply-To: <20060428124154.GA14177@doctor.nl2k.ab.ca> Message-ID: <002201c66ac2$5d4c50c0$3004010a@martinhlaptop> Any more details on this - URL? - or just rumour?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - > System Administrator a.k.a. The Root of the Problem > Sent: 28 April 2006 13:42 > To: mailscanner@lists.mailscanner.info > Subject: News from the cesspoll > > University of Calgary in Canada has devised an e-mail that is spam > that can fool filters. Julian waht do you know about this? > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From root at doctor.nl2k.ab.ca Fri Apr 28 14:03:40 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Apr 28 14:04:07 2006 Subject: News from the cesspoll In-Reply-To: <002201c66ac2$5d4c50c0$3004010a@martinhlaptop> References: <20060428124154.GA14177@doctor.nl2k.ab.ca> <002201c66ac2$5d4c50c0$3004010a@martinhlaptop> Message-ID: <20060428130340.GA10101@doctor.nl2k.ab.ca> On Fri, Apr 28, 2006 at 01:50:44PM +0100, Martin Hepworth wrote: > Any more details on this - URL? - or just rumour?? > This came over a local news radio station. Still can someone contact he the CompSci department at ucalgary.ca? > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - > > System Administrator a.k.a. The Root of the Problem > > Sent: 28 April 2006 13:42 > > To: mailscanner@lists.mailscanner.info > > Subject: News from the cesspoll > > > > University of Calgary in Canada has devised an e-mail that is spam > > that can fool filters. Julian waht do you know about this? > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ellis at kazakcomposites.com Fri Apr 28 14:08:17 2006 From: ellis at kazakcomposites.com (Steve Ellis) Date: Fri Apr 28 14:08:25 2006 Subject: News from the cesspoll In-Reply-To: <20060428124154.GA14177@doctor.nl2k.ab.ca> References: <20060428124154.GA14177@doctor.nl2k.ab.ca> Message-ID: <7.0.1.0.2.20060428090659.039a5090@kazakcomposites.com> See http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNStory/Technology/home At 08:41 AM 4/28/2006, you wrote: >University of Calgary in Canada has devised an e-mail that is spam >that can fool filters. Julian waht do you know about this? > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! Steve Ellis Sr. Engineer KaZaK Composites, Inc 781.932.5667 x105 *********** KaZaK Composites, Inc CONFIDENTIAL *********** Unless otherwise specified, the information contained in this e-mail message should be considered: privileged, confidential, and protected from disclosure. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Fri Apr 28 14:13:38 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Apr 28 14:13:49 2006 Subject: News from the cesspoll In-Reply-To: <002201c66ac2$5d4c50c0$3004010a@martinhlaptop> References: <002201c66ac2$5d4c50c0$3004010a@martinhlaptop> Message-ID: <44521502.9050006@pixelhammer.com> Martin Hepworth wrote: > Any more details on this - URL? - or just rumour?? There is a link on the UC Comp Sci Dept front page to a PDF describing their findings. Interesting reading, though not revolutionary or even a new thought. I think every AntiSpam admin knew and understood the concept they studied when the first zombie became active. Not really anything worth a grant expense IMO. http://www.cpsc.ucalgary.ca/Dept/news.php?id=668 DAve > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - >> System Administrator a.k.a. The Root of the Problem >> Sent: 28 April 2006 13:42 >> To: mailscanner@lists.mailscanner.info >> Subject: News from the cesspoll >> >> University of Calgary in Canada has devised an e-mail that is spam >> that can fool filters. Julian waht do you know about this? >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > -- This message was checked by forty monkeys and found to not contain any SPAM whatsoever. Your monkeys may vary From brose at med.wayne.edu Fri Apr 28 14:24:18 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Apr 28 14:24:28 2006 Subject: News from the cesspoll Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B4887F7@MED-CORE03-MS1.med.wayne.edu> I'm confused...how is the use of highjacked/infected computers to send out spam using forged addresses obtained from the infected computer new? This tactic has been used before. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Ellis Sent: Friday, April 28, 2006 9:08 AM To: MailScanner discussion Subject: Re: News from the cesspoll See http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNS tory/Technology/home At 08:41 AM 4/28/2006, you wrote: >University of Calgary in Canada has devised an e-mail that is spam that >can fool filters. Julian waht do you know about this? > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! Steve Ellis Sr. Engineer KaZaK Composites, Inc 781.932.5667 x105 *********** KaZaK Composites, Inc CONFIDENTIAL *********** Unless otherwise specified, the information contained in this e-mail message should be considered: privileged, confidential, and protected from disclosure. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From root at doctor.nl2k.ab.ca Fri Apr 28 14:38:56 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Apr 28 14:40:57 2006 Subject: News from the cesspoll In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B4887F7@MED-CORE03-MS1.med.wayne.edu> References: <8F2A53954C22554EB75D9643FCCE0C6B4887F7@MED-CORE03-MS1.med.wayne.edu> Message-ID: <20060428133856.GB16597@doctor.nl2k.ab.ca> On Fri, Apr 28, 2006 at 09:24:18AM -0400, Rose, Bobby wrote: > I'm confused...how is the use of highjacked/infected computers to send > out spam using forged addresses obtained from the infected computer new? > This tactic has been used before. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve > Ellis > Sent: Friday, April 28, 2006 9:08 AM > To: MailScanner discussion > Subject: Re: News from the cesspoll > > > See > http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNS > tory/Technology/home > > At 08:41 AM 4/28/2006, you wrote: > >University of Calgary in Canada has devised an e-mail that is spam that > > >can fool filters. Julian waht do you know about this? > > > >-- > >This message has been scanned for viruses and dangerous content by > >MailScanner, and is believed to be clean. > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > Steve Ellis > Sr. Engineer > KaZaK Composites, Inc > > 781.932.5667 x105 > Try http://pages.cpsc.ucalgary.ca/~aycock/papers/sz.pdf > > *********** KaZaK Composites, Inc CONFIDENTIAL *********** > > Unless otherwise specified, the information contained in this > > e-mail message should be considered: privileged, confidential, > > and protected from disclosure. > > > -- > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Fri Apr 28 14:54:51 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 28 14:55:00 2006 Subject: News from the cesspoll In-Reply-To: <20060428133856.GB16597@doctor.nl2k.ab.ca> Message-ID: <002301c66acb$5217e1c0$3004010a@martinhlaptop> URI-RBL's would catch this fairly quickly, as they do already...nothing to see here, move along.