From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:07 2006 Subject: No subject Message-ID: Virus Scanner = mcafee Sweep = /usr/local/bin/mcafeewrapper When the setting is uning sophos, i.e. Virus Scanner = sophos and Sweep = /usr/local/bin/sophoswrapper, it works ok. Please see the floowing for detail. Thanks, Bruce The log: Nov 19 08:54:10 hudson.geog.utoronto.ca sm-mta[14733]: fAJDs9GT014733: from=, size=202672, class=0, nrcpts=1, msgid=, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=credit.erin.utoronto.ca [142.150.1.1] Nov 19 08:54:10 hudson.geog.utoronto.ca sm-mta[14733]: fAJDs9GT014733: to=, delay=00:00:00, mailer=esmtp, pri=240797, stat=queued Nov 19 08:54:33 hudson.geog.utoronto.ca mailscanner[13342]: Using flock() to lock /var/spool/mqueue.in/qffAJDs9GT014733 Nov 19 08:54:33 hudson.geog.utoronto.ca mailscanner[13342]: Using flock() to lock >/var/spool/MailScanner/incoming/fAJDs9GT014733.header Nov 19 08:54:34 hudson.geog.utoronto.ca mailscanner[13342]: >>> Virus 'W32/Sircam-A' found in file ./fAJDs9GT014733/National Diploma in Forestry.doc.com Nov 19 08:54:34 hudson.geog.utoronto.ca mailscanner[13342]: Found 2 viruses in messages fAJDs9GT014733 Nov 19 08:54:34 hudson.geog.utoronto.ca mailscanner[13342]: Saved infections to /var/spool/MailScanner/quarantine/20011119/fAJDs9GT014733 Nov 19 08:54:34 hudson.geog.utoronto.ca mailscanner[13342]: Using flock() to lock >/var/spool/mqueue/dffAJDs9GT014733 Nov 19 08:54:34 hudson.geog.utoronto.ca mailscanner[13342]: Using flock() to lock >/var/spool/mqueue/tffAJDs9GT014733 Nov 19 08:54:38 hudson.geog.utoronto.ca mailscanner[13342]: >>> Virus 'W32/Sircam-A' found in file ./fAJDs9GT014733/National Diploma in Forestry.doc.com Nov 19 08:54:38 hudson.geog.utoronto.ca mailscanner[13342]: Found 2 viruses in messages fAJDs9GT014733 Nov 19 08:54:50 hudson.geog.utoronto.ca sendmail[14740]: fAJDs9GT014733: to=, delay=00:00:40, xdelay=00:00:15, mailer=esmtp, pri=330797, relay=terre.geog.utoronto.ca. [128.100.91.6], dsn=2.0.0, stat=Sent (IAA02441 Message accepted for delivery) From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:12 2006 Subject: No subject Message-ID: (which I had implicitly assumed anyway) would be a great step forward. The Solaris pkg would then be "icing on the cake". > Once that's done, then it should be easier to create packages for any of > the popular package management systems (by causing the installer to put > everything under a previously-empty subdirectory). Agreed: something like gmake install DESTDIR=temp-build-dir cd temp-build-dir I have successfully use this for a completely different project (which had also included the additional (and to us irrelevant) tricky issue of shared libraries). > In the end I would expect that rpm, solaris pkg, *bsd pkg, and debs at least > would be worth having. Certainly. > > 2. If the idea meets with Julian's approval, and if there are several > > other sites which would positively wish for Solaris/pkg, then I might > > be able to volunteer to take an initial look at it (although it would > > have to be at low priority...). > > Once a generic installer is done, it should be much easier to create > platform-specific packages; I'd encourage anyone who's considering trying > to make packages for any particular platform to mail me and offer to help > with the generic installation system, so that we can: a) get it done, and > b) make sure that it really does make it easier to create their particular > type of packages. Given this encourage from you (and from Julian in a separate message) I'm trying to knock up a small automake+autoconf scheme at the moment... -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:14 2006 Subject: No subject Message-ID: repeatedable currently, so the config reader may puke on it too. -- Neither sweat, nor blood, nor frustration, or lousy manuals nor missing parts, or wrong parts shall keep me from my task. From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:21 2006 Subject: No subject Message-ID: Full headers are: Return-Path: Received: from ......rest of the headers Not a real header you might expect... but it's a start... Browsing back through my old virus warnings, it looks like something concerning this has changed between versions 3.02-1 and 3.03-1 of MailScanner. And btw, yes this last warning was about the MyParty virus. Tnx for being so darn fast with fixing MailScanner to detect it! -- Evert Jan van Ramselaar Van Ramselaar Info Tech ___ This message has been scanned for viruses and other dangerous content by Van Ramselaar Info Tech and is believed to be clean. See http://www.vr-it.com/emailpolicy.php From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:24 2006 Subject: No subject Message-ID: fastest way of doing things. Gene > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Todd Martin > Sent: Wednesday, February 06, 2002 12:27 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: SpamAssassin stand alone or invoked by mailscanner > > > Hi all, > > I'm in the process of testing mailscanner. I want to also use > filtering with SpamAssassin. > > On a cursory glance, it seems like I loose my per-user preferences > (threshold, etc.) for SpamAssassin if mailscanner invokes > SpamAssassin. Is this correct? > > What other trade-offs are there between SpamAssassin stand alone or > invoked by mailscanner? Is one way faster (higher through put)? > > ~Todd > From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:29 2006 Subject: No subject Message-ID: collaborative, spam detection and filtering network." Sander -- This mail was scanned for viruses by MailScanner (www.mailscanner.info) From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:29 2006 Subject: No subject Message-ID: collaborative, spam detection and filtering network." Sander -- This mail was scanned for viruses by MailScanner (www.mailscanner.info) From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:34 2006 Subject: No subject Message-ID: like a lot would have to be rewritten to get mailscanner to rewrite the message to include the report and return it to the main routine. Though I could be wrong, I'd have to review it again. =20 =20 -----Original Message----- From: Kelly Hamlin [mailto:fizz@BOMB.NET]=20 Sent: Tuesday, March 26, 2002 11:31 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Feature Request As you may or may not have noticed, people have been wanting the ability to A. Know what spam is being scored even when it doesnt meat the threshold. and B. Be able to include the terse report that spamassassin uses.. Ex:(damnit, cant find example) Anyway it shows which elements of the message scored what. Which would then allow you to further tweak the scores. I think mailscanned is a wonderful utility and as it gets more users/features will continue to be the best. =20 I would love to see better intergration ability with spamassassin and maybe razor in future releases. And maybe a flat text file whitelist for people you dont want mailscanner to mark ANY mail as spam, and still scan for virus's. Basically a little more flexability. I know some requests are a little iffy, but im interested to see how many people would like this functionality from the wonderful mailscanner by its incredibile author Julian :) =09 =20 ------_=_NextPart_001_01C1D550.629EACA8 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message
It=20 already does the whitelist.  When Mailscanner first started using = SA, I=20 made some modifications in sendmail.pl within the SAForkAndTest sub, = after the=20 line
    $SAResult =3D int($spamness->get_hits()) = if=20 $SAResult;

I added
 
    if ($SAScore >=3D5)=20 {
      $spamness->rewrite_mail=20 ();
      my $SARewrite =3D=20 $spamness->get_full_message_as_text();
    &nbs= p;=20 local(*DOUT);
      open(DOUT,=20 ">>/var/spam/queue/spr$mID") or Log::DieLog("Failed to create copy = of spam=20 message spr$mID");
      print DOUT=20 $SARewrite;
      close = DOUT;
  =20 }
 
This=20 dumps the message including the SA report into a queue.  This = allows me to=20 take samples and also to report the messages as spam to=20 razor.
 
Oh yeh=20 I had to added $mID to the subroutine call so the
 =20 $SAResult =3D SAForkAndTest($SAspamtest, $spammail); =
became  
 =20 $SAResult =3D SAForkAndTest($SAspamtest, $spammail, = $mID);
and=20
  my($Test,=20 $Mail) =3D @_;
became
  my($Test, $Mail, $mID) =3D=20 @_;
Granted I could probably stop doing this since I think Julian = mentioned=20 adding the ability to forward or cc the spam messages to an=20 account.
 
From=20 what I can see in the code with my amateur perl knowledge, it looks like = a lot=20 would have to be rewritten to get mailscanner to rewrite the message to = include=20 the report and return it to the main routine.  Though I could be = wrong, I'd=20 have to review it again.
 
 
-----Original = Message-----
From: Kelly=20 Hamlin [mailto:fizz@BOMB.NET]
Sent: Tuesday, March 26, 2002 = 11:31=20 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Feature=20 Request

As you may or may not have noticed, = people have=20 been wanting the ability to A. Know what spam is being scored even = when it=20 doesnt meat the threshold. and B. Be able to include the terse report = that=20 spamassassin uses..
Ex:(damnit, cant=20 find example)
Anyway it shows which elements of the = message=20 scored what. Which would then allow you to further tweak the=20 scores.
I think mailscanned is a wonderful = utility and as=20 it gets more users/features will continue to be the best.
 
I would love to see better = intergration ability=20 with spamassassin and maybe razor in future releases. And maybe a flat = text=20 file whitelist for people you dont want mailscanner to mark ANY mail = as spam,=20 and still scan for virus's. Basically a little more flexability. I = know some=20 requests are a little iffy, but im interested to see how many people = would=20 like this functionality from the wonderful mailscanner by its = incredibile=20 author Julian :)
 
=00 ------_=_NextPart_001_01C1D550.629EACA8-- From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:35 2006 Subject: No subject Message-ID: color, at least. We're thinking about changing that. Kinda. We're running out of usable color schemes. I'd like to use the same background images in each newsletter, which will actually speed up things for those of you who read more than one regularly (since they'd be cached). This will also decrease our server load, and allow us to use new colors without having to get too creative. "Huh?" The title bars and text colors will stay - they're great visual cues. I'm hoping to make the background images color neutral, like a much lighter (and whiter) spin on the one we're currently using for the Penguin Shell. I may have a mock-up for y'all soon. Of course, by then, we may have switched everything over to the "new" system. This is a functional change, folks. I'm interested in hearing what you have to say about it first, though. Don't make me break out the burnt sienna; it was bad enough when we decided on sea foam (hospital) green for the Bits & Bytes. Paging Dr. Scalability!

See You in August,              
Chris Pirillo       


 GnomeDOWNLOADS

Molecular Weight Calculator v6.12 [2.1M] W9x/2k/XP FREE

http://jjorg.chem.unc.edu/personal/monroe/download/mwt6_12s.zip
http://jjorg.chem.unc.edu/personal/monroe/mwtwin.html
http://screenshot.lockergnome.com/molecularweightcalculator.png

{Weigh them molecules} Who needs a molecular weight calculator? I sure don't. But you see, my friends, I not only feature stuff that's useful to me, but stuff that might be useful to others, as well. Therefore, let me introduce all of you "chem" Gnomies to this lovely little calculator. It contains a formula finder, an amino acid notation converter (I just sold mine on eBay last month), and a capillary calculations monitor - just to name a few features. "Note the notation used to enter a molecular formula and note how the program can display multiple formulas simultaneously, while formatting them with subscripts as needed, plus superscripts for isotopes." Yes, please note that. Don't make me repeat it 6.022 times ten to the 23rd times.


Verbix v4.2 [1.2M] W9x/2k/XP FREE

http://koti.welho.com/elindber/download/vrbxl423.zip
http://www.verbix.com/windowsverbix/
http://screenshot.lockergnome.com/verbix.png

{Mastering foreign verbs} Conjugations can tie a person's head in knots. Not to mention, their tongue. Okay, they might not be too difficult to understand in your native language, but what if you're trying to study a different one? Those things can trip you up bigtime. This program was designed specifically for learning verbs; over one hundred languages are supported (pending registration). Besides being a wonderful learning tool, it can also save you a lot of "look it up in the dictionary" time. "Unlike any other sources, Verbix for Windows also returns the glossary look-up form from any inflection; you no more need to know them by heart!" Free languages include: Arabic, Dalmatian, Ancient Egyptian, Classical Greek, Mandarin Chinese, Japanese, Klingon, and a few others.

Recommend It!


 GnomeCLICKS

Giving you the power to quickly and easily avoid the hassle of junk mail, Inbox Protector is a Microsoft Outlook add-In, which scans incoming E-Mail, redirecting unwanted junk mail to a separate folder for later inspection if necessary. TECHNOLOGY can be frustrating for new and intermediate computer users, UNTIL NOW. Join us for a FREE Windows Newsletter, video tutorials, articles, special reports, and more! IPCheck Server Monitor monitors a network using various protocols (e.g. ping, http, smtp, ftp) and notifies the staff in various ways as soon as an outage occurs. Shortcut to RDesk.exe Webserver Stress Test Tool simulates simultaneous users accessing a web server and helps to streamline your web application. Essential for every web developer, webmaster or web marketer!


 GnomeSYSTEM

How to Use Dates and Times in Microsoft Excel

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q214094

"Microsoft Excel stores all dates as integers and all times as decimal fractions. With this system, Excel can add, subtract, or compare dates and times just like any other numbers, and all dates are manipulated by using this system. In this system, the serial number 1 represents 1/1/1900 12:00:00 AM. Times are stored as decimal numbers between .0 and .99999, where .0 is 00:00:00 and .99999 is 23:59:59. The date integers and time decimal fractions can be combined to create numbers that have a decimal and an integer portion. For example, the number 32331.06 represents the date and time 7/7/1988 1:26:24 AM. To help you perform complex date and time calculations, Microsoft Excel includes many built-in date and time functions."

Recommend It!


 GnomeASSISTANT

Enough with the Passwords, Already!
Scribbled by Ron Pelton

Jake wrote about e-commerce solutions while explaining the absence of your store. Sounds like he found a good one, but now I get just a little steamed. When grocery shopping, fueling the family transportation system, Christmas shopping, or whatever commerce that is done in the non-digital world, do you have to provide a password so that a merchant will let you browse or (worse) let you make a purchase. Of course not!

At this point, I have password overload and have sworn off online purchases. There are some exceptions, however. To date, 26 online merchants have lost me as customer because of a request for a password. I have written to each one of them after backing out of their shopping carts to let them know that they lost a sale - and to request a rational reason [as to] why I should invoke an accounting program to track passwords when it is not necessary in real life. Even bizrate.com, which provides a wonderful service, has begun some selling on its own and lost a sale to me. NOBODY has even had the courtesy to respond with an attempted answer. The truth is, all you need is enough personal information to conclude that I am a real person with a real credit card, which is more than they do at Wal-Mart where they don't even bother to compare signatures (or even gender). I hope Jake's new program is customer friendly, not just administratively friendly.

(Furo) Agreed. It's stupid to have to register on a site just to place an order with them. It's not like they won't have a way to market to you anyway, so why the registration? Oh, gee whiz, so you remembered my shipping address... big deal. One way I get back at them is to re-register every time I place a new order, creating an email account just long enough to get the receipt, then I destroy the email account so further emails are bounced back to them. Sure, it's a little more work, but bleep 'em. It's worth it! I don't normally do that for large sites like Amazon, but I do for the small shops. I did that exact thing on Monday to a site because they forced me to register. My order should be here today and I'll never have to hear from them again and I don't have to remember a password for their site.

(Jake) Actually, until the legal system gets changed to more closely match the Internet transaction space, or a better verification system gets put in place to make fraud less likely, the more information a site can gather and store about its customers, the better. The burden of proof with all transactions occurring on the Internet lies with the seller. If a purchaser chooses to block the transaction, even after they've already received delivery of the product, too bad for the retailer - they eat the cost of the merchandise and get an extra charge to boot. Lockergnome can't afford those risks; I'm guessing that most small retailers can't either. If that happened with only one transaction, it would take as many as several hundred transactions to make up the lost revenues.

Making customers provide more information about themselves helps ensure that abusers are going to be less likely to want to cheat the system because it becomes inconvenient. It is less expensive for a company to sit on extra inventory, creating a longer inventory turn cycle - even if that inventory might have been sold to a legitimate purchaser if they hadn't been forced to jump through an extra hoop and provide information. In addition to decreasing the likelihood of people defrauding the system in the first place, retaining more information also provides further ammunition for proving that the transaction was legitimate when it gets called into question by the credit card company.

Many Internet sellers, including the previous company that hosted our store's fulfillment, even go so far as to require buyers to FAX a copy of the card for them to keep on file - in an effort to take an extra step to ensure that they weren't dealing with a phony. This did tick off some people (who chose not to purchase), but it also kept their chargebacks down to virtually zero, with their closest competitor in their space incurring upwards of $80k in chargebacks per quarter. It would take a hell of an increase in transactions to justify losing $25k+ / month to fraudulent transactions.

By our collecting names and addresses, forcing people to log in, we've added a layer of protection that should act as a minor fraud deterrent. If that also blocks a few purchases along the way, so be it. If I truly believed that we would do more volume by making the purchasing process easier and simultaneously not lose any money by taking an extra risk, by all means - I'd go with a system that was more "wide open." However, people exist who will take advantage of any easy means of defrauding the system, so until there is a better system for defeating fraud, the "best" system is having as much information as possible.

Discuss This Topic | Recommend It!


 GnomeFAVORITE

Open Diary

http://www.opendiary.com/

{Read my thoughts} If you share your diary openly with other people, should it still be called a diary? That was a rhetorical question, really - it just popped into my head while I was browsing the entries available here. Perhaps I might add my own soon. "Today I almost asked Susie to the Homecoming Dance. I hope my Camaro starts." Anyway, if you have something to say and don't mind sharing it, give this a short spin. There is a charge to use the service, but it's small change, trust me. "Open Diary is the next generation of online diary communities. This community will be limited to only 10,000 members. We are currently home to 2,821 online diarists." There ya go - rather exclusive.

Recommend It!


 GnomeTIP

Who here doesn't use a Microsoft Office application on a regular basis? Wow. I didn't realize there were so many of you. Look at those icons. I mean, each one is a miniature work of art. Except that one. Right there. You know, the ugly one on the end? Right- click on a Toolbar and select the Customize option. Now, right- click on any given "ugly" icon you'd like to change. Yes, that Change Button Image menu is nice for other pre-formatted icons, but what if you don't see what you want in there? Easy. Select the Edit Button Image option. Look at that - a pseudo icon editor. If you're so inclined, you can also edit menu items. As long as that Customize dialog is still open, you can left-click to open a menu, then right-click on any given option and change or add its icon. If you mess up, then simply select the Reset Button Image option. This thing is foolproof. Sure, you don't have many colors to choose from, but how fancy do you really need these things to be? I made a strawberry for Word's Insert Field menu option. It'll stay there forever.

Recommend It!



 Geekathon 2002

 Latest Windows Daily
 Latest Digital Media
 Latest Tech Specialist
 Latest Penguin Shell
 Latest Web Weekly
 Latest Bits & Bytes
 Latest Audio Show

 The GnomeSHOPPER

 Recommend Us!
 Advertise With Us
 High-Tech Job Search
 Chat With Gnomies
 Watch The Webcams
 Chris Pirillo's Blog
 Computer Power User

 Visit Our Forums
 Submit Your Opinion
 Read Past Issues
 Download X-Setup
 About Lockergnome
 Our Privacy Policy
 View More Options
 Get Chris's Book
 Win a Digital Camera

 Questions / Help
 Submit Suggestions
 Rants & Raves
 General Feedback
 E-mail the Editor

 Our XML / RSS Feed
 Syndicate Our Tips
 Link To Lockergnome

Syndicate Today's Content

 


Samsung V1000
Pioneer DV-444
Sony DVP-NS700P
Toshiba SD-5700
Panasonic DVD-RP56
Apex AD-1500
HP Access Point
Sony DVP-NS900V
Philips DVDR1000
RCA RC5240P

 


 Movie Collector
 Make Your Own Music
 ClipManager
 Boomer! Stream Now
 CaptureWizPro
 Pretty Good Solitaire
 Visualize Color Combos
 FirstStop WebSearch
 Ecobuilder
 Tag&Rename
 Financial Advisor
 500+ PC Tips
 EbooksWriter LITE

Get Listed Here

Question: which group is 250,000+ strong and always looking for stuff to make their personal and professional lives run smoother?

 


And now, after you do a little ComputingX, see how stupid I can really be. I dare you to be more stupider. It's not going to happen in my lifetime.

Did You Touch This?

 

Lockergnome Webcam Image
CLICK HERE TO ZOOM

 


©2002, Lockergnome LLC. ISSN: 1095-3965. All Rights Reserved. Please read our Terms of Service. Our Web site is hosted by DigitalDaze. Domain registered at DNS Central. I'll have four fried chickens and a Coke.

 


--------------060303060505010002000705-- From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:14:37 2006 Subject: No subject Message-ID: best way to go. Miguel David Pollard wrote: > Hi There, > > I have a test system up and running with Sophos but I'm having a hard > time finding a single user price for Linux(or in fact any pricing at > all). Their sales guys don't want to talk to me because I don't want to > buy a copy for every machine in the place. > > I have also been digging around on McAfee / Network Associates web site > for pricing but can't figure out which product to use on Linux? > > Can someone give me a point in the right direction please? > > David Pollard. From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:15:12 2006 Subject: No subject Message-ID: mbox variations, but anyway...) seems to state that the date portion will be exactly 24 characters. Currently, df2mbox just calls "date" to get the date when generating the from line: echo From $from `date` My system currently outputs something like this for `date`: Mon Jul 8 19:04:45 EDT 2002 ...which is too long and not liked by pine because it isn't in the mbox format that it expects. As a quick fix, I changed the line to: echo From $from `date "+%a %b %d %T %Y"` ...so that the date generated looks like: Mon Jul 08 19:06:36 2002 ...and, I believe, should always be the required 24 characters. Pine now likes the mbox-formatted file fine. Just wanted to pass that along. - John... From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:15:18 2006 Subject: No subject Message-ID: not, and the message IDis the only thing that changes. See below. With Hide Incoming Work Dir = yes ==> Snippet from notice sent to "sender" ==== The virus detector said this about the message: Report: /var/spool/MailScanner/incoming/g6P1F1l05412/EICAR.COM Infection: EICAR_Test_File ===== Snippet from "VirusWarning.txt" sent to recipient: ===== At Wed Jul 24 18:15:23 2002 the virus scanner said: g6P1F1l05412/EICAR.COM Infection: EICAR_Test_File Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine (message g6P1F1l05412). ===== With Hide Incoming Work Dir = no Snippet from notice sent to "sender" ==== The virus detector said this about the message: Report: /var/spool/MailScanner/incoming/g6P1Ie405526/EICAR.COM Infection: EICAR_Test_File ===== Snippet from "VirusWarning.txt" sent to recipient: ===== At Wed Jul 24 18:18:50 2002 the virus scanner said: g6P1Ie405526/EICAR.COM Infection: EICAR_Test_File Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine (message g6P1Ie405526). ===== Thanks, Nathan Johanson nathan@tcpnetworks.net From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:15:33 2006 Subject: No subject Message-ID: /usr/~/Sophos.install *.Z It ran and did do an update sucessfully. But when Cron runs Sophos.update or when I (as root) run it manually. We get the line 77 bs from /usr/~/autoupdate still However, After I ran the install IT DID update to the latest av files. But no more nightly updates still :( I am using MS version 3.20.8 with no problems except for the AV update. On RedHat 7.2 Thank You ------=_NextPart_000_000C_01C258B4.ACB2ED00 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Julian, 
 I have done what you previously = stated=20 about Sophos update line 77 failure. And its still reporting it[Matt = Doherty] .
 
I deleted everything Except for the /bin/ = directory=20 under /usr/local/Sophos
 I had already d ownloaded the new = lib6.~.Z file=20 from Sophos.
From the directory where i had downloaded it = to I ran=20 your script
/usr/~/Sophos.install=20 *.Z
 
It ran and did do an update=20 sucessfully.
But when Cron runs Sophos.update or when I = (as=20 root) run it manually. We get the line 77 bs from = /usr/~/autoupdate=20 still
However, After I ran the install IT DID = update to the=20 latest av files. But no more nightly updates still=20 :(
 
I am using MS version 3.20.8 with no problems = except=20 for the AV update. On RedHat 7.2
 
Thank=20 You
------=_NextPart_000_000C_01C258B4.ACB2ED00-- From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:15:45 2006 Subject: No subject Message-ID: - something is wrong with paths in the script, my installation of mcafee is in /usr/local/uvscan? I tried with f-prot and it works fine. So I thought maybe my comp was stupid so I did a try on another comp. There it starts without a bailout but it doesnt finish and no lookfile is writen to /tmp Any good or bad advice for me to try because Im lost. /Anders > -----Ursprungligt meddelande----- > Frn: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > Skickat: den 23 september 2002 23:58 > Till: MAILSCANNER@JISCMAIL.AC.UK > mne: Re: SV: Fix in uvscan/autoupdate > > > At 17:59 23/09/2002, you wrote: > >As the bad perl knowledge I got I need to ask where these > >lines are supposed to be in the script? > > Around line 66 as it says at the start of the patch. > > > >/Anders > > > > > -----Ursprungligt meddelande----- > > > Frn: Julian Field [mailto:mailscanner@ECS.SOTON.AC.UK] > > > Skickat: den 23 september 2002 18:11 > > > Till: MAILSCANNER@JISCMAIL.AC.UK > > > mne: Fix in uvscan/autoupdate > > > > > > > > > There appears to have been a change in the syntax of the > McAfee uvscan > > > program, which means that the "autoupdate" script for it will > > > bail out with > > > a "no target specified for scanning" error. > > > > > > To fix this, just apply this tiny change to uvscan/autoupdate (or > > > lib/mcafee-autoupdate in V4). > > > > > > --- autoupdate.old Mon Sep 23 11:01:01 2002 > > > +++ autoupdate Mon Sep 23 11:11:31 2002 > > > @@ -66,7 +66,7 @@ > > > # to see if the new dat's are o.k attempt to run mcafee > > > with them and > > > # check for errors > > > print STDERR "About to run mcafee\n"; > > > -open(MCAFEETEST, "$mcafee -d $mcafeeroot | "); > > > +open(MCAFEETEST, "$mcafee -d $mcafeeroot . | "); > > > print STDERR "Running mcafee\n"; > > > while(){ > > > chomp; > > > -- > > > Julian Field Teaching Systems Manager > > > jkf@ecs.soton.ac.uk Dept. of Electronics & > Computer Science > > > Tel. 023 8059 2817 University of Southampton > > > Southampton SO17 1BJ > > > > > -- > Julian Field Teaching Systems Manager > jkf@ecs.soton.ac.uk Dept. of Electronics & Computer Science > Tel. 023 8059 2817 University of Southampton > Southampton SO17 1BJ > From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:16:29 2006 Subject: No subject Message-ID: (or any other unsupported mail server), which points the reader to Q16 of the of the Installation FAQ, I gather that this is not out of the ordinary and that it indeed can be done. In fact, I observed that there are some instructions on how to do it. However, as a home linux user, I did not quite understand all that was being explained. So I went looking for more information to hopefully help me out. After a few days of digging around, I uncovered the following information. >From the Web site: http://www.tropicseas.net/reference/sysadmin/html/v09/i02/a6.htm I read the article "A Linux Email Server" by Marcel Gagn. In this article he talks about "Setting up Sendmail". (see below for excerpts) My question are, would a configuration like that discussed in Marcel's article: 1. work with MailScanner. 2. fit my scenario for my home linux network? >From the article: "Depending on how your account is set up with your ISP, the domain name of your server may be something like dhch3-ip1.theirdomain.com , which is not the best name for setting up the email gateway. For a return address, user "fred" would wind up as fred@dhcp3-ip.theirdomain.com, when sending mail from the local system. You can have the Sendmail program put in your domain name by making the one modification that I recommend in the Sendmail configuration file. I mentioned that this email server is not going to be connected to the Internet, but if you make this easy change now, you won't need to do it later. Using your editor, open /etc/sendmail.cf and look for the lines shown in Listing 1. Notice the part that talks about my official domain name. The line that reads Dj$w.Foo.COM has been copied and rewritten with the domain name to define the "Dj" macro. A macro in Sendmail parlance is very much like an environment variable in your Bourne, Korn, or C shell. The Dj macro references your canonical hostname. For this article, I'll call the domain mycompany.com. That is the only change needed in the /etc/sendmail.cf file. The next file to modify is /etc/sendmail.cw. This file contains a list of all the domains and systems for which the server will accept mail. For instance, if you edit the file with your editor, and add the domain name (mycompany.com) and the localhost name (localhost), you end up with this simple file: # sendmail.cw - include all aliases for your machine here. mailserv mailserv.mycompany.com mycompany.com localhost This tells the Sendmail daemon to accept mail messages addressed to either user@localhost, or user@mycompany.com, or any of the aliases you have set up. Next, you need to edit /etc/mail/relay-domains. One of the great annoyances of modern email is SPAM (those unwanted bits of advertising that seem to rain down in your email box). Particularly galling are the spammers who use other people's email servers to route their mail traffic. Fortunately, the modern incarnations of Sendmail make it difficult for spammers to use your machine as a relay. In fact, unless otherwise specified, Sendmail will refuse to deliver messages from unfamiliar machines or domains. That is where the relay-domains file comes into play. Edit the file and add the following: localhost 127. mycompany.com 192.168.1. This should cover all hosts in your small, networked office, including any need you have for using Sendmail to relay messages on the server. Be sure to include the dot at the end of your localhost domain address (127.) and at the end of your private network and domain (192.168.1.)." AND "That's all you really need to do with Sendmail and IMAP in order to send and receive mail on this small network. To DNS or Not to DNS For Sendmail to route mail properly, it must be able to resolve domain names to IP addresses. An email server operating on the Internet uses DNS servers for name resolution. Simply put, a DNS, or Domain Name Server, takes a system's IP address and converts it to a more "human" name (like mailserv.mycompany.com). It will also convert that name back to its numeric IP address. On the server, mailserv.mycompany.com would become 192.168.1.100, or vice-versa. This requires the setup of "zone" files and domain tables and can be quite complex. For the small network here, it is easier to list host-to-name-to-IP-address mappings in the /etc/hosts file: 127.0.0.1 localhost 192.168.1.100 mailserv.mycompany.com mailserv mycompany.com 192.168.1.31 john 192.168.1.32 myrtle 192.168.1.33 bonnie 192.168.1.34 gilbert 192.168.1.35 elvis 192.168.1.36 tux Usually, the standard Linux install fires up with a DNS already present. This is a simple version called a "caching nameserver". For this example, you need to get rid of it or it will try to use the DNS to resolve the address of the local machine. The mail client will usually time out waiting for the system to return with a failed DNS lookup, which is not a good idea. The easiest way is to rename the /etc/resolv.conf file: # mv /etc/resolv.conf /etc/resolv.conf.orig Next, stop the DNS by shutting down the named daemon: # /etc/rc.d/init.d/named stop To make sure named does not restart on boot, use this command: # chkconfig --del named Of course, if your network has been set up for a while and you have a fully configured DNS, you should simply continue using it." For the full article: http://www.tropicseas.net/reference/sysadmin/html/v09/i02/a6.htm Thanks! Steve Dawes PH: (403) 268-5527. Mailto: sdawes@calgary.ca NOTICE:: This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and cooperation. From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:17:04 2006 Subject: No subject Message-ID: But that seems to be wrong. When setting confQUEUE_LA to 0, sendmail never sends mails from its outgoing queue. After changing the value back to 8, my problem disappeared. Background: We are scanning incoming and outgoing mails. Customers who are using some scripts to send mail complained, when our MailScanner machine refused to accept mail when it was under high load. Viele Gre -- Heinz > -----Original Message----- > From: Knutzen, Heinz (DZ-SH) > Sent: Thursday, January 23, 2003 6:11 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Some mails in outgoing queue don't get processed > > > Hi, > > since yesterday I have trouble with my sendmail/mailscanner setup: > Some mails remain in /var/spool/mqueue and don't get processed. > There are thousands of mails which get processed ok, > but I have about 70 mails with dates from yesterday to now > which stay in /var/spool/mqueue all the time. > > When doing 'mailq', all 70 mails are shown. > But if I do a 'sendmail -v -q', only 1 or two recent mails > are processed. > All of these qfiles have lines like > > qfh0N1Ohvm007970:MDeferred: Connection refused by [10.48.242.10] > qfh0N6Okvm012640:MDeferred: Connection timed out with [10.107.64.10] > > but currently there are now connection problems. > Restarting sendmail and removing /var/spool/mqueue/.hoststat/ > doesn't help either. > > Any ideas, how to get them delivered? > > Version info: > mailscanner-4.05-3 > sendmail-8.12.2-88 > > Viele Gre > > -- Heinz Knutzen > > Datenzentrale Schleswig-Holstein > Altenholzer Str. 10-14, 24161 Altenholz, Germany > http://www.dzsh.de/ > mailto:heinz.knutzen@dzsh.de > Tel: +49.431.3295.6581 Fax: +49.431.3295.410 > From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:17:48 2006 Subject: No subject Message-ID: gave "Error initialising detection engine - missing part of virus data". Invoked the "autoupdate" script again which appears to run OK. The files under /usr/local/Sophos/* appeared to be updated OK again but the error still appeared. However noticed that when I invoked "sweep" directly on a file it works OK. That is: ./sweep /tmp/eicar.com # OK ./sophoswrapper /tmp/eicar.com # Error initialising detection ... So modified "sophoswrapper" as follows ( added #TMP#) so that "sweep" is run without the $SAV_IDE and $LD_LIBRARY_PATH environment variables being set - "sophoswrapper" is now working OK. Can anyone suggest why the new "sweep" suddenly started behaving differently after the 04:00 IDE update? ------------------------------ cut here (/usr/local/Sophos/bin/sophoswrapper) PackageDir=/usr/local/Sophos prog=sweep # `basename $0` #TMP#SAV_IDE=$PackageDir/ide #TMP#LD_LIBRARY_PATH=$PackageDir/lib #TMP#export SAV_IDE #TMP#export LD_LIBRARY_PATH exec ${PackageDir}/bin/$prog "$@" ------------------------------ cut here Quentin --- PHONE: +44 191 222 8209 Computing Service, University of Newcastle FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:18:00 2006 Subject: No subject Message-ID: To.
 