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - > System Administrator a.k.a. The Root of the Problem > Sent: 28 April 2006 14:39 > To: MailScanner discussion > Subject: Re: News from the cesspoll > > On Fri, Apr 28, 2006 at 09:24:18AM -0400, Rose, Bobby wrote: > > I'm confused...how is the use of highjacked/infected computers to send > > out spam using forged addresses obtained from the infected computer new? > > This tactic has been used before. > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve > > Ellis > > Sent: Friday, April 28, 2006 9:08 AM > > To: MailScanner discussion > > Subject: Re: News from the cesspoll > > > > > > See > > http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNS > > tory/Technology/home > > > > At 08:41 AM 4/28/2006, you wrote: > > >University of Calgary in Canada has devised an e-mail that is spam that > > > > >can fool filters. Julian waht do you know about this? > > > > > >-- > > >This message has been scanned for viruses and dangerous content by > > >MailScanner, and is believed to be clean. > > > > > >-- > > >MailScanner mailing list > > >mailscanner@lists.mailscanner.info > > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > >Before posting, read http://wiki.mailscanner.info/posting > > > > > >Support MailScanner development - buy the book off the website! > > > > Steve Ellis > > Sr. Engineer > > KaZaK Composites, Inc > > > > 781.932.5667 x105 > > > > Try http://pages.cpsc.ucalgary.ca/~aycock/papers/sz.pdf > > > > > *********** KaZaK Composites, Inc CONFIDENTIAL *********** > > > > Unless otherwise specified, the information contained in this > > > > e-mail message should be considered: privileged, confidential, > > > > and protected from disclosure. > > > > > > -- > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From root at doctor.nl2k.ab.ca Fri Apr 28 15:07:32 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Apr 28 15:07:38 2006 Subject: News from the cesspoll In-Reply-To: <002301c66acb$5217e1c0$3004010a@martinhlaptop> References: <20060428133856.GB16597@doctor.nl2k.ab.ca> <002301c66acb$5217e1c0$3004010a@martinhlaptop> Message-ID: <20060428140732.GB21311@doctor.nl2k.ab.ca> On Fri, Apr 28, 2006 at 02:54:51PM +0100, Martin Hepworth wrote: > > > URI-RBL's would catch this fairly quickly, as they do already...nothing to > see here, move along.. > URL for the above please. Also, which RBL do we add to our rbdnsbl list? > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - > > System Administrator a.k.a. The Root of the Problem > > Sent: 28 April 2006 14:39 > > To: MailScanner discussion > > Subject: Re: News from the cesspoll > > > > On Fri, Apr 28, 2006 at 09:24:18AM -0400, Rose, Bobby wrote: > > > I'm confused...how is the use of highjacked/infected computers to send > > > out spam using forged addresses obtained from the infected computer new? > > > This tactic has been used before. > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve > > > Ellis > > > Sent: Friday, April 28, 2006 9:08 AM > > > To: MailScanner discussion > > > Subject: Re: News from the cesspoll > > > > > > > > > See > > > http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNS > > > tory/Technology/home > > > > > > At 08:41 AM 4/28/2006, you wrote: > > > >University of Calgary in Canada has devised an e-mail that is spam that > > > > > > >can fool filters. Julian waht do you know about this? > > > > > > > >-- > > > >This message has been scanned for viruses and dangerous content by > > > >MailScanner, and is believed to be clean. > > > > > > > >-- > > > >MailScanner mailing list > > > >mailscanner@lists.mailscanner.info > > > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > >Before posting, read http://wiki.mailscanner.info/posting > > > > > > > >Support MailScanner development - buy the book off the website! > > > > > > Steve Ellis > > > Sr. Engineer > > > KaZaK Composites, Inc > > > > > > 781.932.5667 x105 > > > > > > > Try http://pages.cpsc.ucalgary.ca/~aycock/papers/sz.pdf > > > > > > > > *********** KaZaK Composites, Inc CONFIDENTIAL *********** > > > > > > Unless otherwise specified, the information contained in this > > > > > > e-mail message should be considered: privileged, confidential, > > > > > > and protected from disclosure. > > > > > > > > > -- > > > This message has been scanned for viruses and > > > > > > dangerous content by MailScanner, and is > > > > > > believed to be clean. > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From martinh at solid-state-logic.com Fri Apr 28 15:17:12 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 28 15:17:21 2006 Subject: News from the cesspoll In-Reply-To: <20060428140732.GB21311@doctor.nl2k.ab.ca> Message-ID: <000401c66ace$71478e80$3004010a@martinhlaptop> Well there's the default URI-RBL's that get installed with SA 3.x And another good two are from http://www.uribl.com/ You'll need the Net::DNS installed and the SA- plugin activitad in init.pre. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - > System Administrator a.k.a. The Root of the Problem > Sent: 28 April 2006 15:08 > To: MailScanner discussion > Subject: Re: News from the cesspoll > > On Fri, Apr 28, 2006 at 02:54:51PM +0100, Martin Hepworth wrote: > > > > > > URI-RBL's would catch this fairly quickly, as they do already...nothing > to > > see here, move along.. > > > > URL for the above please. Also, which RBL do we add to our > rbdnsbl list? > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - > > > System Administrator a.k.a. The Root of the Problem > > > Sent: 28 April 2006 14:39 > > > To: MailScanner discussion > > > Subject: Re: News from the cesspoll > > > > > > On Fri, Apr 28, 2006 at 09:24:18AM -0400, Rose, Bobby wrote: > > > > I'm confused...how is the use of highjacked/infected computers to > send > > > > out spam using forged addresses obtained from the infected computer > new? > > > > This tactic has been used before. > > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Steve > > > > Ellis > > > > Sent: Friday, April 28, 2006 9:08 AM > > > > To: MailScanner discussion > > > > Subject: Re: News from the cesspoll > > > > > > > > > > > > See > > > > > http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNS > > > > tory/Technology/home > > > > > > > > At 08:41 AM 4/28/2006, you wrote: > > > > >University of Calgary in Canada has devised an e-mail that is spam > that > > > > > > > > >can fool filters. Julian waht do you know about this? > > > > > > > > > >-- > > > > >This message has been scanned for viruses and dangerous content by > > > > >MailScanner, and is believed to be clean. > > > > > > > > > >-- > > > > >MailScanner mailing list > > > > >mailscanner@lists.mailscanner.info > > > > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > >Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > >Support MailScanner development - buy the book off the website! > > > > > > > > Steve Ellis > > > > Sr. Engineer > > > > KaZaK Composites, Inc > > > > > > > > 781.932.5667 x105 > > > > > > > > > > Try http://pages.cpsc.ucalgary.ca/~aycock/papers/sz.pdf > > > > > > > > > > > *********** KaZaK Composites, Inc CONFIDENTIAL *********** > > > > > > > > Unless otherwise specified, the information contained in this > > > > > > > > e-mail message should be considered: privileged, confidential, > > > > > > > > and protected from disclosure. > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > > > > > dangerous content by MailScanner, and is > > > > > > > > believed to be clean. > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > > > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at yeticomputers.com Fri Apr 28 15:46:14 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Fri Apr 28 15:46:24 2006 Subject: News from the cesspoll In-Reply-To: <002301c66acb$5217e1c0$3004010a@martinhlaptop> References: <002301c66acb$5217e1c0$3004010a@martinhlaptop> Message-ID: <44522AB6.60903@yeticomputers.com> I agree. Also, my experience has been that people who use spam filters actually have the ability to tell when spam sneaks through. And they don't want it. (Obvious, I know, but I have a few users who actually