Mohan
------=_NextPart_000_0005_01C31583.1F5D8EB0-- From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:18:59 2006 Subject: No subject Message-ID: match are the same. Rule format I can think of is FromTo: emailid or IP,emailid or IP. If second arguement exists, the AND operator applies, if not OR. Mohan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Rob V Sent: Wednesday, July 16, 2003 9:42 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: forged From: Can I add that in my scan.rules ? like From: 192.168.198. no will that no scan all of 192.168.198 or do I have to add it differently ? At 03:08 PM 7/16/2003 +0100, you wrote: >Rob V wrote: > > Has Anyone got a way to block or detect a forged From: address. > > I am getting spam sent to us with forged From (they are putting that > > the mail is from someone at our domain) > > Since we do not scan our own domain these messages are getting in no > > problem. Any help or suggested would be appreciated. > >You should not whitelist your own domains by their domain name, instead >you should whitelist trusted internal servers by IP, or your IP address blocks. > > > >BMRB International >http://www.bmrb.co.uk >+44 (0)20 8566 5000 >_________________________________________________________________ >This message (and any attachment) is intended only for the >recipient and may contain confidential and/or privileged >material. If you have received this in error, please contact the >sender and delete this message immediately. Disclosure, copying >or other action taken in respect of this email or in >reliance on it is prohibited. BMRB International Limited >accepts no liability in relation to any personal emails, or >content of any email which does not directly relate to our >business. Rob Vicchiullo robv@disaster.com http://www.disaster.com (518) 218-0900 From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:19:00 2006 Subject: No subject Message-ID: "It's also worth noting that training with a very small quantity of ham, will produce atrocious results. You should aim to train with at least the same amount (or more if possible!) of ham data than spam" regards, Tony From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:19:05 2006 Subject: No subject Message-ID: been received. Can this be implemented in the Log.pm from MailScanner? Thanks! -- Jeffrey Koetsier Unix Administrator "I don't believe UNIX is Utopia. It's just the best set of tools around." -- Dick Haight, Unix Review, Jan. 1985, pg. 117 From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:20:34 2006 Subject: No subject Message-ID: To = someuser@domain1.tld To = someuser@domain2.tld It won't only match From=someuser@domain1.tld and To=someuser@domain2.tld which is what Ron originally wanted. Antony. -- Behind the counter a boy with a shaven head stared vacantly into space, a dozen spikes of microsoft protruding from the socket behind his ear. - William Gibson, Neuromancer (1984) From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:20:38 2006 Subject: No subject Message-ID: At 17:03 19/10/2003, you wrote: >Hi all, > >I've got MailScanner set up and working well except that one particular >email address added to the blacklist seems not to work at all, the email >address in question is: > >owner-nolist-x@WWW-TOPSITES.COM > >and a header sequence from an example email is as follows: > >Return-Path: >Received: from top-site.net ([202.9.152.26]) > by NS.MY-NETWORK.COM (8.12.8/8.12.8) with ESMTP id h9IKapUB011724 for >; Sat, 18 Oct 2003 15:36:53 -0500 >Message-Id: <200310182036.h9IKapUB011724@NS.MY-NETWORK.COM> >Received: from topsitesmail (localhost) by top-site.net (LSMTP for Windows >NT v1.1b) with SMTP id <0.0332881E@top-site.net>; Sat, 18 Oct 2003 >16:36:36 -0400 >Date: Sat, 18 Oct 2003 16:36:36 -0400 >From: John >Subject: RE: updated translations of studiofivearch.com into 8 languages >Reply-To: >To: >X-my-network-MailScanner-Information: Please contact your network admin >for more information >X-my-network-MailScanner: Found to be clean >X-my-network-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.718, > required 5, BAYES_44 -0.00, HTML_MESSAGE 0.10, > MSGID_FROM_MTA_HEADER 0.70, RCVD_IN_BL_SPAMCOP_NET 1.50, > RCVD_IN_NJABL 0.10, RCVD_IN_NJABL_RELAY 0.00, RCVD_IN_RFCI 0.10, >RCVD_IN_SBL 1.11, RCVD_IN_SORBS 0.10) >X-my-network-MailScanner-SpamScore: sss > >Normally I'd expect to see some indication that the blacklist had caught >this beast. > >Can anyone shed some light on this issue for me, please? > >TIA > >Ned -- Julian Field www.MailScanner.info Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:21:29 2006 Subject: No subject Message-ID: According to David's correction, it should be written as "Es wurden zuviele Anhnge in der e-mail gefunden." For simplicity, #4 "Zuviele Anhnge in der Email". Regards, Steffan, wondering if he has spent too much time on IRC, resulting in a loss of basic German spelling abilities, LOL. From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:21:35 2006 Subject: No subject Message-ID: Mails are coming in but are not scanned by MailScanner and Spamassassin (2.55) Any help would be welcomed! /Jan Elmqvist Nielsen From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:21:35 2006 Subject: No subject Message-ID: Mails are coming in but are not scanned by MailScanner and Spamassassin (2.55) Any help would be welcomed! /Jan Elmqvist Nielsen From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:21:35 2006 Subject: No subject Message-ID: Mails are coming in but are not scanned by MailScanner and Spamassassin (2.55) Any help would be welcomed! /Jan Elmqvist Nielsen From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:21:55 2006 Subject: No subject Message-ID: to see more detailed documentation (yes, I've checked the mailing list archives, read the FAQs etc - I just like having stuff laid out in one place (read "am lazy")). (Julian - if you'd be interested in having a complete MS newbie draft a for-idiots-by-an-idiot guide I'd be happy to get involved). I still wouldn't be confident enough to setup MailScanner in a production environment myself (I've got FSL.com for that) but isn't that the point - I didn't just learn new stuff, I also got a better feel for what I don't know. I've spent enough time in the Windows world of "plug it in and turn it on straight out of the box without understanding how it works" to have developed a healthy fear of this approach. I won't bore anyone with the horror stories, I've a feeling I'd be preaching to the converted ;) Best Matthew Day University of Buckingham From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:21:59 2006 Subject: No subject Message-ID: also listed as a spammer. The problem is that the from address is different every month by the appendage of a character code. So one month it may be good_user_jan@bad.domain.com and then good_user_feb@bad.domain.com the next month. -=B From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:22:52 2006 Subject: No subject Message-ID: them into the "real" queue directory. So far everything works okay. I get all the messages scanned and put into the "real" queue directory, but from there no messages are delivered, locally or remotely. When sending a message from another host or locally i get something similar to the following in my maillog: Mar 1 21:02:39 u15151422 MailScanner[10150]: New Batch: Scanning 1 messages, 58 5 bytes Mar 1 21:02:39 u15151422 MailScanner[10150]: MCP Checks: Starting Mar 1 21:02:49 u15151422 MailScanner[10150]: Virus and Content Scanning: Starti ng Mar 1 21:02:50 u15151422 MailScanner[10150]: Uninfected: Delivered 1 messages There is no mentioning of qmail. I find this very strange... Before i would get a complete history. Checking the queue status i get: [me@bubu bin]# ./qmail-qstat messages in queue: 31 messages in queue but not yet preprocessed: 0 And qmail-qread returns nothing... [me@bubu bin]# ./qmail-qread [me@bubu bin]# Looking into the real queue directory all messages seem to be at S4, waiting for the qmail-send to kick in. http://www.cyberis.net/support/qmail/misc/INTERNALS.phtml There are no message hung in the "queue.in" directory. I've compared all permissions in my queue directory with a post that i found http://www.google.com/groups?safe=images&ie=UTF-8&oe=UTF-8&as_umsgid=wx0itrfgeif.fsf@sws5.ctd.ornl.gov&lr=&hl=en No discrepancies found. Processes all look fine. qmails 9355 0.0 0.0 1420 348 pts/1 S 18:48 0:00 qmail-send qmaill 9357 0.0 0.0 1380 408 pts/1 S 18:48 0:00 splogger qmail root 9358 0.0 0.0 1412 332 pts/1 S 18:48 0:00 qmail-lspawn ./Maildir/ qmailr 9359 0.0 0.0 1404 312 pts/1 S 18:48 0:00 qmail-rspawn qmailq 9360 0.0 0.0 1376 300 pts/1 S 18:48 0:00 qmail-clean qmailq 10146 0.0 2.3 13580 11828 ? S 20:01 0:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf qmailq 10150 0.0 5.1 28032 26212 ? S 20:01 0:02 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf qmailq 10245 0.0 5.1 27896 26072 ? S 20:01 0:02 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf qmailq 10253 0.0 5.1 27832 25984 ? S 20:01 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf qmailq 10254 0.0 5.1 27832 25984 ? S 20:01 0:01 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf qmailq 10255 0.0 5.1 27836 25988 ? S 20:01 0:02 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf i do not have the qmailctrl script installed on my box, but using splogger i supose everything is logged into maillog. Trying to force the immediate delivery or error message by sending an alarm signal to qmail-send does not produce any output in my maillog file. [me@bubu bin]# kill -s SIGALRM 9355 I wonder if using a supervised qmail is the only way to get more log information or if i'm missing something here. I guess it must be some permission problem, or a simple configuration issue. To give you the complete overview here as well my configuration: [me@bubu bin]# ./qmail-showctl qmail home directory: /var/qmail. user-ext delimiter: -. paternalism (in decimal): 2. silent concurrency limit: 1000. subdirectory split: 23. user ids: 2021, 2020, 2022, 0, 2023, 2520, 2521, 2522. group ids: 2020, 2520. badmailfrom: (Default.) Any MAIL FROM is allowed. bouncefrom: (Default.) Bounce user name is MAILER-DAEMON. bouncehost: (Default.) Bounce host name is bubu.com. concurrencylocal: (Default.) Local concurrency is 10. concurrencyremote: (Default.) Remote concurrency is 20. databytes: SMTP DATA limit is 0 bytes. defaultdomain: (Default.) Default domain name is bubu.com. defaulthost: (Default.) Default host name is bubu.com. doublebouncehost: (Default.) 2B recipient host: bubu.com. doublebounceto: (Default.) 2B recipient user: postmaster. envnoathost: (Default.) Presumed domain name is bubu.com. helohost: (Default.) SMTP client HELO host name is bubu.com. idhost: (Default.) Message-ID host name is bubu.com. localiphost: (Default.) Local IP address becomes bubu.com. locals: Messages for localhost are delivered locally. me: My name is bubu.com. percenthack: (Default.) The percent hack is not allowed. plusdomain: (Default.) Plus domain name is bubu.com. qmqpservers: (Default.) No QMQP servers. queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds. rcpthosts: SMTP clients may send messages to recipients at resotech.org. SMTP clients may send messages to recipients at bubu.com. morercpthosts: (Default.) No effect. morercpthosts.cdb: (Default.) No effect. smtpgreeting: (Default.) SMTP greeting: 220 bubu.com. smtproutes: (Default.) No artificial SMTP routes. timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds. timeoutremote: (Default.) SMTP client data timeout is 1200 seconds. timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds. virtualdomains: Virtual domain: resotech.org:3 Virtual domain: bubu.com:2 servercert.pem: I have no idea what this file does. clientcert.pem: I have no idea what this file does. Thank you Stephan From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:23:17 2006 Subject: No subject Message-ID: Dustin From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:23:48 2006 Subject: No subject Message-ID: header RCVD_IN_SPAMHAUS_SBL+XBL eval:check_rbl_txt('sbl-xbl', 'sbl-xbl.spamhaus.org.') describe RCVD_IN_SPAMHAUS_SBL+XBL Listed in SPAMHAUS SBL+XBL tflags RCVD_IN_SPAMHAUS_SBL+XBL net score RCVD_IN_SPAMHAUS_SBL+XBL 4 to my '/etc/mail/spamassassin/local.cf' file, and restarted MailScanner. My MailScanner.conf contains the line: SpamAssassin Site Rules Dir = /etc/mail/spamassassin and it does seem to pickup the bigevil.cf rules file from there. SInce then, I got another spam (surprise surprise) which should have triggered this rule, but doesnt seem to have. X-mycompanyname-MailScanner-SpamCheck: spam, SBL+XBL, SpamAssassin (score=13, required 4.1, BAYES_90 3.00, BigEvilList_29 3.00, BigEvilList_41 3.00, CLICK_BELOW 0.00, HTML_70_80 0.33, HTML_IMAGE_ONLY_04 1.41, HTML_LINK_CLICK_HERE 0.10, HTML_WEB_BUGS 0.10, MAILTO_TO_REMOVE 0.27, MAILTO_WITH_SUBJ 0.57, MAILTO_WITH_SUBJ_REMOVE 0.50, MIME_HTML_ONLY 0.10, SUBJ_REMOVE 0.62) I thought I should see the extra score of 4. What am I missing ? Thanks, Declan From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:23:53 2006 Subject: No subject Message-ID: y sammy.tnjinfl.com (8.12.8/8.12.8) with ESMTP id i2ODTBxR008385 for ; Wed, 24 Mar 2004 08:29:11 -0500=20 Subject: {Spam?} test @ 8:29=20 To: jpifer@obrien-pifer.com=20 X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004=20 Message-ID: =20 From: jamespifer@packagingcorp.com=20 Date: Wed, 24 Mar 2004 08:28:06 -0500=20 X-MIMETrack: Serialize by Router on PCALAKLH01/PackagingCorp(Release 6.5.= 1|January 21, 2004) at 03/24/2004 07:15:14 AM=20 MIME-Version: 1.0=20 X-MailScanner-Information: Please contact the ISP for more information=20 X-MailScanner: Found to be clean=20 X-MailScanner-SpamCheck: spam, Infinite-Monkeys, SpamAssassin (score=3D-1= .364, required 4, BAYES_01 -1.52, NO_REAL_NAME 0.16)=20 James --bound1080138846-- From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:23:56 2006 Subject: No subject Message-ID: You'd need to give us more info if you want us to help you. Please avoid HTML in posts, use plain-text. Ugo From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:23:57 2006 Subject: No subject Message-ID: You'd need to give us more info if you want us to help you. Please avoid HTML in posts, use plain-text. Ugo From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:25:01 2006 Subject: No subject Message-ID: am I better off using an IP based rule? the problem with an IP based rule, is that it wouldn't apply to users on the road, logging in from the outside... thanks for any guidance.... -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:25:04 2006 Subject: No subject Message-ID: HTML sanitiziing. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:25:45 2006 Subject: No subject Message-ID: now i just need to get bayes, pyzor/razor setup and i should be catching almost all spam. chris. -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:26:26 2006 Subject: No subject Message-ID: configured and working with MailScanner for normal message checksumming. My question is this: Is it possible to do greylisting this way with MailScanner? If not, are there any particular methods for me to try implementing it that anybody has found works well with such a setup? Thanks! matt henkler -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:26:32 2006 Subject: No subject Message-ID: (that's a random example - not tested) There are clear examples in the files. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:26:32 2006 Subject: No subject Message-ID: (that's a random example - not tested) There are clear examples in the files. Mr Michele Neylon Blacknight Internet Solutions Ltd http://www.blacknight.ie/ Tel. +353 59 9137101 -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html ------------------------------------------------------ lwgL080.net sޯfr Viruses Scanned by 080.net ------------------------------------------------------ lwgL080.net sޯfr Viruses Scanned by 080.net -------------------------- MailScanner list ---------------------- To leave, send leave mailscanner to jiscmail@jiscmail.ac.uk Before posting, please see the Most Asked Questions at http://www.mailscanner.biz/maq/ and the archives at http://www.jiscmail.ac.uk/lists/mailscanner.html From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:27:21 2006 Subject: No subject Message-ID: IO-stringy
MIME-Base64
MailTools
File-Spec
HTML-Tagset
HTML-Parser
MIME-tools
patches 1 - 4
File-Temp
TNEF-Convert

ln -s gcc /usr/local/bin/cc

 
 
 
 
 
 
------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).