want all of their spam.) Even if this 'more effective' spam actually got people to click a link, nobody who did so would buy anything unless they were already the kind of person who responds to 'normal' spam. Wasted effort, and no more effective at defeating the final filter - the human mind - than any other kind of spam. Rick Martin Hepworth wrote: >URI-RBL's would catch this fairly quickly, as they do already...nothing to >see here, move along.. > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > From glenn.steen at gmail.com Fri Apr 28 16:10:36 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 28 16:10:39 2006 Subject: News from the cesspoll In-Reply-To: <44522AB6.60903@yeticomputers.com> References: <002301c66acb$5217e1c0$3004010a@martinhlaptop> <44522AB6.60903@yeticomputers.com> Message-ID: <223f97700604280810y5f427871i344b2fb728f35b99@mail.gmail.com> On 28/04/06, Rick Chadderdon wrote: > I agree. Also, my experience has been that people who use spam filters > actually have the ability to tell when spam sneaks through. And they > don't want it. (Obvious, I know, but I have a few users who actually > want all of their spam.) Even if this 'more effective' spam actually > got people to click a link, nobody who did so would buy anything unless > they were already the kind of person who responds to 'normal' spam. > Wasted effort, and no more effective at defeating the final filter - the > human mind - than any other kind of spam. > > Rick > > Martin Hepworth wrote: > > >URI-RBL's would catch this fairly quickly, as they do already...nothing to > >see here, move along.. > > Precisely. Kind of like when it's "funding time" for government agencies here in Sweden... "Lets see what _old news_ we can rehash to scare the public/politicians enough to raise our cut of the budget a bit"... Livsmedelsverket has been known to pull that stunt on several occasions ("cancerogenes in plain prepared food!" comes to mind... A really thinly veiled non-news article of theirs). Just ignore it and move on, precisely as Martin says. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rgreen at trayerproducts.com Fri Apr 28 16:19:52 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Apr 28 16:20:17 2006 Subject: News from the cesspoll In-Reply-To: <000401c66ace$71478e80$3004010a@martinhlaptop> References: <000401c66ace$71478e80$3004010a@martinhlaptop> Message-ID: <44523298.90507@trayerproducts.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060428/c151c81d/attachment.html From dhawal at netmagicsolutions.com Fri Apr 28 16:54:10 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 28 16:54:23 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> Message-ID: <44523AA2.3080008@netmagicsolutions.com> Glenn Steen wrote: > Anyway, looking at the points Wietse stipulates, I think Jules pretty > much follow all/most of them already... So for now at least, things a > alright:-). I agree and here is a point by point check.. 1) The Postfix queue would have to be changed from a three-state incoming/active/deferred organization to a four-state organization of unfiltered/incoming/active/deferred. DD> This is being done by introducing the 'hold' interface. 2) All four queues MUST BE in the same file system. Otherwise mail will be corrupted or lost. DD> MailScanner doesn't mess with the postfix queue structure, hence this is supported as well. 3) A modified cleanup server drops new mail into the "unfiltered" queue and notifies mailscanner, while the unmodified cleanup server drops locally forwarded mail into the incoming queue and informs the queue manager as usual. DD> The modified cleanup server is the header_checks parameter. Looks like mailscanner *might* need to talk to cleanup post processing.Can some postfix expert comment on this? 4) Mailscanner MUST NOT move queue files except by renaming them between Postfix queue directories. Otherwise mail will be corrupted or lost. DD> Excellent job here by Julian, queue files are renamed as original_queue_id.6_digit_random_number 5) Mailscanner MUST maintain the relationship between the file name and the file inode number. Otherwise mail will be corrupted or lost. DD> See reply to point 4. 6) hehe.. there is no point number 6. 7) Mailscanner must be crash proof. Like Postfix, it MUST NOT take irreversible actions, or actions that may require undo operations after a system crash. Otherwise mail will be corrupted or lost. DD> MailScanner, from what i understand doesn't move the queue file from hold to incoming till it is processed.. in the event of a crash, mails in the hold queue will be re-processed. 8) Mailscanner MUST NOT modify queue files. If content needs to be updates, Mailscanner MUST create a new queue file and delete the original only after the new file has been committed to stable storage. Otherwise mail will be corrupted or lost. DD> See points 4,5,7 9) When creating a queue file, Mailscanner MUST adhere to the convention that the file permissions are set to "executable" only after the file contents are safely stored. Otherwise mail will be corrupted or lost. DD> Not sure about this one, maybe Julian can comment on this. 10) Mailscanner should never touch a queue file that has an advisory lock (flock or fcntl lock, depending on the system environment). Otherwise mail will be corrupted or lost. DD> Not sure about this one too, maybe Julian can comment on this as well. Finally, the only 'so-called' problem being that MailScanner doesn't speak (L)(S)MTP, which though an advantage (with MailScanner) relies on undocumented (which is in no way Julian's fault) internals to make things work. The are a few options available in this regard.. specifically net::smtp and qpsmtpd. Maybe.. maybe Julian could offer this as an option. Julian, if you can comment on points 9 & 10, i'll send a reply across to Wietse and hopefully take things forward. We are still unsure of the changes in postfix 2.3, which could possibly break mailscanner. thanks, - dhawal From MailScanner at ecs.soton.ac.uk Fri Apr 28 17:17:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 28 17:17:34 2006 Subject: News from the cesspoll In-Reply-To: <000401c66ace$71478e80$3004010a@martinhlaptop> References: <000401c66ace$71478e80$3004010a@martinhlaptop> Message-ID: <465950D9-5A67-4470-89DD-52DA3434F8FF@ecs.soton.ac.uk> Would people like me to add the Black and Grey lists to the spam.assassin.prefs.conf file I ship with MailScanner? My easy-to-install ClamAV+SpamAssassin package enables the URIBL plugin for you during the installation, so most people will have the necessary stuff done in v310.pre already. The scores I use (very successfully) are Black: 3.0 Grey: 0.25 Your thoughts please folks! Jules. On 28 Apr 2006, at 15:17, Martin Hepworth wrote: > > Well there's the default URI-RBL's that get installed with SA 3.x > > And another good two are from http://www.uribl.com/ > > You'll need the Net::DNS installed and the SA- plugin activitad in > init.pre. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - >> System Administrator a.k.a. The Root of the Problem >> Sent: 28 April 2006 15:08 >> To: MailScanner discussion >> Subject: Re: News from the cesspoll >> >> On Fri, Apr 28, 2006 at 02:54:51PM +0100, Martin Hepworth wrote: >>> >>> >>> URI-RBL's would catch this fairly quickly, as they do >>> already...nothing >> to >>> see here, move along.. >>> >> >> URL for the above please. Also, which RBL do we add to our >> rbdnsbl list? >> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Dave Shariff >>>> Yadallee - >>>> System Administrator a.k.a. The Root of the Problem >>>> Sent: 28 April 2006 14:39 >>>> To: MailScanner discussion >>>> Subject: Re: News from the cesspoll >>>> >>>> On Fri, Apr 28, 2006 at 09:24:18AM -0400, Rose, Bobby wrote: >>>>> I'm confused...how is the use of highjacked/infected computers to >> send >>>>> out spam using forged addresses obtained from the infected >>>>> computer >> new? >>>>> This tactic has been used before. >>>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Steve >>>>> Ellis >>>>> Sent: Friday, April 28, 2006 9:08 AM >>>>> To: MailScanner discussion >>>>> Subject: Re: News from the cesspoll >>>>> >>>>> >>>>> See >>>>> >> http://www.theglobeandmail.com/servlet/story/RTGAM. >> 20060428.wxspam28/BNS >>>>> tory/Technology/home >>>>> >>>>> At 08:41 AM 4/28/2006, you wrote: >>>>>> University of Calgary in Canada has devised an e-mail that is >>>>>> spam >> that >>>>> >>>>>> can fool filters. Julian waht do you know about this? >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and dangerous >>>>>> content by >>>>>> MailScanner, and is believed to be clean. >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> Steve Ellis >>>>> Sr. Engineer >>>>> KaZaK Composites, Inc >>>>> >>>>> 781.932.5667 x105 >>>>> >>>> >>>> Try http://pages.cpsc.ucalgary.ca/~aycock/papers/sz.pdf >>>> >>>>> >>>>> *********** KaZaK Composites, Inc CONFIDENTIAL *********** >>>>> >>>>> Unless otherwise specified, the information contained in this >>>>> >>>>> e-mail message should be considered: privileged, confidential, >>>>> >>>>> and protected from disclosure. >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> >>>>> dangerous content by MailScanner, and is >>>>> >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> ******************************************************************** >>> ** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ******************************************************************** >>> ** >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Apr 28 17:22:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 28 17:22:30 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <44523AA2.3080008@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> Message-ID: <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> On 28 Apr 2006, at 16:54, Dhawal Doshy wrote: > Glenn Steen wrote: >> Anyway, looking at the points Wietse stipulates, I think Jules pretty >> much follow all/most of them already... So for now at least, things a >> alright:-). > > I agree and here is a point by point check.. > > 9) When creating a queue file, Mailscanner MUST adhere to the > convention that the file permissions are set to "executable" only > after the file contents are safely stored. Otherwise mail will be > corrupted or lost. > > DD> Not sure about this one, maybe Julian can comment on this. I adhere to this. > > 10) Mailscanner should never touch a queue file that has an > advisory lock (flock or fcntl lock, depending on the system > environment). Otherwise mail will be corrupted or lost. > > DD> Not sure about this one too, maybe Julian can comment on this > as well. I adhere to this. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Fri Apr 28 17:43:58 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 28 17:44:10 2006 Subject: News from the cesspoll In-Reply-To: <465950D9-5A67-4470-89DD-52DA3434F8FF@ecs.soton.ac.uk> References: <000401c66ace$71478e80$3004010a@martinhlaptop> <465950D9-5A67-4470-89DD-52DA3434F8FF@ecs.soton.ac.uk> Message-ID: <4452464E.9020005@netmagicsolutions.com> Julian Field wrote: > Would people like me to add the Black and Grey lists to the > spam.assassin.prefs.conf file I ship with MailScanner? > > My easy-to-install ClamAV+SpamAssassin package enables the URIBL plugin > for you during the installation, so most people will have the necessary > stuff done in v310.pre already. > > The scores I use (very successfully) are > Black: 3.0 > Grey: 0.25 > > Your thoughts please folks! sa-update will update 25_uribl.cf as well, which include support for BLACK, GREY and RED.. methinks it'll be a duplication for sa 3.1.1 users since you already have sa-update running as a cronjob. - dhawal > Jules. > > On 28 Apr 2006, at 15:17, Martin Hepworth wrote: > >> >> Well there's the default URI-RBL's that get installed with SA 3.x >> >> And another good two are from http://www.uribl.com/ >> >> You'll need the Net::DNS installed and the SA- plugin activitad in >> init.pre. From dhawal at netmagicsolutions.com Fri Apr 28 17:46:41 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Apr 28 17:46:52 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> References: <20060412205748.GD14679@luckyduck.tux> <443F9148.7080908@netmagicsolutions.com> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> Message-ID: <445246F1.3050101@netmagicsolutions.com> Julian Field wrote: > > On 28 Apr 2006, at 16:54, Dhawal Doshy wrote: > >> Glenn Steen wrote: >>> Anyway, looking at the points Wietse stipulates, I think Jules pretty >>> much follow all/most of them already... So for now at least, things a >>> alright:-). >> >> I agree and here is a point by point check.. >> >> 9) When creating a queue file, Mailscanner MUST adhere to the >> convention that the file permissions are set to "executable" only >> after the file contents are safely stored. Otherwise mail will be >> corrupted or lost. >> >> DD> Not sure about this one, maybe Julian can comment on this. > > I adhere to this. > >> >> 10) Mailscanner should never touch a queue file that has an advisory >> lock (flock or fcntl lock, depending on the system environment). >> Otherwise mail will be corrupted or lost. >> >> DD> Not sure about this one too, maybe Julian can comment on this as >> well. > > I adhere to this. Thanks Julian, over to Wietse/Viktor now :-) - dhawal > --Julian Field From martinh at solid-state-logic.com Fri Apr 28 17:52:24 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Apr 28 17:52:34 2006 Subject: News from the cesspoll In-Reply-To: <4452464E.9020005@netmagicsolutions.com> Message-ID: <001301c66ae4$2004a1a0$3004010a@martinhlaptop> Dhawal Ah cool - good, hadn't noticed.... BTW you need to me running MS 4.53.2 or later for MS to pick up the rules from sa-update (unless merely changing the "SpamAssassin Local State Dir" is all that's needed of course) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dhawal Doshy > Sent: 28 April 2006 17:44 > To: MailScanner discussion > Subject: Re: News from the cesspoll > > Julian Field wrote: > > Would people like me to add the Black and Grey lists to the > > spam.assassin.prefs.conf file I ship with MailScanner? > > > > My easy-to-install ClamAV+SpamAssassin package enables the URIBL plugin > > for you during the installation, so most people will have the necessary > > stuff done in v310.pre already. > > > > The scores I use (very successfully) are > > Black: 3.0 > > Grey: 0.25 > > > > Your thoughts please folks! > > sa-update will update 25_uribl.cf as well, which include support for > BLACK, GREY and RED.. methinks it'll be a duplication for sa 3.1.1 users > since you already have sa-update running as a cronjob. > > - dhawal > > > Jules. > > > > On 28 Apr 2006, at 15:17, Martin Hepworth wrote: > > > >> > >> Well there's the default URI-RBL's that get installed with SA 3.x > >> > >> And another good two are from http://www.uribl.com/ > >> > >> You'll need the Net::DNS installed and the SA- plugin activitad in > >> init.pre. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From maillists at conactive.com Fri Apr 28 19:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Apr 28 19:29:29 2006 Subject: News from the cesspoll In-Reply-To: <20060428124154.GA14177@doctor.nl2k.ab.ca> References: <20060428124154.GA14177@doctor.nl2k.ab.ca> Message-ID: wrote on Fri, 28 Apr 2006 06:41:54 -0600: > University of Calgary in Canada has devised an e-mail that is spam > that can fool filters. Julian waht do you know about this? I love that. University of whatever said the sky will break apart today. Wow, what a message, I'm scared. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Apr 28 19:31:17 2006 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Apr 28 19:29:32 2006 Subject: Feature Request: MailScannerWebBug In-Reply-To: References: <223f97700604270757h41187bcajf712fb61c953719b@mail.gmail.com> <90FA2D54-03B1-40F6-9B31-5441563A7FD8@ecs.soton.ac.uk> <44511D6F.3060707@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Fri, 28 Apr 2006 13:45:17 +0100: > No it's not, sorry. If I do a beta including it for you, will you > give it a go and confirm that it works please? My own machine probably lets too few spam thru, so I would need to wait quite a while before I get a chance to see a MailScannerWebBug replacement. I can put it on my own machine and once it seems to be running ok there (which will need a day to confirm) I can put it on a production machine. Anyway, I don't need this urgently, I can just wait until you release it normally. I only asked to be sure that I can wait with installing this beta until the next final release is out. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mkettler at evi-inc.com Fri Apr 28 19:51:10 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 28 19:51:25 2006 Subject: News from the cesspoll (URIBL) In-Reply-To: <465950D9-5A67-4470-89DD-52DA3434F8FF@ecs.soton.ac.uk> References: <000401c66ace$71478e80$3004010a@martinhlaptop> <465950D9-5A67-4470-89DD-52DA3434F8FF@ecs.soton.ac.uk> Message-ID: <4452641E.5040108@evi-inc.com> Julian Field wrote: > Would people like me to add the Black and Grey lists to the > spam.assassin.prefs.conf file I ship with MailScanner? > > My easy-to-install ClamAV+SpamAssassin package enables the URIBL plugin > for you during the installation, so most people will have the necessary > stuff done in v310.pre already. > > The scores I use (very successfully) are > Black: 3.0 > Grey: 0.25 > > Your thoughts please folks! I personally find URIBL to have a higher FP rate than the other uridnsbls at surbl. While it's a valuable list, I really don't think it is safe to score it 3.0. I've had EXTENSIVE problems with URIBL and other SURBL lists overlapping in false positives. I really don't think URIBL is worth including at this time, but if you do, hack the default score back a bit. I'm using 1.5, with an additional hack-back to 0.5 if it overlaps with the SURBL rules. A lot of this was covered scattered across the giant near-flame-war thread I started on spamassassin-users a while ago ago titled "Over-scoring of SURBL lists". After the dust settled the following facts remained: 1) URIBL seems to have a surprising number FPs in common with WS and OB at my site. They officially deny any common sources of input. Regardless of commonality of sources, the fact of common dual-listed FPs between these at my site is real. I rarely have a URIBL_BLACK FP that isn't also listed in WS or OB. Fortunately FP's aren't that common, but when they happen they do more often than not double-hit with another SURBL list, at least at my site. 2) Most URIBL.com (and SURBL) FPs tend to be of a commercial nature. Most seem to be listings of mixed-use remailing and hosting providers that are used by spammers and large companies alike. This is largely unsurprising. 3) It's quite rare for two surbl.org lists to over-lap on a FP. In my experience if they do, it is most likely to be OB and WS. It almost never happens with SC, but recently my overall hit-rate for SC is very low. 4) There are many spams which only match URIBL at time of delivery. URIBL has a very fast adoption of reports, and in this regard they do very well. 5) overlap between URIBLs and SURBLs is NOT a problem, in and of itself. It's only a problem when the overlap on nonspam. (MANY people in that flame thread failed to read this fact. In fact, nearly all of them did.) That said, looking at the overlap percentages you cannot rule out problems of duplicated-input any more than you can prove it. Summarizing some stats, quoted below: -There are slightly more URIBL_BLACK hits than all of SURBL combined. -There are 50% more URIBL_BLACK hits that are not in any SURBL (671) than hits of any SURBL but are not in URIBL_BLACK (437). (note: I have not attempted to adjust this for FP rate.. that 50% might be largely FPs, or might be all spam.) -There is a significantly greater percentage of overlap between URIBL_BLACK and any one of WS, OB or JP (all >92%), than there is overlap between any two of WS, OB and JP (all <77%). Again, this isn't a problem, but it is an interesting fact. stats (note: I copied mail-log to a separate dir, so this data is not changing in these greps:) Total URIBL_BLACK hits: # grep "URIBL_BLACK" maillog |wc -l 6995 Total hit stats: Total SURBL.org hits # grep "_SURBL" maillog |wc -l 6761 Total WS hits: # grep "WS_SURBL" maillog |wc -l 4174 Total OB hits: # grep "OB_SURBL" maillog |wc -l 5246 # grep "JP_SURBL" maillog |wc -l 4718 # grep "SC_SURBL" maillog |wc -l 934 Overlap stats (take with a grain of salt. Overlap is alone is not proof of a problem. In each percentage, I compared against the list with the lowest total hit-count for the pairing) # grep "WS_SURBL" maillog | grep "URIBL_BLACK" |wc -l 3855 (92% of all WS hits) # grep "OB_SURBL" maillog | grep "URIBL_BLACK" |wc -l 5054 (96% of all OB hits) # grep "JP_SURBL" maillog | grep "URIBL_BLACK" |wc -l 4492 (95% of JP hits) # grep "OB_SURBL" maillog | grep "WS_SURBL" |wc -l 3175 (76% of all WS hits) # grep "JP_SURBL" maillog | grep "OB_SURBL" |wc -l 3571 (75% of all JP hits) grep "JP_SURBL" maillog | grep "WS_SURBL" |wc -l 3127 (75.9% of all WS hits) Surbl vs URIBL comparison, hits in one but not the other: grep -v "_SURBL" maillog | grep "URIBL_BLACK" |wc -l 671 (9.9 % of URIBL_BLACK hits are not in SURBL) grep "_SURBL" maillog | grep -v "URIBL_BLACK" |wc -l 437 (6.4% of all _SURBL hits are not in URIBL_BLACK) From root at doctor.nl2k.ab.ca Fri Apr 28 22:35:04 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Apr 28 22:35:43 2006 Subject: News from the cesspoll In-Reply-To: <465950D9-5A67-4470-89DD-52DA3434F8FF@ecs.soton.ac.uk> References: <000401c66ace$71478e80$3004010a@martinhlaptop> <465950D9-5A67-4470-89DD-52DA3434F8FF@ecs.soton.ac.uk> Message-ID: <20060428213504.GA6323@doctor.nl2k.ab.ca> On Fri, Apr 28, 2006 at 05:17:18PM +0100, Julian Field wrote: > Would people like me to add the Black and Grey lists to the > spam.assassin.prefs.conf file I ship with MailScanner? > > My easy-to-install ClamAV+SpamAssassin package enables the URIBL > plugin for you during the installation, so most people will have the > necessary stuff done in v310.pre already. > > The scores I use (very successfully) are > Black: 3.0 > Grey: 0.25 > > Your thoughts please folks! > > Jules. > I would say myself. > On 28 Apr 2006, at 15:17, Martin Hepworth wrote: > > > > >Well there's the default URI-RBL's that get installed with SA 3.x > > > >And another good two are from http://www.uribl.com/ > > > >You'll need the Net::DNS installed and the SA- plugin activitad in > >init.pre. > > > > > > > >-- > >Martin Hepworth > >Snr Systems Administrator > >Solid State Logic > >Tel: +44 (0)1865 842300 > >>-----Original Message----- > >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - > >>System Administrator a.k.a. The Root of the Problem > >>Sent: 28 April 2006 15:08 > >>To: MailScanner discussion > >>Subject: Re: News from the cesspoll > >> > >>On Fri, Apr 28, 2006 at 02:54:51PM +0100, Martin Hepworth wrote: > >>> > >>> > >>>URI-RBL's would catch this fairly quickly, as they do > >>>already...nothing > >>to > >>>see here, move along.. > >>> > >> > >>URL for the above please. Also, which RBL do we add to our > >>rbdnsbl list? > >> > >>>-- > >>>Martin Hepworth > >>>Snr Systems Administrator > >>>Solid State Logic > >>>Tel: +44 (0)1865 842300 > >>> > >>>>-----Original Message----- > >>>>From: mailscanner-bounces@lists.mailscanner.info > >>>>[mailto:mailscanner- > >>>>bounces@lists.mailscanner.info] On Behalf Of Dave Shariff > >>>>Yadallee - > >>>>System Administrator a.k.a. The Root of the Problem > >>>>Sent: 28 April 2006 14:39 > >>>>To: MailScanner discussion > >>>>Subject: Re: News from the cesspoll > >>>> > >>>>On Fri, Apr 28, 2006 at 09:24:18AM -0400, Rose, Bobby wrote: > >>>>>I'm confused...how is the use of highjacked/infected computers to > >>send > >>>>>out spam using forged addresses obtained from the infected > >>>>>computer > >>new? > >>>>>This tactic has been used before. > >>>>> > >>>>>-----Original Message----- > >>>>>From: mailscanner-bounces@lists.mailscanner.info > >>>>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >>Steve > >>>>>Ellis > >>>>>Sent: Friday, April 28, 2006 9:08 AM > >>>>>To: MailScanner discussion > >>>>>Subject: Re: News from the cesspoll > >>>>> > >>>>> > >>>>>See > >>>>> > >>http://www.theglobeandmail.com/servlet/story/RTGAM. > >>20060428.wxspam28/BNS > >>>>>tory/Technology/home > >>>>> > >>>>>At 08:41 AM 4/28/2006, you wrote: > >>>>>>University of Calgary in Canada has devised an e-mail that is > >>>>>>spam > >>that > >>>>> > >>>>>>can fool filters. Julian waht do you know about this? > >>>>>> > >>>>>>-- > >>>>>>This message has been scanned for viruses and dangerous > >>>>>>content by > >>>>>>MailScanner, and is believed to be clean. > >>>>>> > >>>>>>-- > >>>>>>MailScanner mailing list > >>>>>>mailscanner@lists.mailscanner.info > >>>>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>>> > >>>>>>Before posting, read http://wiki.mailscanner.info/posting > >>>>>> > >>>>>>Support MailScanner development - buy the book off the website! > >>>>> > >>>>>Steve Ellis > >>>>>Sr. Engineer > >>>>>KaZaK Composites, Inc > >>>>> > >>>>>781.932.5667 x105 > >>>>> > >>>> > >>>>Try http://pages.cpsc.ucalgary.ca/~aycock/papers/sz.pdf > >>>> > >>>>> > >>>>>*********** KaZaK Composites, Inc CONFIDENTIAL *********** > >>>>> > >>>>>Unless otherwise specified, the information contained in this > >>>>> > >>>>>e-mail message should be considered: privileged, confidential, > >>>>> > >>>>>and protected from disclosure. > >>>>> > >>>>> > >>>>>-- > >>>>>This message has been scanned for viruses and > >>>>> > >>>>>dangerous content by MailScanner, and is > >>>>> > >>>>>believed to be clean. > >>>>> > >>>>>-- > >>>>>MailScanner mailing list > >>>>>mailscanner@lists.mailscanner.info > >>>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>> > >>>>>Before posting, read http://wiki.mailscanner.info/posting > >>>>> > >>>>>Support MailScanner development - buy the book off the website! > >>>>>-- > >>>>>MailScanner mailing list > >>>>>mailscanner@lists.mailscanner.info > >>>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>> > >>>>>Before posting, read http://wiki.mailscanner.info/posting > >>>>> > >>>>>Support MailScanner development - buy the book off the website! > >>>>> > >>>>>-- > >>>>>This message has been scanned for viruses and > >>>>>dangerous content by MailScanner, and is > >>>>>believed to be clean. > >>>>> > >>>>> > >>>> > >>>>-- > >>>>This message has been scanned for viruses and > >>>>dangerous content by MailScanner, and is > >>>>believed to be clean. > >>>> > >>>>-- > >>>>MailScanner mailing list > >>>>mailscanner@lists.mailscanner.info > >>>>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>>Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>>Support MailScanner development - buy the book off the website! > >>> > >>> > >>>******************************************************************** > >>>** > >>> > >>>This email and any files transmitted with it are confidential and > >>>intended solely for the use of the individual or entity to whom they > >>>are addressed. If you have received this email in error please > >>>notify > >>>the system manager. > >>> > >>>This footnote confirms that this email message has been swept > >>>for the presence of computer viruses and is believed to be clean. > >>> > >>>******************************************************************** > >>>** > >>> > >>>-- > >>>MailScanner mailing list > >>>mailscanner@lists.mailscanner.info > >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>>Before posting, read http://wiki.mailscanner.info/posting > >>> > >>>Support MailScanner development - buy the book off the website! > >>> > >>>-- > >>>This message has been scanned for viruses and > >>>dangerous content by MailScanner, and is > >>>believed to be clean. > >>> > >>-- > >>MailScanner mailing list > >>mailscanner@lists.mailscanner.info > >>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >>Before posting, read http://wiki.mailscanner.info/posting > >> > >>Support MailScanner development - buy the book off the website! > > > > > >********************************************************************** > > > >This email and any files transmitted with it are confidential and > >intended solely for the use of the individual or entity to whom they > >are addressed. If you have received this email in error please notify > >the system manager. > > > >This footnote confirms that this email message has been swept > >for the presence of computer viruses and is believed to be clean. > > > >********************************************************************** > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Fri Apr 28 22:37:53 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Apr 28 22:38:29 2006 Subject: News from the cesspoll In-Reply-To: References: <20060428124154.GA14177@doctor.nl2k.ab.ca> Message-ID: <20060428213753.GB6323@doctor.nl2k.ab.ca> On Fri, Apr 28, 2006 at 08:31:17PM +0200, Kai Schaetzl wrote: > wrote on Fri, 28 Apr 2006 06:41:54 -0600: > > > University of Calgary in Canada has devised an e-mail that is spam > > that can fool filters. Julian waht do you know about this? > > I love that. University of whatever said the sky will break apart today. > Wow, what a message, I'm scared. > Calgary is viewed is a non-intellectual city from Edmotnon Alberta Canada. Sort of like Portsmouth vs Southampton, Arsenal vs tottenham, Man U vs Man C ... > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mmazhar at gmail.com Sat Apr 29 07:57:50 2006 From: mmazhar at gmail.com (Mazhar Hussain) Date: Sat Apr 29 07:57:52 2006 Subject: help How to move spams to spam directory of Home of each user. Message-ID: Hi to all, I am new to mailing List. I have installed MaiScanner 4.52.2 (rpm) ,SpamAssassin 3.1.1 (from CPAN) and "install-Clam-SA" on fedora redhat core 1.All of these are stable.All spam emails are being tagged as {?Spam?}. Its working fine .Now what i want to do is to define a script that will move all spams email to spam directory of respective users.Scipt will first check either spam dir exist's in User Home dir if not it will create one and then move its incoming spam emails to spam dir.I am using sendmail ,Imap and pop3. I shall be very thank full to all of you for this help. Thanks, Mazhar +92 321 521 9779. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060429/3f170057/attachment.html From glenn.steen at gmail.com Sat Apr 29 10:53:25 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 29 10:53:28 2006 Subject: help How to move spams to spam directory of Home of each user. In-Reply-To: References: Message-ID: <223f97700604290253g64195ff0u9a2e0ec231f9a11a@mail.gmail.com> On 29/04/06, Mazhar Hussain wrote: > > Hi to all, > > I am new to mailing List. > > I have installed MaiScanner 4.52.2 (rpm) ,SpamAssassin 3.1.1 (from CPAN) and > "install-Clam-SA" on fedora redhat core 1.All of these are stable.All spam > emails are being tagged as {?Spam?}. Its working fine .Now what i want to do > is to define a script that will move all spams email to spam directory of > respective users.Scipt will first check either spam dir exist's in User > Home dir if not it will create one and then move its incoming spam emails to > spam dir.I am using sendmail ,Imap and pop3. > I shall be very thank full to all of you for this help. > Have you checked out MailWatch? You can have your users log in and manage their own quarantines in that. In a word: Simpler than moving it around...:-). Can even be taught to work with an AD (if you have that)... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 29 11:03:13 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 29 11:03:15 2006 Subject: Attn. postfix users WAS Multiple Postfix smtp instances In-Reply-To: <445246F1.3050101@netmagicsolutions.com> References: <20060412205748.GD14679@luckyduck.tux> <443FDBCF.6040004@rogers.com> <20060414192115.13204.qmail@mymail.netmagicians.com> <44432F03.4090907@netmagicsolutions.com> <223f97700604241045n144a8ae5radb01346cbdb2f1d@mail.gmail.com> <44523AA2.3080008@netmagicsolutions.com> <80973D29-30E5-4A00-8176-6FE4D48F7E78@ecs.soton.ac.uk> <445246F1.3050101@netmagicsolutions.com> Message-ID: <223f97700604290303w39bf2e5eqaf5d6d4152c1c439@mail.gmail.com> On 28/04/06, Dhawal Doshy wrote: > Julian Field wrote: > > > > On 28 Apr 2006, at 16:54, Dhawal Doshy wrote: > > > >> Glenn Steen wrote: > >>> Anyway, looking at the points Wietse stipulates, I think Jules pretty > >>> much follow all/most of them already... So for now at least, things a > >>> alright:-). > >> > >> I agree and here is a point by point check.. > >> > >> 9) When creating a queue file, Mailscanner MUST adhere to the > >> convention that the file permissions are set to "executable" only > >> after the file contents are safely stored. Otherwise mail will be > >> corrupted or lost. > >> > >> DD> Not sure about this one, maybe Julian can comment on this. > > > > I adhere to this. > > > >> > >> 10) Mailscanner should never touch a queue file that has an advisory > >> lock (flock or fcntl lock, depending on the system environment). > >> Otherwise mail will be corrupted or lost. > >> > >> DD> Not sure about this one too, maybe Julian can comment on this as > >> well. > > > > I adhere to this. > > Thanks Julian, over to Wietse/Viktor now :-) > > - dhawal > Once in a while, when this crops up (and lets face it, it's not the first time Wietse has announced that changes in PF will break MS.... and hasn't:-), I get the distinct feeling this is more of a NIH fenomenon than anything else.... I'm not really sure Wietse has ever bothered to check any detailds about how MS really works... Nor that he really cares. It's really a shame, since both products are made less by it (in peoples minds, not in actuality). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Bernard.Lheureux at ibsbe.be Sun Apr 30 10:42:52 2006 From: Bernard.Lheureux at ibsbe.be (Bernard.Lheureux@ibsbe.be) Date: Sun Apr 30 10:42:23 2006 Subject: Rejecting Unknown Non-Local Users with MailScanner (4.47.4-2) Sendmail as a relay for MS-Exchange 2003 Message-ID: I'm looking for a solution that could allow me to reject unknown non-local users mails that come through a MailRelay (MailScanner 4.47.4-2) but not with posfix, I use Sendmail to relay to an Exchange 2003 server. All the soluces that I found are made for Postfix... I suppose it should also exist for sendmail, do you have an idea where I could find infos about it ? Best regards / Vriendelijke groeten / Cordialement, --- Bernard Lheureux Consultant IBS TECHNOLOGY AND SERVICES Leuvense Steenweg, 643 1930 Zaventem - Belgium Phone: +32-(0)2-723.91.11 Direct: +32-(0)2-723.91.05 Fax: +32-(0)2-723.92.99 Mobile: +32-(0)475-53.03.11 http://www.ibsts.be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060430/05297ae6/attachment.html From michele at blacknight.ie Sun Apr 30 11:30:34 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight.ie) Date: Sun Apr 30 11:30:54 2006 Subject: Rejecting Unknown Non-Local Users with MailScanner (4.47.4-2) Sendmail as a relay for MS-Exchange 2003 In-Reply-To: References: Message-ID: <445491CA.4070805@blacknight.ie> Bernard.Lheureux@ibsbe.be wrote: > > I'm looking for a solution that could allow me to reject unknown > non-local users mails that come through a MailRelay (MailScanner > 4.47.4-2) but not with posfix, I use Sendmail to relay to an Exchange > 2003 server. > All the soluces that I found are made for Postfix... > I suppose it should also exist for sendmail, do you have an idea where I > could find infos about it ? > Milter ahead -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Fax. +353 (0) 59 9164239 From kte at nexis.be Sun Apr 30 14:45:03 2006 From: kte at nexis.be (kte@nexis.be) Date: Sun Apr 30 14:45:18 2006 Subject: how to bock mailservers that have only an ip address Message-ID: I there a way to block server who don't have an DNS name but only resolve to an ip address in sendmail? Thanks Koen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060430/fbf24fd6/attachment.html From csweeney at osubucks.org Sun Apr 30 15:07:52 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Sun Apr 30 15:06:07 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: Message-ID: <4454C4B8.4090500@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://support.ausics.net/require_rdns.m4 Should do the trick. kte@nexis.be wrote: > > I there a way to block server who don't have an DNS name but only > resolve to an ip address in sendmail? > > Thanks Koen -- This message has been scanned for viruses and > dangerous content by *MailScanner* , > and is believed to be clean. - -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEVMS4S9AMNDUYgIcRAqC0AJ9R/Tejq3LasiVrW5i2OcUb+rlmGwCgncrd 6HO7jAcHIgT6EYwmi2OVwXY= =SK8n -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060430/376e2e32/attachment.html From james at grayonline.id.au Sun Apr 30 15:06:38 2006 From: james at grayonline.id.au (James Gray) Date: Sun Apr 30 15:07:02 2006 Subject: how to bock mailservers that have only an ip address In-Reply-To: References: Message-ID: <200605010006.39168.james@grayonline.id.au> On Sun, 30 Apr 2006 23:45, kte@nexis.be wrote: > I there a way to block server who don't have an DNS name but only > resolve to an ip address in sendmail? > > Thanks Koen http://www.cs.niu.edu/~rickert/cf/hack/require_rdns.m4 Should fix your dilemma. There may be easier ways. Cheers, James -- An alcoholic is someone you don't like who drinks as much as you do. -- Dylan Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060501/618277ae/attachment.bin From steve.swaney at fsl.com Sun Apr 30 16:08:50 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun Apr 30 16:09:01 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.88.2 Message-ID: <0c3b01c66c67$fd3c3310$287ba8c0@office.fsl> FYI. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -----Original Message----- From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli Sent: Saturday, April 29, 2006 7:41 PM To: ClamAV Announce Subject: [Clamav-announce] announcing ClamAV 0.88.2 Dear ClamAV users, release 0.88.2 is available for download. This release improves virus detection, fixes zip handling on 64-bit architectures and possible security problem in freshclam. Best regards, -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca at clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce From gmane at tippingmar.com Sun Apr 30 17:54:06 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Sun Apr 30 17:53:23 2006 Subject: install-Clam-SA gzip problem Message-ID: I'm trying to use the install-Clam-SA scrip to update my Spamassassin, which was successfully installed using the previous (3.1.0) version. The install script doesn't seem to be able to unpack the gz files as you can see below. As I said, I previously installed using this method without any problems. Ideas? Thanks, Mark Good, you appear to only have 1 copy of Perl installed: /usr/bin/perl Found gcc. cc is really gcc. Good, I have found GNU tar in /bin/tar. This script will pause for a few seconds after each major step, so do not worry if it appears to stop for a while. If you want it to stop so you can scroll back through the output then press Ctrl-S to stop the output and Ctrl-Q to start it again. If this fails due to dependency checks, and you wish to ignore these problems, you can run ./install.sh --nodeps Rebuilding all the Perl modules for your version of Perl Oh good, module Digest version 1.08 is already installed. Oh good, module Text::Balanced version 1.95 is already installed. Oh good, module Digest::MD5 version 2.33 is already installed. Oh good, module Parse::RecDescent version 1.94 is already installed. Oh good, module Inline version 0.44 is already installed. Attempting to build and install Test-Harness-2.42 Unpacking perl-tar/Test-Harness-2.42.tar.gz /bin/tar: Skipping to next header /bin/tar: Archive contains obsolescent base-64 headers gzip: stdin: invalid compressed data--crc error gzip: stdin: invalid compressed data--length error /bin/tar: Child returned status 1 /bin/tar: Error exit delayed from previous errors Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are Mail-ClamAV and Mail-SpamAssassin. Can't open perl script "Makefile.PL": No such file or directory make: *** No targets specified and no makefile found. Stop. Oh good, module Digest::HMAC version 1.01 is already installed. Oh good, module Net::DNS version 0.48 is already installed. Oh good, module URI version 1.35 is already installed. Oh good, module Mail::SPF::Query version 1.997 is already installed. Oh good, module IP::Country version 2.20 is already installed. Oh good, module IO::Zlib version 1.04 is already installed. Oh good, module IO::String version 1.06 is already installed. Oh good, module Archive::Tar version 1.26 is already installed. Attempting to build and install Mail-SpamAssassin-3.1.1 Unpacking perl-tar/Mail-SpamAssassin-3.1.1.tar.gz gzip: stdin: invalid compressed data--format violated /bin/tar: Child died with signal 13 /bin/tar: Error exit delayed from previous errors Missing directory /tmp/Mail-SpamAssassin-3.1.1 . Maybe it did not build correctly? From gmane at tippingmar.com Sun Apr 30 18:36:01 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Sun Apr 30 18:35:24 2006 Subject: install-Clam-SA gzip problem In-Reply-To: References: Message-ID: Mark Nienberg wrote: > I'm trying to use the install-Clam-SA scrip to update my Spamassassin, > which was successfully installed using the previous (3.1.0) version. > > The install script doesn't seem to be able to unpack the gz files as you > can see below. As I said, I previously installed using this method > without any problems. For lack of anything better, I downloaded and untared the installation again and now it works. Strange that the archive itself unzipped fine but the archives within it would not. All is good now in any case. Mark From MailScanner at ecs.soton.ac.uk Sun Apr 30 20:03:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 30 20:03:52 2006 Subject: install-Clam-SA gzip problem In-Reply-To: References: Message-ID: <44550A0A.8000308@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: > Mark Nienberg wrote: >> I'm trying to use the install-Clam-SA scrip to update my >> Spamassassin, which was successfully installed using the previous >> (3.1.0) version. >> >> The install script doesn't seem to be able to unpack the gz files as >> you can see below. As I said, I previously installed using this >> method without any problems. > > > For lack of anything better, I downloaded and untared the installation > again and now it works. Strange that the archive itself unzipped fine > but the archives within it would not. All is good now in any case. It was a problem caused by my migration from CVS to Subversion. I fixed it between your two downloads :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFUKCxH2WUcUFbZUEQLBMgCggiQJJ3gxvaM4LVv8Xpld7d5hj3YAn3TN g57xmH3hBCtr+ocflTgNjiZU =Omu3 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Apr 30 20:08:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 30 20:09:10 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.88.2 In-Reply-To: <0c3b01c66c67$fd3c3310$287ba8c0@office.fsl> References: <0c3b01c66c67$fd3c3310$287ba8c0@office.fsl> Message-ID: <44550B48.10605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have upgraded my easy-to-install ClamAV+SA package to include 0.88.2. Stephen Swaney wrote: > FYI. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli > Sent: Saturday, April 29, 2006 7:41 PM > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.88.2 > > Dear ClamAV users, > > release 0.88.2 is available for download. > > This release improves virus detection, fixes zip handling on 64-bit > architectures and possible security problem in freshclam. > > Best regards, > > -- > The ClamAV team (http://www.clamav.net/team.html) > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFULSRH2WUcUFbZUEQKUjACaAn4DmWmvEGVqY0P95DXs0nneo2MAn1ij 6YJDAQTsJXJERIL8SBoAuLpM =3ths -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From brent.addis at pronet.co.nz Sun Apr 30 22:37:35 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Sun Apr 30 22:38:15 2006 Subject: Rejecting Unknown Non-Local Users with MailScanner (4.47.4-2) In-Reply-To: <445491CA.4070805@blacknight.ie> References: <445491CA.4070805@blacknight.ie> Message-ID: <44552E1F.2090502@pronet.co.nz> Michele Neylon :: Blacknight.ie wrote: > Bernard.Lheureux@ibsbe.be wrote: > >> I'm looking for a solution that could allow me to reject unknown >> non-local users mails that come through a MailRelay (MailScanner >> 4.47.4-2) but not with posfix, I use Sendmail to relay to an Exchange >> 2003 server. >> All the soluces that I found are made for Postfix... >> I suppose it should also exist for sendmail, do you have an idea where I >> could find infos about it ? >> >> > > Milter ahead > > > Does sendmail not do some sort of callout verification? Most other MTA's I have used since dropping Sendmail have supported it for a long time. Why run Milter if your MTA has most everything milter does built in? http://grep.be/blog/en/retorts/milter-ahead.php?show_comments=yes -- Regards, Brent Addis Technical Account Manager Pronet Internet NZ LTD