--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:27:25 2006 Subject: No subject Message-ID: How hard would it be to perhaps have dspam support in MailScanner? As it calls an external program I don't think it would be too difficult. -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 011 290 6388 Cell: 083 235 0760 Mail: davidj@synaq.com WWW: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:27:41 2006 Subject: No subject Message-ID: the server hosting the xyz.com domain. However, I still get mail routing loop errors. Thanks for your assistance __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:27:44 2006 Subject: No subject Message-ID: Nov 29 11:41:51 smithers MailScanner[2682]: MailScanner E-Mail Virus Scanner version 4.35.11 starting... Nov 29 11:41:51 smithers MailScanner[2682]: lock.pl sees Config LockType = flock Nov 29 11:41:51 smithers MailScanner[2682]: lock.pl sees have_module = 0 Matthew K Bowman Systems Administrator UDCom Tel: 419-524-4330 Fax: 419-524-8757 Web: http://www.udcom.com Email: mbowman@udcom.com Support: techsupport@udcom.com Sales: sales@udcom.com Marco Benton Sent by: MailScanner mailing list 11/26/2004 11:50 AM Please respond to MailScanner mailing list To: MAILSCANNER@JISCMAIL.AC.UK cc: Subject: Re: Help! - MailScanner ceased working (debug output) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Bowman wrote: | Nothing hits the outbound queue (/var/spool/mqueue). All inbound | email stays put in /var/spool/mqueue.in how about trying to turn off most things in MailScanner.conf like SA and virus checks. then run debug. there seems to be something missing at the end of the debug... like untieing bayes and other stuff. - -- Marco Benton - BOFH, BSMFH Network Consultant BOFH excuse #366: The cause of the problem is: Webmasters kidnapped by evil cult. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBp1602+PYgoYkw8ERAuoeAJ0fEKXm7t8g+95+Wc/rkLwT7MdJNQCeOASU EYvc78f7CM4+FGV9xxih50E= =2mRo -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:27:55 2006 Subject: No subject Message-ID: either the three characters at the begining or the sequence at the end of each line get ... munged somehow. Could you check with "od -c" which it is? Also, how is the files encoded/sent normally? Not that I'm implying I'll be able to help, but perhaps a better fault- description will make a "bell ring" for someone who can. -- Glenn > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Zhang(MIS) > Sent: den 10 december 2004 09:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Some Attachments corrupt when enable Dangerous > Content Scanning > > > Hi All, > > I got complaint from our HR staff that their attachments in email was > corrupt. > (the example is simple txt file : > http://210.177.17.196/mis/temp/04120915.53r which is > download from our > absent time recorder ) > > when use diff to compare the orignal file and the emailed one : > > # diff 04120915.53r after/04120915.53r > 1,5c1,5 > < 1000002371015501209D0A > < 1000002371015501209D1A > ... > --- > > 1000002371015501209D0A > > 1000002371015501209D1A > ... > > after many testing I noted the way to avoid this problem is > 1.disable Content Scanning (Dangerous Content Scanning = no) > 2. use text format to send the email > 3. change the file name with xxxx.txt > > * we are using 4.36.4 MS > > Our staff said no problem before alst week (we upgraded to > 4.36.4 last > week), any idea for this? > > Regards > Z. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:27:59 2006 Subject: No subject Message-ID: spam.assassin.prefs.conf file for SA 3.0.x from www.fsl.com/support and install in lieu of the standard file. Be sure and change YOURDOMAIN.COM in our sample file to the value of %org-name% in /etc/MailScanner.conf Hope this helps, Steve Steve Swaney President Fortress Systems Ltd. www.fsl.com steve.swaney@fsl.com -- This message has been scanned for viruses and dangerous content by The MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:13 2006 Subject: No subject Message-ID: Sylvain =========================================================== Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Clinical School Information Management Services Unit (IMSU) Medical Sciences Division University of Oxford | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England =========================================================== >>> martinh@SOLID-STATE-LOGIC.COM 17/01/2005 09:10:43 >>> Julian from the UK user....happy nth birthday James - hope you don't have to support the hardware! (I did have user in Japan, now localsupport thank goodness, but I still got users in LA that require a 10 hour flight..) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 James Gray wrote: > On Mon, 17 Jan 2005 06:59 am, Drew Marshall wrote: > >>Just a quick note to wish you a Happy Birthday!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:13 2006 Subject: No subject Message-ID: license expired July of 2004 and as far as I can tell, I can not renew my license. :( I liked Rav a lot. But I see that MailScanner still supports Rav. So my question: Is MailScanner supporting Rav long enough so nobody is left out in the cold? or am I missing something? It would be nice to be able to use it still! :) - Regards Joseph Watson ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:23 2006 Subject: No subject Message-ID: relay. I havce searched and searched on this error and tried to see what the problem is on the exchange server. I cannot find what the problem is. Any help on getting these errors taken care of is greatly appreciated. Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:25 2006 Subject: No subject Message-ID: subdomain to in the FQDN for a mail server such as someone@mailscanner.woodmaclaw.com? > > Beyond that, I can't think of what else might be goofy. Hope > this helps... Either way, I am learning as I go along and I do appreciate your time and feedback. > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:25 2006 Subject: No subject Message-ID: - Changed Postfix handling so that "Archive Mail" feature creates files with unique names so that re-used message-ids don't cause overwriting of older files in the same day with the same message-id. Brad >>> John Crossan 2/3/2005 3:42:25 PM >>> I have MailScanner and Mailwatch for MailScanner running. We are running MailScanner, SpamAssassin, postfix, ClamAV, and Mailwatch. I could not use mailwatch to release a message from quarantine today (February 3) because it had the same ID as a message received in December. I had to release it manually. Is there a fix for this? Thanks John Crossan Systems Administrator Valley Presbyterian Hospital Message ID: C3F6017C3BC Message Headers: Received: from adsl-63-196-151-90.dsl.lsan03.pacbell.net (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Mon, 20 Dec 2004 10:42:01 -0800 (PST) Received: from smtp.jiscmail.ac.uk ([130.246.192.55]) by adsl-63-196-151-90.dsl.lsan03.pacbell.net with esmtp (Exim 3.13 #5) id 1CgSTp-0007Nu-00 for john.crossan@VALLEYPRES.ORG; Mon, 20 Dec 2004 10:42:01 -0800 Received: from LISTSERV.JISCMAIL.AC.UK (jiscmail.ac.uk) by smtp.jiscmail.ac.uk (LSMTP for Windows NT v1.1b) with SMTP id <7.0019BDC2@smtp.jiscmail.ac.uk>; Mon, 20 Dec 2004 18:40:59 +0000 Received: from JISCMAIL.AC.UK by JISCMAIL.AC.UK (LISTSERV-TCP/IP release 1.8e) Message ID:C3F6017C3BC Message Headers: Received: from mail.valleypres.org (firewall.valleypres.org [192.6.1.253]) by clamav.valleypres.org (Postfix) with ESMTP id C3F6017C3BC for ; Thu, 3 Feb 2005 12:10:57 -0800 (PST) Received: from 64-171-32-163.ded.pacbell.net ([64.171.32.163] helo=nts-1.triageconsulting.com) by mail.valleypres.org with esmtp (Exim 3.13 #5) id 1CwnJZ-0000jV-00 for tracey.talley@valleypres.org; Thu, 03 Feb 2005 12:10:57 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C50A2C.789D9C4A" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:36 2006 Subject: No subject Message-ID: and if I could remember where the pieces came from, I'd give full credit. Sorry :(. This should work on any domain. Let me know if there are bugs/etc. I'm still ironing out my cron job, but this was a rather exciting fix for me, that I couldn't wait to share. ---------------------------------- default.asp ---------------------------------- <% Dim rootDSE, domainObject Set rootDSE=GetObject("LDAP://RootDSE") domainContainer = rootDSE.Get("defaultNamingContext") Set domainObject = GetObject("LDAP://" & domainContainer) Set fs = CreateObject ("Scripting.FileSystemObject") ExportUsers(domainObject) Set oDomain = Nothing Sub ExportUsers(oObject) Dim oUser For Each oUser in oObject Select Case oUser.Class Case "user" If oUser.mail <> "" then for each email in oUser.proxyAddresses print_email(email) next End if Case "group" If oUser.mailNickname <> "" then for each email in oUser.proxyAddresses print_email(email) next End if Case "organizationalUnit" , "container" If UsersGroupsinOU (oUser) then ExportUsers(oUser) End if End select Next End Sub Function print_email(email) if Instr(email, "SMTP:") <> 0 or Instr(email, "smtp:") <> 0 then dim n, e ' locate the ":" n = InStr(1, email, ":", 1) ' and chop it off e = Right(email, Len(email) - n) ' write the email address, two tabs, and a LF response.write(e & Chr(9) & Chr(9) & "ACCEPT" & Chr(10)) end if end function Function UsersGroupsinOU (oObject) Dim oUser UsersGroupsinOU = False for Each oUser in oObject Select Case oUser.Class Case "organizationalUnit" , "container" UsersGroupsinOU = UsersGroupsinOU(oUser) Case "user" UsersGroupsinOU = True Case "group" UsersGroupsinOU = True End select Next End Function %> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:39 2006 Subject: No subject Message-ID: score=4.889, required 4.37, DNS_FROM_RFC_ABUSE 0.37, DNS_FROM_RFC_POST 1.38, MISSING_SUBJECT 1.57, NO_REAL_NAME 0.18, UNDISC_RECIPS 1.39) From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:39 2006 Subject: No subject Message-ID: score=3.229, required 4.37, AWL 1.66, NO_REAL_NAME 0.18, UNDISC_RECIPS 1.39) From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:39 2006 Subject: No subject Message-ID: SpamAssassin (score=1.569, required 4.37, NO_REAL_NAME 0.18, UNDISC_RECIPS 1.39) This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:43 2006 Subject: No subject Message-ID: ... while(($postie,$notice) = each %notices) { $email = $headers{$postie} . "\n" . #MailScanner::Config::LanguageValue($message, 'noticeheading') . ":\n" . #$notices{$postie} . "\n" . $signatures{$postie} . "\n"; MailScanner::Config::LanguageValue($message, 'noticeprefix') . ": " . $reasons . "\n" . $notices{$postie} . "\n" . $signatures{$postie} . "\n"; $global::MS->{mta}->SendMessageString(undef, $email, $postie) or MailScanner::Log::WarnLog("Could not notify postmaster from $postie, %s", $!); } MailScanner::Log::InfoLog("Notices: Warned about %d messages", $counter) if $counter; } Quentin -- PHONE: +44 191 222 8209 Information Systems and Services (ISS), University of Newcastle, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------------ "Any opinion expressed above is mine. The University can get its own." >-----Original Message----- >From: MailScanner mailing list >[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >Sent: 23 February 2005 16:35 >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: 4.39.3-1 bug or is it me? > >In other words neither of us have the faintest clue as to what could be >going wrong here. >:-( > >Quentin Campbell wrote: > >>>-----Original Message----- >>>From: MailScanner mailing list >>>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>>Sent: 23 February 2005 14:21 >>>To: MAILSCANNER@JISCMAIL.AC.UK >>>Subject: Re: 4.39.3-1 bug or is it me? >>> >>>Can you compare the configs. It is apparently failing to get >>>the message filenames altogether. No-one else has seen this >problem :-( >>> >>> >>> >> >>Julian >> >>I have carefully checked lists of files from ~reports/en and ~/rules >>against the pre-4.39.3-1 lists of files from those same >sub-directories. >>They are all accounted for and have the same names - this was checked >>with "diff" run against sorted lists of files. >> >>I have also used "diff" to compare the 4.39.3-1 MailScanner.conf file >>against the previous version (4.38.9-1). They are the same except for >>the additional lines you have added since 4.38.9-1 and the different >>Version Number. >> >>Quentin >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >> > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:47 2006 Subject: No subject Message-ID: "To ensure we can give all customers who purchase support a very high quality of service, we are restricting the number of support packages that we sell." I am just not so lucky, that I can persuade my boss before Monday :( so what to do, if I am not fast enough!... - Is it possible to get updates to the SMGateway products without a service contract? - Do you plan any special educational / non-profit prices? Regards, Henrik Bro -----Oprindelig meddelelse----- Fra: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] P vegne af Stephen Swaney Sendt: 2. marts 2005 17:46 Til: MAILSCANNER@JISCMAIL.AC.UK Emne: Re: MailScanner ANNOUNCE: New commercial product SMGateway > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Baird > Sent: Wednesday, March 02, 2005 11:19 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner ANNOUNCE: New commercial product SMGateway > > Is the package pricing below per machine? I think I'd like to switch > to it, but I would only want the minimal support package, but I have > multiple mailscanner boxes (on each incoming MX, and my outbound > relays, with redundant boxes standing by for each). Even the base > package would probably get costly for me. > > Regards > Michael Baird > The SMGateway products if the first of a few products we plan to produce. It's not suitable for all sites. Its primary intended use is for a site that runs 0 or 1 gateways fronting a mailhub. For example it is an excellent product to front an existing Microsoft Exchange 2003 or Domino Server. It can typically reduce the load and storage requirements on the backend mailhub by 50% simply by rejecting or trapping the really obvious junk. Add to that the ability to run multiple virus scanners and you really have a Secure Email Gateway - thanks to MailScanner. The fact that you can load the minimal OS required, load SMGateway and easily restore a backup configuration in less than an hour makes for a reasonable recovery scenario for a single gateway site. Our SMCluster products will introduce an architecture that will control multiple gateways. We expect it to be available later this year. It will be very reasonably priced by server not by mailbox. I hope this helps, Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:51 2006 Subject: No subject Message-ID: module's test suite is important. I've just installed 0.16 and that, too, seems fine. I've also written to the author again suggesting that he might simply remove his "scanbuff" tests. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 334 2752 U.K. : ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:28:53 2006 Subject: No subject Message-ID: ########################################################################### # # Handy little feature to let you use the same MailScanner.conf file on # lots of different hosts, where the only difference is the hostname. # Just uncomment the "use Sys::Hostname" line and then set # Hostname = &Hostname # in your MailScanner.conf to use this. # # Many thanks to Tony Finch for this. # ########################################################################### Works in reports as well. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Jason Huddleston Sent: Monday, March 07, 2005 2:43 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Hostname I am trying to change the Hostname variable to include the server name with out hard coding the name in the string. I have tried "Hostname = the %org-name% (%HOSTNAME%) MailScanner" and "Hostname = the %org-name% ($HOSTNAME) MailScanner" with no luck. Is their a variable that I am overlooking that will pick up the server name???? This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:06 2006 Subject: No subject Message-ID: - Multiple "Subject:" lines are removed. The 1st one is kept. Stef > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Duncan, Brian M. > Sent: 17 March 2005 15:06 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Spam that puts extra Subject lines in to avoid being > quarantined/caught. > > Trying another time to mail the list about this type of > Spamming. We are starting to get allot more of these and I > could not find anything in the archives dealing with this. (I > looked again) > > Far down below is the original message I sent the list. > > Basically what I am seeing is Spammers that put two subject > lines into the message. Mailscanner only tags one of them. > (99% of these have been ones that fail RBL check) We have > rules setup in exchange that, then say if message subject has > xxx in it, stick it in their Suspect folder. > (Exchange is only paying attention to the LAST subject line in the > headers) > > Anyway to get sendmail/Mailscanner to either cut out multiple > subject lines, or to mark ALL of the subject lines in the headers? > > This is with mailscanner-4.35.11-1 > > Another example: > > Received: from everest by nuuk.nshoster.com with local (Exim 4.44)id > > 1DBgQp-0003Ae-0D; Wed, 16 Mar 2005 16:51:59 -0500 > To: info@udnepal.com, > richard@rotary1900.org > From: fatima@beaconsfield.libdems.org.uk, > bobby@studentnet.lv > Cc: fatima@beaconsfield.libdems.org.uk > REPLY-TO: info@udnepal.com > Subject: {FAILED SC} Online Reservation Inquiry submitted by > > Content-Type: multipart/mixed; > boundary=feawnqj > Subject: Pharm discount > Message-Id: > Date: Wed, 16 Mar 2005 16:51:59 -0500 > X-AntiAbuse: This header was added to track abuse, please > include it with > > any abuse report > X-AntiAbuse: Primary Hostname - nuuk.nshoster.com > X-AntiAbuse: Original Domain - kmzr.com > X-AntiAbuse: Originator/Caller UID/GID - [32079 32079] / [47 12] > X-AntiAbuse: Sender Address Domain - nuuk.nshoster.com > X-Source: > > X-Source-Args: > > X-Source-Dir: > > X-KMZR-MailScanner-Information: > > X-MailScanner-SpamCheck: spam, SpamAssassin (score=9.369, required > > 7,BAYES_80 2.09, DISGUISE_VIAGRA 1.00, DRUGS_ANXIETY > > 0.10,DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE > 0.22,HEADER_COUNT_CTYPE 1.77, > > HTML_20_30 0.23, HTML_MESSAGE 0.00,HTML_MIME_NO_HTML_TAG 0.14, > > MIME_BASE64_TEXT 0.30,MIME_HEADER_CTYPE_ONLY 0.11, MIME_HTML_ONLY > > 0.18,URIBL_OB_SURBL 3.21) > X-MailScanner-SpamScore: sssssssss > X-MailScanner-From: everest@nuuk.nshoster.com > Return-Path: everest@nuuk.nshoster.com > X-OriginalArrivalTime: 16 Mar 2005 21:57:53.0994 (UTC) > FILETIME=[3479F2A0:01C52A73] > > -----Original Message----- > From: Duncan, Brian M. > > Sent: Friday, January 28, 2005 10:45 AM > To: 'MAILSCANNER@JISCMAIL.AC.UK' > Subject: Removing MULTIPLE subject lines in a message. > > > Forgive me if this has been covered in the mailing list. I > searched the archives without any results.. > > We are starting to receive messages now with multiple subject lines. > (Ones with 2 subject lines total) > > In our environment we just modify the subject line on ANY > message that is determined to be Spam. (Black listed, or > scores higher then 7) > > We then rely on Exchange to move any messages with our > modification into a local folder for the end users that is > for Spam. (So they can look > over) > > The problem we are seeing now is that Outlook/Exchange only > seems to pay attention to the LAST subject line in a message. > When one of these messages with 2 subject lines comes > through, it gets caught. The 1st subject line is re-written, > then it's forwarded to our Exchange server. > The exchange server/outlook client only lists the LAST > subject line from the message. So it winds up in their > INBOX. If you look through the headers you can see.. > > I was wondering if there is an easy way to handle this on the > Sendmail/MailScanner side.. > > Thanks! > > I will include headers of a message we have this problem with: > > > Received: from RJX ([218.107.2.59])by venus.KMZR.COM > (8.11.6/8.11.2) with > > SMTP id j0SDSbL06054;Fri, 28 Jan 2005 07:28:38 -0600 > Message-Id: <200501281328.j0SDSbL06054@venus.KMZR.COM> > Received: from abac.com ([28.90.248.212]) by > crisscross.iupi.pt > > (InterMail vK.4.04.00.00 813-535-420 license > > 5uz341wo5802c0kq1v5mts5394z8rdj1) with ESMTP id > > <75579863733746.EUMI071.cosy@abac.com> for ; > Fri, > > 28 Jan 2005 11:21:00 -0200 > Received: from mail pickup service by hotmail.com with > Microsoft SMTPSVC; > > Fri, 28 Jan 2005 19:25:00 +0600 > Received: from 24.240.198.188 by ami.demagogue.hotmail.msn.com with > > HTTP;Fri, 28 Jan 2005 14:27:00 +0100 GMT > X-Originating-IP: [18.219.66.153] > X-Originating-Email: [combat@abac.com] > From: "Augusta Wood" , "Augusta > Wood" > To: mccord@kmzr.com, > "Mccord" > Subject: {FAILED SC} Spyware Aiert - January 25th > Date: Fri, 28 Jan 2005 14:26:00 +0100 > Mime-Version: 1.0 > Received: from abac.com ([100.144.236.240]) by > crisscross.iupi.pt > > (InterMail vK.4.04.00.00 218-712-387 license > > 5uz341wo5802c0kq1v5mts5394z8rdj1) with ESMTP id > > <67078592714268.CCLC9817.crisscross.iupi.pt> for > ; > Fri, 28 Jan 2005 17:26:00 +0400 > Subject: Spyware Aiert - January 25th > Sender: "Augusta Wood" > X-KMZR-MailScanner-Information: > > X-MailScanner-SpamCheck: spam, SpamAssassin (score=22.075, required > > 7,autolearn=spam, BAYES_80 2.09, INVALID_TZ_GMT 0.20, LONGWORD > > 0.30,LONGWORDS 2.26, MR_NOT_ATTRIBUTED_IP 0.20, MR_STRANGE_QUESTION > > 1.50,MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, NO_RDNS2 > > 0.01,RCVD_IN_DSBL 3.81, RCVD_IN_SORBS 1.00, URIBL_OB_SURBL > > 3.21,URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46) > X-MailScanner-SpamScore: ssssssssssssssssssssss > X-MailScanner-From: reevesxfkyy@topteam.bg > Return-Path: Reevesxfkyy@topteam.bg > X-OriginalArrivalTime: 28 Jan 2005 13:30:17.0277 (UTC) > FILETIME=[81717ED0:01C5053D] > > > > Brian M. Duncan > > Katten Muchin Zavis Rosenman > 525 West Monroe Street > Chicago IL 60661-3693 > 312-577-8045 > > brian.duncan@kmzr.com > > =========================================================== > > Important: > This electronic mail message and any attached files contain > information intended for the exclusive use of the individual > or entity to whom it is addressed and may contain information > that is proprietary, privileged, confidential and/or exempt > from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any viewing, > copying, disclosure or distribution of this information may > be subject to legal restriction or sanction. Please notify > the sender, by electronic mail or telephone, of any > unintended recipients and delete the original message without > making any copies. > > =========================================================== > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This email has been scanned by the Level 5 Internet > MailCrusader for viruses, spam and dangerous content. > For more information please visit http://www.l5net.net > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:07 2006 Subject: No subject Message-ID: - Multiple "Subject:" lines are removed. The 1st one is kept. Stef > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Duncan, Brian M. > Sent: 17 March 2005 15:06 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Spam that puts extra Subject lines in to avoid being > quarantined/caught. > > Trying another time to mail the list about this type of > Spamming. We are starting to get allot more of these and I > could not find anything in the archives dealing with this. (I > looked again) > > Far down below is the original message I sent the list. > > Basically what I am seeing is Spammers that put two subject > lines into the message. Mailscanner only tags one of them. > (99% of these have been ones that fail RBL check) We have > rules setup in exchange that, then say if message subject has > xxx in it, stick it in their Suspect folder. > (Exchange is only paying attention to the LAST subject line in the > headers) > > Anyway to get sendmail/Mailscanner to either cut out multiple > subject lines, or to mark ALL of the subject lines in the headers? > > This is with mailscanner-4.35.11-1 > > Another example: > > Received: from everest by nuuk.nshoster.com with local (Exim 4.44)id > > 1DBgQp-0003Ae-0D; Wed, 16 Mar 2005 16:51:59 -0500 > To: info@udnepal.com, > richard@rotary1900.org > From: fatima@beaconsfield.libdems.org.uk, > bobby@studentnet.lv > Cc: fatima@beaconsfield.libdems.org.uk > REPLY-TO: info@udnepal.com > Subject: {FAILED SC} Online Reservation Inquiry submitted by > > Content-Type: multipart/mixed; > boundary=feawnqj > Subject: Pharm discount > Message-Id: > Date: Wed, 16 Mar 2005 16:51:59 -0500 > X-AntiAbuse: This header was added to track abuse, please > include it with > > any abuse report > X-AntiAbuse: Primary Hostname - nuuk.nshoster.com > X-AntiAbuse: Original Domain - kmzr.com > X-AntiAbuse: Originator/Caller UID/GID - [32079 32079] / [47 12] > X-AntiAbuse: Sender Address Domain - nuuk.nshoster.com > X-Source: > > X-Source-Args: > > X-Source-Dir: > > X-KMZR-MailScanner-Information: > > X-MailScanner-SpamCheck: spam, SpamAssassin (score=9.369, required > > 7,BAYES_80 2.09, DISGUISE_VIAGRA 1.00, DRUGS_ANXIETY > > 0.10,DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE > 0.22,HEADER_COUNT_CTYPE 1.77, > > HTML_20_30 0.23, HTML_MESSAGE 0.00,HTML_MIME_NO_HTML_TAG 0.14, > > MIME_BASE64_TEXT 0.30,MIME_HEADER_CTYPE_ONLY 0.11, MIME_HTML_ONLY > > 0.18,URIBL_OB_SURBL 3.21) > X-MailScanner-SpamScore: sssssssss > X-MailScanner-From: everest@nuuk.nshoster.com > Return-Path: everest@nuuk.nshoster.com > X-OriginalArrivalTime: 16 Mar 2005 21:57:53.0994 (UTC) > FILETIME=[3479F2A0:01C52A73] > > -----Original Message----- > From: Duncan, Brian M. > > Sent: Friday, January 28, 2005 10:45 AM > To: 'MAILSCANNER@JISCMAIL.AC.UK' > Subject: Removing MULTIPLE subject lines in a message. > > > Forgive me if this has been covered in the mailing list. I > searched the archives without any results.. > > We are starting to receive messages now with multiple subject lines. > (Ones with 2 subject lines total) > > In our environment we just modify the subject line on ANY > message that is determined to be Spam. (Black listed, or > scores higher then 7) > > We then rely on Exchange to move any messages with our > modification into a local folder for the end users that is > for Spam. (So they can look > over) > > The problem we are seeing now is that Outlook/Exchange only > seems to pay attention to the LAST subject line in a message. > When one of these messages with 2 subject lines comes > through, it gets caught. The 1st subject line is re-written, > then it's forwarded to our Exchange server. > The exchange server/outlook client only lists the LAST > subject line from the message. So it winds up in their > INBOX. If you look through the headers you can see.. > > I was wondering if there is an easy way to handle this on the > Sendmail/MailScanner side.. > > Thanks! > > I will include headers of a message we have this problem with: > > > Received: from RJX ([218.107.2.59])by venus.KMZR.COM > (8.11.6/8.11.2) with > > SMTP id j0SDSbL06054;Fri, 28 Jan 2005 07:28:38 -0600 > Message-Id: <200501281328.j0SDSbL06054@venus.KMZR.COM> > Received: from abac.com ([28.90.248.212]) by > crisscross.iupi.pt > > (InterMail vK.4.04.00.00 813-535-420 license > > 5uz341wo5802c0kq1v5mts5394z8rdj1) with ESMTP id > > <75579863733746.EUMI071.cosy@abac.com> for ; > Fri, > > 28 Jan 2005 11:21:00 -0200 > Received: from mail pickup service by hotmail.com with > Microsoft SMTPSVC; > > Fri, 28 Jan 2005 19:25:00 +0600 > Received: from 24.240.198.188 by ami.demagogue.hotmail.msn.com with > > HTTP;Fri, 28 Jan 2005 14:27:00 +0100 GMT > X-Originating-IP: [18.219.66.153] > X-Originating-Email: [combat@abac.com] > From: "Augusta Wood" , "Augusta > Wood" > To: mccord@kmzr.com, > "Mccord" > Subject: {FAILED SC} Spyware Aiert - January 25th > Date: Fri, 28 Jan 2005 14:26:00 +0100 > Mime-Version: 1.0 > Received: from abac.com ([100.144.236.240]) by > crisscross.iupi.pt > > (InterMail vK.4.04.00.00 218-712-387 license > > 5uz341wo5802c0kq1v5mts5394z8rdj1) with ESMTP id > > <67078592714268.CCLC9817.crisscross.iupi.pt> for > ; > Fri, 28 Jan 2005 17:26:00 +0400 > Subject: Spyware Aiert - January 25th > Sender: "Augusta Wood" > X-KMZR-MailScanner-Information: > > X-MailScanner-SpamCheck: spam, SpamAssassin (score=22.075, required > > 7,autolearn=spam, BAYES_80 2.09, INVALID_TZ_GMT 0.20, LONGWORD > > 0.30,LONGWORDS 2.26, MR_NOT_ATTRIBUTED_IP 0.20, MR_STRANGE_QUESTION > > 1.50,MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, NO_RDNS2 > > 0.01,RCVD_IN_DSBL 3.81, RCVD_IN_SORBS 1.00, URIBL_OB_SURBL > > 3.21,URIBL_SC_SURBL 4.26, URIBL_WS_SURBL 1.46) > X-MailScanner-SpamScore: ssssssssssssssssssssss > X-MailScanner-From: reevesxfkyy@topteam.bg > Return-Path: Reevesxfkyy@topteam.bg > X-OriginalArrivalTime: 28 Jan 2005 13:30:17.0277 (UTC) > FILETIME=[81717ED0:01C5053D] > > > > Brian M. Duncan > > Katten Muchin Zavis Rosenman > 525 West Monroe Street > Chicago IL 60661-3693 > 312-577-8045 > > brian.duncan@kmzr.com > > =========================================================== > > Important: > This electronic mail message and any attached files contain > information intended for the exclusive use of the individual > or entity to whom it is addressed and may contain information > that is proprietary, privileged, confidential and/or exempt > from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any viewing, > copying, disclosure or distribution of this information may > be subject to legal restriction or sanction. Please notify > the sender, by electronic mail or telephone, of any > unintended recipients and delete the original message without > making any copies. > > =========================================================== > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the MAQ > (http://www.mailscanner.biz/maq/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This email has been scanned by the Level 5 Internet > MailCrusader for viruses, spam and dangerous content. > For more information please visit http://www.l5net.net > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! =========================================================== Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:11 2006 Subject: No subject Message-ID: Trojan.Moo is a Trojan horse program that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028). So, yes, there are common clients that have this bug if not properly patched. But I believe only IE supports the cursor property and I am sure only IE 6+ supports the url parameter within a cursor property definition. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:12 2006 Subject: No subject Message-ID: >Is Definitely MCP = %rules-dir%/mcp.rules >I have this in my %rules-dir%/mcp.rules > >From: @domain.com yes >FromOrTo: default no Hope this is clear enough to give you a picture of whats happening or else pleaselet me know i will try again. On Thu, 31 Mar 2005 18:55:51 +0100, Julian Field wrote: >You realise that those MCP actions will deliver the mail to the original >recipient as well as forward it to user@domain.com. > >Venkata Achanta wrote: > >>Julian, >> >>I think you didnt see the MCP config in the e-mail. >> >>Yes ! i am aware that spam actions have nothing to do with MCP. >> >> >> >>>MCP Actions = deliver user@domain.com >>> >>> >>is what i have in the MCP actions and i still the behaviour mentioned >>earlier. >> >> >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:18 2006 Subject: No subject Message-ID: configuration file "/usr/share/spamassassin/20_body_tests.cf" requires version 3.000002 of SpamAssassin, but this is code version 3.000000. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Conf/Parser.pm line 329. (several of those) Then later I see several of these... debug: config: SpamAssassin failed to parse line, skipping: uridnsbl_skip_domain yahoo.com w3.org msn.com com.com yimg.com debug: config: SpamAssassin failed to parse line, skipping: uridnsbl_skip_domain hotmail.com doubleclick.net flowgo.com ebaystatic.com aol.com If I do a which spamassassin I get... /usr/bin/spamassassin If I find /usr/lib/perl5 -name SpamAssassin.pm -print, I get... /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin.pm So there still are two? I guess I don't understand... help please? > Just whichever place you start using these RPMs from (Dag's is just > fine) make sure you stick to it. Good tip... I'll add it to my notes. I know you're busy, but if you could maybe give me a short explanation of how I screwed this up I'd appreciate it. I've upgraded 2-3 times using your scripts before without any problems and followed my notes this time with less then successful results. If I knew why/how this happened maybe I keep from doing it again in the future. I do and have read everything I can get my hands on including the list everyday and all the FAQ's MAQ's and now wiki's. But I still seem to get myself into a mess every now and again. :) Many thanks again. k Output from MailScanner -v (just in case) [root@gw-mail /]# MailScanner -v Running on Linux gw-mail.aiainsurance.com 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004 i686 i686 i386 GNU/Linux This is Red Hat Linux release 9 (Shrike) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.40.11 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.20 IO 1.09 IO::File 1.122 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.05 POSIX 1.75 Socket 0.03 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.806 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.13 Mail::ClamAV 3.000000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.89 Text::Balanced 1.35 URI Ken Goods Network Administrator AIA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:30 2006 Subject: No subject Message-ID: Steve Steve Swaney President Fortress Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 www.fsl.com steve.swaney@fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:31 2006 Subject: No subject Message-ID: Incoming Queue Dir = /var/spool/exim.in/input ... MTA = exim [root@filter etc]# ls -la !$ ls -la /var/spool/exim.in/input total 32 drwxrwxrwx 2 exim exim 4096 May 4 10:56 . drwxr-x--- 5 exim exim 4096 May 2 16:39 .. -rw-r----- 1 exim exim 24 May 4 10:56 1DTO6X-0003mH-2u-D -rw-r----- 1 exim exim 1556 May 4 10:56 1DTO6X-0003mH-2u-H anything else I can look for?? -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Wednesday, May 04, 2005 12:49 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: mailscanner not processing exim queue Check your Incoming Queue Directory point to /var/spool/exim.in/input and MTA = exim. Arif Malik wrote: > Not sure what is wrong - my first attempt running mailscanner... I > have exim now queing up mail in /var/spool/exim.in/input - which is > what i have mailscanner set to look at for incoming mail... my > /var/log/maillog shows only one thing ever: > > May 4 11:22:12 filter MailScanner[15045]: MailScanner E-Mail Virus > Scanner version 4.31.2 starting... > There are no errors or anything, but all my mail just sits in > /var/spool/exim.in/input, and mailscanner doesn't scan/move them into > the outgoing directory. I have browsed the archives and didn't see > anyone having the same problem which makes me think its probably > something simple, but I have been going back over the configs over and > over and don't see what I'm missing.. any help is much appreciated. > Thanks! > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:36 2006 Subject: No subject Message-ID: sendmail somebody Blah Blah Blah . And expect it to be in out.txt. It's not, and examining the logs gives me: *********** LOG BEGIN ********************** May 12 13:39:21 computername sendmail[9232]: j4CHdKWv009232: from=dweber, size=5, class=0, nrcpts=1, msgid=<200505121739.j4CHdKWv009232@computername.backbonesecurity.com>, relay=root@localhost May 12 13:39:21 computername sendmail[9233]: j4CHdLQS009233: from=, size=307, class=0, nrcpts=1, msgid=<200505121739.j4CHdKWv009232@computername.backbonesecurity.com>, proto=ESMTP, daemon=MTA, relay=computername.backbonesecurity.com [127.0.0.1] May 12 13:39:21 computername sendmail[9232]: j4CHdKWv009232: to=leads@localhost, ctladdr=dweber (500/501), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30005, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j4CHdLQS009233 Message accepted for delivery) May 12 13:39:23 computername MailScanner[7855]: New Batch: Forwarding 1 unscanned messages, 829 bytes May 12 13:39:23 computername MailScanner[7855]: Unscanned: Delivered 1 messages May 12 13:39:23 computername MailScanner[7855]: Virus and Content Scanning: Starting May 12 13:39:23 computername sendmail[9235]: STARTTLS=client: file /etc/mail/certs/cert.pem unsafe: No such file or directory May 12 13:39:23 computername sendmail[9235]: STARTTLS=client: file /etc/mail/certs/key.pem unsafe: No such file or directory May 12 13:39:23 computername sendmail[9235]: STARTTLS=client: file /etc/mail/certs/cacert.pem unsafe: No such file or directory May 12 13:39:23 computername sendmail[9235]: STARTTLS=client, error: load verify locs /etc/mail/certs, /etc/mail/certs/cacert.pem failed: 0 ***************** LINES OF INTEREST ***************************** May 12 13:39:24 computername sendmail[9241]: j4CHdLQS009233: to="| /post_leads_to_sugar", ctladdr= (8/0), delay=00:00:03, xdelay=00:00:00, mailer=prog, pri=120307, dsn=5.3.0, stat=unknown mailer error 1 May 12 13:39:24 computername sendmail[9241]: j4CHdLQS009233: j4CHdNdt009241: DSN: unknown mailer error 1 May 12 13:39:24 computername sendmail[9241]: j4CHdNdt009241: to=, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31800, dsn=2.0.0, stat=Sent **************** LOG END ***************************************** ************ BEGIN ACCESS FILE ************************ Here's my /etc/mail/access file (because it's fairly complex) computername.backbonesecurity.com RELAY localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY # Block all email not explicitly allowed by the automatic script To:backbonesecurity.com REJECT #allow the internal email server to use this as a smart host 216.144.184.6 RELAY 216.144.184.8 RELAY # --- BEGIN ADDRESSES AUTOMATICALLY GATHERED FROM EXCHANGE SERVER --- ***************** END ACCESS FILE ************************* Thanks for any help ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:36 2006 Subject: No subject Message-ID: sendmail somebody Blah Blah Blah . And expect it to be in out.txt. It's not, and examining the logs gives me: *********** LOG BEGIN ********************** May 12 13:39:21 computername sendmail[9232]: j4CHdKWv009232: from=dweber, size=5, class=0, nrcpts=1, msgid=<200505121739.j4CHdKWv009232@computername.backbonesecurity.com>, relay=root@localhost May 12 13:39:21 computername sendmail[9233]: j4CHdLQS009233: from=, size=307, class=0, nrcpts=1, msgid=<200505121739.j4CHdKWv009232@computername.backbonesecurity.com>, proto=ESMTP, daemon=MTA, relay=computername.backbonesecurity.com [127.0.0.1] May 12 13:39:21 computername sendmail[9232]: j4CHdKWv009232: to=leads@localhost, ctladdr=dweber (500/501), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30005, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j4CHdLQS009233 Message accepted for delivery) May 12 13:39:23 computername MailScanner[7855]: New Batch: Forwarding 1 unscanned messages, 829 bytes May 12 13:39:23 computername MailScanner[7855]: Unscanned: Delivered 1 messages May 12 13:39:23 computername MailScanner[7855]: Virus and Content Scanning: Starting May 12 13:39:23 computername sendmail[9235]: STARTTLS=client: file /etc/mail/certs/cert.pem unsafe: No such file or directory May 12 13:39:23 computername sendmail[9235]: STARTTLS=client: file /etc/mail/certs/key.pem unsafe: No such file or directory May 12 13:39:23 computername sendmail[9235]: STARTTLS=client: file /etc/mail/certs/cacert.pem unsafe: No such file or directory May 12 13:39:23 computername sendmail[9235]: STARTTLS=client, error: load verify locs /etc/mail/certs, /etc/mail/certs/cacert.pem failed: 0 ***************** LINES OF INTEREST ***************************** May 12 13:39:24 computername sendmail[9241]: j4CHdLQS009233: to="| /post_leads_to_sugar", ctladdr= (8/0), delay=00:00:03, xdelay=00:00:00, mailer=prog, pri=120307, dsn=5.3.0, stat=unknown mailer error 1 May 12 13:39:24 computername sendmail[9241]: j4CHdLQS009233: j4CHdNdt009241: DSN: unknown mailer error 1 May 12 13:39:24 computername sendmail[9241]: j4CHdNdt009241: to=, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31800, dsn=2.0.0, stat=Sent **************** LOG END ***************************************** ************ BEGIN ACCESS FILE ************************ Here's my /etc/mail/access file (because it's fairly complex) computername.backbonesecurity.com RELAY localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY # Block all email not explicitly allowed by the automatic script To:backbonesecurity.com REJECT #allow the internal email server to use this as a smart host 216.144.184.6 RELAY 216.144.184.8 RELAY # --- BEGIN ADDRESSES AUTOMATICALLY GATHERED FROM EXCHANGE SERVER --- ***************** END ACCESS FILE ************************* Thanks for any help ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:38 2006 Subject: No subject Message-ID: This is the current list of tests SpamAssassin(tm) performs on mail messages to determine if they're spam or not. If you wish to change the score from the default, add a line like this to your ~/.spamassassin/user_prefs: -------------------------------------------- And from MailScanner.conf (Debian package) # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. # If this is unset then no extra places are searched for. # If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do # mkdir /var/spool/MailScanner/spamassassin # chown postfix.postfix /var/spool/MailScanner/spamassassin # NOTE: SpamAssassin is always called from MailScanner as the same user, # and that is the "Run As" user specified above. So you can only # have 1 set of "per-user" files, it's just that you might possibly # need to modify this location. # You should not normally need to set this at all. #SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin User State Dir = /var/lib/MailScanner > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth > Sent: Tuesday, May 17, 2005 9:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Conf file change request spam.assassin.prefs.conf > > Scott > > you could alway put you site specific things in a file in > /etc/mail/spamassassin. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > Hancock, Scott wrote: > > Could this section of spam.assassin.prefs.conf call a file > similar to > > the whitelist file? > > > > # =============== Change SpamAssassin Rules scores =============== > > > > I'm hoping it would make upgrading mailscanner easier. > > > > Thanks > > > > Scott Hancock > > -Morgan > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ********************************************************************** > > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:44 2006 Subject: No subject Message-ID: If you are using this ruleset, a quick hack is to change the __KP_DAEMON rule to header __KP_DAEMON From =~ /./i so that it always matches. The better solution by far is to switch back to Raymond's original ruleset at http://mailscanner.prolocation.net/german.cf The "improvement" someone made to it wasn't as good as it might have looked :( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:44 2006 Subject: No subject Message-ID: While I wept and began to moan suddenly there came a rining on my phone. As of someone urgently phoninig, phonining me to do a chore "Tis some boss," I thought, phoning me to do a chore. Only this and nothing more. Ah, fondly I remember, it was a sunny day in September. And every I.T guy was running around on that floor. Eagrly I wished that google would do it's works. To find me a solution to these virus jerks. It answered my cry and gave me a name. Julian Field ,and much much more And the silken sad clicking of each new web page Thrilled me, filled with fantastic relief never felt before. So that now, to stop the ringing in my ears, I stood repeating. "Tis some boss just calling me on my phone" "Some annoying boss wanting me to do another chore" This it is and nothing more. Presently my courage got stronger, taking it no longer. I reached down and picked up that damn phone. "Sir", said I, what can I do you for? That fact was, that the boss had been napping And the clients had started crapping. Crapping on him like never before. Deep into the phone I began listening, wondering, fearing. Hearing, I must get a solution to this problem before four. To stop the spam and virus' in its tracks So the clients would get off our backs. MailScanner! This I whispered back in the phone. MailScanner and nothing more. Back to the computer turning, all the keys on the keyboard burning. Soon I began learning, learning Mailscanner and how to install. "Surely" said I when I finshed, surely this can't be true. An open source program that does virus scanning, content filter and SPAM checking too. I picked on the phone and made the call. From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:44 2006 Subject: No subject Message-ID: But finally in stepped Mailscanner, from a hard days chore. And all around the I.T. guys gathered to see what was the matter. The matter, because this had never been done before. MailScanner sat there saying "Nevermore" "Work!" said I, as I started the new Service And we cowered round the tailed log files of the servers. As we watched the log files start to grow. And started to read the lines, row by row. We saw something new, something we would now adore Quoth the Mailscanner, "Nevermore" And now the Mailscanner, never dying, still working, still working. On all the mailservers in the data center on the ground floor. And its eyes having all that it can see of a daemon using clam-AV. The I.T. guys are not longer running around that floor. And the phone do not ring anymore. All because of Mailscanner. Shall not be lifted - Nevermore! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:45 2006 Subject: No subject Message-ID: qualified domain name, however other information such as MTA name and version is not required. Certainly my banner message is 220 mx1.bmrb.co.uk ESMTP Which I believe to be RFC compliant - until it passes through my PIX that is! -- _________________________________________________________________ KMR Group, KMR Software and BMRB have moved offices. Our new address is: Ealing Gateway 26-30 Uxbridge Road Ealing London W5 2BP t: 020 8433 4000 f: 020 8433 4001 All direct line numbers remain unchanged _________________________________________________________________ BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:59 2006 Subject: No subject Message-ID: messages within about an hour or two if left alone. Stopping the service and killing sendmail procs has no effect, while rebooting the server brings the queue down very quickly. This used to happen only every Friday afternoon but now it is getting much more frequent. The mail log will show mostly stat=queued with only a sporadic stat=sent when this happens. Both run tempfs in RAM, have a local mailwatch installation which transfers all its rows to a central database every night and run a local named. Anybody has any idea what could cause this? Thanks, Bart^ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:29:59 2006 Subject: No subject Message-ID: messages within about an hour or two if left alone. Stopping the service and killing sendmail procs has no effect while rebooting the server brings the queue down very quickly. This used to happen only every Friday evening but now it is getting much more frequent. The mail log will show mostly stat=queued with only a sporadic stat=sent when this happens. Both run tempfs in RAM, have a local mailwatch installation which transfers all its rows to a central database every night and run a local named. Anybody has any idea what could cause this? Thanks, Bart… ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:06 2006 Subject: No subject Message-ID: bad standpoint. Mind you, I'm not defending his ... testiness... Just seeing "the other side":-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:08 2006 Subject: No subject Message-ID: SpamAssassin score for the message") you might indeed have done something in that area. Added new: Unrar Command = /usr/bin/unrar Added new: Unrar Timeout = 50 Added new: Disarmed Modify Subject = yes Added new: Disarmed Subject Text = {Disarmed} Added new: Spam Lists To Be Spam = 1 Added new: Use Custom Spam Scanner = no Added new: Max Custom Spam Scanner Size = 20000 Added new: Custom Spam Scanner Timeout = 20 Added new: Max Custom Spam Scanner Timeouts = 10 Added new: Custom Spam Scanner Timeout History = 20 Kai -- Kai Schtzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:14 2006 Subject: No subject Message-ID: called language.conf.new [root@WoodenMS en]# ls deleted.content.message.txt recipient.spam.report.txt deleted.filename.message.txt sender.content.report.txt deleted.virus.message.txt sender.error.report.txt disinfected.report.txt sender.filename.report.txt inline.sig.html sender.mcp.report.txt inline.sig.txt sender.spam.rbl.report.txt inline.spam.warning.txt sender.spam.report.txt inline.warning.html sender.spam.sa.report.txt inline.warning.txt sender.virus.report.txt languages.conf stored.content.message.txt languages.conf.from.new stored.filename.message.txt languages.new stored.virus.message.txt recipient.mcp.report.txt 2) The language.new has nothing in it. I am guessing that since there was no language.rpmnew that it created the file from nothing and hence is blank. The languages.conf.from.new file is the new one that was created. I renamed this so that I could use my original language file and get MailScanner up and running without the lanuage errors. Any idea what happened to my language.rpmnew file? Billy Pumphrey IT Manager Wooden & McLaughlin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:15 2006 Subject: No subject Message-ID: # Do you want to stop any virus-infected spam getting into the spam or MCP # archives? If you have a system where users can release messages from the # spam or MCP archives, then you probably want to stop them being able to # release any infected messages, so set this to yes. # It is set to no by default as it causes a small hit in performance, and # many people don't allow users to access the spam quarantine, so don't # need it. # This can also be the filename of a ruleset. Keep Spam And MCP Archive Clean = no ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:15 2006 Subject: No subject Message-ID: the Envelope-From. So I suppose the Envelope-From contained user@monster.com (your mail log would tell) and that's why it got whitelisted. As for the general whitelist problem. You can use SA whitelisting. That allows to whitelist from addresses coming over certain relays. I think it's called whitelist_received or so. If you look in /usr/share/spamassassin (which holds the basic rules SA comes with, don't change anything there!) you will find some of these rules in the xx_whitelisted.cf file or what it's called. But beware: SA whitelisting works only on the header not on the envelope! Kai -- Kai Schtzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:17 2006 Subject: No subject Message-ID: but Linux beats fBSD when everything runs in RAM. Considering our machines are always running with zero swap used, we "should" get a bit more out of them on Linux. How much will probably be a matter for speculation, as the benchmarks we've used are fairly artificial - they are purely programatic tests that bypass certain things in order to work. Cheers, James ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:19 2006 Subject: No subject Message-ID: "There are many examples, Freedman says. Information about NASA's Mars explorer program was deleted from library Internet access because when the two words Mars and explorer are merged, they form the word "sex." Likewise, library computer searches for information about Super Bowl XXX are often fruitless because the filtering technology cannot differentiate between the use of Roman numerals to specify a championship football game and the use of three X's to designate a pornographic video" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:21 2006 Subject: No subject Message-ID: mystique.winnefox.org. [Preference = 20] mail.winnefox.org. [Preference = 10] destiny.winnefox.org. [Preference = 15] > When mail hits on Destiny some problem oocurs (it can be a connection > time out or a busy server ) and the mail goes to Mystique instead. > But in normal scenarios when there is no load or much traffic on the > server you are observing that the mail still goes to mystique. Close. Mail goes to mail.winn... Then get's bounced to destiny. Destiny scans that mail, then sends it off to mail.winn... Mystique.winn... Is only there as a fail safe in case there's a problem with destiny. Does that make any sense? > 2) Is Destiny and Mystique directly available on the Internet via MX > records Yes. - jody ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:27 2006 Subject: No subject Message-ID: works. What's weird to me is that net checks are working, but you're not seeing any network tests hitting. Do you have skip_rbl_checks 1 in your spam.assassin.prefs.conf? > > And I want to get bayes running as well. > > This is from my maillog... > > Jul 29 00:50:19 ... from 201.29.117.228 (hellen@sexyhot.com.br) to > pcplace.ca is not spam, SpamAssassin (score=0, required 4) > Jul 29 11:05:24 ... from 142.165.20.172 (tracycarroll@sasktel.net) to > pcplace.ca is not spam (whitelisted), SpamAssassin (score=-100, required > 4, USER_IN_WHITELIST -100.00) > > I think it's reasonable that the sexyhot message would trip at least one > test. Or am I mistaken... clearly the whitelist rules are tested. Without seeing the message, I couldn't tell you what should or should not have hit. I can tell you that 201.29.117.228 isn't listed by any RBLs other than spamcop, and it's listing in spamcop is under 24hours old, so it may not have been listed at 00:50. I can tell you there's no rules that look for "sexyhot" in the from address or return path. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:36 2006 Subject: No subject Message-ID: So, now i have the following problem: Maybe someone tries to send a mail with this from-header this mail would not got scanned. So i wonder, as those mails are only from one ip possible, to set this rule more exact: Like: From xyc@xyc.com AND From: 255.255.255.255 (this ip is for example only ;) no Is this possible? I cannot put the ip only to no, as some mails from this ip should get scanned.. Any ideas are appreciated.. Thanks in advance Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:37 2006 Subject: No subject Message-ID: pgpgin/s Total number of kilobytes the system paged in from disk per second. pgpgout/s Total number of kilobytes the system paged out to disk per second. % swap used is steady at 1.05% > It doesn't seem to be I/O depraved either > (mine show worst iowait but I only have a single disk). This is a single raid 0 array, IDE 7200 RPM. > > What processes are displayed by top when this happens? > Can't tell right now, i'll check next time such a burst happens. We are running with 10 child processes on a HT 2.8 P4 with 2 GB RAM. Here is a sample of 'vmstat 5' when the load was ~ 7. procs memory swap io system cpu r b swpd free buff cache si so bi bo in cs us sy id wa 10 3 43196 98388 198936 629980 0 0 1 1 1 0 0 1 0 1 11 3 43196 138004 198956 617896 0 0 6 573 193 295 73 27 0 0 7 1 43196 130760 198976 612512 0 0 2 394 178 516 83 17 0 0 9 3 43196 147580 198980 624544 0 0 0 2716 145 328 86 14 0 0 5 4 43196 151496 200456 623460 0 0 4 2714 190 606 84 16 0 0 Maybe we'd need a more powerful CPU? > Denis > Merci bien Denis ;) -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:38 2006 Subject: No subject Message-ID: from the picture... there hardly seem to be any taking place. What fs do you use? Perhaps an issue with that... Or perhaps some really crummy NIC driver and a spell of network congestion driving the CPU nuts? It has been known to happen (mostly back in the dark ages, but still:-). Oh well, 'nuff rambling -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:30:50 2006 Subject: No subject Message-ID: " * No syncs on logs - edit your syslog.conf file #mail.* /var/log/maillog (commented out) mail.* -/var/log/maillog (new line) " Notice the '-' in front of the logfile name. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:02 2006 Subject: No subject Message-ID: ========================================================================= BitDefender Linux Edition uses the most advanced multi-platform virus inspection technology which scans for viruses and other malware on your personal system. The On-Demand Scanner, for command line or shell scripts, features manual scan of individual files or entire file systems, malicious code detection and disinfection. After each scan, the solution displays a detailed report on positive virus detections. Thanks to BitDefender scan engine advanced features, new, undiscovered threats can be detected and immediately eliminated from the system. Available for most UNIX platforms, the product has the role to keep you away from worms like Morris or Scalper ^ UNIX malware, as well as from all the Windows viruses. BitDefender Linux Edition is a freeware product, which doesn't require a license to be used. ========================================================================= The free version is just an on-demand scanning engine, the commercial linux version is much, much more and you can see some of the features here http://www.bitdefender.com/PRODUCT-100-en--BitDefender-Antivirus-&-Antispam- for-Linux-and-FreeBSD-Mail-Servers.html or here http://download.bitdefender.com/linux/mailserver/RELEASE_NOTES The free windows desktop version is strictly on-demand and doesn't have the realtime scanning or a whole host of other features. Therefor it's a useless product compared to, say, AVG free home addition which doesn't allow much in configuration or cleaning options but does include email scanner, and realtime scanning as well as on demand. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:10 2006 Subject: No subject Message-ID: How long will Sophos Anti-Virus for Linux, version 3.xx, be available after the launch of Sophos Anti-Virus for Linux, version 5.0? Because administrators have to uninstall Sophos Anti-Virus for Linux, version 3.xx, in order to upgrade to version 5.0, we will support version 3.xx for one year after version 5.0 becomes available. It also appears that there will also be better updating capabilities with the new version. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:12 2006 Subject: No subject Message-ID: my mailscanner servers get quarantined due to pyzor seeing a URL in the bounce and assigning a relatively high score to it. These are legitimate bounced messages where a user has incorrectly typed a recipient email address. Is there a known way that this can be overcome? Many thanks in advance. Tony. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:13 2006 Subject: No subject Message-ID: I receive this error, root....connecting to [127.0.0.1] via relay root....Deferred: Connection refused by [127.0.0.1] What files do I need to modify under /etc/mail? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> BB 11/20/2005 9:38 PM >>> Marc, I have attached working sendmail.mc and sendmail.cffiles along with /etc/rc.conf startup. There are a number of things in the rc.conf that you don't need just use the sendmail portion for examples. BTW /etc/defaults/rc.conf show examples and are used if /etc/rc.conf does not exist. /etc/rc.conf will override /etc/defaults/rc.conf. The first thing is to get a working copy of sendmail running. Make your edits to /etc/rc.conf with the examples sent. Copy sendmail.cf /etc/mail Verify no sendmail processes are running and if they are kill the pid of them. Verify again they are gone. Run "sh /etc/rc.sendmail start" . No quotes. This should start sendmail. Send your self a test message from the MTA level - sendmail -v root . It does not make sense to me why sendmail is running if it is marked to "NONE". If that dosen't do it mark the first instance with NONE and all the others with NO BTW: There is also a nice webmin modual for MailScanner. Once setup things don't change much other then whitelists/blacklists. The latest version of mailwatch can do this hence Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist Hang on for the ride... On 11/20/05, Marc Dufresne wrote: > > I am going to explain my understanding of the MailScanner setup. Please > reveiw and let me know if I'm understanding this correctly? > > When MailScanner.conf is configured, the following parameters should be > set if I'm using sendmail on FreeBSD 5.4: > > #MTA used for the Gateway > MTA=sendmail > > #Set how to invoke MTA when sending messages MailScanner has created > (e.g. to sender/recipient saying "found a virus in your message"). This > can also be the filename of a ruleset. > sendmail=/usr/sbin/sendmail > > #Incoming mail queue directory for Sendmail > Incoming Queue Directory=/var/spool/mqueue > > #Outgoing mail queue directory for Sendmail > Outgoing Queue Directory=/var/spool/mqueue > > #Incoming Queue Directory for MailScanner > /var/spool/MailScanner/incoming > > #Quarantine Directory for MailScanner > /var/spool/MailScanner/quaratine > > System Startup should be as follows: > > 1) #Disable sendmail from loading at system startup > modify /etc/rc.conf to disable sendmail load > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > > > Section 23.4.2.3 FreeBSD 5.0-STABLE and Later > > /etc/rc.conf > > sendmail_enable="NO" > sendmail_submit_enable="NO" > sendmail_outbound_enable="NO" > sendmail_msp_queue_enable="NO" > > 2) #Load MailScanner at system startup. > #Make sure mailscanner.sh file is located under /usr/local/etc/rc.d > in order to load MailScannner process at startup. Mailscanner.sh should > invoke sendmail and mailscanner process to start scanning/delivering > mail. > > /usr/local/etc/rc.d/mailscanner.sh > _________________________________ > > First Problem > > I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried > everything. Sendmail still loads at startup??????? > > Second Problem > > Once system is completly loaded and sitting at the login prompt, I > receive an error > NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind > address already in use > > I login, and run ps -ax (This is what I see) > > 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) > 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for > /var/spool/client > > 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > /var/spool/mqueue > 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > /var/spool/client > > 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner > /usr/local 614 ?? S 0:02.33 /usr/bin/perl > -I/usr/local/lib/MailScanner /usr/local > 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner > /usr/local > 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner > /usr/local > 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner > /usr/local > 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner > /usr/local > > Third Problem > > I run tail -f /var/log/maillog > > I will send test e-mails from the outside and watch sendmail receive > and process incoming mail. Everyone receives e-mails from the outside, > but mailscanner does not scan any messages. > > I will issue a mailq to view /var/spool/mqueue directory. Directory is > always empty. > > I'm completely stumped here as to why Sendmail refuses to disable at > startup and MailScanner refuses to scan e-mail messages!!!!! > > Any ideas???? > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> BB 11/19/2005 12:38 AM >>> > Don't know if they ever got the list fixed for my replies, so I'm doing > it > direct and through the list. > > Change /etc/rc.conf or /etc/defaults/rc.conf > sendmail_enable=NONE > > Verify mailscanner is starting up with /usr/local/etc/rc.d/mailscanner > .sh > > Think you need to manually create some of the directores. Verify > MailScanner.conf for directories. > > tail -f /var/log/maillog will show you the details > > The only reason to rebuild sendmail.cf > is to > remove > IPv6 stuff. I would use m4 macro for that. Webmin would be a good > choice to > use. > > # SMTP daemon options > > O DaemonPortOptions=Name=IPv4, Family=inet > O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O > O DaemonPortOptions=Port=587, Name=MSA, M=E > > > -- > ACK and you shall receive > > > -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:15 2006 Subject: No subject Message-ID: with what made the installer easier. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:17 2006 Subject: No subject Message-ID: Mcafee: total of 288 viruses were found and filtered. ClamAV: A total of 292 viruses were found and filtered. Sophos: A total of 252 viruses were found and filtered. F-Secure: A total of 71 viruses were found and filtered. Considering that in recent months F-Secure was the complete opposite and double the detection rate of the other AVs, I'm a bit surprised by this. Is anyone using F-Secure? Am I using an out of date version? F-Secure Anti-Virus Command line client version: F-Secure Anti-Virus for Linux version 4.52 build 2461 F-Secure Corporation Libra database version 2005-11-25 F-Secure Corporation Orion database version 2005-11-25 Kaspersky Labs. AVP FPI Engine database version 2005-11-25 ... so the db's are current, but the binary is getting a bit long in the tooth. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:20 2006 Subject: No subject Message-ID: [85.68.2.82]) by mailscanftp.parks.on.ca (8.13.3/8.13.3) with ESMTP id jAUFjUU7016465; Wed, 30 Nov 2005 10:45:35 -0500 (EST) (envelope-from dirkmaxwell_os@lycos.com) Message-ID: From: "Dirk Maxwell" To: forms@parks.on.ca, getawaya@parks.on.ca Subject: {Spam?} Investment Idea For You Date: Wed, 30 Nov 2005 15:42:47 +0000 MIME-Version: 1.0 Content-Type: text/plain X-SLPC-MailScanner-Information: Please contact the ISP for more information X-SLPC-MailScanner: Found to be clean X-SLPC-MailScanner-SpamCheck: X-SLPC-MailScanner-From: dirkmaxwell_os@lycos.com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by mailscanftp.parks.on.ca id jAUFjUU7 016465 Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> Marc.Dufresne@PARKS.ON.CA 11/30/2005 1:55 PM >>> All SPAM detected is forwarded to my FreeBSD local account under /var/mail. Everyday I view the file and noticed that the Subject line is being modified at the beginning with {Spam?} with no spam score (ssss). I was under the impression that once SPAM is detected, it would score it accordingly by placing an "s" within the subject line. Why is this happenng? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:25 2006 Subject: No subject Message-ID: :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Martin Hepworth" To: Sent: Wednesday, December 07, 2005 9:08 AM Subject: Re: Web site working? > Jules > > Another me too, but it to does take a while for the ipv6 to give up before > it tries for a ipv4. This happens (of course) only for the first lookup of > the day. > > Could be firewall/content restrictions at his end? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: 07 December 2005 13:57 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: [MAILSCANNER] Web site working? >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I'm getting reports from a journalist that although he can traceroute >> to www.mailscanner.info, his web browser cannot connect to it. >> Can someone check the website is visible and working please? >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.3 (Build 2932) >> >> iQEVAwUBQ5bqQ/w32o+k+q+hAQF4WQf/X5Lo5WjulNDTw5EBcM9BGDUde9xcHSm0 >> oskRqLjhu7YfAat8iDMRkedbsvg3CjG/Ch6NTQ7iJ7bo6mLuqOleGOOdwDxj5+rW >> GheJCw0rKVUyzQuXpBhuKrQ/j1CkEGEHXpcQAE/+n1un6uicZLFQspM1KmH5M3UJ >> /QNM1njbdExM5xKh2OM5YQrKIfPgLZmZmIvpuMzskUEufMcIcxJTw3Z3pRwKqz/x >> +Zu3PX3lf8k7iUZndOV5Yadj07sj0Fzi7X9bfJVHS5E7WShzPWPvqaf0HK8GWREQ >> CKa3mTpBKbaCphyTgl2kz/N9FK2ANLKcIr/7cHlY6rl20QCD4I6yog== >> =KN44 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:29 2006 Subject: No subject Message-ID: Might be a php re-director that pulls from a bad location for you. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:31 2006 Subject: No subject Message-ID: -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Aslan Carlos M. Ramos > Sent: 13 December 2005 13:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] SOPHOS MODULES SOPHOS-SAVI > > Hi Group, > > The Problem with the Perl Module for Antivirus Sophos are fixed or are > problems with the module? > > Some last versions I've problems to run the MailScanner w/ Sophos-Savi > (PerlModule), I like this module because it's more fast than the line > command with sweep. > > Thanks so Much. > > -- > Aslan Carlos M. Ramos > Aeon Technologies > (21) 2705 - 3139 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:34 2006 Subject: No subject Message-ID: Would you add another comment line stating all the valid options. Thanks Brad ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 1 14:06:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:36 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Happy New Year to you all! I have just released the latest stable version of MailScanner, 4.49. This should be noticeably faster than previous releases. Noticeable changes are: - Speed improvements for sendmail, Postfix and Exim systems. - The output of "ps" now states what each MailScanner process is doing at the time so you can easily see any problems and it helps you monitor the state of your system. - New configuration options to make simple filename and filetype rules much easier to handle, especially when you want different filename/type restrictions for different people. The old system is still there, is still used, and works just as before. But now with the extra new "Allow Filenames", "Deny Filenames", "Accept Filetypes", "Deny Filetypes" configuration options you can easily write conventional rulesets to control these features. These are applied before the filename.rules.conf and filetype.rules.conf files. The order is "Accept" then "Deny" then file{name,type}.rules.conf. Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * - Speed improvements for sendmail systems by changing the way temporary files are handled and how attachments are parsed. This should be really noticeable if I've got it right. Thanks for the great help of the Vodafone SHARK team. - Added speed improvements for Exim. - Added speed improvements for Postfix. - Now changes the command line listed in `ps` (ie $0) to show what MailScanner is doing. Should help diagnose slow system problems. - 4 new configuration options, which list patterns against which filenames and filetypes are matched to see if we should allow them or block them. This is implemented for the benefit of web-based configuration systems for MailScanner, it is not really intended for human use as it will complicate the filename/filetype matching unless you understand it. Read the comments in the MailScanner.conf and suggest better explanations! "Allow Filenames", "Deny Filenames", "Allow Filetypes", "Deny Filetypes". Note: There are 2 new entries in languages.conf so remember to run an upgrade_languages_conf. - Upgraded tnef program to 1.3.4. - Added message 'actions' property for MailWatch reporting. - Custom Function filenames must end in .pm or .pl. Others will be logged and skipped. - Various minor speed improvements. * Fixes * - Changed Postfix code to better support latest revision of Perl. - Now stops MailScanner more reliably on SuSE systems. - Logging of tags only done if logging HTML tags. - Fixed minor array ref problem in Perl 5.8.7 on FreeBSD 6.0 (which is not a public stable release anyway). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at GMAIL.COM Sun Jan 1 15:19:45 2006 From: dl6mpg at GMAIL.COM (Uwe) Date: Thu Jan 12 21:31:36 2006 Subject: Script check_mailscanner.linux broken in 4.49.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, every 20 minutes i check MailScanner with check_mailscanner.linux via crontab. But for the script the output of "ps axww" must be like this : 8305 ? S 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/MailScanner/etc/MailScanner.conf (Output of ps axww Version 4.48.4) Here ist the Output of MS Version 4.49.7 : 7456 ? S 0:00 MailScanner: master waiting for children, sleeping 7457 ? S 0:11 MailScanner: waiting for messages 7463 ? S 0:11 MailScanner: waiting for messages 7614 ? S 0:00 MailScanner: master waiting for children, sleeping 7617 ? S 0:11 MailScanner: waiting for messages 7657 ? S 0:11 MailScanner: waiting for messages 7807 ? S 0:00 MailScanner: master waiting for children, sleeping 7808 ? S 0:11 MailScanner: waiting for messages 7816 ? S 0:00 MailScanner: master waiting for children, sleeping 7817 ? S 0:11 MailScanner: waiting for messages 7819 ? S 0:11 MailScanner: waiting for messages 7825 ? S 0:11 MailScanner: waiting for messages The script looks fo the binary path ... btw, HNY ! Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 1 15:28:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:36 2006 Subject: Script check_mailscanner.linux broken in 4.49.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you tried just using the "check_mailscanner" script? (Often called check_MailScanner) I must get around to removing check_mailscanner.linux, it shouldn't really be in there now. Uwe wrote: >Hi, > >every 20 minutes i check MailScanner with check_mailscanner.linux via crontab. > >But for the script the output of "ps axww" must be like this : > >8305 ? S 0:00 /usr/bin/perl -I/opt/MailScanner/lib >/opt/MailScanner/bin/MailScanner /opt/MailScanner/etc/MailScanner.conf > >(Output of ps axww Version 4.48.4) > >Here ist the Output of MS Version 4.49.7 : > > 7456 ? S 0:00 MailScanner: master waiting for children, sleeping > 7457 ? S 0:11 MailScanner: waiting for messages > 7463 ? S 0:11 MailScanner: waiting for messages > 7614 ? S 0:00 MailScanner: master waiting for children, sleeping > 7617 ? S 0:11 MailScanner: waiting for messages > 7657 ? S 0:11 MailScanner: waiting for messages > 7807 ? S 0:00 MailScanner: master waiting for children, sleeping > 7808 ? S 0:11 MailScanner: waiting for messages > 7816 ? S 0:00 MailScanner: master waiting for children, sleeping > 7817 ? S 0:11 MailScanner: waiting for messages > 7819 ? S 0:11 MailScanner: waiting for messages > 7825 ? S 0:11 MailScanner: waiting for messages > >The script looks fo the binary path ... > >btw, HNY ! > > >Uwe > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at GMAIL.COM Sun Jan 1 15:45:09 2006 From: dl6mpg at GMAIL.COM (Uwe) Date: Thu Jan 12 21:31:36 2006 Subject: Script check_mailscanner.linux broken in 4.49.7 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2006/1/1, Julian Field : > Have you tried just using the "check_mailscanner" script? (Often called > check_MailScanner) I must get around to removing > check_mailscanner.linux, it shouldn't really be in there now. Thanks, check_MailScanner works fine here ! Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 1 17:11:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:36 2006 Subject: Mac OSX programmers? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Are there any Mac programmers out there? What I would like to do is build a Mac version of MailScanner. Basically all I'm after at the moment is 1) Easy to install (dpkg) 2) System Prefs item for it just giving the ability to start and stop it, and monitor maillog 3) Automatically starts on boot 4) Integrates itself into the Postfix(?) MTA queues already there I would prefer it all in Perl, probably using XCode and CamelBones unless anyone has better suggestions. Once someone can get me started, I can then take it and expand it gradually to do more. I'm just stuck on getting started with this project. Can anyone offer any help please? Thanks folks! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From spamtrap71892316634 at ANIME.NET Sun Jan 1 17:53:47 2006 From: spamtrap71892316634 at ANIME.NET (Dan Hollis) Date: Thu Jan 12 21:31:36 2006 Subject: Mac OSX programmers? Message-ID: On Sun, 1 Jan 2006, Julian Field wrote: > I would prefer it all in Perl, probably using XCode and CamelBones unless > anyone has better suggestions. From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:36 2006 Subject: No subject Message-ID: want to use xcode. Keeping it real just using stock perl, makefiles or scons, and using packagemaker/hdiutil is my preferred method. Not that i'm offering to write it of course ;) -Dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Sun Jan 1 22:42:39 2006 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:36 2006 Subject: OT: Happy New Year! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 31/12/05, Drew Marshall wrote: > On 30 Dec 2005, at 20:29, Glenn Steen wrote: > > > ... to all of you who recognize december 31 as the final day of the > > "old" year... Well, I'm a bit early, but in the timetested traditional > > swedish way... I'm headed straight into the usual alcohol-induced > > mists... Will probably not be able to email anything before sometime > > in january:-) > > > > Also would like to extend a special thanks to Jules and Steve > > (Freegard). Keep up the fantastic work another year guys! > > > > Anyway, have a good one! > > Cheers > > Have a good one yourself Glenn and to everyone else out there in > 'MailScanner land' :-) > > May 2006 bring spam and infection free inboxes (But not so clear that > Jules' commercial adventure doesn't achieve the success it deserves) > > Drew > Well, the year could've ended in a more .... fortuitous way for me.... Spent three hours at the ER getting my leg into a cast... Sigh. Grown men should know better than to borrow the kids bobsleigh (Amazingly enough, not a whole lot of alcohol had been ingested beforehand:-):-). Oh well. Hope you all fared better;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From doc at MADDOC.NET Mon Jan 2 03:19:09 2006 From: doc at MADDOC.NET (Doc Schneider) Date: Thu Jan 12 21:31:36 2006 Subject: OT: Happy New Year! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > On 31/12/05, Drew Marshall wrote: >> On 30 Dec 2005, at 20:29, Glenn Steen wrote: >> >>> ... to all of you who recognize december 31 as the final day of the >>> "old" year... Well, I'm a bit early, but in the timetested traditional >>> swedish way... I'm headed straight into the usual alcohol-induced >>> mists... Will probably not be able to email anything before sometime >>> in january:-) >>> >>> Also would like to extend a special thanks to Jules and Steve >>> (Freegard). Keep up the fantastic work another year guys! >>> >>> Anyway, have a good one! >>> Cheers >> Have a good one yourself Glenn and to everyone else out there in >> 'MailScanner land' :-) >> >> May 2006 bring spam and infection free inboxes (But not so clear that >> Jules' commercial adventure doesn't achieve the success it deserves) >> >> Drew >> > > Well, the year could've ended in a more .... fortuitous way for me.... > Spent three hours at the ER getting my leg into a cast... Sigh. Grown > men should know better than to borrow the kids bobsleigh (Amazingly > enough, not a whole lot of alcohol had been ingested beforehand:-):-). > Oh well. Hope you all fared better;). > > -- Glenn, Just be glad it was only your leg... my wife has a friend who did something almost exactly like this and is now in a wheelchair--she broke her neck! (This happened a few years ago and no alcohol was involved) Hope the rest of this year goes well for the rest of the list folks. (Now to download the latest and greatest and see about getting my MailScanner upgraded. -- -Doc Lincoln, NE. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Mon Jan 2 03:46:11 2006 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:31:36 2006 Subject: upgrade_languages_conf broken and updating languages questions? Message-ID: Hi list! Just a small remark, for some releases already upgrade_languages_conf doesn't seem to be working for the RPM install, see the output below. Are there any upgrade scripts that provide a quick and easy way to get rid of all the .rpmnew files for all the languages and just replace the old versions? Also if somebody knows of a way to do some sort of grepping and deleting the 'MS thanks transtec' etc. lines from the various reports through a script that would be really neat :) For the error, when I change to the reports/en directory and run upgrade_languages_conf I get this: [root@gw en]# upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new Usage: RPM === If you are using the RPM distributions then try this: cd /etc/MailScanner/reports/en upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new mv -f languages.conf languages.old mv -f languages.new languages.conf TAR === If you are using the tar distribution so that the old version is in /opt/MailScanner and the new one is in /opt/MailScanner.new then: cd /opt/MailScanner.new/etc/reports/en ../../../bin/upgrade_languages_conf /opt/MailScanner/etc/reports/en/languages.conf /opt/MailScanner.new/etc/reports/en/languages.conf > languages.new mv -f languages.conf languages.old mv -f languages.new languages.conf NOTE ==== To keep your old comments in your original file, add "--keep-comments" to the command line. Note that this will mean you don't get to find out any extra new values you might be able to use in existing "improved" configuration options. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dh at UPTIME.AT Mon Jan 2 14:17:28 2006 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:31:36 2006 Subject: Mac OSX programmers? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Are there any Mac programmers out there? > > What I would like to do is build a Mac version of MailScanner. Basically > all I'm after at the moment is > 1) Easy to install (dpkg) > 2) System Prefs item for it just giving the ability to start and stop > it, and monitor maillog > 3) Automatically starts on boot > 4) Integrates itself into the Postfix(?) MTA queues already there > Well, with some convincing you might get someone to make you a Fink package (fink.sf.net) which is the most popular package manager for Unix based apps and ports for Mac os x (I shoudl know I am on a mac and I worked a long time for them) -d ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 2 14:48:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: upgrade_languages_conf broken and updating languages questions? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Does upgrade_MailScanner_conf work okay for you? Remco Barendse wrote: > Hi list! > > Just a small remark, for some releases already upgrade_languages_conf > doesn't seem to be working for the RPM install, see the output below. > > Are there any upgrade scripts that provide a quick and easy way to get > rid of all the .rpmnew files for all the languages and just replace > the old versions? > > Also if somebody knows of a way to do some sort of grepping and > deleting the 'MS thanks transtec' etc. lines from the various reports > through a script that would be really neat :) > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Mon Jan 2 15:43:48 2006 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:31:37 2006 Subject: upgrade_languages_conf broken and updating languages questions? Message-ID: > Does upgrade_MailScanner_conf work okay for you? Yes, flawlessly :) I just copy & paste the whole buch of lines and everything is upgraded automagically ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 2 15:55:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: upgrade_languages_conf broken and updating languages questions? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That's interesting, because upgrade_MailScanner_conf and upgrade_languages_conf are the same script! # ls -l /usr/sbin/upgrade_languages_conf lrwxrwxrwx 1 root root 24 Nov 26 12:42 /usr/sbin/upgrade_languages_conf -> upgrade_MailScanner_conf Something's wrong with how you entered the command, or one of the files was missing or similar. Remco Barendse wrote: >> Does upgrade_MailScanner_conf work okay for you? > > > Yes, flawlessly :) > > > I just copy & paste the whole buch of lines and everything is upgraded > automagically > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Mon Jan 2 16:04:45 2006 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:37 2006 Subject: 4.49.7 microbug in filename.rules.conf Message-ID: Julian, I uncommented line 14 (the wmf line) in filename.rules.conf, and 4.49.7 complained about a syntax error at startup. I realized the fourth argument of the line was missing and added it (with a tab in there). Happy after that. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ard at pergamentum.com Mon Jan 2 16:44:10 2006 From: ard at pergamentum.com (Alisdair Davey) Date: Thu Jan 12 21:31:37 2006 Subject: upgrade_languages_conf broken and updating languages questions? Message-ID: On Mon, 2006-01-02 at 15:55 +0000, Julian Field wrote: > That's interesting, because upgrade_MailScanner_conf and > upgrade_languages_conf are the same script! > > # ls -l /usr/sbin/upgrade_languages_conf > lrwxrwxrwx 1 root root 24 Nov 26 12:42 /usr/sbin/upgrade_languages_conf > -> upgrade_MailScanner_conf > > Something's wrong with how you entered the command, or one of the files > was missing or similar. > > Remco Barendse wrote: > > >> Does upgrade_MailScanner_conf work okay for you? I have had exactly the same problem on 3 different installation of 4.48.4 (and yes upgrade_MailScanner_conf works flawlessly). In each case there does not seem to be a languages.conf.rpmnew file (from the rpm install.) Cheers Alisdair ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Jan 2 17:58:15 2006 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am looking at installing MS on a freebsd 6 system. Has anyone done this before? How does it compare with Suse or Redhat with regards to management. Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 2 17:30:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: upgrade_languages_conf broken and updating languages questions? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alisdair Davey wrote: >On Mon, 2006-01-02 at 15:55 +0000, Julian Field wrote: > > >>That's interesting, because upgrade_MailScanner_conf and >>upgrade_languages_conf are the same script! >> >># ls -l /usr/sbin/upgrade_languages_conf >>lrwxrwxrwx 1 root root 24 Nov 26 12:42 /usr/sbin/upgrade_languages_conf >>-> upgrade_MailScanner_conf >> >>Something's wrong with how you entered the command, or one of the files >>was missing or similar. >> >>Remco Barendse wrote: >> >> >> >>>>Does upgrade_MailScanner_conf work okay for you? >>>> >>>> > >I have had exactly the same problem on 3 different installation of >4.48.4 (and yes upgrade_MailScanner_conf works flawlessly). In each case >there does not seem to be a languages.conf.rpmnew file (from the rpm >install.) > If there haven't been any changes to it (which there haven't) then it won't bother creating the .rpmnew as you don't need it. So just ignore it as you don't need to upgrade that file. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 2 18:10:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Use the "port". cd /usr/ports make install name=mailscanner Once you've done all that, I've got a little list of things you have to do extra, as I've just done this myself. I hope you're not using this in production, freebsd 6 isn't finished yet! Lance Haig wrote: > I am looking at installing MS on a freebsd 6 system. > > Has anyone done this before? > How does it compare with Suse or Redhat with regards to management. > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Jan 2 18:33:45 2006 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, I have just looked on their website and it says 6 is a production release. Does that mean it is unstable? Where can I find the documentation for installing MS on Freebsd. I have seen the document on http://www.sng.ecs.soton.ac.uk/mailscanner/FreeBSD.html Are there other documents ? Thanks Lance Julian Field wrote: Use the "port". cd /usr/ports make install name=mailscanner Once you've done all that, I've got a little list of things you have to do extra, as I've just done this myself. I hope you're not using this in production, freebsd 6 isn't finished yet! Lance Haig wrote: I am looking at installing MS on a freebsd 6 system. Has anyone done this before? How does it compare with Suse or Redhat with regards to management. Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 2 18:45:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Need to install Mail::SPF::Query Install the following: make install name=clamav make install name=p5-Mail-ClamAV make install name=p5-DBI make install name=p5-Net-Ident You need to make all the queue directories by hand and rename all the silly .sample files freebsd seems to use, which just makes life harder for you. Start by getting the modules installed. /usr/local/libexec/MailScanner/MailScanner -v shoulud produce everything installed except Mail::ClamAV, Net::LDAP and SAVI, they aren't needed. Then hunt /usr/local for every ".sample" file and rename them so they don't end in that. mkdir -p /var/spool/MailScanner/incoming mkdir /var/spool/MailScanner/quarantine That should be enough to get you started. If you could document what you do and add it to the wiki at wiki.mailscanner.info that would be *REALLY* helpful for other people. Lance Haig wrote: > Hi Julian, > > I have just looked on their website and it says 6 is a production release. > > Does that mean it is unstable? > > Where can I find the documentation for installing MS on Freebsd. > > I have seen the document on > http://www.sng.ecs.soton.ac.uk/*mailscanner*/FreeBSD.html > > Are there other documents ? > > Thanks > > Lance > > Julian Field wrote: > >> Use the "port". >> cd /usr/ports >> make install name=mailscanner >> >> Once you've done all that, I've got a little list of things you have >> to do extra, as I've just done this myself. >> I hope you're not using this in production, freebsd 6 isn't finished >> yet! >> >> Lance Haig wrote: >> >>> I am looking at installing MS on a freebsd 6 system. >>> >>> Has anyone done this before? >>> How does it compare with Suse or Redhat with regards to management. >>> >>> Thanks >>> >>> Lance >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at YAHOO.COM Mon Jan 2 19:03:48 2006 From: hermit921 at YAHOO.COM (hermit921) Date: Thu Jan 12 21:31:37 2006 Subject: phishing from same domain? Message-ID: Count me in as wanting this, too. hermit At 04:40 PM 12/28/2005, Ken A wrote: >I'd like it if MailScanner had an option so it would decide something was >phishing ONLY if the domain name didn't match, but ignore the hostname. >This assumes that most people can control hosts within their own domain, >but I think it would be a nice option. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevins at BMRB.CO.UK Mon Jan 2 19:01:55 2006 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:31:37 2006 Subject: WMF Exploit Message-ID: On Fri, 2005-12-30 at 10:06 +0000, Randal, Phil wrote: > My head hurts after reading this :-) > > http://www.skynet.ie/~caolan/publink/libwmf/libwmf/doc/ora-wmf.html > Damn, so my 'file' rule only matches one type of wmf file and not the one used in the public exploit. Thats unfortunate to say the least. It also seems from SANS that there is a new harder to detect version of the exploit about http://isc.sans.org/diary.php?date=2006-01-01 Not looking forward to tomorrow when everyone goes back to work... ================================================================= BMRB wins two BMRA awards - http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Jan 2 18:58:40 2006 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Will do sir :-) I will try as soon as I can find a spare machine. ( need to test it before I go live) Ta Lance Julian Field wrote: > Need to install Mail::SPF::Query > > Install the following: > make install name=clamav > make install name=p5-Mail-ClamAV > make install name=p5-DBI > make install name=p5-Net-Ident > > You need to make all the queue directories by hand and rename all the > silly .sample files freebsd seems to use, which just makes life harder > for you. > > Start by getting the modules installed. > /usr/local/libexec/MailScanner/MailScanner -v > shoulud produce everything installed except Mail::ClamAV, Net::LDAP > and SAVI, they aren't needed. > Then hunt /usr/local for every ".sample" file and rename them so they > don't end in that. > mkdir -p /var/spool/MailScanner/incoming > mkdir /var/spool/MailScanner/quarantine > > That should be enough to get you started. > > If you could document what you do and add it to the wiki at > wiki.mailscanner.info that would be *REALLY* helpful for other people. > > > Lance Haig wrote: > >> Hi Julian, >> >> I have just looked on their website and it says 6 is a production >> release. >> >> Does that mean it is unstable? >> >> Where can I find the documentation for installing MS on Freebsd. >> >> I have seen the document on >> http://www.sng.ecs.soton.ac.uk/*mailscanner*/FreeBSD.html >> >> Are there other documents ? >> >> Thanks >> >> Lance >> >> Julian Field wrote: >> >>> Use the "port". >>> cd /usr/ports >>> make install name=mailscanner >>> >>> Once you've done all that, I've got a little list of things you have >>> to do extra, as I've just done this myself. >>> I hope you're not using this in production, freebsd 6 isn't finished >>> yet! >>> >>> Lance Haig wrote: >>> >>>> I am looking at installing MS on a freebsd 6 system. >>>> >>>> Has anyone done this before? >>>> How does it compare with Suse or Redhat with regards to management. >>>> >>>> Thanks >>>> >>>> Lance >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 2 19:39:22 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: Jules FreeBSD is never finished ;-), but 6 is now the stable version...and hopefully better then 5.x in SMP systems.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 02 January 2006 18:11 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Mailscanner on Freebsd > > Use the "port". > cd /usr/ports > make install name=mailscanner > > Once you've done all that, I've got a little list of things you have to > do extra, as I've just done this myself. > I hope you're not using this in production, freebsd 6 isn't finished yet! > > Lance Haig wrote: > > > I am looking at installing MS on a freebsd 6 system. > > > > Has anyone done this before? > > How does it compare with Suse or Redhat with regards to management. > > > > Thanks > > > > Lance > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at GMAIL.COM Mon Jan 2 20:28:08 2006 From: brent.bolin at GMAIL.COM (BB) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] After the mailscanner install it gives a brief message to make the install complete. Something like - make config Don't recall exactly but you will see it. It copes all the sample filename extensions to the usable ones. I have not installed mailscanner on 6.x . Haven't heard of any problems on 6.x Use the standard cvsup so your not running on the bleeding edge. On 1/2/06, Julian Field wrote: Need to install Mail::SPF::Query Install the following: make install name=clamav make install name=p5-Mail-ClamAV make install name=p5-DBI make install name=p5-Net-Ident You need to make all the queue directories by hand and rename all the silly .sample files freebsd seems to use, which just makes life harder for you. Start by getting the modules installed. /usr/local/libexec/MailScanner/MailScanner -v shoulud produce everything installed except Mail::ClamAV, Net::LDAP and SAVI, they aren't needed. Then hunt /usr/local for every ".sample" file and rename them so they don't end in that. mkdir -p /var/spool/MailScanner/incoming mkdir /var/spool/MailScanner/quarantine That should be enough to get you started. If you could document what you do and add it to the wiki at wiki.mailscanner.info that would be *REALLY* helpful for other people. Lance Haig wrote: > Hi Julian, > > I have just looked on their website and it says 6 is a production release. > > Does that mean it is unstable? > > Where can I find the documentation for installing MS on Freebsd. > > I have seen the document on > http://www.sng.ecs.soton.ac.uk/*mailscanner*/FreeBSD.html > > Are there other documents ? > > Thanks > > Lance > > Julian Field wrote: > >> Use the "port". >> cd /usr/ports >> make install name=mailscanner >> >> Once you've done all that, I've got a little list of things you have >> to do extra, as I've just done this myself. >> I hope you're not using this in production, freebsd 6 isn't finished >> yet! >> >> Lance Haig wrote: >> >>> I am looking at installing MS on a freebsd 6 system. >>> >>> Has anyone done this before? >>> How does it compare with Suse or Redhat with regards to management. >>> >>> Thanks >>> >>> Lance >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Jan 2 20:43:49 2006 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: On 2 Jan 2006, at 18:45, Julian Field wrote: > Need to install Mail::SPF::Query > > Install the following: > make install name=clamav > make install name=p5-Mail-ClamAV > make install name=p5-DBI > make install name=p5-Net-Ident > > You need to make all the queue directories by hand and rename all > the silly .sample files freebsd seems to use, which just makes life > harder for you. > > Start by getting the modules installed. > /usr/local/libexec/MailScanner/MailScanner -v > shoulud produce everything installed except Mail::ClamAV, Net::LDAP > and SAVI, they aren't needed. > Then hunt /usr/local for every ".sample" file and rename them so > they don't end in that. > mkdir -p /var/spool/MailScanner/incoming > mkdir /var/spool/MailScanner/quarantine > > That should be enough to get you started. > > If you could document what you do and add it to the wiki at > wiki.mailscanner.info that would be *REALLY* helpful for other people. I have MailScanner running on FreeBSD 6 boxes with out problem. As I understand (From the FBSD site) 6 is the current production release. They regard everything else as 'legacy'. The 'silly' .sample files are there to stop any existing files being automatically over written when the port is updated but if you make sure you don't run make clean after installation, JP has kindly added a load of text that describes how to rename the .sample files to working copies (For the reports, and auto update scripts and the wrapper scripts and a MailScanner.conf if this is a new install). If you have MS running on another machine with a MailScanner.conf file you would like to use, just drop a copy in to /usr/local/etc/ MailScanner (Make this) before you run the port installation and you will find the port install will upgrade your MailScanner.conf automatically as well. In this same directory you will find some more .sample files, which you can either remove the .sample ending if you don't have copies or diff them if this is an upgrade (Hence them being installed as .sample) and delete them if not required. You will need to make the queue files as the port doesn't know which MTA you will be using and you will also need to rename the start up scripts in /usr/local/etc/rc.d, where you will also find a start up called mta.sh.sample which you can use to start your Exim or Sendmail MTA. HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 2 20:58:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] BB wrote: > After the mailscanner install it gives a brief message to make the > install complete. > > Something like - > > make config > > Don't recall exactly but you will see it. It copes all the sample > filename extensions to the usable ones. Ah! Missed that. Ended up doing it by hand which was pretty time-consuming. > > On 1/2/06, * Julian Field* > wrote: > > Need to install Mail::SPF::Query > > Install the following: > make install name=clamav > make install name=p5-Mail-ClamAV > make install name=p5-DBI > make install name=p5-Net-Ident > > You need to make all the queue directories by hand and rename all the > silly .sample files freebsd seems to use, which just makes life harder > for you. > > Start by getting the modules installed. > /usr/local/libexec/MailScanner/MailScanner -v > shoulud produce everything installed except Mail::ClamAV, > Net::LDAP and > SAVI, they aren't needed. > Then hunt /usr/local for every ".sample" file and rename them so they > don't end in that. > mkdir -p /var/spool/MailScanner/incoming > mkdir /var/spool/MailScanner/quarantine > > That should be enough to get you started. > > If you could document what you do and add it to the wiki at > wiki.mailscanner.info that would be > *REALLY* helpful for other people. > > > Lance Haig wrote: > > > Hi Julian, > > > > I have just looked on their website and it says 6 is a > production release. > > > > Does that mean it is unstable? > > > > Where can I find the documentation for installing MS on Freebsd. > > > > I have seen the document on > > http://www.sng.ecs.soton.ac.uk/*mailscanner*/FreeBSD.html > > > > Are there other documents ? > > > > Thanks > > > > Lance > > > > Julian Field wrote: > > > >> Use the "port". > >> cd /usr/ports > >> make install name=mailscanner > >> > >> Once you've done all that, I've got a little list of things you > have > >> to do extra, as I've just done this myself. > >> I hope you're not using this in production, freebsd 6 isn't > finished > >> yet! > >> > >> Lance Haig wrote: > >> > >>> I am looking at installing MS on a freebsd 6 system. > >>> > >>> Has anyone done this before? > >>> How does it compare with Suse or Redhat with regards to > management. > >>> > >>> Thanks > >>> > >>> Lance > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>> the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> > >> > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jan 2 21:21:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, didn't mean to insult the FreeBSD community. I didn't look hard enough for instructions on how to use the port, so misunderstood the way things are done on that platform. I'm a bit off a *BSD newbie and should have watched my words rather more carefully. Sorry about that, now I understand the how and why. Jules. P.S. Been testing some code today which should give you a nice surprise when it is released. It relies on the stupidity of bad people, and appears to work well so far :-) Drew Marshall wrote: > On 2 Jan 2006, at 18:45, Julian Field wrote: > >> Need to install Mail::SPF::Query >> >> Install the following: >> make install name=clamav >> make install name=p5-Mail-ClamAV >> make install name=p5-DBI >> make install name=p5-Net-Ident >> >> You need to make all the queue directories by hand and rename all >> the silly .sample files freebsd seems to use, which just makes life >> harder for you. >> >> Start by getting the modules installed. >> /usr/local/libexec/MailScanner/MailScanner -v >> shoulud produce everything installed except Mail::ClamAV, Net::LDAP >> and SAVI, they aren't needed. >> Then hunt /usr/local for every ".sample" file and rename them so >> they don't end in that. >> mkdir -p /var/spool/MailScanner/incoming >> mkdir /var/spool/MailScanner/quarantine >> >> That should be enough to get you started. >> >> If you could document what you do and add it to the wiki at >> wiki.mailscanner.info that would be *REALLY* helpful for other people. > > > I have MailScanner running on FreeBSD 6 boxes with out problem. As I > understand (From the FBSD site) 6 is the current production release. > They regard everything else as 'legacy'. > > The 'silly' .sample files are there to stop any existing files being > automatically over written when the port is updated but if you make > sure you don't run make clean after installation, JP has kindly added > a load of text that describes how to rename the .sample files to > working copies (For the reports, and auto update scripts and the > wrapper scripts and a MailScanner.conf if this is a new install). If > you have MS running on another machine with a MailScanner.conf file > you would like to use, just drop a copy in to /usr/local/etc/ > MailScanner (Make this) before you run the port installation and you > will find the port install will upgrade your MailScanner.conf > automatically as well. In this same directory you will find some more > .sample files, which you can either remove the .sample ending if you > don't have copies or diff them if this is an upgrade (Hence them > being installed as .sample) and delete them if not required. > > You will need to make the queue files as the port doesn't know which > MTA you will be using and you will also need to rename the start up > scripts in /usr/local/etc/rc.d, where you will also find a start up > called mta.sh.sample which you can use to start your Exim or Sendmail > MTA. > > HTH > > Drew > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at GMAIL.COM Mon Jan 2 22:38:30 2006 From: brent.bolin at GMAIL.COM (BB) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Once you understand BSD you have a hard time going back.. It's complete and well documented. Yes I do use Linux. Debian, Fedora etc... Humm let the distro just put anything anywhere depending on the distro. Very confusing. Now if I can just finger out Mac osx, Darwin and fink. Never a dull moment. Julian, spend your time on MailScanner your very good at it. Cheers...btb On 1/2/06, Julian Field wrote: Sorry, didn't mean to insult the FreeBSD community. I didn't look hard enough for instructions on how to use the port, so misunderstood the way things are done on that platform. I'm a bit off a *BSD newbie and should have watched my words rather more carefully. Sorry about that, now I understand the how and why. Jules. P.S. Been testing some code today which should give you a nice surprise when it is released. It relies on the stupidity of bad people, and appears to work well so far :-) Drew Marshall wrote: > On 2 Jan 2006, at 18:45, Julian Field wrote: > >> Need to install Mail::SPF::Query >> >> Install the following: >> make install name=clamav >> make install name=p5-Mail-ClamAV >> make install name=p5-DBI >> make install name=p5-Net-Ident >> >> You need to make all the queue directories by hand and rename all >> the silly .sample files freebsd seems to use, which just makes life >> harder for you. >> >> Start by getting the modules installed. >> /usr/local/libexec/MailScanner/MailScanner -v >> shoulud produce everything installed except Mail::ClamAV, Net::LDAP >> and SAVI, they aren't needed. >> Then hunt /usr/local for every ".sample" file and rename them so >> they don't end in that. >> mkdir -p /var/spool/MailScanner/incoming >> mkdir /var/spool/MailScanner/quarantine >> >> That should be enough to get you started. >> >> If you could document what you do and add it to the wiki at >> wiki.mailscanner.info that would be *REALLY* helpful for other people. > > > I have MailScanner running on FreeBSD 6 boxes with out problem. As I > understand (From the FBSD site) 6 is the current production release. > They regard everything else as 'legacy'. > > The 'silly' .sample files are there to stop any existing files being > automatically over written when the port is updated but if you make > sure you don't run make clean after installation, JP has kindly added > a load of text that describes how to rename the .sample files to > working copies (For the reports, and auto update scripts and the > wrapper scripts and a MailScanner.conf if this is a new install). If > you have MS running on another machine with a MailScanner.conf file > you would like to use, just drop a copy in to /usr/local/etc/ > MailScanner (Make this) before you run the port installation and you > will find the port install will upgrade your MailScanner.conf > automatically as well. In this same directory you will find some more > .sample files, which you can either remove the .sample ending if you > don't have copies or diff them if this is an upgrade (Hence them > being installed as .sample) and delete them if not required. > > You will need to make the queue files as the port doesn't know which > MTA you will be using and you will also need to rename the start up > scripts in /usr/local/etc/rc.d, where you will also find a start up > called mta.sh.sample which you can use to start your Exim or Sendmail > MTA. > > HTH > > Drew > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki ( http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Jan 3 01:26:51 2006 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here are some of my notes/steps on installing MS on FreeBSD 6. I'm not having time to sort them out and some are not relevant to you (it's a mail gateway), but you could follow the logic in setting up. Cheers Raylund Free BSD 6 Installation 1. sysinstall Main Menu + Standard 2. Install Boot Manager for boot drive + Standard - Install a standard MBR (no boot manager) 3. Choose Distributions + [8] User o Install FreeBSD ports collection - No + [B] Custom o src o All 4. enable SSH login - Yes 5. enable Linux binary compatibility - No 6. browse the FreeBSD package collection - Yes + perl-5.8.7 7. add initial user account - No Installation of ports 1. cd /usr/ports/sysutils/webmin/ + make + make install + /usr/local/lib/webmin/setup.sh + cd /etc/ + cp rc.conf rc.conf.ORIG + vi rc.conf o add: webmin_enable="YES" o or echo 'webmin_enable="YES"' >> rc.conf 2. cd /usr/ports/mail/p5-Mail-ClamAV/ + make + make install 3. cd /usr/ports/mail/p5-Mail-Spamassassin/ + make o select AS_ROOT, RAZOR, SPF_QUERY only + make install 4. cd /usr/ports/security/f-prot/ + make + make install 5. install BitDefender + cd /usr/ports/distfiles/ + fetch -v ftp://ftp.bitdefender.com/pub/freebsd/5/final/bdc-7.0.1.2-fbsd5.tar.gz + cd /usr/ports/security/bdc/ + make + make install + vi rc.conf o add: compat5x_enable="YES" o or echo 'compat5x_enable="YES"' >> rc.conf 6. cd /usr/ports/misc/compat4x/ (somehow bdc needs compat4x instead of compat5x, may be fixed already) + make + make install + vi rc.conf o add: compat4x_enable="YES" o or echo 'compat4x_enable="YES"' >> rc.conf 7. cd /usr/ports/mail/mailscanner/ + make + make install + make initial-config 8. cd /usr/ports/sysutils/portupgrade/ + make + make install 9. reboot 10. pkgdb -F Configuration of sendmail 1. cd /etc/mail/ 2. cp freebsd.mc freebsd.mc.ORIG 3. cp access.sample access 4. cp mailertable.sample mailertable 5. vi freebsd.mc + add: FEATURE(`relay_hosts_only') + add: define(`confPRIVACY_FLAGS', `authwarnings, ..., nobodyreturn') + dnl FEATURE(blacklist_recipients) + dnl FEATURE(virtusertable,....) + dnl DAEMON_OPTIONS(`Name=IPv6,...) 6. m4 /usr/share/sendmail/cf/m4/cf.m4 freebsd.mc > sendmail.cf 7. vi mailertable + only entry is: yourdomain.com smtp:[192.168.0.1] 8. makemap hash mailertable < mailertable 9. vi access + only entry is: Connect:192.168.0.1 RELAY 10. makemap hash access < access 11. vi relay-domains + only entry is: yourdomain.com 12. cd /etc/ 13. vi rc.conf + add: sendmail_enable="NONE" + or echo 'sendmail_enable="NONE"' >> rc.conf Install milter-ahead 1. transfer downloaded files (www.SnertSoft.com) of LibSnert and milter-ahead to ~/tmp/ 2. cd ~/tmp/ 3. tar zxvf libsnert-1.48.tar.gz 4. tar zxvf milter-ahead-0.9.tar.gz 5. cd ~/tmp/com/snert/src/lib/ 6. ./configure --without-db 7. make build 8. cd ../milter-ahead 9. ./configure --without-db 10. make build 11. make install 12. modify /etc/mail/freebsd.mc accordingly Configuration of MailScanner 1. mkdir -p /var/spool/MailScanner/incoming/ 2. mkdir /var/spool/MailScanner/quarantine/ 3. mkdir /var/spool/mqueue.in/ 4. chgrp daemon /var/spool/MailScanner 5. chgrp daemon /var/spool/MailScanner/* 6. chgrp daemon /var/spool/mqueue.in 7. cd /usr/local/etc/rc.d 8. cp mta.sh.sample mta.sh 9. cp mailscanner.sh.sample mailscanner.sh 10. cd /usr/local/etc/MailScanner/mcp/ 11. cp mcp.spam.assassin.prefs.conf.sample mcp.spam.assassin.prefs.conf 12. mkdir /var/spool/spamassassin/ 13. chgrp daemon /var/spool/spamassassin 14. edit/create file bounce.rules to /usr/local/etc/MailScanner/rules/ 15. edit/create file notices.to.rules to /usr/local/etc/MailScanner/rules/ 16. edit/create file spam.checks.rules to /usr/local/etc/MailScanner/rules/ 17. edit/create file spam.header.rules to /usr/local/etc/MailScanner/rules/ 18. edit/create file virus.scanning.rules to /usr/local/etc/MailScanner/rules/ 19. edit /usr/local/etc/MailScanner/MailScanner.conf 20. edit /usr/local/etc/MailScanner/spam.assassin.prefs.conf 21. edit /usr/local/etc/MailScanner/virus.scanners.conf 22. edit /usr/local/libexec/MailScanner/bitdefender-autoupdate 23. edit /usr/local/libexec/MailScanner/f-prot-autoupdate 24. add cron job for update_virus_scanners every 15 minutes + crontab -e + 6,21,36,51 * * * * /usr/local/libexec/MailScanner/update_virus_scanners 25. transfer file bayes_backup /var/spool/spamassassin/ 26. restore bayes backup BB wrote: After the mailscanner install it gives a brief message to make the install complete. Something like - make config Don't recall exactly but you will see it. It copes all the sample filename extensions to the usable ones. I have not installed mailscanner on 6.x . Haven't heard of any problems on 6.x Use the standard cvsup so your not running on the bleeding edge. On 1/2/06, Julian Field wrote: Need to install Mail::SPF::Query Install the following: make install name=clamav make install name=p5-Mail-ClamAV make install name=p5-DBI make install name=p5-Net-Ident You need to make all the queue directories by hand and rename all the silly .sample files freebsd seems to use, which just makes life harder for you. Start by getting the modules installed. /usr/local/libexec/MailScanner/MailScanner -v shoulud produce everything installed except Mail::ClamAV, Net::LDAP and SAVI, they aren't needed. Then hunt /usr/local for every ".sample" file and rename them so they don't end in that. mkdir -p /var/spool/MailScanner/incoming mkdir /var/spool/MailScanner/quarantine That should be enough to get you started. If you could document what you do and add it to the wiki at wiki.mailscanner.info that would be *REALLY* helpful for other people. Lance Haig wrote: > Hi Julian, > > I have just looked on their website and it says 6 is a production release. > > Does that mean it is unstable? > > Where can I find the documentation for installing MS on Freebsd. > > I have seen the document on > http://www.sng.ecs.soton.ac.uk/*mailscanner*/FreeBSD.html > > Are there other documents ? > > Thanks > > Lance > > Julian Field wrote: > >> Use the "port". >> cd /usr/ports >> make install name=mailscanner >> >> Once you've done all that, I've got a little list of things you have >> to do extra, as I've just done this myself. >> I hope you're not using this in production, freebsd 6 isn't finished >> yet! >> >> Lance Haig wrote: >> >>> I am looking at installing MS on a freebsd 6 system. >>> >>> Has anyone done this before? >>> How does it compare with Suse or Redhat with regards to management. >>> >>> Thanks >>> >>> Lance >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jeff.Mills at VERSACOLD.COM.AU Tue Jan 3 02:35:11 2006 From: Jeff.Mills at VERSACOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:31:37 2006 Subject: Automated response per domain Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Drew Marshall > Sent: Thursday, 22 December 2005 8:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Automated response per domain > > > > I'm always nervous about sending what amounts to bounces for > this sort of > thing as spam, mailing lists, postmaster notices, other > unknown people all > get the notifiction (Speak to Michelle Neylon about vacation > messages to > mailing lists :-) ) but if you are under pressure to deliver > this then you > could look at some thing like Reply-o-matic > http://sourceforge.net/projects/reply-o-matic which I have > used will do > what you are looking for. Put this on your MailScanner gateway for the > short term. > reply-o-matic doesnt seem to be able to send the email onto the original intended recipient. You can specify a addresses to send the original mail to, but I cant see a way to deliver to the original recipient, unless I'm missing something. *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** ************** www.versacold.com ************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at GMAIL.COM Tue Jan 3 03:26:27 2006 From: brent.bolin at GMAIL.COM (BB) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lets not forget to add this to your sendmail.mc file if you use sendmail. We don't want the perly gates to work harder then they should. Add others if you like... On 1/2/06, Raylund Lai wrote: Here are some of my notes/steps on installing MS on FreeBSD 6. I'm not having time to sort them out and some are not relevant to you (it's a mail gateway), but you could follow the logic in setting up. Cheers Raylund Free BSD 6 Installation 1. sysinstall Main Menu o Standard 2. Install Boot Manager for boot drive o Standard - Install a standard MBR (no boot manager) 3. Choose Distributions o [8] User # Install FreeBSD ports collection - No o [B] Custom # src # All 4. enable SSH login - Yes 5. enable Linux binary compatibility - No 6. browse the FreeBSD package collection - Yes o perl-5.8.7 7. add initial user account - No Installation of ports 1. cd /usr/ports/sysutils/webmin/ o make o make install o /usr/local/lib/webmin/setup.sh o cd /etc/ o cp rc.conf rc.conf.ORIG o vi rc.conf # add: webmin_enable="YES" # or echo 'webmin_enable="YES"' >> rc.conf 2. cd /usr/ports/mail/p5-Mail-ClamAV/ o make o make install 3. cd /usr/ports/mail/p5-Mail-Spamassassin/ o make # select AS_ROOT, RAZOR, SPF_QUERY only o make install 4. cd /usr/ports/security/f-prot/ o make o make install 5. install BitDefender o cd /usr/ports/distfiles/ o fetch -v ftp://ftp.bitdefender.com/pub/freebsd/5/final/bdc-7.0.1.2-fbsd5.tar.gz o cd /usr/ports/security/bdc/ o make o make install o vi rc.conf # add: compat5x_enable="YES" # or echo 'compat5x_enable="YES"' >> rc.conf 6. cd /usr/ports/misc/compat4x/ (somehow bdc needs compat4x instead of compat5x, may be fixed already) o make o make install o vi rc.conf # add: compat4x_enable="YES" # or echo 'compat4x_enable="YES"' >> rc.conf 7. cd /usr/ports/mail/mailscanner/ o make o make install o make initial-config 8. cd /usr/ports/sysutils/portupgrade/ o make o make install 9. reboot 10. pkgdb -F Configuration of sendmail 1. cd /etc/mail/ 2. cp freebsd.mc freebsd.mc.ORIG 3. cp access.sample access 4. cp mailertable.sample mailertable 5. vi freebsd.mc o add: FEATURE(`relay_hosts_only') o add: define(`confPRIVACY_FLAGS', `authwarnings, ..., nobodyreturn') o dnl FEATURE(blacklist_recipients) o dnl FEATURE(virtusertable,....) o dnl DAEMON_OPTIONS(`Name=IPv6,...) 6. m4 /usr/share/sendmail/cf/m4/cf.m4 freebsd.mc > sendmail.cf 7. vi mailertable o only entry is: yourdomain.com smtp:[numericlinkwarning 192.168.0.1] 8. makemap hash mailertable < mailertable 9. vi access o only entry is: Connect:numericlinkwarning 192.168.0.1 RELAY 10. makemap hash access < access 11. vi relay-domains o only entry is: yourdomain.com 12. cd /etc/ 13. vi rc.conf o add: sendmail_enable="NONE" o or echo 'sendmail_enable="NONE"' >> rc.conf Install milter-ahead 1. transfer downloaded files (www.SnertSoft.com) of LibSnert and milter-ahead to ~/tmp/ 2. cd ~/tmp/ 3. tar zxvf libsnert-1.48.tar.gz 4. tar zxvf milter-ahead-0.9.tar.gz 5. cd ~/tmp/com/snert/src/lib/ 6. ./configure --without-db 7. make build 8. cd ../milter-ahead 9. ./configure --without-db 10. make build 11. make install 12. modify /etc/mail/freebsd.mc accordingly Configuration of MailScanner 1. mkdir -p /var/spool/MailScanner/incoming/ 2. mkdir /var/spool/MailScanner/quarantine/ 3. mkdir /var/spool/mqueue.in/ 4. chgrp daemon /var/spool/MailScanner 5. chgrp daemon /var/spool/MailScanner/* 6. chgrp daemon /var/spool/mqueue.in 7. cd /usr/local/etc/rc.d 8. cp mta.sh.sample mta.sh 9. cp mailscanner.sh.sample mailscanner.sh 10. cd /usr/local/etc/MailScanner/mcp/ 11. cp mcp.spam.assassin.prefs.conf.sample mcp.spam.assassin.prefs.conf 12. mkdir /var/spool/spamassassin/ 13. chgrp daemon /var/spool/spamassassin 14. edit/create file bounce.rules to /usr/local/etc/MailScanner/rules/ 15. edit/create file notices.to.rules to /usr/local/etc/MailScanner/rules/ 16. edit/create file spam.checks.rules to /usr/local/etc/MailScanner/rules/ 17. edit/create file spam.header.rules to /usr/local/etc/MailScanner/rules/ 18. edit/create file virus.scanning.rules to /usr/local/etc/MailScanner/rules/ 19. edit /usr/local/etc/MailScanner/MailScanner.conf 20. edit /usr/local/etc/MailScanner/spam.assassin.prefs.conf 21. edit /usr/local/etc/MailScanner/virus.scanners.conf 22. edit /usr/local/libexec/MailScanner/bitdefender-autoupdate 23. edit /usr/local/libexec/MailScanner/f-prot-autoupdate 24. add cron job for update_virus_scanners every 15 minutes o crontab -e o 6,21,36,51 * * * * /usr/local/libexec/MailScanner/update_virus_scanners 25. transfer file bayes_backup /var/spool/spamassassin/ 26. restore bayes backup BB wrote: After the mailscanner install it gives a brief message to make the install complete. Something like - make config Don't recall exactly but you will see it. It copes all the sample filename extensions to the usable ones. I have not installed mailscanner on 6.x . Haven't heard of any problems on 6.x Use the standard cvsup so your not running on the bleeding edge. On 1/2/06, Julian Field wrote: Need to install Mail::SPF::Query Install the following: make install name=clamav make install name=p5-Mail-ClamAV make install name=p5-DBI make install name=p5-Net-Ident You need to make all the queue directories by hand and rename all the silly .sample files freebsd seems to use, which just makes life harder for you. Start by getting the modules installed. /usr/local/libexec/MailScanner/MailScanner -v shoulud produce everything installed except Mail::ClamAV, Net::LDAP and SAVI, they aren't needed. Then hunt /usr/local for every ".sample" file and rename them so they don't end in that. mkdir -p /var/spool/MailScanner/incoming mkdir /var/spool/MailScanner/quarantine That should be enough to get you started. If you could document what you do and add it to the wiki at wiki.mailscanner.info that would be *REALLY* helpful for other people. Lance Haig wrote: > Hi Julian, > > I have just looked on their website and it says 6 is a production release. > > Does that mean it is unstable? > > Where can I find the documentation for installing MS on Freebsd. > > I have seen the document on > http://www.sng.ecs.soton.ac.uk/*mailscanner*/FreeBSD.html > > Are there other documents ? > > Thanks > > Lance > > Julian Field wrote: > >> Use the "port". >> cd /usr/ports >> make install name=mailscanner >> >> Once you've done all that, I've got a little list of things you have >> to do extra, as I've just done this myself. >> I hope you're not using this in production, freebsd 6 isn't finished >> yet! >> >> Lance Haig wrote: >> >>> I am looking at installing MS on a freebsd 6 system. >>> >>> Has anyone done this before? >>> How does it compare with Suse or Redhat with regards to management. >>> >>> Thanks >>> >>> Lance >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "freebsd.mc") 4.6KB. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Tue Jan 3 08:52:38 2006 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:37 2006 Subject: Automated response per domain Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, January 3, 2006 02:35, Jeff Mills wrote: > reply-o-matic doesnt seem to be able to send the email onto the original intended recipient. > You can specify a addresses to send the original mail to, but I cant see a > way to deliver to the original recipient, unless I'm missing something. True, with out creating loads of alias entries (One for each user) which I am not sure how practical this would be for your user base as I don't know how many users you need to do this for. You could possibly look at BCCing all mail to an auto reponder address, which is easy to do in Postfix (Don't know about any other MTA). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jan 3 09:41:59 2006 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:37 2006 Subject: Maximum Message size and Attachmnet size no working for me Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Oh and there's also > > the "Happy" virus > Dangerously long MIME boundary strings used to exploit a bug in Eudora > filename.rules.conf and new "allow filenames" and "deny filenames" checks > filetype.rules.conf and new "allow filetypes" and "deny filetypes" checks > > That's about it. > > Raymond Dijkxhoorn wrote: > >> Hi! >> >>>> I can never remember what's included in Dangerous Content :-) Kosta >>>> Lekas wrote: >>> >> >>>>> I set dangerous content scanning to yes and it is working now. That >>>>> was >>>>> it. Thanks for your help. >>>> >> >>> Julian, it would be a nice idea to have a list of all such >>> dependencies on the wiki.. i too have been troubled by this more than >>> once.. what do you think? maybe sometime in jan'06? Julian, would you be kind enough to spare some time and review this? http://wiki.mailscanner.info/doku.php?id=documentation:configuration:dependencies Thanks, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Tue Jan 3 15:49:28 2006 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:31:37 2006 Subject: Question about Spam and Virus Checks. Message-ID: Greetings! I've got a question about how MailScanner handles Spam Scoring and Anti Virus Checks. We're running MailScanner 4.48.4 on RedHat Linux 7.3 (MailScanner -v output below). I believe that Spam checks are done before the Anti virus checks yes ? I've got the folowing settings. Required SpamAssassin Score = 5 High SpamAssassin Score = 10 I've got my Spam Actions" set to: Spam Actions = /opt/VSC-MailScanner/rules/spam.actions.rules Where the spam.action.rules file contains : To: default store deliver I've also set "High Scoring Spam Actions" : High Scoring Spam Actions = /opt/VSC-MailScanner/rules/high.scoring.spam.actions.rules Where the high.scoring.spam.actions.rules file contains : To: default store For completeness, I have "Non Spam Actions" set to : Non Spam Actions = deliver I've been seeing messages come in that are a virus, with an infected file, but they are tagged as high scoring spam (>10) . So it looks like MailScanner never scans them for viruses because they're stored. Is that how it's supposed to work ? Messages that score between 5 and 10, are identified as Spam and hgaving a virus (if in fact they have a virus). Thanks for any thoughts! [root@hemlock /]# /opt/MailScanner/bin/MailScanner -v Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.48.4 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.811 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 3 16:04:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: Question about Spam and Virus Checks. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The Spam archive is not kept clean of viruses unless you specify Keep Spam And MCP Archive Clean = yes Otherwise the version that is archived in the quarantine is an exact copy of the original message. On 3 Jan 2006, at 15:49, Michael H. Martel wrote: > Greetings! > > I've got a question about how MailScanner handles Spam Scoring and > Anti Virus Checks. We're running MailScanner 4.48.4 on RedHat Linux > 7.3 (MailScanner -v output below). > > I believe that Spam checks are done before the Anti virus checks yes ? > > I've got the folowing settings. > > Required SpamAssassin Score = 5 > High SpamAssassin Score = 10 > > I've got my Spam Actions" set to: > > Spam Actions = /opt/VSC-MailScanner/rules/spam.actions.rules > > Where the spam.action.rules file contains : > > To: default store deliver > > I've also set "High Scoring Spam Actions" : > > High Scoring Spam Actions = /opt/VSC-MailScanner/rules/ > high.scoring.spam.actions.rules > > Where the high.scoring.spam.actions.rules file contains : > > To: default store > > > For completeness, I have "Non Spam Actions" set to : > > Non Spam Actions = deliver > > > I've been seeing messages come in that are a virus, with an > infected file, but they are tagged as high scoring spam (>10) . So > it looks like MailScanner never scans them for viruses because > they're stored. Is that how it's supposed to work ? > > Messages that score between 5 and 10, are identified as Spam and > hgaving a virus (if in fact they have a virus). > > > Thanks for any thoughts! > > > [root@hemlock /]# /opt/MailScanner/bin/MailScanner -v > Running on > Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST > 2003 i686 unknown > This is Red Hat Linux release 7.3 (Valhalla) > This is Perl version 5.008006 (5.8.6) > > This is MailScanner version 4.48.4 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.811 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > missing Mail::ClamAV > 3.001000 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > 0.32 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7qgg/w32o+k+q+hAQFTCwf8C/ET2bC640yF2sFMMOPjZixBfXT/IJRV 6w6pYu1bA22pqu4UShV1aWBZVQM6n+bNHhDzG9vXacFcHwopCfVsN7G6Z3F62Pi2 wz3ZcnABrIBsj/tyukIWPL+0I1ekZ5Ms6sKID2SJitBLNBb9EtvxgHcXK7PTzUPg oNj/5/KR5TKVuYW7CVa1cP4KRCpm9B/34jZHCcg58fPioulCmL4AlP5HRoH+9kv8 u7KvcesW4JWCM15Jn4CIpVmi8syXpguZzbL3FoflquNYU6clh+Y/dO/VHycTMV3C 5UHIEcOns8+fiG18GX4jaU2CozU8MI1FPT6hMVUS8vMQxjYQWtarvA== =Hntk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jan 3 15:55:41 2006 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:37 2006 Subject: Question about Spam and Virus Checks. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > Greetings! > > I've got a question about how MailScanner handles Spam Scoring and Anti > Virus Checks. We're running MailScanner 4.48.4 on RedHat Linux 7.3 > (MailScanner -v output below). > > I believe that Spam checks are done before the Anti virus checks yes ? > > I've got the folowing settings. > > Required SpamAssassin Score = 5 > High SpamAssassin Score = 10 > > I've got my Spam Actions" set to: > > Spam Actions = /opt/VSC-MailScanner/rules/spam.actions.rules > > Where the spam.action.rules file contains : > > To: default store deliver > > I've also set "High Scoring Spam Actions" : > > High Scoring Spam Actions = > /opt/VSC-MailScanner/rules/high.scoring.spam.actions.rules > > Where the high.scoring.spam.actions.rules file contains : > > To: default store > > > For completeness, I have "Non Spam Actions" set to : > > Non Spam Actions = deliver > > > I've been seeing messages come in that are a virus, with an infected > file, but they are tagged as high scoring spam (>10) . So it looks like > MailScanner never scans them for viruses because they're stored. Is > that how it's supposed to work ? Yes.. anything that is not delivered is not checked for viruses.. 2 ways around this. a. Set forwarding for high spam to a local account aliased to "dev/null" b. See the "Keep Spam And MCP Archive Clean" option in MailScanner.conf - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Tue Jan 3 15:58:19 2006 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:31:37 2006 Subject: No subject Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've been getting reports of this new vulnerability that is out now that seems pretty hard to prevent. Has anybody dealt with this virus as of yet? Any tips? I'm thinking about blocking all images for the time being. Here is the info I've received: A new vulnerability has surfaced which at this moment in time has no fix for. It relates to how Windows renders WMF (Windows Meta Files) and it is a new threat in that for the first time you don^t have to click anything to be hit, simply viewing an image that takes advantage of the vulnerability can execute commands on your PC, such as installing spyware/virus code. The vulnerability is in a core Windows rendering component, shimgvw.dll which is called to render WMF images from any application so you can be hit whether viewing a web page, previewing an email etc. More information can be found at - http://www.microsoft.com/technet/security/advisory/912840.mspx - http://www.kb.cert.org/vuls/id/181038 At this time the only workaround is to disable the problem component: Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) 1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK. 2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box. Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer. To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with ^regsvr32 %windir%\system32\shimgvw.dll^ (without the quotation marks). Just blocking WMF files will not work as a the other image types could also be used. I will keep you informed of any updates but for now you should visit only ^trusted^ web sites as the number of sites now using this vulnerability is growing. Also since we use Outlook 2003 it does not download images automatically so for now ensure do not download is configured (Tools ^ Options ^ Security ^ Change Automatic Download Settings^) Just wanted to make everyone aware the vulnerability has now been updated to bypass most anti-virus programs. It is thought MS may not release a fix for another week and so if you did not follow the instructions to unregister shimgvw.dll you should now or another option is there is also an ^unofficial^ fix at http://www.hexblog.com/2005/12/wmf_vuln.html which has been tested by several 3rd party vendors and validated for use until an official Microsoft fix is released. Once installed you need to reboot the computer. This vulnerability has already seen many types of attack already, for example: ^The emails have a Subject: "Happy New Year", body: "picture of 2006" and contain an exploit WMF as an attachment, named "HappyNewYear.jpg" (MD5: DBB27F839C8491E57EBCC9445BABB755). We detect this as PFV-Exploit.D. When the HappyNewYear.jpg hits the hard drive and is accessed (file opened, folder viewed, file indexed by Google Desktop), it executes and downloads a Bifrose backdoor (detected by us as Backdoor.Win32.Bifrose.kt) from www[dot]ritztours.com. Admins, filter this domain at your firewalls^ Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alan at ESSEX.AC.UK Tue Jan 3 16:01:47 2006 From: alan at ESSEX.AC.UK (Stanier, Alan M) Date: Thu Jan 12 21:31:37 2006 Subject: Junk mail with lots of short lines Message-ID: My Boss is complaining of a large increase in untagged spam consisting mostly of short lines, such as the one below. Looking at the text, I noticed that taking blocks of 9 lines and stringing them together, you get Mereidia $9 Levitra $9 Etc I am wondering if the text is that which remains after stripping out HTML that uses some trick with DIV or SPAM to construct whole words from the parts. Does that seem feasible? Does anyone have any suggestion for how such spam could be caught? Thanks -----Original Message----- From: Varlam Kuebler [mailto:varlame@huj.ch] Sent: 21 December 2005 14:17 If the link does not work automatically, copy it into your browser - www.chestain com Me Lev Am Xa So ClA VlA Pro VA ridia itra bien nax ma LlS GRA pecia LlUM $9 $9 $6 $1 $7 $9 $6 $6 $8 9.95 9.95 8.00 23.45 5.95 9.95 9.95 4.95 5.45 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Tue Jan 3 16:01:54 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:37 2006 Subject: No subject Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/3/06, Max Kipness wrote: I've been getting reports of this new vulnerability that is out now that seems pretty hard to prevent. Has anybody dealt with this virus as of yet? Any tips? I'm thinking about blocking all images for the time being. There's a long thread about this already. Clam detects it since the 29th I think, today they cover 93 variants. -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Tue Jan 3 15:59:36 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:37 2006 Subject: Question about Spam and Virus Checks. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/3/06, Michael H. Martel wrote: I've got my Spam Actions" set to: Spam Actions = /opt/VSC-MailScanner/rules/spam.actions.rules Where the spam.action.rules file contains : To: default store deliver I've also set "High Scoring Spam Actions" : High Scoring Spam Actions = /opt/VSC-MailScanner/rules/high.scoring.spam.actions.rules Where the high.scoring.spam.actions.rules file contains : To: default store For completeness, I have "Non Spam Actions" set to : Non Spam Actions = deliver As you don't seem to use the rule sets I would skip them and put "store deliver" and "store" respectively directly on Spam/High Actions like you do with Non Spam Actions. I've been seeing messages come in that are a virus, with an infected file, but they are tagged as high scoring spam (>10) . So it looks like MailScanner never scans them for viruses because they're stored. Is that how it's supposed to work ? Yes, since nothing is delivered in your case it's no risk not scanning it and it saves some load. There are ways around it if it's important to you. -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Tue Jan 3 16:05:56 2006 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Everyone, Happy New Year! We are in the process of upgrading our mail server and are just not sure which OS to go with. We are currently running with Fedora but they seem to upgrade way to often for a production server. Any feedback here would be greatly appreciated. Thanks Ryan Pitt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Jan 3 16:07:36 2006 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ryan Pitt wrote: > Hi Everyone, > Happy New Year! > We are in the process of upgrading our mail server and are just not > sure which OS to go with. > We are currently running with Fedora but they seem to upgrade way to > often for a production server. > Any feedback here would be greatly appreciated. > Thanks > Ryan Pitt > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! How about CentOS? I use it a lot, works like a charm. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 3 16:08:41 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:37 2006 Subject: Junk mail with lots of short lines Message-ID: Have you got the full email (headers and everything) you can post to a web site and I'll run it on my very comprehensive setup to see what fires.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stanier, Alan M > Sent: 03 January 2006 16:02 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Junk mail with lots of short lines > > My Boss is complaining of a large increase in untagged spam consisting > mostly of short lines, such as the one below. > > Looking at the text, I noticed that taking blocks of 9 lines and > stringing them together, you get > > Mereidia $9 > Levitra $9 > Etc > > I am wondering if the text is that which remains after stripping out > HTML that uses some trick with DIV or SPAM to construct whole words from > the parts. Does that seem feasible? > > Does anyone have any suggestion for how such spam could be caught? > > Thanks > > > > > > > -----Original Message----- > From: Varlam Kuebler [mailto:varlame@huj.ch] > Sent: 21 December 2005 14:17 > > > If the link does not work automatically, copy it into your browser - > > www.chestain > com > > Me > Lev > Am > Xa > So > ClA > VlA > Pro > VA > ridia > itra > bien > nax > ma > LlS > GRA > pecia > LlUM > $9 > $9 > $6 > $1 > $7 > $9 > $6 > $6 > $8 > 9.95 > 9.95 > 8.00 > 23.45 > 5.95 > 9.95 > 9.95 > 4.95 > 5.45 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Tue Jan 3 16:19:02 2006 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: >> Happy New Year! And the same to you... >> We are in the process of upgrading our mail server and are just not >> sure which OS to go with. We are currently running with Fedora but >> they seem to upgrade way to often for a production server. >> Any feedback here would be greatly appreciated. We are currently sendmail 8.13.x on Redhat Enterprise Linux 4 (AS) on our production kit but... As with most things, THE single most important thing to consider is what do YOU know how to use. I may suggest any one of a dozen platforms for various reasons but if your sysadmin only knows how to use IRIX or something then use that! The same goes for MTA as well. I will always go for sendmail but that is because I know it and trust it! thats my 2c anyway... Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Jan 3 16:35:55 2006 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ryan Pitt wrote: > Hi Everyone, > Happy New Year! > We are in the process of upgrading our mail server and are just not sure > which OS to go with. > We are currently running with Fedora but they seem to upgrade way to > often for a production server. > Any feedback here would be greatly appreciated. > Thanks > Ryan Pitt Are you looking at an alternative to fedora? if yes, centos is a great choice. a. based on rhel4 srpms and hence uses rpms b. mailscanner installs and upgrades are a breeze c. supports sendmail, postfix and exim out of the box d. easy to update and yum is quite fast as well e. tonnes of good repositories (including fedora extras) are available f. good track record (so far) g. a large and growing community h. a committed 5 year life (may extend to 7) The only downside being a small delay in security updates, which are launched only after redhat has released the updated srpms (obviously). other free and not so free options exist namely: rhel4 whitebox or tao (more rhel4 clones) freebsd debian opensuse (also my current desktop and the distro to watch out for) suse 10 (the paid option) distrowatch.com lists tonnes others You need to choose the one you are most comfortable with, rest will fall into place automagically. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From itdept at REDRED.COM Tue Jan 3 16:22:17 2006 From: itdept at REDRED.COM (RedRed!com IT Department) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We felt the same about Fedora so we went with RHEL and it has been great. It has the same look and feel that I'm used to with Red Hat and it costs a fraction of what we would have paid to Microsoft or Sun. Alex Neuman van der Hans wrote: > Ryan Pitt wrote: > >> Hi Everyone, >> Happy New Year! >> We are in the process of upgrading our mail server and are just not >> sure which OS to go with. >> We are currently running with Fedora but they seem to upgrade way to >> often for a production server. >> Any feedback here would be greatly appreciated. >> Thanks >> Ryan Pitt >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > How about CentOS? I use it a lot, works like a charm. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcalnek at PCPLACE.CA Tue Jan 3 16:36:21 2006 From: mcalnek at PCPLACE.CA (Milton Calnek) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I like fedora. If you are worried about the upgrade cycle, check out http://www.fedoralegacy.org/ RedRed!com IT Department wrote: > We felt the same about Fedora so we went with RHEL and it has been > great. It has the same look and feel that I'm used to with Red Hat and > it costs a fraction of what we would have paid to Microsoft or Sun. > - -- PC Place - Just clicks away Milton Calnek PC Place www.pcplace.ca 306-359-6939 mcalnek@pcplace.ca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDuqgFHgnbf2T2QqMRAqq4AJ4/OOtKanY+M+vy+BYX6pv3C8xgiACdFSGA A7psOpPTwqUiCxETagGQ5/M= =Jzxl -----END PGP SIGNATURE----- -- DISCLAIMER: The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this in error, please contact the sender and delete or destroy this message and any copies. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mbneto at gmail.com Tue Jan 3 17:36:15 2006 From: mbneto at gmail.com (mbneto) Date: Thu Jan 12 21:31:37 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I was wondering if anyone has a benchmark of "how much faster" this new version is with sendmail and exim. tks. On 1/1/06, Julian Field wrote: > Happy New Year to you all! > > I have just released the latest stable version of MailScanner, 4.49. > This should be noticeably faster than previous releases. Noticeable > changes are: > > - Speed improvements for sendmail, Postfix and Exim systems. > - The output of "ps" now states what each MailScanner process is doing > at the time so you can easily see any problems and it helps you monitor > the state of your system. > - New configuration options to make simple filename and filetype rules > much easier to handle, especially when you want different filename/type > restrictions for different people. The old system is still there, is > still used, and works just as before. But now with the extra new "Allow > Filenames", "Deny Filenames", "Accept Filetypes", "Deny Filetypes" > configuration options you can easily write conventional rulesets to > control these features. These are applied before the filename.rules.conf > and filetype.rules.conf files. The order is "Accept" then "Deny" then > file{name,type}.rules.conf. > > Download as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > - Speed improvements for sendmail systems by changing the > way temporary files are handled and how attachments are parsed. This > should be really noticeable if I've got it right. > Thanks for the great help of the Vodafone SHARK team. > - Added speed improvements for Exim. > - Added speed improvements for Postfix. > - Now changes the command line listed in `ps` (ie $0) to show what > MailScanner is doing. Should help diagnose slow system problems. > - 4 new configuration options, which list patterns against which filenames > and filetypes are matched to see if we should allow them or block them. > This is implemented for the benefit of web-based configuration systems for > MailScanner, it is not really intended for human use as it will complicate > the filename/filetype matching unless you understand it. Read the comments > in the MailScanner.conf and suggest better explanations! > "Allow Filenames", "Deny Filenames", "Allow Filetypes", "Deny Filetypes". > Note: There are 2 new entries in languages.conf so remember to > run an upgrade_languages_conf. > - Upgraded tnef program to 1.3.4. > - Added message 'actions' property for MailWatch reporting. > - Custom Function filenames must end in .pm or .pl. Others will be logged > and skipped. > - Various minor speed improvements. > > * Fixes * > - Changed Postfix code to better support latest revision of Perl. > - Now stops MailScanner more reliably on SuSE systems. > - Logging of tags only done if logging HTML tags. > - Fixed minor array ref problem in Perl 5.8.7 on FreeBSD 6.0 (which is not > a public stable release anyway). > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 3 17:38:35 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:37 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: I'm seeing scan times of around 20 seconds, down from 30....but I run a check of a lot of checks on the email which is why the times are so huge.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of mbneto > Sent: 03 January 2006 17:36 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] MailScanner ANNOUNCE: Stable 4.49 released -- > faster! > > Hi, > > I was wondering if anyone has a benchmark of "how much faster" this > new version is with sendmail and exim. > > tks. > > On 1/1/06, Julian Field wrote: > > Happy New Year to you all! > > > > I have just released the latest stable version of MailScanner, 4.49. > > This should be noticeably faster than previous releases. Noticeable > > changes are: > > > > - Speed improvements for sendmail, Postfix and Exim systems. > > - The output of "ps" now states what each MailScanner process is doing > > at the time so you can easily see any problems and it helps you monitor > > the state of your system. > > - New configuration options to make simple filename and filetype rules > > much easier to handle, especially when you want different filename/type > > restrictions for different people. The old system is still there, is > > still used, and works just as before. But now with the extra new "Allow > > Filenames", "Deny Filenames", "Accept Filetypes", "Deny Filetypes" > > configuration options you can easily write conventional rulesets to > > control these features. These are applied before the filename.rules.conf > > and filetype.rules.conf files. The order is "Accept" then "Deny" then > > file{name,type}.rules.conf. > > > > Download as usual from www.mailscanner.info. > > > > The full Change Log is this: > > > > * New Features and Improvements * > > - Speed improvements for sendmail systems by changing the > > way temporary files are handled and how attachments are parsed. This > > should be really noticeable if I've got it right. > > Thanks for the great help of the Vodafone SHARK team. > > - Added speed improvements for Exim. > > - Added speed improvements for Postfix. > > - Now changes the command line listed in `ps` (ie $0) to show what > > MailScanner is doing. Should help diagnose slow system problems. > > - 4 new configuration options, which list patterns against which > filenames > > and filetypes are matched to see if we should allow them or block > them. > > This is implemented for the benefit of web-based configuration systems > for > > MailScanner, it is not really intended for human use as it will > complicate > > the filename/filetype matching unless you understand it. Read the > comments > > in the MailScanner.conf and suggest better explanations! > > "Allow Filenames", "Deny Filenames", "Allow Filetypes", "Deny > Filetypes". > > Note: There are 2 new entries in languages.conf so remember to > > run an upgrade_languages_conf. > > - Upgraded tnef program to 1.3.4. > > - Added message 'actions' property for MailWatch reporting. > > - Custom Function filenames must end in .pm or .pl. Others will be > logged > > and skipped. > > - Various minor speed improvements. > > > > * Fixes * > > - Changed Postfix code to better support latest revision of Perl. > > - Now stops MailScanner more reliably on SuSE systems. > > - Logging of tags only done if logging HTML tags. > > - Fixed minor array ref problem in Perl 5.8.7 on FreeBSD 6.0 (which is > not > > a public stable release anyway). > > > > -- > > Julian Field > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Jan 3 18:29:06 2006 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:37 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: On Tue, 3 Jan 2006, mbneto wrote: > Hi, > > I was wondering if anyone has a benchmark of "how much faster" this > new version is with sendmail and exim. My setup: sendmail, Solaris 9, SA 3.1, dcc and razor. While things are pretty slow right now (no students), a couple of big mailing lists got launched yesterday, after upgrade to 4.49. I definitely noticed how much faster MailScanner churned thru the multi-hundred message lists. We use VERP, so there is one message per subscriber on a list. Martin Hepworth's "1/3 faster" estimate agrees with my subjective eyeball measure from watching xload for my mail server. Great work, Julian!! Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Tue Jan 3 18:50:02 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:37 2006 Subject: mail processed but abandoned qf files in mqueue.in? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm seeing a few left over qf files in the incoming queue. The mail is being processed fine. I've tried changing flock to posix and this seems to help, but I'm not sure why this is happening with a 2.6 kernel and sendmail 13.4x, or is this issue still around with 2.6 kernels? Just upgraded a couple MS/SA boxes to the latest MailScanner/SA on Fedora Core 4. Thanks, Ken Anderson Pacific.Net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstone at axint.net Tue Jan 3 19:07:02 2006 From: cstone at axint.net (Chris Stone) Date: Thu Jan 12 21:31:37 2006 Subject: mail processed but abandoned qf files in mqueue.in? Message-ID: On Tue, Jan 03, 2006 at 10:50:02AM -0800, Ken A wrote: > I'm seeing a few left over qf files in the incoming queue. The mail is > being processed fine. I've tried changing flock to posix and this seems > to help, but I'm not sure why this is happening with a 2.6 kernel and > sendmail 13.4x, or is this issue still around with 2.6 kernels? > Just upgraded a couple MS/SA boxes to the latest MailScanner/SA on > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Am seeing this also with MS 4.48.x under a 2.4 kernel with RH9. What I have noticed also is that it appears to be happening only for messages that have the recipient address set to NOT receive scanning (neither virus or spam). The messages seem to be processed and sent along ok, but some files linger in mqueue.in as you are seeing. Have not messed with changing flock, so don't know if that'd help or not here at all. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "Digital signature" Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Tue Jan 3 19:28:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: mail processed but abandoned qf files in mqueue.in? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken A wrote: > I'm seeing a few left over qf files in the incoming queue. The mail is > being processed fine. I've tried changing flock to posix and this > seems to help, but I'm not sure why this is happening with a 2.6 > kernel and sendmail 13.4x, or is this issue still around with 2.6 > kernels? > Just upgraded a couple MS/SA boxes to the latest MailScanner/SA on > Fedora Core 4. If using sendmail 8.13.1 or upwards, you need "Lock Type = posix" on Linux. This will make a critical difference. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.thomas at PSYSOLUTIONS.COM Tue Jan 3 20:20:19 2006 From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas) Date: Thu Jan 12 21:31:37 2006 Subject: Log summaries Message-ID: Nathan Olson wrote: >The attached may be up your alley. > >Nate > > > Thanks. I'll take a look when I get the chance. Things like Mailwatch are very nice but no way we'd get the nod to roll it out to users at this point (quite apart from the support calls it would generate). All I'm looking for is to have some *very* simple stats up on a web page to show that we are not just completely ignoring the spam issue as some users seem to think. Rich >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- MIS Department | Psychiatric Solutions Inc |Phone: +1 615 312 5787 840 Crescent Ctr Dr | |Fax: +1 615 312 5711 Suite 460 +---------------------------+---------------------- Franklin, TN 37067 |Support: helpdesk@psysolutions.com +1 615 312 5888 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "S/MIME Cryptographic Signature" ] [ Application/X-PKCS7-SIGNATURE 4.4KB. ] [ Unable to print this part. ] From ka at PACIFIC.NET Tue Jan 3 21:06:02 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:37 2006 Subject: mail processed but abandoned qf files in mqueue.in? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Ken A wrote: > >> I'm seeing a few left over qf files in the incoming queue. The mail is >> being processed fine. I've tried changing flock to posix and this >> seems to help, but I'm not sure why this is happening with a 2.6 >> kernel and sendmail 13.4x, or is this issue still around with 2.6 >> kernels? >> Just upgraded a couple MS/SA boxes to the latest MailScanner/SA on >> Fedora Core 4. > > If using sendmail 8.13.1 or upwards, you need "Lock Type = posix" on Linux. > This will make a critical difference. > # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For sendmail 8.13 onwards, you will probably need to change it to posix. Now I _know_ I need to change this. :-) Thanks, Ken A Pacific.Net ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Tue Jan 3 21:14:43 2006 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:31:37 2006 Subject: Cannot create + lock headers file - Debian Sarge Message-ID: Hi all I have just started using Debian for the first time on a new live server and have installed MailScanner 4.46.2-3 from the unstable distribution on a server otherwise running Sarge - the latest Debian stable distribution. Unfortunately 4.46.2-3 is the latest MailScanner package that is available from Debian. It is running with sendmail 8.13.4-3 (Lock Type = posix) and ClamAV 0.87.1-0volatile.3. I am having a problem that has been repeatedly mentioned in the archives: MailScanner[2295]: Cannot create + lock headers file /var/spool/MailScanner/incoming/2295/jBVJNUGm002368.header Fortunately the error seems to arise only when doing a force-reload (or the equivalent stop then start) from the init.d/mailscanner script, so it is not causing any apparent problems in practice, but clearly something is wrong. I presume that the problem relates to a failure to kill off the old process, but I just cannot see any obvious problem with the init.d script or with the location of the lock files. (It is unfortunately complicated somewhat by the use of the terms "mailscanner" and "MailScanner" in different places). It is using the standard init.d script that came with the package. Related errors that also show up in the messages log are root: Process did not exit cleanly, returned 0 with signal 15 and once in mail.log: MailScanner[8448]: ERROR: Can't get absolute pathname of current working directory Is this a known bug with the Debian package? I haven't come across it before when using MailScanner compiled from the tarball under Red Hat 7.2. I append the relevant part of the init.d script that I think is the cause of the problem. I notice that the "waiting" loop almose always seems to iterate up to 10, and that a ps ax shows a left-over MailScanner process. I have checked the following in MailScanner.conf: Lockfile Dir = /var/lock/subsys/MailScanner Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service stop) echo -n "Stopping $DESC: " start-stop-daemon --stop --quiet \ --name $NAME --quiet >/dev/null 2>&1 RETVAL=$? if [ $RETVAL -eq 0 ]; then rm -f /var/lock/subsys/mailscanner touch /var/lock/subsys/MailScanner.off fi if ps axww | grep -i $DAEMON | grep -qv grep; then echo -n "(waiting" for i in 1 2 3 4 5 6 7 8 9 10; do sleep $i if ! ps axww | grep -i $DAEMON | grep -qv grep; then break; fi echo -n . done echo -n ") " fi rm -f /var/run/$NAME/* echo "$NAME." ;; ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jeff.Mills at VERSACOLD.COM.AU Tue Jan 3 22:06:26 2006 From: Jeff.Mills at VERSACOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:31:37 2006 Subject: Automated response per domain Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Drew Marshall > Sent: Tuesday, 3 January 2006 7:53 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Automated response per domain > You could possibly > look at BCCing > all mail to an auto reponder address, which is easy to do in Postfix > (Don't know about any other MTA). > > Drew Ahhh yes, this seems a much better way of doing it. We have GFI Mail Essentials on the Exchange box which can do Auto Replies, but it cant do a whole domain, so we would have to add all of our users (over 300) to it. BCC to a single Auto Reply address though.. that could work! Thanks for your help. *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** ************** www.versacold.com ************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 3 23:15:05 2006 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:37 2006 Subject: Automated response per domain Message-ID: On 3 Jan 2006, at 22:06, Jeff Mills wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Drew Marshall >> Sent: Tuesday, 3 January 2006 7:53 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Automated response per domain >> > You could possibly >> look at BCCing >> all mail to an auto reponder address, which is easy to do in Postfix >> (Don't know about any other MTA). >> >> Drew > > Ahhh yes, this seems a much better way of doing it. > We have GFI Mail Essentials on the Exchange box which can do Auto > Replies, but it cant do a whole domain, so we would have to add all > of our users (over 300) to it. BCC to a single Auto Reply address > though.. that could work! Excellent! Sounds like a plan. > Thanks for your help. A pleasure! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Wed Jan 4 08:04:00 2006 From: Jan-Peter.Koopmann at SECEIDOS.DE (Koopmann, Jan-Peter) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Monday, January 02, 2006 9:59 PM Julian Field wrote: > Ah! Missed that. Ended up doing it by hand which was pretty > time-consuming. So you don't read my documentation? Shame on you! :-) >> Need to install Mail::SPF::Query >> >> Install the following: >> make install name=clamav >> make install name=p5-Mail-ClamAV >> make install name=p5-DBI >> make install name=p5-Net-Ident Damn. Missed that somehow. p5-Mail-ClamAV is quite old (need to tackle that sometime during the next days). What is p5-DBI used for? I will definately add p5-Net-Ident to the port if it is needed. The port is supposed to install everything absolutly necessary for MailScanner to work automatically, esp. all perl modules. Guys please let me know directly (best via personal e-mail) if you have any wishes for the FreeBSD port. Kind regards Jan-Peter Koopmann Dipl.-Wirtschaftsinformatiker Geschftsfhrer -- Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 http://www.seceidos.de | SIP: 43@voip.seceidos.de ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jan 4 08:13:21 2006 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hard to imagine going past centos for mailscanner Alex Neuman van der Hans wrote: > Ryan Pitt wrote: > >> Hi Everyone, >> Happy New Year! >> We are in the process of upgrading our mail server and are just not >> sure which OS to go with. >> We are currently running with Fedora but they seem to upgrade way to >> often for a production server. >> Any feedback here would be greatly appreciated. >> Thanks >> Ryan Pitt >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > How about CentOS? I use it a lot, works like a charm. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Jan 4 08:15:01 2006 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > The only downside being a small delay in security updates, which are > launched only after redhat has released the updated srpms (obviously). Isnt this normally within 24hours of security update release from Red Hat for RHEL? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Wed Jan 4 12:36:22 2006 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:31:37 2006 Subject: OT: Use of MailScanner code for extracting attachments Message-ID: Hi Julian Happy New Year to you, and thanks once more for your most appreciated work. We here in Zimbabwe are still offering FidoNet protocols to around 2500 of our users. Our Fido server delivers files in binary form to our users separately from the actual messages. We currently use a Perl script to handle attachments, and it in turn calls metamail for the actual MIME decoding. This is not very elegant or reliable, and I am looking for a better way of decoding attachments - such as that used by MailScanner. It is a shame to see all the work that MailScanner does to decode messages only for us to then have to go through that process all over again before we can deliver the attachments to our Fido users. Sadly I am not a Perl expert - just a hacker who can develop scripts at a far lower level of complexity - so I find your code beyond my understanding. However if you were able to simply point me in the right direction - eg which packages are needed, where is the point of entry where a message is passed to those packages, and any other brief suggestions - I should be able to take it from there with a little help from another Perl enthusiast here. Any help would be most appreciated. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 13:12:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: OT: Use of MailScanner code for extracting attachments Message-ID: -----BEGIN PGP SIGNED MESSAGE----- There is a function "Explode" which does all the attachment extraction. You should be able to do what you want with a Custom Function attached to the "Always Looked Up Last" configuration option. See /usr/lib/MailScanner/MailScanner/CustomConfig.pm and the contents of the CustomFunctions directory (in the same place). You will have attachments expanded out in the /var/spool/MailScanner/ incoming/// directory. On 4 Jan 2006, at 12:36, Jim Holland wrote: > Hi Julian > > Happy New Year to you, and thanks once more for your most > appreciated work. > > We here in Zimbabwe are still offering FidoNet protocols to around > 2500 of > our users. Our Fido server delivers files in binary form to our users > separately from the actual messages. We currently use a Perl > script to > handle attachments, and it in turn calls metamail for the actual MIME > decoding. This is not very elegant or reliable, and I am looking > for a > better way of decoding attachments - such as that used by MailScanner. > It is a shame to see all the work that MailScanner does to decode > messages > only for us to then have to go through that process all over again > before > we can deliver the attachments to our Fido users. > > Sadly I am not a Perl expert - just a hacker who can develop > scripts at a > far lower level of complexity - so I find your code beyond my > understanding. However if you were able to simply point me in the > right > direction - eg which packages are needed, where is the point of entry > where a message is passed to those packages, and any other brief > suggestions - I should be able to take it from there with a little > help > from another Perl enthusiast here. > > Any help would be most appreciated. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7vJq/w32o+k+q+hAQE8Zwf/d5ZKPSSBNOlAPvus/MW2xgLlr6NzVVRZ lFL51vEnZjrpWaT/Xsfh5t30vF6nqWL8k4w+5MA9amlq7qxBHtOrmK8rN0uvMmHX P84mmzPVndNUS1IZ1w9OPgJuJXt5jkB5F0QJ0ecMV5RvQ7HUzGOhmjOew7s+r+Ip T2XZjTI5DuSJxU8N7892X/3mnretjKTkYfsCXAGYmelp7nfsL+O6bGyX61V58vlZ 7a3hczTXGAKCPcqAPkHb+MDiKyTRbHnjDNlezKU+SrCRuyyMkiIkuk8FEiET1zht cXNqQV9Xu4bP/mrY0EuHH7Dw3qnGbJGESaVAotaemgDp2XVHbfzHLQ== =4AfB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed Jan 4 14:45:22 2006 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:37 2006 Subject: I've seen the future and it is good Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just looking over the Change Log for 4.49.7-1 and this is the first line: 2/1/2006 New in Version 4.50.3-1 - Speed increased by nearly a factor of 2! Julian can you also tell me next weeks Lotto numbers :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Jan 4 15:09:10 2006 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:37 2006 Subject: OT: Happy New Year! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 02/01/06, Doc Schneider wrote: > Glenn Steen wrote: > > On 31/12/05, Drew Marshall wrote: > >> On 30 Dec 2005, at 20:29, Glenn Steen wrote: > >> > >>> ... to all of you who recognize december 31 as the final day of the > >>> "old" year... Well, I'm a bit early, but in the timetested traditional > >>> swedish way... I'm headed straight into the usual alcohol-induced > >>> mists... Will probably not be able to email anything before sometime > >>> in january:-) > >>> > >>> Also would like to extend a special thanks to Jules and Steve > >>> (Freegard). Keep up the fantastic work another year guys! > >>> > >>> Anyway, have a good one! > >>> Cheers > >> Have a good one yourself Glenn and to everyone else out there in > >> 'MailScanner land' :-) > >> > >> May 2006 bring spam and infection free inboxes (But not so clear that > >> Jules' commercial adventure doesn't achieve the success it deserves) > >> > >> Drew > >> > > > > Well, the year could've ended in a more .... fortuitous way for me.... > > Spent three hours at the ER getting my leg into a cast... Sigh. Grown > > men should know better than to borrow the kids bobsleigh (Amazingly > > enough, not a whole lot of alcohol had been ingested beforehand:-):-). > > Oh well. Hope you all fared better;). > > > > -- > > Glenn, > > Just be glad it was only your leg... my wife has a friend who did > something almost exactly like this and is now in a wheelchair--she broke > her neck! (This happened a few years ago and no alcohol was involved) > > Hope the rest of this year goes well for the rest of the list folks. > > (Now to download the latest and greatest and see about getting my > MailScanner upgraded. > > -- > -Doc > Lincoln, NE. You are of course right Doc. I'll be an invalid for the next 6 weeks, but there are a lot of people like your wifes friend who end up hurt for life. About a decade ago the best Swedish slalom/downhill skier at the time, Thomas Fogd, decided he didn't have to tighten things up going the short way from the lift to the pist... I understand there was a general fooling around, and he happened to take an "easy" fall that turned out to be really bad. A disc slipped in his back and tore the vertebrea(sp?), so he's in a wheelchair for life. Thing is, I knew this but never thought anything like that could happen to me. Now I know better. Oh well.... Back to getting this blasted VPN thingie working so that I don't have to be on sickleave the entire time ... I too would like to get the latest MS onto my MXs, and I don't trust that to my collegues:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Jan 4 14:59:15 2006 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:37 2006 Subject: I've seen the future and it is good Message-ID: Judging from the New Year's Office party pictures, this prediction may be due to too much booze and people dancing in funny hats. But lets hope not, 4.49.7 was a significant speedup over prior versions. Whoo Hooo! Jeff Earickson Colby College On Wed, 4 Jan 2006, Ed Bruce wrote: > Date: Wed, 4 Jan 2006 09:45:22 -0500 > From: Ed Bruce > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: I've seen the future and it is good > > Just looking over the Change Log for 4.49.7-1 and this is the first line: > > 2/1/2006 New in Version 4.50.3-1 > - Speed increased by nearly a factor of 2! > > Julian can you also tell me next weeks Lotto numbers :) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 10:42:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: Mailscanner on Freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- 4.50 will need DBI and DBD-SQLite. SpamAssassin needs DBI as well., that's probably why I put it in the list. On 4 Jan 2006, at 08:04, Koopmann, Jan-Peter wrote: > On Monday, January 02, 2006 9:59 PM Julian Field wrote: > >> Ah! Missed that. Ended up doing it by hand which was pretty >> time-consuming. > > So you don't read my documentation? Shame on you! :-) > >>> Need to install Mail::SPF::Query >>> >>> Install the following: >>> make install name=clamav >>> make install name=p5-Mail-ClamAV >>> make install name=p5-DBI >>> make install name=p5-Net-Ident > > Damn. Missed that somehow. p5-Mail-ClamAV is quite old (need to > tackle that sometime during the next days). What is p5-DBI used > for? I will definately add p5-Net-Ident to the port if it is > needed. The port is supposed to install everything absolutly > necessary for MailScanner to work automatically, esp. all perl > modules. > > Guys please let me know directly (best via personal e-mail) if you > have any wishes for the FreeBSD port. > > > > Kind regards > > Jan-Peter Koopmann > Dipl.-Wirtschaftsinformatiker > Geschftsfhrer > > -- > Seceidos GmbH&Co. KG | Tel: +49 6151 66843-43 > Robert-Bosch-Str. 7 | Fax: +49 6151 66843-52 > 64293 Darmstadt / Germany | IAX: guest@voip.seceidos.de/43 > http://www.seceidos.de | SIP: 43@voip.seceidos.de > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7umjPw32o+k+q+hAQHQwQf/apyD35SxEKgAuamDetLNXbsCCp5L+BfX b5qxoxV8OiBtnC1M/VBEEAopf58GA9+16mmvPG+15NjbqxRdvrROnCV4na846SVb 0bNLegg1n+D66Asolfa4hKapSzxYK+oNr04VeEC/y8Z0u57tlrmR6tBFNzoIG6x+ Za467MhVeT2KwbQ+KEE+O+AlgIIRKT1at8tbZjm2AdmjYetzC4rsRQ9c7k8iQTa9 PV6Dcb/ONJ1Rx0ibNhjPuyD8rYNQjjG3VqR3PYHhL51ABrQGTsuHQSg+BLZiTXJw 2f1fsfsVsxl4Dx7dCBnllSZBCPANRgN0+Cw0n6hRYIOGD6BQR6s6gg== =DjxE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fajarep at SIMPLIMOBILE.COM Wed Jan 4 09:53:28 2006 From: fajarep at SIMPLIMOBILE.COM (Fajar) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm using Ubuntu Linux with MailScanner from source, others using mix Ubuntu Breezy & Dapper. Running fine here :D Fajar ----- Original Message ----- From: "Ryan Pitt" To: Sent: Tuesday, January 03, 2006 11:05 PM Subject: Mail Server OS Choices > Hi Everyone, > Happy New Year! > We are in the process of upgrading our mail server and are just not sure > which OS to go with. > We are currently running with Fedora but they seem to upgrade way to > often for a production server. > Any feedback here would be greatly appreciated. > Thanks > Ryan Pitt > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Jan 4 15:36:40 2006 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:37 2006 Subject: Mail Server OS Choices Message-ID: [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 03/01/06, Pentland G. wrote: > >> Happy New Year! > > And the same to you... CC > >> We are in the process of upgrading our mail server and are just not > >> sure which OS to go with. We are currently running with Fedora but > >> they seem to upgrade way to often for a production server. > >> Any feedback here would be greatly appreciated. > > We are currently sendmail 8.13.x on Redhat Enterprise Linux 4 (AS) on > our production kit but... Mandriva/Postfix here:-) > > As with most things, THE single most important thing to consider is what > do YOU know how to use. I may suggest any one of a dozen platforms for > various reasons but if your sysadmin only knows how to use IRIX or > something then use that! > > The same goes for MTA as well. I will always go for sendmail but that > is because I know it and trust it! > > thats my 2c anyway... > > Gary > I'll happily add my .02^ to Gary's! The choice of OS/distribution is often "over-dramatized", looking at more or less irrelevant details... Any OS/distro can pretty much do anything any other OS/distro can, provided you have a knowledgeable sysadmin AND some time. Lacking either (it's usually time that is wanting...:-) one absolutely HAS to go with what one already knows, or as close a facsimile as possible. This probably means you should either go with one of the RH clones (like CentOS) or buy it, depending on what level of support you/your PHB "needs". -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Jan 4 16:36:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:37 2006 Subject: I've seen the future and it is good Message-ID: -----BEGIN PGP SIGNED MESSAGE----- From tests I have done, the speedup you see over 4.49 is dependent on the amount and type of spam/viruses you get. I am seeing only about 20% improvement in my tests, but another tester has seen nearly a doubling in speed. But we get less spam than a lot of sites. Once the code is stable I will release a beta for you to try. My charge for providing future Lotto numbers is more expensive than you could afford :-) On 4 Jan 2006, at 14:45, Ed Bruce wrote: > Just looking over the Change Log for 4.49.7-1 and this is the first > line: > > 2/1/2006 New in Version 4.50.3-1 > - Speed increased by nearly a factor of 2! > > Julian can you also tell me next weeks Lotto numbers :) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7v5q/w32o+k+q+hAQFt+Qf/YV5Gs5PvmaPYE9c4bSMj0y3gBDfEPcus 8qKCBLo3Ou/EocUDkooZ/pF2oDutLT2Qby4qo3aj0pbwoeODXyuMlMiKGF450t40 lxQ9JpsTHhAOVaW9OWQ7RML4hi5OMt5TN4ZsEyAqhZiFGW6nl+4QYQpQZPCf+1BZ oJlJbUTt1/bZUnbFqFDdSCXduTIpvyNyuzBadugaiMJ4EmhHRWvdKY3tTPJx9PIq BSa0v3+gTwP1iUNSaPAXdBF/srP4kwzoy+Yo8/7V7InyUtlSNaJ9DNEgS1a5vmzg yG5sYekRwVn+NZa7ddreNpTx5LznzQe8xrH6mZzgks3NWa8JhQexkA== =Q94m -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Wed Jan 4 16:33:05 2006 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:31:37 2006 Subject: upgrade_languages_conf broken and updating languages questions? Message-ID: Hi On Mon, 2 Jan 2006, Remco Barendse wrote: > Date: Mon, 2 Jan 2006 04:46:11 +0100 > From: Remco Barendse > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: upgrade_languages_conf broken and updating languages questions? > Also if somebody knows of a way to do some sort of grepping and deleting > the 'MS thanks transtec' etc. lines from the various reports through a > script that would be really neat :) This Perl one-liner should do the trick from the command line in the reports directory: perl -pi -e 's/MailScanner thanks transtec Computers for their support//' *.txt (See "man perlrun" for explanation of switches) I am not sure that Julian would approve of the change, however, if transtec are sponsoring the MailScanner development. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabellino at DI.UNITO.IT Wed Jan 4 09:03:40 2006 From: rabellino at DI.UNITO.IT (Rabellino Sergio) Date: Thu Jan 12 21:31:37 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: Jeff A. Earickson wrote: > On Tue, 3 Jan 2006, mbneto wrote: > >> Hi, >> >> I was wondering if anyone has a benchmark of "how much faster" this >> new version is with sendmail and exim. > > We've sendmail 8.13.3, with mcafee/clamav/sa ona Solaris 9 /4-cpu/ Sun-Fire-V440. I changed only the release of MS, without changing any configuration parameter; the cpu load average has changed from 2.5/3 to 1.2/1.6. It seems to be really faster than previous MS. Thanks again and again. -- Dott. Mag. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Wed Jan 4 16:36:25 2006 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:31:37 2006 Subject: OT: Use of MailScanner code for extracting attachments Message-ID: Hi Julian Thanks very much for the tips. (Now I will go away and poke around in the code for a few weeks . . .) Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service On Wed, 4 Jan 2006, Julian Field wrote: > Date: Wed, 4 Jan 2006 13:12:09 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: OT: Use of MailScanner code for extracting attachments > > -----BEGIN PGP SIGNED MESSAGE----- > > There is a function "Explode" which does all the attachment > extraction. You should be able to do what you want with a Custom > Function attached to the "Always Looked Up Last" configuration > option. See /usr/lib/MailScanner/MailScanner/CustomConfig.pm and the > contents of the CustomFunctions directory (in the same place). > You will have attachments expanded out in the /var/spool/MailScanner/ > incoming/// directory. > > On 4 Jan 2006, at 12:36, Jim Holland wrote: > > > Hi Julian > > > > Happy New Year to you, and thanks once more for your most > > appreciated work. > > > > We here in Zimbabwe are still offering FidoNet protocols to around > > 2500 of > > our users. Our Fido server delivers files in binary form to our users > > separately from the actual messages. We currently use a Perl > > script to > > handle attachments, and it in turn calls metamail for the actual MIME > > decoding. This is not very elegant or reliable, and I am looking > > for a > > better way of decoding attachments - such as that used by MailScanner. > > It is a shame to see all the work that MailScanner does to decode > > messages > > only for us to then have to go through that process all over again > > before > > we can deliver the attachments to our Fido users. > > > > Sadly I am not a Perl expert - just a hacker who can develop > > scripts at a > > far lower level of complexity - so I find your code beyond my > > understanding. However if you were able to simply point me in the > > right > > direction - eg which packages are needed, where is the point of entry > > where a message is passed to those packages, and any other brief > > suggestions - I should be able to take it from there with a little > > help > > from another Perl enthusiast here. > > > > Any help would be most appreciated. > > > > Regards > > > > Jim Holland > > System Administrator > > MANGO - Zimbabwe's non-profit e-mail service > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.3 (Build 2932) > > iQEVAwUBQ7vJq/w32o+k+q+hAQE8Zwf/d5ZKPSSBNOlAPvus/MW2xgLlr6NzVVRZ > lFL51vEnZjrpWaT/Xsfh5t30vF6nqWL8k4w+5MA9amlq7qxBHtOrmK8rN0uvMmHX > P84mmzPVndNUS1IZ1w9OPgJuJXt5jkB5F0QJ0ecMV5RvQ7HUzGOhmjOew7s+r+Ip > T2XZjTI5DuSJxU8N7892X/3mnretjKTkYfsCXAGYmelp7nfsL+O6bGyX61V58vlZ > 7a3hczTXGAKCPcqAPkHb+MDiKyTRbHnjDNlezKU+SrCRuyyMkiIkuk8FEiET1zht > cXNqQV9Xu4bP/mrY0EuHH7Dw3qnGbJGESaVAotaemgDp2XVHbfzHLQ== > =4AfB > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craigwhite at AZAPPLE.COM Wed Jan 4 16:57:05 2006 From: craigwhite at AZAPPLE.COM (Craig White) Date: Thu Jan 12 21:31:38 2006 Subject: I've seen the future and it is good Message-ID: On Wed, 2006-01-04 at 16:36 +0000, Julian Field wrote: > My charge for providing future Lotto numbers is more expensive than > you could afford :-) > ---- fortune cookie makers everywhere would likely get cease and desist orders against you anyway since that is clearly their turf. Craig ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 17:13:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Speed tests of 4.48-4.49-4.50 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have done some speed tests on a batch of mail on 2 different servers. 1 server is Opteron-based, the other Xeon-based. I was not using a DNS server on the MailScanner itself, but our main department one which should manage to cache a lot of it. Conclusion is that 4.49 is 11% faster than 4.48 (which sounds very suspicious to me, other people have reported much better than that). 4.50 is 15% or so faster than 4.49, which corresponds almost exactly with the cache hit rate. The more spammers you have who send the exact same message many times, and the number of virus-laden messages you are seeing, the higher your speedup will be. It would be great if another few people could do quantitative tests on 4.49 versus 4.48 as I don't believe the figures I have got. Here are the gory details. Many of the tests were run twice to try to counteract the effects of not having many of the DNS responses cached by BIND on the DNS server I'm using. 9001 messages taken from one MX server on 2006-01-03 Dual 2.2GHz Opteron, 4GB RAM, 70GB disk 15,000rpm SCSI 4.48 (4.50 with cache off and old forking code) 20:47:00 - 21:18:45 = 31:45 = 31*60+45 = 1905 408 K messages/day 4.49 (4.50 with cache off) 19:02:30 - 19:41:41 = 39:11 = 39*60+11 = 2351 331 K messages/day 331/408*100 < 100% XXX 2nd Run 21:22:43 - 21:51:52 = 29:09 = 29*60+09 = 1749 445 K messages/day 445/408*100 = 9% faster than 4.48 4.50 (4.50 with cache on) 19:48:36 - 20:13:37 = 25:01 = 25*60+1 = 1501 518 K messages/day 17% cache hit rate 518/331*100 = 56% faster than 4.49 2nd run 21:57:41 - 22:23:00 = 25:19 = 25*60+19 = 1519 512 K messages/day 512/445*100 = 15% faster than 4.49-2 4.49 run was done first, suspect 156% due to DNS caching ======================================================== Dual 2.4GHz Xeon, 2GB RAM, 36GB disk 10,000rpm SCSI 4.48 (4.50 with cache off and old forking code) 12:53:30 - 13:48:07 = 54:37 = 54*60+37 = 3277 237 K messages/day 2nd run 16:06:14 - 17:00:44 = 54:30 = 54*60+30 = 3270 238 K messages/day 4.49 (4.50 with cache off) 10:30:09 - 11:29:11 = 59:02 = 59*60+2 = 3542 220 K messages/day Ignore run 1 2nd run 13:54:22 - 14:43:29 = 49:07 = 49*60+7 = 2947 264 K messages/day 4.49 11% faster than 4.48 15:10:40 - 15:58:48 = 48:08 = 48*60+8 = 2888 270 K messages/day 4.49 13% faster than 4.48 4.50 (4.50 with cache on) 12:01:20 - 12:43:04 = 41:44 = 41*60+44 = 2504 311 K messages/day 4.50 18% faster than 4.49 2nd run 14:53:35 - 15:07:54 = 14:19 = 14*60+19 = 859 905 K messages/day This must be due to DNS caching, it is so much higher - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7wCJfw32o+k+q+hAQEY8gf/Y93WOXv08nIEO9YLTiMEfL6u7iNLnEzM P2/sJlhdRkJfc8JhKKgiclO3/97N6MUQyMhqflfAesS2KQ2dANJNY/VqRFXimGYk /JbBwRA9tnyO2AGVyFRFFIGpQ05ZD/wW+awbUF69E0ywBRxnrhmTvlOHwxKDD52E WPdr2Jq88Ebz1lSwmh2TF6wIwpeGt+khkpoK5Z3134MOMa6Eglr8QfsIuKnrmOPN pXPNbZoPvC045X2X5PwUDHjqFGO0S3/aHQ9v2gtqVATEqVhg9z2PKaiCUMZ4cfpP 0y+AvpkGZbgePDwOorOGWcRz2BSDROEu0I3IVBmQiXL1pJsR5Apejw== =remZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Wed Jan 4 17:36:39 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:38 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/4/06, Rabellino Sergio wrote: We've sendmail 8.13.3, with mcafee/clamav/sa ona Solaris 9 /4-cpu/ Sun-Fire-V440. I changed only the release of MS, without changing any configuration parameter; the cpu load average has changed from 2.5/3 to 1.2/1.6. It seems to be really faster than previous MS. Have you looked at the delay times in the logs from Sendmail? Do you see a similar decrease there? -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Wed Jan 4 17:18:47 2006 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: upgrade_languages_conf broken and updating languages questions? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 4 Jan 2006, at 16:33, Jim Holland wrote: > On Mon, 2 Jan 2006, Remco Barendse wrote: >> Date: Mon, 2 Jan 2006 04:46:11 +0100 >> From: Remco Barendse >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: upgrade_languages_conf broken and updating languages >> questions? > >> Also if somebody knows of a way to do some sort of grepping and >> deleting >> the 'MS thanks transtec' etc. lines from the various reports >> through a >> script that would be really neat :) > > This Perl one-liner should do the trick from the command line in the > reports directory: > > perl -pi -e 's/MailScanner thanks transtec Computers for their > support//' *.txt > > (See "man perlrun" for explanation of switches) > > I am not sure that Julian would approve of the change, however, if > transtec are sponsoring the MailScanner development. I don't mind you doing this. I have left it in there as they did give me a dual 2.4GHz Xeon with 2Gb RAM and a 10,000rpm disk, when they were the best thing you could get. But they haven't contributed since then. I'm going to leave it in there for another year or so, but they haven't bought that slot forever. Anyone else interesting in buying that advertising space is welcome to contact me. It doesn't come cheap! But as I now switch the inline signature on by default, it does get you quite a lot of advertising for your money. Jules. - -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7wDevw32o+k+q+hAQHqqQf+Oi3ue4OMwfMDr3PAu7tF48FEQL2A/PFf ME4ziit1f3BmWzt1rK4h+8/6wAzPfiDBfa+6IARyT6keLaAQhtnzl/Piy1u1zlrH rvBRbc5Mmsnc1strrU1WY5DgGLjkyL6XEG6HaNI63pWHTymejMiGT2KQhPZFchx4 WiYWvTTBMIXbmA3E30MmMTAt1e68TSRjAF8uk7IUnHqiLFx2aHtunptB17yfQhmV KbLSQFHKz3c/Jqxo02MnusCI+SFwSdBmmtFFVnTAgNwtcsDeuVFjlDj5iFitCUDm lkpWFCuNuAHBVfPLnRHdpx09TkWkpRUJMwuR4u0FMd8lLBghDDEA8w== =h7GX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Boyd at USIT.IE Wed Jan 4 17:10:02 2006 From: Chris.Boyd at USIT.IE (Chris Boyd) Date: Thu Jan 12 21:31:38 2006 Subject: Infected mails from mydomain Message-ID: Am i getting these messages sent to my admin alias (ie admin@mydomain.ie) because someone is spoofing my email address and sending out infected attachments? Here's the header: TIA Return-path: Received: from smtp.mydomain.ie ([10.133.1.49]) by 10.133.1.50; Thu, 22 Dec 2005 13:11:18 +0000 Received: from exchange2.comsys.gr (exchange2.comsys.gr [194.219.54.100]) by smtp.mydomain.ie (Postfix) with SMTP id DA2ABA3B1B for ; Thu, 22 Dec 2005 13:14:00 +0000 (GMT) Subject: {Spam?} Virus Found in message "Mail_delivery_failed" MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C606F9.9D62A1EF" Date: Thu, 22 Dec 2005 15:14:18 +0200 Message-ID: <4096695D89BC47478DEB397E37BC43B8010ED9@exchange2.comsys.gr> Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 X-MS-Has-Attach: X-MS-TNEF-Correlator: <4096695D89BC47478DEB397E37BC43B8010ED9@exchange2.comsys.gr> Thread-Topic: Virus Found in message "Mail_delivery_failed" Thread-Index: AcYG+Z1isZIWGUALQdyv5DhTa2cEPg== From: =?iso-8859-7?B?w/Hh7Ozh9OXf4Q==?= To: X-USIT-MailScanner-OpenProtect-Information: Please contact the ISP for more information X-USIT-MailScanner-OpenProtect: Found to be clean X-USIT-MailScanner-OpenProtect-MCPCheck: X-USIT-MailScanner-OpenProtect-SpamCheck: spam, SpamAssassin (score=15.601, required 3, ALL_TRUSTED -3.30, BAYES_00 -2.60, VIRUS_WARNING188 1.50, VIRUS_WARNING59 20.00) X-USIT-MailScanner-OpenProtect-SpamScore: 15 X-USIT-MailScanner-OpenProtect-From: grammateia@comsys.gr This is a multi-part message in MIME format. ------_=_NextPart_001_01C606F9.9D62A1EF Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Symantec AntiVirus found a virus in an attachment you (Admin@mydomain.ie ) sent to priv-mail@comsys.gr. To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment. Attachment: mail.zip Virus name: W32.Sober.X@mm!zip Action taken: Quarantine succeeded : File status: Infected ------_=_NextPart_001_01C606F9.9D62A1EF Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 ----------------------------------------------------------------- This email message is intended only for the addressee(s) and contains information that may be confidential and/or copyrighted. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email by anyone other than the intended recipient(s) is strictly prohibited. USIT has scanned this email for viruses and dangerous content and believes it to be clean. However, virus scanning is ultimately the responsibility of the recipient. ----------------------------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Jan 4 18:11:58 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:38 2006 Subject: Infected mails from mydomain Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Boyd wrote: > Am i getting these messages sent to my admin alias (ie admin@mydomain.ie) because someone is spoofing my email address and sending out infected attachments? > Given that Symantec found a Sober variant virus in it, I'd say with 99.9999% certainty that forgery is the case. Sober tries hard to always forge the return-path and From: headers. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MANGO.ZW Wed Jan 4 18:55:44 2006 From: mailscanner at MANGO.ZW (Jim Holland) Date: Thu Jan 12 21:31:38 2006 Subject: Infected mails from mydomain Message-ID: Hi On Wed, 4 Jan 2006, Matt Kettler wrote: > Date: Wed, 4 Jan 2006 13:11:58 -0500 > From: Matt Kettler > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Infected mails from mydomain > > Chris Boyd wrote: > > Am i getting these messages sent to my admin alias (ie admin@mydomain.ie) because someone is spoofing my email address and sending out infected attachments? > Given that Symantec found a Sober variant virus in it, I'd say with 99.9999% > certainty that forgery is the case. Sober tries hard to always forge the > return-path and From: headers. While that is true, I would put the explanation the other way around: Chris Boyd is receiving these notices because Symantec stupidly bounces known viruses back to the spoofed sender address. Whenever I get one of these bounces I send back a polite but firm response to the system sending it pointing out the unacceptability of this annoying behaviour (and suggesting that they switch to MailScanner of course). Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Jan 4 18:59:47 2006 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:38 2006 Subject: Infected mails from mydomain Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris Boyd spake the following on 1/4/2006 9:10 AM: > Am i getting these messages sent to my admin alias (ie admin@mydomain.ie) because someone is spoofing my email address and sending out infected attachments? > > Here's the header: > > TIA This is why everyone here is soo adamant about NOT bouncing virus notices! The notices never actually go to the virus infected sender (with a very few exceptions). -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 19:06:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Infected mails from mydomain Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jim Holland wrote: >Hi > >On Wed, 4 Jan 2006, Matt Kettler wrote: > > > >>Date: Wed, 4 Jan 2006 13:11:58 -0500 >>From: Matt Kettler >>Reply-To: MailScanner mailing list >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Infected mails from mydomain >> >>Chris Boyd wrote: >> >> >>>Am i getting these messages sent to my admin alias (ie admin@mydomain.ie) because someone is spoofing my email address and sending out infected attachments? >>> >>> > > > >>Given that Symantec found a Sober variant virus in it, I'd say with 99.9999% >>certainty that forgery is the case. Sober tries hard to always forge the >>return-path and From: headers. >> >> > >While that is true, I would put the explanation the other way around: >Chris Boyd is receiving these notices because Symantec stupidly bounces >known viruses back to the spoofed sender address. Whenever I get one of >these bounces I send back a polite but firm response to the system sending >it pointing out the unacceptability of this annoying behaviour (and >suggesting that they switch to MailScanner of course). > > Surely they have changed the default to not do this any more, haven't they? This is grossly irresponsible, and I am very surprised they haven't been sued by someone for causing a DoS attack resulting from the inevitable Joe-jobs. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstevens at ATHENSDISTRIBUTING.COM Wed Jan 4 20:45:15 2006 From: jstevens at ATHENSDISTRIBUTING.COM (James R. Stevens) Date: Thu Jan 12 21:31:38 2006 Subject: .wmf vulnerability Message-ID: Sorry if this has been answered. I'm curious if there is a test file posted somewhere allowing me to test my configuration for wmf exploit attachments. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Sent: Thursday, December 29, 2005 1:29 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: .wmf vulnerability On 12/29/05, Ken A wrote: > Any suggestions for blocking the latest unpatched remote hole in windows? I just added wmf also. But will that only catch attachments? What about links in the message body? Anyone know if the virus scanners scan embedded images as well? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 21:21:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We have implemented some more speedups since version 4.49, which was already faster than 4.48. It depends on the nature of the spam you get, and the quantity of viruses that you get. The more dumb spam, and viruses, that you get, the faster it will go. Note that 1) you must use ./install.sh to install it as there are 2 more Perl modules required by (and provided with) this version, and 2) you must run upgrade_MailScanner_conf to add new configuration settings to your MailScanner.conf file. I would be very interested to hear what speedups you see from this new faster version. Download as usual from www.mailscanner.info. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Wed Jan 4 21:31:46 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > We have implemented some more speedups since version 4.49, which was > already faster than 4.48. It depends on the nature of the spam you get, > and the quantity of viruses that you get. > > The more dumb spam, and viruses, that you get, the faster it will go. Any way to get the faster speed without getting more dumb spam? heh heh.. I'm putting a new box online today, so I'll give it a go! Thanks, Ken A Pacific.Net > Note that > 1) you must use ./install.sh to install it as there are 2 more Perl > modules required by (and provided with) this version, and > 2) you must run upgrade_MailScanner_conf to add new configuration > settings to your MailScanner.conf file. > > I would be very interested to hear what speedups you see from this new > faster version. > > Download as usual from www.mailscanner.info. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 4 21:37:27 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi Julian, > We have implemented some more speedups since version 4.49, which was already > faster than 4.48. It depends on the nature of the spam you get, and the > quantity of viruses that you get. > > The more dumb spam, and viruses, that you get, the faster it will go. > > Note that > 1) you must use ./install.sh to install it as there are 2 more Perl modules > required by (and provided with) this version, and > 2) you must run upgrade_MailScanner_conf to add new configuration settings to > your MailScanner.conf file. > > I would be very interested to hear what speedups you see from this new faster > version. # The SpamAssassin cache uses a database file which needs to be writable # by the MailScanner "Run As User". This file will be created and setup for # you automatically when MailScanner is started. SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Can you tell a littme more about this? What is stored, will the database be auto pruned? Or does it grow till my disk fills :) I am really interested in this since we use rcpts splitting, on what base you say its a identical message? Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jan 4 22:02:26 2006 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > We have implemented some more speedups since version 4.49, which was > already faster than 4.48. It depends on the nature of the spam you get, > and the quantity of viruses that you get. > > The more dumb spam, and viruses, that you get, the faster it will go. How do you define "dumb spam" ? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 21:43:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] One thing worth mentioning: if you use rcpt splitting (one message per recipient) then you should see a massive speed improvement with this version. Raymond --- this may help you! Julian Field wrote: > We have implemented some more speedups since version 4.49, which was > already faster than 4.48. It depends on the nature of the spam you > get, and the quantity of viruses that you get. > > The more dumb spam, and viruses, that you get, the faster it will go. > > Note that > 1) you must use ./install.sh to install it as there are 2 more Perl > modules required by (and provided with) this version, and > 2) you must run upgrade_MailScanner_conf to add new configuration > settings to your MailScanner.conf file. > > I would be very interested to hear what speedups you see from this new > faster version. > > Download as usual from www.mailscanner.info. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 4 21:58:06 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi Jules, > One thing worth mentioning: if you use rcpt splitting (one message per > recipient) then you should see a massive speed improvement with this version. > > Raymond --- this may help you! Yes, i am sure! :) Only need to get Sqlite going now. CPAN.pm: Going to build M/MS/MSERGEANT/DBD-SQLite-1.11.tar.gz Checking installed SQLite version... SQLite version must be at least 3.1.3. No header file at that version or higher was found. Using the local version instead. Checking if your kit is complete... Looks good Using DBI 1.37 installed in /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI Writing Makefile for DBD::SQLite cp lib/DBD/SQLite.pm blib/lib/DBD/SQLite.pm /usr/bin/perl -p -e "s/~DRIVER~/SQLite/g" < /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI/Driver.xst > SQLite.xsi /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.3/ExtUtils/typemap SQLite.xs > SQLite.xsc && mv SQLite.xsc SQLite.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id SQLite.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id alter.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id analyze.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id attach.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id auth.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id btree.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id build.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id callback.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id date.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id dbdimp.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id delete.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id experimental.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id expr.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id func.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id hash.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id insert.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id legacy.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id main.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id opcodes.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id os_test.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id os_unix.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id os_win.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id pager.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id parse.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id pragma.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id prepare.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id printf.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id random.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id select.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id table.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id tokenize.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id trigger.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id update.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id utf.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id util.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vacuum.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbe.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbeapi.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbeaux.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbefifo.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbemem.c gcc -c -I. -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" -DXS_VERSION=\"1.11\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id where.c Running Mkbootstrap for DBD::SQLite () chmod 644 SQLite.bs rm -f blib/arch/auto/DBD/SQLite/SQLite.so LD_RUN_PATH="" gcc -shared -L/usr/local/lib SQLite.o alter.o analyze.o attach.o auth.o btree.o build.o callback.o date.o dbdimp.o delete.o experimental.o expr.o func.o hash.o insert.o legacy.o main.o opcodes.o os_test.o os_unix.o os_win.o pager.o parse.o pragma.o prepare.o printf.o random.o select.o table.o tokenize.o trigger.o update.o utf.o util.o vacuum.o vdbe.o vdbeapi.o vdbeaux.o vdbefifo.o vdbemem.o where.o -o blib/arch/auto/DBD/SQLite/SQLite.so chmod 755 blib/arch/auto/DBD/SQLite/SQLite.so cp SQLite.bs blib/arch/auto/DBD/SQLite/SQLite.bs chmod 644 blib/arch/auto/DBD/SQLite/SQLite.bs Manifying blib/man3/DBD::SQLite.3pm /usr/bin/make -- OK Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/00basic...............ok t/01logon...............ok t/02cr_table............ok t/03insert..............ok 2/10Can't locate object method "last_insert_id" via package "DBI::db" at t/03insert.t line 13. t/03insert..............dubious Test returned status 2 (wstat 512, 0x200) Scalar found where operator expected at (eval 153) line 1, near "'int' $__val" (Missing operator before $__val?) DIED. FAILED tests 6-10 Failed 5/10 tests, 50.00% okay t/04select..............ok t/05tran................ok t/06error...............ok t/08create_function.....ok t/09create_aggregate....ok t/10dsnlist.............ok t/20createdrop..........ok t/30insertfetch.........ok t/40bindparam...........ok t/40blobs...............ok t/40blobtext............ok t/40listfields..........ok t/40nulls...............ok t/40numrows.............ok t/50chopblanks..........ok t/50commit..............ok t/60metadata............ok t/90cppcomments.........ok t/99cleanup.............ok t/ak-dbd................ok t/dbdadmin..............ok Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/03insert.t 2 512 10 10 100.00% 6-10 Failed 1/25 test scripts, 96.00% okay. 5/406 subtests failed, 98.77% okay. make: *** [test_dynamic] Error 255 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force cpan> Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 4 22:27:54 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! >>> Ok, after fetching a RPM from DAG we got SQLite going, the version on CPAN >>> gave errors on FC1. > >> Issues with SQLite on FC4 too. > > Upgrading DBD did fix it on FC1. Uhrm ... i ment DBI. (DBI-1.50) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 4 22:22:47 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! > You need to install a newer DBI I think. DBD::SQLite doesn't appear to work > with your DBI that you have installed. Investigate why the install.sh didn't > successfully install DBI for you. > >> Yes, i am sure! :) Correct. Had it going with the DAG RPM but if i upgrade DBI to 1.50 i can also build SQLite... so thats cool. Will upgrade DBI on the other ones also. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Wed Jan 4 22:22:50 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi! > >> One thing worth mentioning: if you use rcpt splitting (one message per >> recipient) then you should see a massive speed improvement with this >> version. >> >> Raymond --- this may help you! > >>> I would be very interested to hear what speedups you see from this >>> new faster version. > > Ok, after fetching a RPM from DAG we got SQLite going, the version on > CPAN gave errors on FC1. Issues with SQLite on FC4 too. > Checking installed SQLite version... > SQLite version must be at least 3.1.3. No header file at that > version or higher was found. Using the local version instead. > Checking if your kit is complete... > Looks good > Warning: prerequisite DBI 1.21 not found. > Writing Makefile for DBD::SQLite > + make > cp lib/DBD/SQLite.pm blib/lib/DBD/SQLite.pm > /usr/bin/perl /usr/lib/perl5/5.8.6/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.6/ExtUtils/typemap SQLite.xs > SQLite.xsc && mv SQLite.xsc SQLite.c > Cannot open 'SQLite.xsi': No such file or directory in SQLite.xs, line 72 > make: *** [SQLite.c] Error 1 > error: Bad exit status from /var/tmp/rpm-tmp.78484 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.78484 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-DBD-SQLite-1.11-1.noarch.rpm. > Maybe it did not build correctly? Ken A > Works: > > Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message > k04M8POB022446 > Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message > k04M8POC022446 > Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message > k04M8POA022446 > Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message > k04M8PO8022446 > Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message > k04M8PO9022446 > Jan 4 23:08:36 vmx30 MailScanner[21955]: Cache hit for message > k04M8Zcb022532 > Jan 4 23:08:40 vmx30 MailScanner[21232]: Cache hit for message > k04M8d8h022583 > Jan 4 23:08:48 vmx30 MailScanner[21176]: Cache hit for message > k04M8iIc022599 > Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message > k04M6gST021587 > Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message > k04M8hFS022595 > Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message > k04M8nTe022611 > Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message > k04M8nTY022611 > > [root@vmx30]# grep "Cache hit for message" current | wc -l > 77 > > In a couple of mins. Looking promising. Cheers! > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 22:14:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You need to install a newer DBI I think. DBD::SQLite doesn't appear to work with your DBI that you have installed. Investigate why the install.sh didn't successfully install DBI for you. > Yes, i am sure! :) > > Only need to get Sqlite going now. > > CPAN.pm: Going to build M/MS/MSERGEANT/DBD-SQLite-1.11.tar.gz > > Checking installed SQLite version... > SQLite version must be at least 3.1.3. No header file at that > version or higher was found. Using the local version instead. > Checking if your kit is complete... > Looks good > Using DBI 1.37 installed in > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > Writing Makefile for DBD::SQLite > cp lib/DBD/SQLite.pm blib/lib/DBD/SQLite.pm > /usr/bin/perl -p -e "s/~DRIVER~/SQLite/g" < > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI/Driver.xst > > >> SQLite.xsi > > /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp -typemap > /usr/lib/perl5/5.8.3/ExtUtils/typemap SQLite.xs > SQLite.xsc && mv > SQLite.xsc SQLite.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id SQLite.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id alter.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id analyze.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id attach.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id auth.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id btree.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id build.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id callback.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id date.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id dbdimp.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id delete.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id experimental.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id expr.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id func.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id hash.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id insert.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id legacy.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id main.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id opcodes.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id os_test.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id os_unix.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id os_win.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id pager.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id parse.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id pragma.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id prepare.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id printf.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id random.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id select.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id table.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id tokenize.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id trigger.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id update.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id utf.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id util.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vacuum.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbe.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbeapi.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbeaux.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbefifo.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id vdbemem.c > gcc -c -I. > -I/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/auto/DBI > -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING > -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -DVERSION=\"1.11\" > -DXS_VERSION=\"1.11\" -fPIC > "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" -DNDEBUG=1 > -DSQLITE_PTR_SZ=4 -DHAVE_USLEEP=1 -Dno_last_insert_id where.c > Running Mkbootstrap for DBD::SQLite () > chmod 644 SQLite.bs > rm -f blib/arch/auto/DBD/SQLite/SQLite.so > LD_RUN_PATH="" gcc -shared -L/usr/local/lib SQLite.o alter.o > analyze.o attach.o auth.o btree.o build.o callback.o date.o dbdimp.o > delete.o experimental.o expr.o func.o hash.o insert.o legacy.o main.o > opcodes.o os_test.o os_unix.o os_win.o pager.o parse.o pragma.o > prepare.o printf.o random.o select.o table.o tokenize.o trigger.o > update.o utf.o util.o vacuum.o vdbe.o vdbeapi.o vdbeaux.o vdbefifo.o > vdbemem.o where.o -o blib/arch/auto/DBD/SQLite/SQLite.so > chmod 755 blib/arch/auto/DBD/SQLite/SQLite.so > cp SQLite.bs blib/arch/auto/DBD/SQLite/SQLite.bs > chmod 644 blib/arch/auto/DBD/SQLite/SQLite.bs > Manifying blib/man3/DBD::SQLite.3pm > /usr/bin/make -- OK > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/00basic...............ok > t/01logon...............ok > t/02cr_table............ok > t/03insert..............ok 2/10Can't locate object method > "last_insert_id" via package "DBI::db" at t/03insert.t line 13. > t/03insert..............dubious > Test returned status 2 (wstat 512, 0x200) > Scalar found where operator expected at (eval 153) line 1, near "'int' > $__val" > (Missing operator before $__val?) > DIED. FAILED tests 6-10 > Failed 5/10 tests, 50.00% okay > t/04select..............ok > t/05tran................ok > t/06error...............ok > t/08create_function.....ok > t/09create_aggregate....ok > t/10dsnlist.............ok > t/20createdrop..........ok > t/30insertfetch.........ok > t/40bindparam...........ok > t/40blobs...............ok > t/40blobtext............ok > t/40listfields..........ok > t/40nulls...............ok > t/40numrows.............ok > t/50chopblanks..........ok > t/50commit..............ok > t/60metadata............ok > t/90cppcomments.........ok > t/99cleanup.............ok > t/ak-dbd................ok > t/dbdadmin..............ok > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > > t/03insert.t 2 512 10 10 100.00% 6-10 > Failed 1/25 test scripts, 96.00% okay. 5/406 subtests failed, 98.77% > okay. > make: *** [test_dynamic] Error 255 > /usr/bin/make test -- NOT OK > Running make install > make test had returned bad status, won't install without force > > cpan> > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jan 4 22:13:39 2006 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >> >> > Spam where exactly the same message body is sent to multiple recipients. > It can be 1 message with many recipients or many messages, it works off > comparing the message bodies across multiple messages. > So it's a wee bit like DCC? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 22:11:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight wrote: >Julian Field wrote: > > >>We have implemented some more speedups since version 4.49, which was >>already faster than 4.48. It depends on the nature of the spam you get, >>and the quantity of viruses that you get. >> >>The more dumb spam, and viruses, that you get, the faster it will go. >> >> > >How do you define "dumb spam" ? > > Spam where exactly the same message body is sent to multiple recipients. It can be 1 message with many recipients or many messages, it works off comparing the message bodies across multiple messages. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 4 22:13:32 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! > One thing worth mentioning: if you use rcpt splitting (one message per > recipient) then you should see a massive speed improvement with this version. > > Raymond --- this may help you! >> I would be very interested to hear what speedups you see from this new >> faster version. Ok, after fetching a RPM from DAG we got SQLite going, the version on CPAN gave errors on FC1. Works: Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message k04M8POB022446 Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message k04M8POC022446 Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message k04M8POA022446 Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message k04M8PO8022446 Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message k04M8PO9022446 Jan 4 23:08:36 vmx30 MailScanner[21955]: Cache hit for message k04M8Zcb022532 Jan 4 23:08:40 vmx30 MailScanner[21232]: Cache hit for message k04M8d8h022583 Jan 4 23:08:48 vmx30 MailScanner[21176]: Cache hit for message k04M8iIc022599 Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message k04M6gST021587 Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message k04M8hFS022595 Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message k04M8nTe022611 Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message k04M8nTY022611 [root@vmx30]# grep "Cache hit for message" current | wc -l 77 In a couple of mins. Looking promising. Cheers! Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 4 22:12:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn wrote: > Hi Julian, > >> We have implemented some more speedups since version 4.49, which was >> already faster than 4.48. It depends on the nature of the spam you >> get, and the quantity of viruses that you get. >> >> The more dumb spam, and viruses, that you get, the faster it will go. >> >> Note that >> 1) you must use ./install.sh to install it as there are 2 more Perl >> modules required by (and provided with) this version, and >> 2) you must run upgrade_MailScanner_conf to add new configuration >> settings to your MailScanner.conf file. >> >> I would be very interested to hear what speedups you see from this >> new faster version. > > > # The SpamAssassin cache uses a database file which needs to be writable > # by the MailScanner "Run As User". This file will be created and > setup for > # you automatically when MailScanner is started. > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > > Can you tell a littme more about this? > > What is stored, will the database be auto pruned? Or does it grow till > my disk fills :) It will auto-prune, don't worry. It looks at the message body to see if it has seen this message before. If it has, it grabs all the SpamAssassin results out of a cache and doesn't call SpamAssassin at all for this message. > I am really interested in this since we use rcpts splitting, on what > base you say its a identical message? You should see a very dramatic speed improvement on messages with multiple recipients. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 4 22:26:50 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! >>>> I would be very interested to hear what speedups you see from this new >>>> faster version. >> Ok, after fetching a RPM from DAG we got SQLite going, the version on CPAN >> gave errors on FC1. > Issues with SQLite on FC4 too. Upgrading DBD did fix it on FC1. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Jan 4 22:40:21 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! > One thing worth mentioning: if you use rcpt splitting (one message per > recipient) then you should see a massive speed improvement with this version. > > Raymond --- this may help you! Ok. After some thinking :) This works, but! :) Let me try to explain. Spammer sends spam, SA detects, but low spam score. We feed all those to our analyzer box, analyzer box finds URL thats bad, lists in a RBL... Normally the next messages will have a higher score, since more URI-BL lists will detect them after a few minutes. Same goes for bayes scores and so on. Is it a good idea to make it configurable when to use this feature? Eg, when its high spam? If its high spam i care less about the extra scores, high is high enough. If its low spam i certainly would be interested if its not high spam by then. Makes the difference of delivering or deleting in our case. Some ligic to only cache low spam for lets say 5 mins, and high spam an hour or so would be preferred. Else the detection will go down and thats bad. Just some idea's, hopefully it helps. Really cool move i think this. Saves a lot of power, only need to figure out something for the above... to optimize things. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Wed Jan 4 22:35:50 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/4/06, Julian Field wrote: It looks at the message body to see if it has seen this message before. If it has, it grabs all the SpamAssassin results out of a cache and doesn't call SpamAssassin at all for this message. How does it determine that, by MD5 or similar? Is only the checksum stored in the db or the whole body? I noticed that you in the change log say under Fixes: "Improved reliability of Bayes rebuilds a lot". Do you now use SQLite for Bayes too? Theoretically that should be possible since SA does support it. Is the fix something totally different? -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Wed Jan 4 22:49:06 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Upgrading DBI with CPAN fixed install problems on FC4 as well. Thanks, Ken A Pacific.Net Ken A wrote: > Raymond Dijkxhoorn wrote: >> Hi! >> >>> One thing worth mentioning: if you use rcpt splitting (one message >>> per recipient) then you should see a massive speed improvement with >>> this version. >>> >>> Raymond --- this may help you! >> >>>> I would be very interested to hear what speedups you see from this >>>> new faster version. >> >> Ok, after fetching a RPM from DAG we got SQLite going, the version on >> CPAN gave errors on FC1. > > > Issues with SQLite on FC4 too. > >> Checking installed SQLite version... >> SQLite version must be at least 3.1.3. No header file at that >> version or higher was found. Using the local version instead. >> Checking if your kit is complete... >> Looks good >> Warning: prerequisite DBI 1.21 not found. >> Writing Makefile for DBD::SQLite >> + make >> cp lib/DBD/SQLite.pm blib/lib/DBD/SQLite.pm >> /usr/bin/perl /usr/lib/perl5/5.8.6/ExtUtils/xsubpp -typemap >> /usr/lib/perl5/5.8.6/ExtUtils/typemap SQLite.xs > SQLite.xsc && mv >> SQLite.xsc SQLite.c >> Cannot open 'SQLite.xsi': No such file or directory in SQLite.xs, line 72 >> make: *** [SQLite.c] Error 1 >> error: Bad exit status from /var/tmp/rpm-tmp.78484 (%build) >> >> RPM build errors: >> Bad exit status from /var/tmp/rpm-tmp.78484 (%build) >> >> Missing file >> /usr/src/redhat/RPMS/noarch/perl-DBD-SQLite-1.11-1.noarch.rpm. >> Maybe it did not build correctly? > > > Ken A > > >> Works: >> >> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >> k04M8POB022446 >> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >> k04M8POC022446 >> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >> k04M8POA022446 >> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >> k04M8PO8022446 >> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >> k04M8PO9022446 >> Jan 4 23:08:36 vmx30 MailScanner[21955]: Cache hit for message >> k04M8Zcb022532 >> Jan 4 23:08:40 vmx30 MailScanner[21232]: Cache hit for message >> k04M8d8h022583 >> Jan 4 23:08:48 vmx30 MailScanner[21176]: Cache hit for message >> k04M8iIc022599 >> Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message >> k04M6gST021587 >> Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message >> k04M8hFS022595 >> Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message >> k04M8nTe022611 >> Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message >> k04M8nTY022611 >> >> [root@vmx30]# grep "Cache hit for message" current | wc -l >> 77 >> >> In a couple of mins. Looking promising. Cheers! >> >> Bye, >> Raymond. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Jan 4 23:18:25 2006 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > We have implemented some more speedups since version 4.49, which was > already faster than 4.48. It depends on the nature of the spam you get, > and the quantity of viruses that you get. > > The more dumb spam, and viruses, that you get, the faster it will go. > > Note that > 1) you must use ./install.sh to install it as there are 2 more Perl > modules required by (and provided with) this version, and For some odd reason the SQLite module either didn't build on Centos 4 or simply wasn't recognised.. Easily fixed via cpan, but still a bit odd -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Wed Jan 4 23:14:28 2006 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:31:38 2006 Subject: All_Trusted Message-ID: I updated one of my MailScanners last week. Running sendmail, with the following (from MailScanner -V): Linux mxl 2.6.11.4-21.10-default #1 Tue Nov 29 14:32:49 UTC 2005 i686 i686 i386 GNU/Linux This is SuSE Linux 9.3 (i586) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.48.4 3.000003 Mail::SpamAssassin Noticed some spam had made it through the filters this morning which had a -3.14 for ALL_TRUSTED. Bogus. There was a thread last month about ALL_TRUSTED, but it didn't mirror my setup in that I didn't change the local rules dir, whereas that poster did. I ran spamassassin --lint -D and it is reading the mailscanner.cf (link in /etc/mail/spamassassin) just fine. No additional dirs have been set in MailScanner.conf: "Spamassassin Local Rules Dir = " I added trusted_networks and internal_networks to local.cf and no longer see ALL_TRUSTED which is good. Don't know why spamassassin would suddenly start banging on ALL_TRUSTED - I didn't update SA - just MS. It does seem that something changed though, so I guess this is just a heads up to upgraders to make sure to check the logs w/in a short time after upgrading and adding the requisite entries to local.cf if necessary... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Wed Jan 4 23:17:00 2006 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi Raymond, On Wed, 2006-01-04 at 23:40 +0100, Raymond Dijkxhoorn wrote: > Hi! > > > One thing worth mentioning: if you use rcpt splitting (one message per > > recipient) then you should see a massive speed improvement with this version. > > > > Raymond --- this may help you! > > Ok. After some thinking :) > > This works, but! :) > > Let me try to explain. > > Spammer sends spam, SA detects, but low spam score. We feed all those to > our analyzer box, analyzer box finds URL thats bad, lists in a RBL... > > Normally the next messages will have a higher score, since more URI-BL > lists will detect them after a few minutes. Same goes for bayes scores and > so on. > > Is it a good idea to make it configurable when to use this feature? Eg, > when its high spam? If its high spam i care less about the extra scores, > high is high enough. If its low spam i certainly would be interested if > its not high spam by then. Makes the difference of delivering or deleting > in our case. Some ligic to only cache low spam for lets say 5 mins, and > high spam an hour or so would be preferred. Else the detection will go > down and thats bad. > > Just some idea's, hopefully it helps. Really cool move i think this. Saves > a lot of power, only need to figure out something for the above... to > optimize things. Good idea - treating low/high spam differently in the cache expiry timer makes sense - this shouldn't be too difficult to do either. Working out the best amount to time to cache each will be trickier though as it really depends on how much mail you get. The way the expiry works at the moment is to expire: - non-spam after 30mins from the creation of the cache record (to account for lag getting onto RBLs/Pyzor/Razor/DCC). - spam after 6 hours from the initial creation of the cache record. - virus infected messages after 48 hours from the last cache-hit (to give the best possible chance of getting a cache-hit). These values are configurable in SA.pm at the moment as we didn't think it was likely that they would need to be changed. Kind regards, Steve. -- Steve Freegard Fort Systems Ltd. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jan 5 00:26:43 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:38 2006 Subject: All_Trusted Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > I updated one of my MailScanners last week. Running sendmail, with the > following (from MailScanner -V): > > Linux mxl 2.6.11.4-21.10-default #1 Tue Nov 29 14:32:49 UTC 2005 i686 > i686 i386 GNU/Linux > This is SuSE Linux 9.3 (i586) > This is Perl version 5.008006 (5.8.6) > This is MailScanner version 4.48.4 > 3.000003 Mail::SpamAssassin > > Noticed some spam had made it through the filters this morning which had > a -3.14 for ALL_TRUSTED. Bogus. There was a thread last month about > ALL_TRUSTED, but it didn't mirror my setup in that I didn't change the > local rules dir, whereas that poster did. Any chance your old spam.assassin.prefs.conf had a "score ALL_TRUSTED 0" in it? (For a while the MS standard distro file had this in it.. very bad) Or some other config file that got disabled when you upgraded? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 5 00:53:12 2006 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:31:38 2006 Subject: All_Trusted Message-ID: Matt Kettler wrote: > Kevin Miller wrote: >> I updated one of my MailScanners last week. Running sendmail, with >> the following (from MailScanner -V): >> >> Linux mxl 2.6.11.4-21.10-default #1 Tue Nov 29 14:32:49 UTC 2005 >> i686 i686 i386 GNU/Linux This is SuSE Linux 9.3 (i586) >> This is Perl version 5.008006 (5.8.6) >> This is MailScanner version 4.48.4 >> 3.000003 Mail::SpamAssassin >> >> Noticed some spam had made it through the filters this morning which >> had a -3.14 for ALL_TRUSTED. Bogus. There was a thread last month >> about ALL_TRUSTED, but it didn't mirror my setup in that I didn't >> change the local rules dir, whereas that poster did. > > Any chance your old spam.assassin.prefs.conf had a "score ALL_TRUSTED > 0" in it? (For a while the MS standard distro file had this in it.. > very bad) > > Or some other config file that got disabled when you upgraded? My old spam.assassin.prefs.conf did have it in there, but the new one (linked to from /etc/mail) doesn't. That would have set the score to 0 at any rate, not -3.14. Unless I'm reading the line wrong and it's a toggle rather than a level. I'll be upgrading another of my boxes soon - be interesting to see what happens when I do... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu Jan 5 02:01:53 2006 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:38 2006 Subject: Just A Silly Question About MailWatch Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fajar wrote: > You know, Mailwatch for MailScanner is really good for > manage your quarantine, spam/virus report, etc. I wonder, > why Mailwatch not being developed as fast as MailScanner? > Maybe someone willing to answer this silly question :D Both MailScanner and MailWatch are developed by selfless people who devote a considerable amount of their free time to working on them. -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From fajarep at SIMPLIMOBILE.COM Thu Jan 5 01:37:45 2006 From: fajarep at SIMPLIMOBILE.COM (Fajar) Date: Thu Jan 12 21:31:38 2006 Subject: Just A Silly Question About MailWatch Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You know, Mailwatch for MailScanner is really good for manage your quarantine, spam/virus report, etc. I wonder, why Mailwatch not being developed as fast as MailScanner? Maybe someone willing to answer this silly question :D Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dbird at SGHMS.AC.UK Thu Jan 5 01:40:15 2006 From: dbird at SGHMS.AC.UK (Daniel Bird) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4, SpamAssassin.cache.db and tmpfs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm presuming it would be a good idea to move the SpamAssassin.cache.db to somewhere other than /var/spool/MailScanner/incoming if it's mounted as tmpfs since it will be lost if there's a reboot etc? Or does that not matter? How long are the entries cached? Dan -- ____________________________________ Daniel Bird Network and Systems Manager Department Of Information Services St. George's, University Of London Tooting London SW17 0RE P: +44 20 8725 2897 F: +44 20 8725 3583 E: dan@sgul.ac.uk ____________________________________ Computing Services Homepage: http://www.sgul.ac.uk/depts/cu -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jan 5 01:06:49 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:38 2006 Subject: All_Trusted Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > Matt Kettler wrote: >>Any chance your old spam.assassin.prefs.conf had a "score ALL_TRUSTED >> 0" in it? (For a while the MS standard distro file had this in it.. >>very bad) >> >>Or some other config file that got disabled when you upgraded? > > > My old spam.assassin.prefs.conf did have it in there, but the new one > (linked to from /etc/mail) doesn't. That would have set the score to 0 > at any rate, not -3.14. Unless I'm reading the line wrong and it's a > toggle rather than a level. Well, yes, but if the score was previously set to 0, the rule would have been disabled and would never match any mail. Hence, with your old config, ALL_TRUSTED never fired due to the score 0 statement, covering up a pervasive problem in Received: header parsing on your system. The upgrade effectively caused this score statement to go away, thus enabling the rule with it's default -3.14 score, and showing that you needed a trusted_networks setting to fix your header parsing. It's a good thing the upgrade removed that statement.. setting ALL_TRUSTED to a 0 score covers up a lot of serious problems. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Thu Jan 5 01:31:26 2006 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:31:38 2006 Subject: All_Trusted Message-ID: Matt Kettler wrote: > Kevin Miller wrote: >> Matt Kettler wrote: > >>> Any chance your old spam.assassin.prefs.conf had a "score >>> ALL_TRUSTED 0" in it? (For a while the MS standard distro file had >>> this in it.. very bad) >>> >>> Or some other config file that got disabled when you upgraded? >> >> >> My old spam.assassin.prefs.conf did have it in there, but the new one >> (linked to from /etc/mail) doesn't. That would have set the score >> to 0 at any rate, not -3.14. Unless I'm reading the line wrong and >> it's a toggle rather than a level. > > > Well, yes, but if the score was previously set to 0, the rule would > have been disabled and would never match any mail. > > Hence, with your old config, ALL_TRUSTED never fired due to the score > 0 statement, covering up a pervasive problem in Received: header > parsing on your system. > > The upgrade effectively caused this score statement to go away, thus > enabling the rule with it's default -3.14 score, and showing that you > needed a trusted_networks setting to fix your header parsing. > > > It's a good thing the upgrade removed that statement.. setting > ALL_TRUSTED to a 0 score covers up a lot of serious problems. Ah, I see what you mean. So having set trusted_networks and internal_networks per Mail::SpamAssassin::Conf, the ALL_TRUSTED trigger went away. But is there anything I should be looking at regarding the Received: header parsing or is that pretty much taken care of now? Things seem to be flowing OK. Hopefully it's catching more spam than ever? I take it that it would be prudent to check my other MS boxes and rem out the "score ALL_TRUSTED 0" if it's there? They're still running older versions so probably have that since it was a default setting... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Thu Jan 5 01:05:49 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just upgraded 3 boxes. Now I only need 2. Messages with multiple recipients that are split no longer incur a big penalty in SA. It's a bad day for spam. Jan 4 17:02:50 MailScanner[21109]: Cache hit for message k0512HE3026793 Jan 4 17:02:52 MailScanner[21264]: Cache hit for message k0512HE6026793 Jan 4 17:02:52 MailScanner[21264]: Cache hit for message k0512HE7026793 Jan 4 17:02:52 MailScanner[21264]: Cache hit for message k0512HE5026793 Jan 4 17:02:52 MailScanner[21264]: Cache hit for message k0512HE8026793 Jan 4 17:02:52 MailScanner[21264]: Cache hit for message k0512HE4026793 :-) Ken A Pacific.Net Steve Freegard wrote: > Hi Raymond, > > On Wed, 2006-01-04 at 23:40 +0100, Raymond Dijkxhoorn wrote: >> Hi! >> >>> One thing worth mentioning: if you use rcpt splitting (one message per >>> recipient) then you should see a massive speed improvement with this version. >>> >>> Raymond --- this may help you! >> Ok. After some thinking :) >> >> This works, but! :) >> >> Let me try to explain. >> >> Spammer sends spam, SA detects, but low spam score. We feed all those to >> our analyzer box, analyzer box finds URL thats bad, lists in a RBL... >> >> Normally the next messages will have a higher score, since more URI-BL >> lists will detect them after a few minutes. Same goes for bayes scores and >> so on. >> >> Is it a good idea to make it configurable when to use this feature? Eg, >> when its high spam? If its high spam i care less about the extra scores, >> high is high enough. If its low spam i certainly would be interested if >> its not high spam by then. Makes the difference of delivering or deleting >> in our case. Some ligic to only cache low spam for lets say 5 mins, and >> high spam an hour or so would be preferred. Else the detection will go >> down and thats bad. >> >> Just some idea's, hopefully it helps. Really cool move i think this. Saves >> a lot of power, only need to figure out something for the above... to >> optimize things. > > Good idea - treating low/high spam differently in the cache expiry timer > makes sense - this shouldn't be too difficult to do either. Working out > the best amount to time to cache each will be trickier though as it > really depends on how much mail you get. > > The way the expiry works at the moment is to expire: > > - non-spam after 30mins from the creation of the cache record (to > account for lag getting onto RBLs/Pyzor/Razor/DCC). > > - spam after 6 hours from the initial creation of the cache record. > > - virus infected messages after 48 hours from the last cache-hit (to > give the best possible chance of getting a cache-hit). > > These values are configurable in SA.pm at the moment as we didn't think > it was likely that they would need to be changed. > > Kind regards, > Steve. > > -- > Steve Freegard > Fort Systems Ltd. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Thu Jan 5 02:49:25 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:38 2006 Subject: 4.50.4 restarts the child after each batch? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just installed 4.49.7 on my production gateways - all is well. They are behaving as I expected them to. However, I've installed the latest beta (4.50.4 from the tar ball) on my test machine (system is an Exim 4.50-8 box running on Debian Sarge, with MailWatch) and noticed it now restarts the child after every batch: ... MailScanner[12542]: New Batch: Scanning 1 messages, 5532 bytes MailScanner[12542]: MCP Checks completed at 5532 bytes per second MailScanner[12542]: Spam Checks: Starting MailScanner[12542]: Message 1EuKE6-0003GA-4z from 82.211.81.173 (foo@example.com) to mydomain.com is not spam, SpamAssassin (score=-30.253, required 5, AWL 0.36, BAYES_00 -2.60, BODY_GAPPY_TEXT 1.92, LISTID_UBUNTU_USR -15.00, RCVD_BY_IP 0.07, TO_UBUNTU_LIST -15.00) MailScanner[12542]: Spam Checks completed at 790 bytes per second MailScanner[12542]: Virus and Content Scanning: Starting MailScanner[12542]: Virus Scanning completed at 1383 bytes per second MailScanner[12542]: Uninfected: Delivered 1 messages MailScanner[12542]: Virus Processing completed at 5532 bytes per second MailScanner[12542]: Disinfection completed at 5532 bytes per second MailScanner[12542]: Batch completed at 502 bytes per second (5532 / 11) MailScanner[12555]: MailScanner E-Mail Virus Scanner version 4.50.4 starting... MailScanner[12555]: Read 695 hostnames from the phishing whitelist MailScanner[12555]: Config: calling custom init function MailWatchLogging MailScanner[12555]: Caching SpamAssassin results MailScanner[12555]: Connected to SpamAssassin cache database MailScanner[12555]: Enabling SpamAssassin auto-whitelist functionality... MailScanner[12555]: Using locktype = posix MailScanner[12555]: Creating hardcoded struct_flock subroutine for linux (Linux-type) ... Notice the new PID? This box only runs a single child process and this behaviour is new since 4.50.4 was installed an hour or so ago. Here's some more diagnostic fru for your reading pleasure: #uname -a Linux ninja 2.4.27-2-686 #1 Wed Aug 17 10:34:09 UTC 2005 i686 GNU/Linux #ps -ef | grep MailScanner 109 12267 1 0 12:35 ? 00:00:00 MailScanner: starting child 109 12642 12267 4 12:51 ? 00:00:14 MailScanner: waiting for messages (109 is a valid UID = Debian-exim...no idea why ps wont show it. Also between teh log dump above and the execution of "ps" the child PID changed...again) # /opt/MailScanner/bin/MailScanner --version Running on Linux ninja 2.4.27-2-686 #1 Wed Aug 17 10:34:09 UTC 2005 i686 GNU/Linux This is Perl version 5.008004 (5.8.4) This is MailScanner version 4.50.4 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.02 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.808 DB_File 1.06 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.32 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Thanks for any help. James -- When we talk of tomorrow, the gods laugh. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Thu Jan 5 07:32:47 2006 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:31:38 2006 Subject: 4.50.4 restarts the child after each batch? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: >Just installed 4.49.7 on my production gateways - all is well. They are >behaving as I expected them to. > > What happens when you run it in Debug mode in the foreground? >However, I've installed the latest beta (4.50.4 from the tar ball) on my test >machine (system is an Exim 4.50-8 box running on Debian Sarge, with >MailWatch) and noticed it now restarts the child after every batch: >... >MailScanner[12542]: New Batch: Scanning 1 messages, 5532 bytes >MailScanner[12542]: MCP Checks completed at 5532 bytes per second >MailScanner[12542]: Spam Checks: Starting >MailScanner[12542]: Message 1EuKE6-0003GA-4z from 82.211.81.173 >(foo@example.com) to mydomain.com is not spam, SpamAssassin (score=-30.253, >required 5, AWL 0.36, BAYES_00 -2.60, BODY_GAPPY_TEXT 1.92, LISTID_UBUNTU_USR >-15.00, RCVD_BY_IP 0.07, TO_UBUNTU_LIST -15.00) >MailScanner[12542]: Spam Checks completed at 790 bytes per second >MailScanner[12542]: Virus and Content Scanning: Starting >MailScanner[12542]: Virus Scanning completed at 1383 bytes per second >MailScanner[12542]: Uninfected: Delivered 1 messages >MailScanner[12542]: Virus Processing completed at 5532 bytes per second >MailScanner[12542]: Disinfection completed at 5532 bytes per second >MailScanner[12542]: Batch completed at 502 bytes per second (5532 / 11) >MailScanner[12555]: MailScanner E-Mail Virus Scanner version 4.50.4 >starting... >MailScanner[12555]: Read 695 hostnames from the phishing whitelist >MailScanner[12555]: Config: calling custom init function MailWatchLogging >MailScanner[12555]: Caching SpamAssassin results >MailScanner[12555]: Connected to SpamAssassin cache database >MailScanner[12555]: Enabling SpamAssassin auto-whitelist functionality... >MailScanner[12555]: Using locktype = posix >MailScanner[12555]: Creating hardcoded struct_flock subroutine for linux >(Linux-type) >... > >Notice the new PID? This box only runs a single child process and this >behaviour is new since 4.50.4 was installed an hour or so ago. > >Here's some more diagnostic fru for your reading pleasure: > >#uname -a >Linux ninja 2.4.27-2-686 #1 Wed Aug 17 10:34:09 UTC 2005 i686 GNU/Linux > >#ps -ef | grep MailScanner >109 12267 1 0 12:35 ? 00:00:00 MailScanner: starting child >109 12642 12267 4 12:51 ? 00:00:14 MailScanner: waiting for messages > >(109 is a valid UID = Debian-exim...no idea why ps wont show it. Also between >teh log dump above and the execution of "ps" the child PID changed...again) > ># /opt/MailScanner/bin/MailScanner --version >Running on >Linux ninja 2.4.27-2-686 #1 Wed Aug 17 10:34:09 UTC 2005 i686 GNU/Linux >This is Perl version 5.008004 (5.8.4) > >This is MailScanner version 4.50.4 >Module versions are: >1.00 AnyDBM_File >1.14 Archive::Zip >1.02 Carp >1.119 Convert::BinHex >1.00 DirHandle >1.05 Fcntl >2.72 File::Basename >2.07 File::Copy >2.01 FileHandle >1.06 File::Path >0.16 File::Temp >1.29 HTML::Entities >3.45 HTML::Parser >2.30 HTML::TokeParser >1.21 IO >1.10 IO::File >1.123 IO::Pipe >1.50 Mail::Header >3.05 MIME::Base64 >5.417 MIME::Decoder >5.417 MIME::Decoder::UU >5.417 MIME::Head >5.417 MIME::Parser >3.03 MIME::QuotedPrint >5.417 MIME::Tools >0.10 Net::CIDR >1.08 POSIX >1.77 Socket >0.05 Sys::Syslog >1.02 Time::localtime > >Optional module versions are: >0.17 Convert::TNEF >1.808 DB_File >1.06 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.10 Digest::SHA1 >0.44 Inline >0.17 Mail::ClamAV >3.000004 Mail::SpamAssassin >1.997 Mail::SPF::Query >0.15 Net::CIDR::Lite >0.48 Net::DNS >0.32 Net::LDAP >1.94 Parse::RecDescent >missing SAVI >1.4 Sys::Hostname::Long >2.40 Test::Harness >0.47 Test::Simple >1.95 Text::Balanced >1.35 URI > >Thanks for any help. > >James > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at GMAIL.COM Thu Jan 5 07:36:06 2006 From: dl6mpg at GMAIL.COM (Uwe) Date: Thu Jan 12 21:31:38 2006 Subject: .wmf vulnerability Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2006/1/4, James R. Stevens : > Sorry if this has been answered. I'm curious if there is a test file > posted somewhere allowing me to test my configuration for wmf exploit > attachments. Try http://www.heise.de with the following link : http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=wmf and Enter you Email at the formular field. Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 5 07:59:04 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: 4.50.4 restarts the child after each batch? Message-ID: Hi! >> Just installed 4.49.7 on my production gateways - all is well. They are >> behaving as I expected them to. >> > What happens when you run it in Debug mode in the foreground? You had trouble installing SQLite. See other postings on the list. Either disable the new feature or install the missing stuff :) You had some modules failling during install. Thats why, had the same last night. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 09:17:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 4 Jan 2006, at 22:13, Michele Neylon :: Blacknight wrote: > Julian Field wrote: >>> >>> >> Spam where exactly the same message body is sent to multiple >> recipients. >> It can be 1 message with many recipients or many messages, it >> works off >> comparing the message bodies across multiple messages. >> > So it's a wee bit like DCC? Yes, but it's local to your own email, which is the great advantage. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7zkFvw32o+k+q+hAQFQZwf9GtJP68PH62H8Vi1XMeClEfSyafJk1bdl tA3yNEHfn7i2fy1aI8CHbIoxsAVl3UWKIFi3GS7yXJmDqavDIXI0kt0tCzzDkgop CJozo2jwVqd5zxhlxjY/oUrPF8Ua/vBbLQiRMBh6zAOPVnU9Ru8PIlvvYPz05JWB FHA4ObRIUnolGbqQeshxUFS8tW6MLjcR8itHEiw8Ls/wO4o6X3aokuubHKxh4XP3 zceHmphmJ5SX1cyL3qT4MRBul5uMQQjRFxEx14u8/3/Ukj59NrlUydgmG6+4Lyun +qlhg8zGyMUeDbyHctw4uTLOvdXomrnVdkg30W+Kam1HmyKE7Lovzw== =Ok0u -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Thu Jan 5 09:17:27 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:38 2006 Subject: All_Trusted Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/5/06, Matt Kettler wrote: It's a good thing the upgrade removed that statement.. setting ALL_TRUSTED to a 0 score covers up a lot of serious problems. What kind of problems do you mean? Problems regarding other things than the trusted mechanism? -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Jan 5 09:19:44 2006 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:38 2006 Subject: Just A Silly Question About MailWatch Message-ID: On Thu, 2006-01-05 at 08:37 +0700, Fajar wrote: > You know, Mailwatch for MailScanner is really good for > manage your quarantine, spam/virus report, etc. I wonder, > why Mailwatch not being developed as fast as MailScanner? > Maybe someone willing to answer this silly question :D > I'm not sure I understand why you asked this. Is there a feature missing in MailWatch that you want or something? Maybe you should have asked this question on the MailWatch mailing-list first? If it is a philosophical question then: - they are both different products written and maintained by two different people. - MailWatch by definition will have some 'lag' between new features being written into MailScanner and the reporting for the new features being worked into MailWatch. - The MailScanner developer is in a completely different league to the MailWatch developer in developer skill :-) - This is open-source software, the developers write, maintain and support their software in their free time. - The MailWatch developer is lazy or doesn't seem to have much free time. Hope this clears it up for you. Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabellino at DI.UNITO.IT Thu Jan 5 09:18:21 2006 From: rabellino at DI.UNITO.IT (Rabellino Sergio) Date: Thu Jan 12 21:31:38 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] shuttlebox wrote: > On 1/4/06, *Rabellino Sergio* > wrote: > > We've sendmail 8.13.3, with mcafee/clamav/sa ona Solaris 9 /4-cpu/ > Sun-Fire-V440. > > I changed only the release of MS, without changing any configuration > parameter; the cpu load average > has changed from 2.5/3 to 1.2/1.6. > > It seems to be really faster than previous MS. > > > Have you looked at the delay times in the logs from Sendmail? Do you > see a similar decrease there? > > -- I've investigated in the syslog, but the delay is strictly connected to the batch delay, so I do not understand how I can see a real speed-up if most of the delay is directly accountable to the batch waiting. (maybe i'm wrong) -- Dott. Mag. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 09:24:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 4 Jan 2006, at 22:40, Raymond Dijkxhoorn wrote: > Hi! > >> One thing worth mentioning: if you use rcpt splitting (one message >> per recipient) then you should see a massive speed improvement >> with this version. >> >> Raymond --- this may help you! > > Ok. After some thinking :) > > This works, but! :) > > Let me try to explain. > > Spammer sends spam, SA detects, but low spam score. We feed all > those to our analyzer box, analyzer box finds URL thats bad, lists > in a RBL... > > Normally the next messages will have a higher score, since more URI- > BL lists will detect them after a few minutes. Same goes for bayes > scores and so on. > > Is it a good idea to make it configurable when to use this feature? > Eg, when its high spam? If its high spam i care less about the > extra scores, high is high enough. If its low spam i certainly > would be interested if its not high spam by then. Makes the > difference of delivering or deleting in our case. Some ligic to > only cache low spam for lets say 5 mins, and high spam an hour or > so would be preferred. Else the detection will go down and thats bad. It currently caches non-spam results for 30 minutes, spam results for 60 minutes. This should be enough to stop your detection rate dropping very much. > Just some idea's, hopefully it helps. Really cool move i think > this. Saves a lot of power, only need to figure out something for > the above... to optimize things. I've done most of what you suggest already. Caching high spam for longer than low spam is an interesting idea, I may well do that. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7zltfw32o+k+q+hAQEJrwgAl39yh0PXSS1tGIzzLeRU5ns4RiH+w0HS mHjC01n2sMLuDURF8b1uCsXZEiN7xBAPd0GeVwZVLg1wzVYnPRodO9rXb1JqW6JK l9E2jW4k0Wu4A7YBYFNFyl6dNPNPLk8qMjVM6xxMguM5myENHFGy5noihN700jBo 2/WEvpL44XtSUR3i4cFQGOuUkrZdZrXxo9+srGVRGscOvdp66PNETh06eorN5xxH FL1vOItk6VeAb3aHNdhZgF/Nu+tfN/GXMVZJaEdLBIQXHmyhp5D17VtAnMMyy+8I JNXcTsKrxpfWbBSqfP76ZzSrZ/ebII6bK2k1W2T/aUVsyY6xCPSUTQ== =xZ3e -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 09:29:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 4 Jan 2006, at 23:17, Steve Freegard wrote: > Hi Raymond, > > On Wed, 2006-01-04 at 23:40 +0100, Raymond Dijkxhoorn wrote: >> Hi! >> >>> One thing worth mentioning: if you use rcpt splitting (one >>> message per >>> recipient) then you should see a massive speed improvement with >>> this version. >>> >>> Raymond --- this may help you! >> >> Ok. After some thinking :) >> >> This works, but! :) >> >> Let me try to explain. >> >> Spammer sends spam, SA detects, but low spam score. We feed all >> those to >> our analyzer box, analyzer box finds URL thats bad, lists in a RBL... >> >> Normally the next messages will have a higher score, since more >> URI-BL >> lists will detect them after a few minutes. Same goes for bayes >> scores and >> so on. >> >> Is it a good idea to make it configurable when to use this >> feature? Eg, >> when its high spam? If its high spam i care less about the extra >> scores, >> high is high enough. If its low spam i certainly would be >> interested if >> its not high spam by then. Makes the difference of delivering or >> deleting >> in our case. Some ligic to only cache low spam for lets say 5 >> mins, and >> high spam an hour or so would be preferred. Else the detection >> will go >> down and thats bad. >> >> Just some idea's, hopefully it helps. Really cool move i think >> this. Saves >> a lot of power, only need to figure out something for the above... to >> optimize things. > > Good idea - treating low/high spam differently in the cache expiry > timer > makes sense - this shouldn't be too difficult to do either. > Working out > the best amount to time to cache each will be trickier though as it > really depends on how much mail you get. > > The way the expiry works at the moment is to expire: > > - non-spam after 30mins from the creation of the cache record (to > account for lag getting onto RBLs/Pyzor/Razor/DCC). > > - spam after 6 hours from the initial creation of the cache record. Steve ---- What say we change 6 hours to 3 hours, and add high-spam expiry 6 hours from the "first" time? That should be nothing more than 1 change to the expiry function. Can you work out the SQL for me please? > > - virus infected messages after 48 hours from the last cache-hit (to > give the best possible chance of getting a cache-hit). > > These values are configurable in SA.pm at the moment as we didn't > think > it was likely that they would need to be changed. > > Kind regards, > Steve. > > -- > Steve Freegard > Fort Systems Ltd. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7zm7/w32o+k+q+hAQGnNwf+JANWf6onFq+Hree2qRHOMxXlPJ2zd1ID LeRZGgynttdyynzxMI9EJeA+Y3wQVLvmSuHeQGncoJX9RIu9jzqQdF1wkCFeJteg Fw3G3hOQO/VqMFDRvqLqi3IPXOdyIZDCLPRmi7PbVHvJAz2uMiV7VbO1uqDVDSXz NpIugb52t8AZtvdD2rJ34URvbwN1PVJSQqYIlLB7gXnJLyoUI8Ekv3pOIp1w2D0b P3p5osjHDd8sIr33y+hNzggjOWP5E+G37YQ13TynoivuAlW9dWbFpNJPIpW1fclb q3/HPNLbFt+Z/sjrgc7DQt5jF/3c5cR1ycBij9EnTDZnyGDYrsxpTg== =M9zp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 5 09:05:19 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:38 2006 Subject: Just A Silly Question About MailWatch Message-ID: Hi Well now the main Mailwatch Developer has more dedicated time for MW things should progress a little quicker (ie less than 18 months from version to version ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Fajar > Sent: 05 January 2006 01:38 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Just A Silly Question About MailWatch > > You know, Mailwatch for MailScanner is really good for > manage your quarantine, spam/virus report, etc. I wonder, > why Mailwatch not being developed as fast as MailScanner? > Maybe someone willing to answer this silly question :D > > Thanks > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Thu Jan 5 09:27:45 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4, SpamAssassin.cache.db and tmpfs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/5/06, Daniel Bird wrote: I'm presuming it would be a good idea to move the SpamAssassin.cache.db to somewhere other than /var/spool/MailScanner/incoming if it's mounted as tmpfs since it will be lost if there's a reboot etc? Or does that not matter? How long are the entries cached? In another thread Steve said the longest cache times are for viruses and it's 48 hours. But what would happen if you lost the cache? I think it would be equivalent to a no hit in the cache and the message has to be scanned, not a problem since that's how it's always been done up to 4.50. -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 09:26:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 4 Jan 2006, at 22:35, shuttlebox wrote: On 1/4/06, Julian Field wrote: It looks at the message body to see if it has seen this message before. If it has, it grabs all the SpamAssassin results out of a cache and doesn't call SpamAssassin at all for this message. How does it determine that, by MD5 or similar? Is only the checksum stored in the db or the whole body? MD5, Only the checksum. I noticed that you in the change log say under Fixes: "Improved reliability of Bayes rebuilds a lot". Do you now use SQLite for Bayes too? Theoretically that should be possible since SA does support it. Is the fix something totally different? Totally different. It's a very small change so that children doing the Bayes rebuild die immediately after completing it, they don't continue to live after that. It's solving problems like this, that I did the "worker children" architecture in the first place :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Thu Jan 5 09:26:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Did you run my ./install.sh? This should upgrade DBI for you anyway. If so, why did my DBI install fail? What output was produced? On 4 Jan 2006, at 22:49, Ken A wrote: > Upgrading DBI with CPAN fixed install problems on FC4 as well. > Thanks, > Ken A > Pacific.Net > > > Ken A wrote: >> Raymond Dijkxhoorn wrote: >>> Hi! >>> >>>> One thing worth mentioning: if you use rcpt splitting (one >>>> message per recipient) then you should see a massive speed >>>> improvement with this version. >>>> >>>> Raymond --- this may help you! >>> >>>>> I would be very interested to hear what speedups you see from >>>>> this new faster version. >>> >>> Ok, after fetching a RPM from DAG we got SQLite going, the >>> version on CPAN gave errors on FC1. >> Issues with SQLite on FC4 too. >>> Checking installed SQLite version... >>> SQLite version must be at least 3.1.3. No header file at that >>> version or higher was found. Using the local version instead. >>> Checking if your kit is complete... >>> Looks good >>> Warning: prerequisite DBI 1.21 not found. >>> Writing Makefile for DBD::SQLite >>> + make >>> cp lib/DBD/SQLite.pm blib/lib/DBD/SQLite.pm >>> /usr/bin/perl /usr/lib/perl5/5.8.6/ExtUtils/xsubpp -typemap /usr/ >>> lib/perl5/5.8.6/ExtUtils/typemap SQLite.xs > SQLite.xsc && mv >>> SQLite.xsc SQLite.c >>> Cannot open 'SQLite.xsi': No such file or directory in SQLite.xs, >>> line 72 >>> make: *** [SQLite.c] Error 1 >>> error: Bad exit status from /var/tmp/rpm-tmp.78484 (%build) >>> >>> RPM build errors: >>> Bad exit status from /var/tmp/rpm-tmp.78484 (%build) >>> >>> Missing file /usr/src/redhat/RPMS/noarch/perl-DBD- >>> SQLite-1.11-1.noarch.rpm. >>> Maybe it did not build correctly? >> Ken A >>> Works: >>> >>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>> k04M8POB022446 >>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>> k04M8POC022446 >>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>> k04M8POA022446 >>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>> k04M8PO8022446 >>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>> k04M8PO9022446 >>> Jan 4 23:08:36 vmx30 MailScanner[21955]: Cache hit for message >>> k04M8Zcb022532 >>> Jan 4 23:08:40 vmx30 MailScanner[21232]: Cache hit for message >>> k04M8d8h022583 >>> Jan 4 23:08:48 vmx30 MailScanner[21176]: Cache hit for message >>> k04M8iIc022599 >>> Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message >>> k04M6gST021587 >>> Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message >>> k04M8hFS022595 >>> Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message >>> k04M8nTe022611 >>> Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message >>> k04M8nTY022611 >>> >>> [root@vmx30]# grep "Cache hit for message" current | wc -l >>> 77 >>> >>> In a couple of mins. Looking promising. Cheers! >>> >>> Bye, >>> Raymond. >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7zmVPw32o+k+q+hAQEPcggAjZ8qaqOD7L+GgxWv4p5SJOSU6RoGf+Uq VO6TIowvJe48+5cxQ2aapV/YMdqVR0XjktNV9nIQDnm2/C/xs1gGbalRWw5NLSUF sFJ+3ZH5PRlOqC1/M8Jmnjxoqwbmhps8EOWHon0EZ0ewfZcfuESFYewm1vQdjPRR buYvq1nlKW+4Q5wuudUhCKqeGGpf7gV/PiKICLM78MzLE3RYgSgYG49jXE2toPPB yMUqJ+UfwlNfTmR1ekph0hErShVOruyZ6V9IoGbvLq+ZqoRdYGK2a3WUke0ahDXt 34ZUsWBM1BZlt5Bj4FdnGFBWtD5husdtLUS9FO527CBFdF4imQGDoA== =OcxF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 09:31:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4, SpamAssassin.cache.db and tmpfs Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 01:40, Daniel Bird wrote: > I'm presuming it would be a good idea to move the > SpamAssassin.cache.db to somewhere other than /var/spool/ > MailScanner/incoming if it's mounted as tmpfs since it will be lost > if there's a reboot etc? Or does that not matter? How long are the > entries cached? Reboots happen rarely, and the cache will soon rebuild itself, so I didn't worry too much about it getting lost on a reboot. I needed somewhere that I could guarantee was already writable by the "Run As User" without making the installation any more complicated. Feel free to move it if you don't like where I've put it :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7znfPw32o+k+q+hAQGo6wf/Uk53V0Xl1jRR8T0cRvQVLTza37ThhnAE VHhn9SU0n3EGcuFm+2pLkIu8tHNMc4VHcJoELQdbq1/4X7IaUR38bGrGwXMqlGcm 6MwUnoInC2xiPjRxzY0C719uS5+wFJWQ+/1vJ4xP4QuQTvBjVBsMaUQbk66+/vZE C5vj0e7qXlYEy8xp89mjNDUzOQxFjA5lF/w3FV3/JtUWhJoNYnRCTJdI6okqF2+/ BEM9Jmn8Bgwwr+U74l3y8usRmh/PIC4Na5q3PdIsLJJ52/ariFj7I8qONMjuen6K thfZbe/C7D718rZZQII90H4txW5afzIbNEn6MmT1FBsin37MfumAZQ== =m5gI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 09:34:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 09:18, Rabellino Sergio wrote: > shuttlebox wrote: > >> On 1/4/06, *Rabellino Sergio* > > wrote: >> >> We've sendmail 8.13.3, with mcafee/clamav/sa ona Solaris 9 /4- >> cpu/ >> Sun-Fire-V440. >> >> I changed only the release of MS, without changing any >> configuration >> parameter; the cpu load average >> has changed from 2.5/3 to 1.2/1.6. >> >> It seems to be really faster than previous MS. >> >> >> Have you looked at the delay times in the logs from Sendmail? Do >> you see a similar decrease there? >> >> -- > > I've investigated in the syslog, but the delay is strictly > connected to the batch delay, so I do not understand how I can see > a real speed-up if most of the delay is directly accountable to > the batch waiting. > (maybe i'm wrong) Sorry, but I think you are. There is no "batch waiting" delay. That would have been silly. When a child worker process looks at the queue (each child does it every second or so, and there are lots of children running) it always takes whatever complete messages are there, regardless of the fact that there may only be 1. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7zoQvw32o+k+q+hAQEVggf/XLbXM4BcksU1mVnbdUMWPBhs8Yt2ojYn 7QTFv7Jw5DteolgW1FMakXx5aYLFfMHoU4+JgKM1bH9FLqlMGCrE0EikX8seGQer Tn6Uv7aj8ED6A8kOVzbmhoaKWSQSv2VtuVcWxQDmWeWG/2Yczi48EK+htwDVcTGO qmjY39ZR2BdFSSKTuX0CNcu89HhuemvYOcYX+n/H+gWCTZuNPZQ3nHn9Ugg8cAyJ 7U3dhzO0ATlN3YumqS4MQPqqEpELTFB9Ha/S+UmPE9PlPNkrbo1nzPk3yB5oqCDs syB4h3tjOwgYFR7BXIydetWV5AlNlKx8nlUAwmCnydd2jZeTR4iitw== =3H1T -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Thu Jan 5 09:38:52 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/5/06, Julian Field wrote: On 4 Jan 2006, at 22:35, shuttlebox wrote: On 1/4/06, Julian Field < MailScanner@ecs.soton.ac.uk> wrote: It looks at the message body to see if it has seen this message before. If it has, it grabs all the SpamAssassin results out of a cache and doesn't call SpamAssassin at all for this message. How does it determine that, by MD5 or similar? Is only the checksum stored in the db or the whole body? MD5, Only the checksum. Ok, sounds excellent. Am I right in that this has been discussed on the list before? Caching SA results I mean. We asked, you delivered. :-) I noticed that you in the change log say under Fixes: "Improved reliability of Bayes rebuilds a lot". Do you now use SQLite for Bayes too? Theoretically that should be possible since SA does support it. Is the fix something totally different? Totally different. It's a very small change so that children doing the Bayes rebuild die immediately after completing it, they don't continue to live after that. It's solving problems like this, that I did the "worker children" architecture in the first place :-) Ok, if I ever get time I will look into using SQLite for Bayes. I want to thank you for going with SQLite and not forcing us to have MySQL or something similar on every MS server, good design decision I think. Could you update the version output from MailScanner so it shows the new required modules as well? In another thread someone posted his version output and it lacked the new modules. Or does that mean he failed to install them? When I have a missing required module the command breaks horribly. It would be nice if it just noted them as missing (as with the not required ones), I understand that you of course can't start MS then but it would help to see it missing in clear text, not everyone understands the perl output. -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabellino at DI.UNITO.IT Thu Jan 5 09:44:10 2006 From: rabellino at DI.UNITO.IT (Rabellino Sergio) Date: Thu Jan 12 21:31:38 2006 Subject: Perl SqLite Module and Solaris Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dear list, i'm going to test the latest release, but installing the SqLite module on my solaris 9 box, i've got a problem: the module bundled with MS is missing a link library in the Makefile (-lrt). I've solved this trouble, doing the usual >perl Makefile.PL then editing the resultant Makefile, adding "-lrt" to the LDFLAGS and LDDFLAGS variable (before doing the make command...). Now the "make test" is successful. Bye. -- Dott. Mag. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 5 09:42:26 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! >> - spam after 6 hours from the initial creation of the cache record. > > Steve ---- What say we change 6 hours to 3 hours, and add high-spam > expiry 6 hours from the "first" time? That should be nothing more > than 1 change to the expiry function. > Can you work out the SQL for me please? Been chatting with Steve last night, he promised to rewrite some code when he would wake up :) So far its going just fine. I hope it will be configurable, would really help. High spam is perfect as it is now, low spam we want to get higher once they are learned... so a really low timeout to cut out the first batfhes is fine, after that i want to recheck if its not added to more RBLs. So for us low spam caching could even have a 5-10 mins expire... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 11:00:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Perl SqLite Module and Solaris Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Can you add this to the wiki please? Most Solaris admins know what they're doing, fortunately. Editing makefiles automatically isn't something I want to get into. On 5 Jan 2006, at 09:44, Rabellino Sergio wrote: > Dear list, > i'm going to test the latest release, but installing the SqLite > module on my solaris 9 box, i've got a problem: > > the module bundled with MS is missing a link library in the > Makefile (-lrt). > > I've solved this trouble, doing the usual > >perl Makefile.PL > > then editing the resultant Makefile, adding "-lrt" to the LDFLAGS > and LDDFLAGS variable (before doing the make command...). > Now the "make test" is successful. > > Bye. > -- > > Dott. Mag. Sergio Rabellino > Technical Staff > Department of Computer Science > University of Torino (Italy) > > http://www.di.unito.it/~rabser > Tel. +39-0116706701 > Fax. +39-011751603 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7z8Z/w32o+k+q+hAQGw8Af/RRKrj4qUE+0q7S+bLTIPDpc02MIf4ZZH dYlDSOIb2DhciOrc9QhR0ds9lGsrNgxpooGxzJYT0p/WKzcj/zACeOR4pv50HiEa 4gBF8opp2lwou38z7SVDlhtSMfdcJJ5SbSdq4/f/d5k2CMa/tKKCjJP8r0Cpvkf+ tZ+xw3KmWnRg/79FcG65dUHxgkfjolLrLxcESdwCetBHs/Avy5r3+yYkRstnFHZz yMreVrsuPhTWbOGduQiQwtJMmW72WJIyPN9xHTR3POKSn2CnWErZtVuY3ebYmxJl LfxhFZm8MEQe2lq/nIfDya79+pPeTUt10m3HHky4AvFjiD8hV5wq5w== =Dr3r -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 10:59:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 09:42, Raymond Dijkxhoorn wrote: > Hi! > >>> - spam after 6 hours from the initial creation of the cache record. >> >> Steve ---- What say we change 6 hours to 3 hours, and add high-spam >> expiry 6 hours from the "first" time? That should be nothing more >> than 1 change to the expiry function. >> Can you work out the SQL for me please? > > Been chatting with Steve last night, he promised to rewrite some > code when he would wake up :) > > So far its going just fine. > > I hope it will be configurable, would really help. High spam is > perfect as it is now, low spam we want to get higher once they are > learned... so a really low timeout to cut out the first batfhes is > fine, after that i want to recheck if its not added to more RBLs. > So for us low spam caching could even have a 5-10 mins expire... I would like to get a set of timeouts we basically agree on, then leave them set at that. No-one will ever actually change the values we supply, so I see no great reason to make the conf file any bigger than it already is. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7z8E/w32o+k+q+hAQGLLwf+MGT14TZBDWuPmqheTSXl1sNUnw9qreHB LCh1jRODJf96VyMBleuWztlZilOXaI45cPD8WUv8bdCHehhpilcSXQfYCLOFZSfG uzrg01Vd3RSQmECuwEw+rO1RmCbJzthFOd32MMzu53qRGVIhPFD58gLynOxO2SEW vsW7sr5MYlzx8pcM4O68HxSs4DPX3BoHzHiCF4vkHwiqcrC5AStcv8z0JWD4h/bz UcgKZZ5jyz1r0zDOmyhswWj/avHSGI9Ug2Ak3PH3oKFMpbO2kMq+De1gGE7D87vU 2J9qNQvSvKjlOB2nTUtVVyBbhuJS3Kd3d+tg8PONT8/i0+HOAQrEFA== =qLwL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabellino at DI.UNITO.IT Thu Jan 5 10:21:46 2006 From: rabellino at DI.UNITO.IT (Rabellino Sergio) Date: Thu Jan 12 21:31:38 2006 Subject: MailScanner ANNOUNCE: Stable 4.49 released -- faster! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > >On 5 Jan 2006, at 09:18, Rabellino Sergio wrote: > > > >>shuttlebox wrote: >> >> >> >>>On 1/4/06, *Rabellino Sergio* >>> wrote: >>> >>> We've sendmail 8.13.3, with mcafee/clamav/sa ona Solaris 9 /4- >>>cpu/ >>> Sun-Fire-V440. >>> >>> I changed only the release of MS, without changing any >>>configuration >>> parameter; the cpu load average >>> has changed from 2.5/3 to 1.2/1.6. >>> >>> It seems to be really faster than previous MS. >>> >>> >>>Have you looked at the delay times in the logs from Sendmail? Do >>>you see a similar decrease there? >>> >>>-- >>> >>> >>I've investigated in the syslog, but the delay is strictly >>connected to the batch delay, so I do not understand how I can see >>a real speed-up if most of the delay is directly accountable to >>the batch waiting. >>(maybe i'm wrong) >> >> > >Sorry, but I think you are. There is no "batch waiting" delay. That >would have been silly. When a child worker process looks at the queue >(each child does it every second or so, and there are lots of >children running) it always takes whatever complete messages are >there, regardless of the fact that there may only be 1. >- -- > > Received ! I've checked the logs : the delay is substantially unchanged, the values are between 25-40 secs (I've 2 viruses check, so i'm expecting a delay, but this is too high ??). Bye. -- Dott. Mag. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 10:57:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 09:38, shuttlebox wrote: > > Ok, if I ever get time I will look into using SQLite for Bayes. I > want to thank you for going with SQLite and not forcing us to have > MySQL or something similar on every MS server, good design decision > I think. Could you update the version output from MailScanner so it > shows the new required modules as well? Already done, will be in the next release. If you try to use this feature, and don't have the modules installed, it will log the fact and switch the feature off for you. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7z7ifw32o+k+q+hAQEBeAgApfxo3Uv+2M9GQdPmMr7mZgL/rNHNl7Rd XSSUTO8d4Pekmqics1PQ/+Ol2XepSQAsHruIRb+2+2J/KPiXdz9BukPjdNrssmli hVJZ1qKOrh939I+Ka5x4RnjurFC9++RvY/ryeX+LIWhWEc+ZITBZFlxT+5aOgOPj 9NjRQqImMGWBj5UvzxwylHmJdhduZ+YMvJMLeMGYkzN6E+jnlkSU8L6cDwd4rSQz kERiNjOzqJD+GrIUXj6VIUyRk/cbRYCgmbc0kKjbBxJhh1SsaiwXfETi7OlllRC1 Guh5hUX6X/1rV0VxdgK1nnSb3W6Ai1caXVOMg4osBl79ckurkY55qQ== =NGUv -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Thu Jan 5 11:01:45 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:38 2006 Subject: 4.50.4 restarts the child after each batch? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 5 Jan 2006 18:59, Raymond Dijkxhoorn wrote: > Hi! > > >> Just installed 4.49.7 on my production gateways - all is well. They > >> are behaving as I expected them to. > > > > What happens when you run it in Debug mode in the foreground? > > You had trouble installing SQLite. See other postings on the list. Either > disable the new feature or install the missing stuff :) > > You had some modules failling during install. Thats why, had the same > last night. > > Bye, > Raymond. Care to shed any more light Raymond? I'm not seeing any errors in any log (not even in debug mode) that indicate failed modules etc. Not say there aren't any problems - just that silent errors are a pain to track down. I didn't notice any failures during the installation either. Which modules did you have to fix up? How did you do it - Julian's installer? CPAN? Channelled the spirits of deceased developers? ;) Gotta lay off the single malt when mailing to technical lists. Seriously, any help is very much appreciated :) Cheers, James -- Never trust an operating system you don't have sources for. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Thu Jan 5 10:58:09 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:38 2006 Subject: 4.50.4 restarts the child after each batch? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 5 Jan 2006 18:32, Matt Hampton wrote: > James Gray wrote: > >Just installed 4.49.7 on my production gateways - all is well. They are > >behaving as I expected them to. > > What happens when you run it in Debug mode in the foreground? #/etc/init.d/mailscanner start Starting MailScanner... In Debugging mode, not forking... Ignore errors about failing to find EOCD signature Undefined subroutine &MailScanner::CustomConfig::MailWatchLogging called at /opt/MailScanner/lib/MailScanner/Config.pm line 121. and in /var/log/maillog: 21:47:52 ninja MailScanner[27164]: MailScanner E-Mail Virus Scanner version 4.50.4 starting... 21:47:53 ninja MailScanner[27164]: Read 695 hostnames from the phishing whitelist 21:47:53 ninja MailScanner[27164]: Config: calling custom init function MailWatchLogging 21:47:54 ninja MailScanner[27164]: Caching SpamAssassin results 21:47:54 ninja MailScanner[27164]: Connected to SpamAssassin cache database 21:47:55 ninja MailScanner[27164]: Enabling SpamAssassin auto-whitelist functionality... 21:48:13 ninja MailScanner[27164]: lock.pl sees Config LockType = posix 21:48:13 ninja MailScanner[27164]: lock.pl sees have_module = 0 21:48:13 ninja MailScanner[27164]: Using locktype = posix 21:48:13 ninja MailScanner[27164]: Creating hardcoded struct_flock subroutine for linux (Linux-type) 21:48:13 ninja MailScanner[27164]: New Batch: Scanning 2 messages, 2578 bytes 21:48:13 ninja MailScanner[27164]: Created attachment dirs for 2 messages 21:48:13 ninja MailScanner[27164]: MCP Checks completed at 2578 bytes per second 21:48:13 ninja MailScanner[27164]: Spam Checks: Starting 21:48:13 ninja MailScanner[27164]: Message 1EuSdY-00073K-5O from 10.0.0.3 (mymail@example.com) is whitelisted 21:48:22 ninja MailScanner[27164]: SpamAssassin returned 0 21:48:22 ninja MailScanner[27164]: Message 1EuSdY-00073K-5O from 10.0.0.3 (mymail@example.com) to my-work.domain.com is not spam (whitelisted), SpamAssassin (score=-5.899, required 5, autolearn=not spam, ALL_TRUSTED -3.30, BAYES_00 -2.60) 21:48:22 ninja MailScanner[27164]: Message 1EuSf3-00074K-2Y from 10.0.0.3 (mymail@example.com) is whitelisted 21:48:22 ninja MailScanner[27164]: Cache hit for message 1EuSf3-00074K-2Y 21:48:22 ninja MailScanner[27164]: Message 1EuSf3-00074K-2Y from 10.0.0.3 (mymail@example.com) to my-work.domain.com is not spam (whitelisted), SpamAssassin (score=-5.899, required 5, autolearn=not spam, ALL_TRUSTED -3.30, BAYES_00 -2.60) 21:48:22 ninja MailScanner[27164]: Spam Checks completed at 286 bytes per second 21:48:22 ninja MailScanner[27164]: Virus and Content Scanning: Starting 21:48:22 ninja MailScanner[27164]: Commencing scanning by mcafee... 21:48:25 ninja MailScanner[27164]: Completed scanning by mcafee 21:48:25 ninja MailScanner[27164]: Commencing scanning by clamavmodule... 21:48:25 ninja MailScanner[27164]: Completed scanning by clamavmodule 21:48:25 ninja MailScanner[27164]: Completed checking by /usr/bin/file 21:48:25 ninja MailScanner[27164]: Virus Scanning completed at 859 bytes per second 21:48:25 ninja MailScanner[27164]: About to deliver 2 messages 21:48:25 ninja MailScanner[27164]: Uninfected: Delivered 2 messages 21:48:25 ninja MailScanner[27164]: Virus Processing completed at 2578 bytes per second 21:48:26 ninja MailScanner[27164]: Disinfection completed at 2578 bytes per second 21:48:26 ninja MailScanner[27164]: Batch completed at 198 bytes per second (2578 / 13) At this point the MailWatch loggin would kick in but it barfs when MailScanner is in debug mode. So we don't actually get to see it killing off the child and spawning a new one.... so we rinse and repeat WITHOUT Mailwatch (notice the syntax error reported in maillog) :) #/etc/init.d/mailscanner start Starting MailScanner... In Debugging mode, not forking... Ignore errors about failing to find EOCD signature Stopping now as you are debugging me. /var/log/maillog: 21:52:29 ninja MailScanner[27369]: MailScanner E-Mail Virus Scanner version 4.50.4 starting... 21:52:30 ninja MailScanner[27369]: Syntax error in line 1964, value "" for lastlookup is not one of allowed values "yes","no" 21:52:30 ninja MailScanner[27369]: Read 695 hostnames from the phishing whitelist 21:52:32 ninja MailScanner[27369]: Caching SpamAssassin results 21:52:32 ninja MailScanner[27369]: Connected to SpamAssassin cache database 21:52:32 ninja MailScanner[27369]: Expired 2 records from the SpamAssassin cache 21:52:32 ninja MailScanner[27369]: Enabling SpamAssassin auto-whitelist functionality... 21:52:48 ninja MailScanner[27369]: lock.pl sees Config LockType = posix 21:52:48 ninja MailScanner[27369]: lock.pl sees have_module = 0 21:52:48 ninja MailScanner[27369]: Using locktype = posix 21:52:48 ninja MailScanner[27369]: Creating hardcoded struct_flock subroutine for linux (Linux-type) 21:53:18 ninja MailScanner[27369]: New Batch: Scanning 1 messages, 1289 bytes 21:53:18 ninja MailScanner[27369]: Created attachment dirs for 1 messages 21:53:18 ninja MailScanner[27369]: MCP Checks completed at 1289 bytes per second 21:53:18 ninja MailScanner[27369]: Spam Checks: Starting 21:53:18 ninja MailScanner[27369]: Message 1EuSk8-00077e-42 from 10.0.0.3 (mymail@example.com) is whitelisted 21:53:18 ninja MailScanner[27369]: Cache hit for message 1EuSk8-00077e-42 21:53:18 ninja MailScanner[27369]: Message 1EuSk8-00077e-42 from 10.0.0.3 (mymail@example.com) to my-work.domain.com is not spam (whitelisted), SpamAssassin (score=-5.899, required 5, autolearn=not spam, ALL_TRUSTED -3.30, BAYES_00 -2.60) 21:53:18 ninja MailScanner[27369]: Spam Checks completed at 1289 bytes per second 21:53:18 ninja MailScanner[27369]: Virus and Content Scanning: Starting 21:53:18 ninja MailScanner[27369]: Commencing scanning by mcafee... 21:53:20 ninja MailScanner[27369]: Completed scanning by mcafee 21:53:20 ninja MailScanner[27369]: Commencing scanning by clamavmodule... 21:53:21 ninja MailScanner[27369]: Completed scanning by clamavmodule 21:53:21 ninja MailScanner[27369]: Completed checking by /usr/bin/file 21:53:21 ninja MailScanner[27369]: Virus Scanning completed at 429 bytes per second 21:53:21 ninja MailScanner[27369]: About to deliver 1 messages 21:53:21 ninja MailScanner[27369]: Uninfected: Delivered 1 messages 21:53:21 ninja MailScanner[27369]: Virus Processing completed at 1289 bytes per second 21:53:21 ninja MailScanner[27369]: Disinfection completed at 1289 bytes per second 21:53:21 ninja MailScanner[27369]: Batch completed at 429 bytes per second (1289 / 3) 21:53:21 ninja MailScanner[27369]: MailScanner child dying of old age Cheers, James -- Lookie, lookie, here comes cookie... -- Stephen Sondheim ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Thu Jan 5 11:08:46 2006 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I would like to get a set of timeouts we basically agree on, then > leave them set at that. No-one will ever actually change the values > we supply, so I see no great reason to make the conf file any bigger > than it already is. Jules, Like some of the other SA settings (value for low/high spam) the expire settings for low/high spam are very site specific. As Raymond tried to explain: e-mail body's are analysed by automated tools. This usually leadd to some url's being added to a URIBL. The URIBL will be updated once every couple of minutes. After that -the same message body- would be tagged higher by SA ..... I suppose the same is valid for bayes. If the same message passes the filter more often, it should get a higher bayes value. So, having a lower expire timeout on lowspam messages can be 'required' for some setups. But other, who use less dynamic SA lists probably could cope with a higher value ... bye, Chris > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.3 (Build 2932) > > iQEVAwUBQ7z8E/w32o+k+q+hAQGLLwf+MGT14TZBDWuPmqheTSXl1sNUnw9qreHB > LCh1jRODJf96VyMBleuWztlZilOXaI45cPD8WUv8bdCHehhpilcSXQfYCLOFZSfG > uzrg01Vd3RSQmECuwEw+rO1RmCbJzthFOd32MMzu53qRGVIhPFD58gLynOxO2SEW > vsW7sr5MYlzx8pcM4O68HxSs4DPX3BoHzHiCF4vkHwiqcrC5AStcv8z0JWD4h/bz > UcgKZZ5jyz1r0zDOmyhswWj/avHSGI9Ug2Ak3PH3oKFMpbO2kMq+De1gGE7D87vU > 2J9qNQvSvKjlOB2nTUtVVyBbhuJS3Kd3d+tg8PONT8/i0+HOAQrEFA== > =qLwL > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Thu Jan 5 12:02:23 2006 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:31:38 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Christiaan den Besten > Sent: donderdag 5 januari 2006 12:09 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta 4.50.4 released -- faster than 4.49 > > > I would like to get a set of timeouts we basically agree on, then > > leave them set at that. No-one will ever actually change > the values we > > supply, so I see no great reason to make the conf file any > bigger than > > it already is. > > Jules, > > Like some of the other SA settings (value for low/high spam) > the expire settings for low/high spam are very site specific. > As Raymond tried to explain: e-mail body's are analysed by > automated tools. This usually leadd to some url's being added > to a URIBL. > The URIBL will be updated once every couple of minutes. After > that -the same message body- would be tagged higher by SA > ..... I suppose the same is valid for bayes. If the same > message passes the filter more often, it should get a higher > bayes value. > > So, having a lower expire timeout on lowspam messages can be > 'required' for some setups. But other, who use less dynamic > SA lists probably could cope with a higher value ... Jules, Something else you might consider implementing, is not to cache or cache with a low timeout, the results when the message is auto-learned by bayes. Since bayes has learned from the message, it will probably affect the score of the next message, unless the score is already sufficiently high enough or low enough for the spam result not be affected by a diffirent bayes score. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Thu Jan 5 12:35:33 2006 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Adri Koppes wrote: >> Jules, >> >> Like some of the other SA settings (value for low/high spam) the >> expire settings for low/high spam are very site specific. >> As Raymond tried to explain: e-mail body's are analysed by automated >> tools. This usually leadd to some url's being added to a URIBL. >> The URIBL will be updated once every couple of minutes. After that >> -the same message body- would be tagged higher by SA ..... I suppose >> the same is valid for bayes. If the same message passes the filter >> more often, it should get a higher bayes value. >> >> So, having a lower expire timeout on lowspam messages can be >> 'required' for some setups. But other, who use less dynamic SA lists >> probably could cope with a higher value ... > > Jules, > > Something else you might consider implementing, is not to > cache or cache with a low timeout, the results when the > message is auto-learned by bayes. > Since bayes has learned from the message, it will probably > affect the score of the next message, unless the score is > already sufficiently high enough or low enough for the spam > result not be affected by a diffirent bayes score. > > Adri. Not just auto-learning - if I detect a flood of low-scoring spam and manually sa-learn it then I want any new Bayes score to be effective ASAP. With this new infrastructure in place it should be possible to introduce some spam flooding detection into MailScanner. You'd then need a permitted-flooders whitelist too, of course. As a completely unrelated aside, www.mailscanner.info is inaccessible here at the moment. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 12:43:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.5 released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have just released version 4.50.5. This is basically a lot of tidying up done since yesterday's 4.50.4. No dramatic new features. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ70UXvw32o+k+q+hAQHJVgf/eCP3voSq1Oh72JBGi2NoYSRKkikh3Uk2 SOQEoA31UYhJ/a8PDQcg9YTSHDD2Ut5HRWImjU3PmpzHKzKCxYYpX/WVaTVtpfVR +W2GNRdIRsSobnT5KEjlOLNVNQjB/C8CSw5lbXXCBmc9y1QwAE1Ljvvx2oOgoS4U 4pobluFkKOU3yVfJLYFndd0C6PekJtzdiOkxoeTR57s8zeLfMTWMdRViW5szBh69 cDy8PW09YRwM/RwgJr+wjVXgRc+8Ywz9nlhG+jmS2skoSCLnEER5R9A0ZHagJgfj VSgG2aCjv7X3DUhwXY5ywj28RrtoTWTd/LfkjxO45qcpcIi0fR0KJw== =AU7d -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 5 13:00:57 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! > Something else you might consider implementing, is not to cache or cache > with a low timeout, the results when the message is auto-learned by > Since bayes has learned from the message, it will probably affect the > score of the next message, unless the score is already sufficiently high > enough or low enough for the spam result not be affected by a diffirent > bayes score. Same idea as with URIBL, most likely low spam will be auto added to SURBL pretty fast after detection, most of the time within 5-10 mins. Can you please consider putting the values in the config? I really see use for this. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Thu Jan 5 13:05:32 2006 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi Raymond, > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn > Sent: donderdag 5 januari 2006 14:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta 4.50.4 released -- faster than 4.49 > > Hi! > > > Something else you might consider implementing, is not to cache or > > cache with a low timeout, the results when the message is > auto-learned > > by Since bayes has learned from the message, it will > probably affect > > the score of the next message, unless the score is already > > sufficiently high enough or low enough for the spam result not be > > affected by a diffirent bayes score. > > Same idea as with URIBL, most likely low spam will be auto > added to SURBL pretty fast after detection, most of the time > within 5-10 mins. Problem with URIBL is MailScanner has no idea if and when SURBL will add those! With bayes, MailScanner know if SA has auto-learned the message. Only option I see is to add messages without any URIBL hits with a lower timeout then messages which have already had one or more URIBL hits in their SA-score. Same could probably be done with RBL hits. Adri. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Thu Jan 5 13:13:12 2006 From: Dave (Dave) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: Just curious, what will it take for MailScanner to go to version 5? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 5 13:09:10 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! >> Same idea as with URIBL, most likely low spam will be auto >> added to SURBL pretty fast after detection, most of the time >> within 5-10 mins. > Problem with URIBL is MailScanner has no idea if and when SURBL will add > those! > With bayes, MailScanner know if SA has auto-learned the message. > Only option I see is to add messages without any URIBL hits with a lower > timeout then messages which have already had one or more URIBL hits in > their SA-score. Same could probably be done with RBL hits. Its in my eyes again comming to the same basic point, low spam you want to do different things with, so the score can reach the high value in some time. Bayes is one of them... Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 5 13:29:07 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: Hi! > Just curious, what will it take for > MailScanner to go to version 5? I want MailScanner XP, Oh MailScanner 2005... uh its just a number :) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Thu Jan 5 13:44:24 2006 From: Dave (Dave) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: On Thu, Jan 05, 2006 at 02:29:07PM +0100, Raymond Dijkxhoorn wrote: > Hi! > > >Just curious, what will it take for > >MailScanner to go to version 5? > > I want MailScanner XP, Oh MailScanner 2005... uh its just a number :) > Are you familiar with Version Numbering contril? > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 5 13:53:06 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: Hi! >>> Just curious, what will it take for >>> MailScanner to go to version 5? >> I want MailScanner XP, Oh MailScanner 2005... uh its just a number :) > Are you familiar with Version Numbering contril? Yes i am, this posting was more or less /ignore. If you see the version numbers of the last months its one stabil each month. Was there a real need to know for V5? I mean, more or less thats what most vendors do when announcing major design changes. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Jan 5 14:00:52 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: Raymond Well that used to be the case, now it's merely speak for next version.... (first major occurrance of this was Solaris 2.6 to 7 'cos every one else had larger v numbers - AIX 5, HPUX 10..etc) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Raymond Dijkxhoorn > Sent: 05 January 2006 13:53 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] MailScanner version 5 > > Hi! > > >>> Just curious, what will it take for > >>> MailScanner to go to version 5? > > >> I want MailScanner XP, Oh MailScanner 2005... uh its just a number :) > > > Are you familiar with Version Numbering contril? > > Yes i am, this posting was more or less /ignore. > > If you see the version numbers of the last months its one stabil each > month. > > Was there a real need to know for V5? I mean, more or less thats what most > vendors do when announcing major design changes. > > Bye, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at scorpion.nl Thu Jan 5 14:14:51 2006 From: chris at scorpion.nl (Christiaan den Besten) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You are missing the point :) The point is ... 'in time' the SA score would be different from the cached one when re-testing the same message body. (for example due to some url's found in the message body to be put into a spam URIBL after detection). If these messages are initialy tagged as 'low spam', but with the new circumstances would have been tagged as 'high spam' you do not want these messages to still be tagged as 'low spam' cause that is the value currently in the cache. bye, Chris ----- Original Message ----- From: shuttlebox To: MAILSCANNER@JISCMAIL.AC.UK Sent: Thursday, January 05, 2006 3:06 PM Subject: Re: Beta 4.50.4 released -- faster than 4.49 On 1/5/06, Raymond Dijkxhoorn wrote: Its in my eyes again comming to the same basic point, low spam you want to do different things with, so the score can reach the high value in some time. Bayes is one of them... Is this a problem locally also or only with reporting to RBL:s and such? If you parse logs for reporting to them can't the parsing be adjusted instead of complicating things for MS? Is there something missing from the logs to get the required info? Maybe Julian can add from which message the cache hit came from? Or am I missing the point? -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Thu Jan 5 14:24:31 2006 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: > [...] >> I would think if caching is going to be implemented there needs to be a >> command line, or separate program, that will allow the admin to flush the >> cache at will. For this very reason. Assuming (I haven't looked at the new >> releases) that the spam, virus, etc caches are in different >> tables, I would >> think a way to flush one, or all should be implemented, for the >> very reasons >> described above. Not to mention, for instance, suppose a message >> is flagged >> as spam and a user requests the sender be whitelisted? Again not having >> looked at the code, what happens if the sender resends the exact same >> message expecting it to come through again *to that user*? Ok, I >> just looked > [...] > > I hate replying to myself but... > > Right after I hit the send button I wonder if MS was logging the MD5 > information? If it is I would think it would be trivial for the MailWatch > author(s) to add it to their database information and allow the MailWatch > users to remove the information via MailWatch... just a thought See http://wiki.mailscanner.info/doku.php?id=custom_config, the hard-workers behind the speed-ups, i guess. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Jan 5 14:11:03 2006 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Randal, Phil > Sent: Thursday, January 05, 2006 7:36 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta 4.50.4 released -- faster than 4.49 > [...] > > Not just auto-learning - if I detect a flood of low-scoring spam and > manually sa-learn it then I want any new Bayes score to be effective > ASAP. > > With this new infrastructure in place it should be possible to introduce > some spam flooding detection into MailScanner. You'd then need a > permitted-flooders whitelist too, of course. > > As a completely unrelated aside, www.mailscanner.info is inaccessible > here at the moment. > I would think if caching is going to be implemented there needs to be a command line, or separate program, that will allow the admin to flush the cache at will. For this very reason. Assuming (I haven't looked at the new releases) that the spam, virus, etc caches are in different tables, I would think a way to flush one, or all should be implemented, for the very reasons described above. Not to mention, for instance, suppose a message is flagged as spam and a user requests the sender be whitelisted? Again not having looked at the code, what happens if the sender resends the exact same message expecting it to come through again *to that user*? Ok, I just looked at the table creation code and do not see a sender address, so if I add the sender to an SA whitelist how do I tell MS to updated or ignore the cache? Perhaps if the sender address is added to the cache information then a utility could be developed fairly easily that would allow the system admin to run it with a sender address and have the cache record flagged as recheck or, removed all together, for any cached information relating to that sender address? It would appear that since the table is created any time it is missing, flushing the cache would be as simple as removing the table and restarting MS. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Thu Jan 5 14:06:58 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/5/06, Raymond Dijkxhoorn wrote: Its in my eyes again comming to the same basic point, low spam you want to do different things with, so the score can reach the high value in some time. Bayes is one of them... Is this a problem locally also or only with reporting to RBL:s and such? If you parse logs for reporting to them can't the parsing be adjusted instead of complicating things for MS? Is there something missing from the logs to get the required info? Maybe Julian can add from which message the cache hit came from? Or am I missing the point? -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Thu Jan 5 14:14:44 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/5/06, Raymond Dijkxhoorn wrote: Was there a real need to know for V5? I mean, more or less thats what most vendors do when announcing major design changes. I guess if Julian would rewrite MS and make it modularized where we could choose which modules (virus, spam, file name, ...) to use and in which order then he would probably call it 5. Now there's lots of incremental changes that we all can use without starting over so I see no reason for the first number to change. As you said, it's just a number and since Julian is not an evil empire needing to impress the weak there's no need for "impressive" numbers. :-) -- /Peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Thu Jan 5 14:21:20 2006 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Raymond Dijkxhoorn wrote: > Its in my eyes again comming to the same basic point, low > spam you want to do different things with, so the score can > reach the high value in some time. Bayes is one of them... How we should behave could depend on our high/low spam score actions, too. If we quarantine but don't deliver low score spam, then it doesn't matter so much that it isn't having its score ramped up by Bayes learning, except that Bayes learning could help push future variations of that spam from ham to spam scores. Which leads me to think that while spamassassin is flagging mails as "autolearn=spam" they shouldn't be cached. Though if they are high-scoring already we could still cache them without materially affecting the Bayesian stuff. The other thing which occurs to me as highly desirable is a "service MailScanner flushcache" parameter, and possibly a "flush cache on restart" option in MailScanner.conf, so we can flush the cache after changing Spamassassin rules (either manually or automatically in a RulesDuJour type script). The last thing we want is to create a broken rule which flags mail from a legitimate mailing list as spam, discover our error, correct it, and still have straggling emails from that mailing list (to different recipients) being flagged erroneously as spam. Aren't cache coherency issues fun? Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Jan 5 14:21:07 2006 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rick Cooper > Sent: Thursday, January 05, 2006 9:11 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Beta 4.50.4 released -- faster than 4.49 > > [...] > I would think if caching is going to be implemented there needs to be a > command line, or separate program, that will allow the admin to flush the > cache at will. For this very reason. Assuming (I haven't looked at the new > releases) that the spam, virus, etc caches are in different > tables, I would > think a way to flush one, or all should be implemented, for the > very reasons > described above. Not to mention, for instance, suppose a message > is flagged > as spam and a user requests the sender be whitelisted? Again not having > looked at the code, what happens if the sender resends the exact same > message expecting it to come through again *to that user*? Ok, I > just looked [...] I hate replying to myself but... Right after I hit the send button I wonder if MS was logging the MD5 information? If it is I would think it would be trivial for the MailWatch author(s) to add it to their database information and allow the MailWatch users to remove the information via MailWatch... just a thought Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rabellino at DI.UNITO.IT Thu Jan 5 15:04:38 2006 From: rabellino at DI.UNITO.IT (Rabellino Sergio) Date: Thu Jan 12 21:31:39 2006 Subject: Perl SqLite Module and Solaris Message-ID: Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >Can you add this to the wiki please? >Most Solaris admins know what they're doing, fortunately. Editing >makefiles automatically isn't something I want to get into. > > > done, I hope in the right place: under MAQ/spamassassin related question. Bye. -- Dott. Mag. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 15:08:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 14:21, Rick Cooper wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Rick Cooper >> Sent: Thursday, January 05, 2006 9:11 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Beta 4.50.4 released -- faster than 4.49 >> >> > [...] >> I would think if caching is going to be implemented there needs to >> be a >> command line, or separate program, that will allow the admin to >> flush the >> cache at will. For this very reason. Assuming (I haven't looked at >> the new >> releases) that the spam, virus, etc caches are in different >> tables, I would >> think a way to flush one, or all should be implemented, for the >> very reasons >> described above. Not to mention, for instance, suppose a message >> is flagged >> as spam and a user requests the sender be whitelisted? Again not >> having >> looked at the code, what happens if the sender resends the exact same >> message expecting it to come through again *to that user*? Ok, I >> just looked > [...] > > I hate replying to myself but... > > Right after I hit the send button I wonder if MS was logging the MD5 > information? If it is I would think it would be trivial for the > MailWatch > author(s) to add it to their database information and allow the > MailWatch > users to remove the information via MailWatch... just a thought $message->{md5} - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ702d/w32o+k+q+hAQEkGAf/W89epLGHfUJr2ubjMvbPIUb14sX9K5GQ OtGXqM2KKerX0eLw5/48SIS3nO/9WYh2df7EsP4rPmUFj2tuIhRH6He/jD+SAP7p zIfOexttIHD1QOxdDM6l5akujqkGSBflz82a4pmg34shLuH5omoggtBJRM/titiB xvmKC0VZ8FwlwFe2PO4JmYtElDRNw+g5dDiWDGMCRcKJxhZeuPyx16GwTRg60VEF gNjoDraq90+UX1oTDxzvoT0LkRzsfXsw6PMQJmqlBzWru6Psv9ZnNACjZMzFPN2v YeJc9VAFAcTQ/e+lOFxNrS1TD9EBfk+LQ5r6MTdQgXo6qEISRfG8OA== =JuUj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 15:06:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 14:11, Rick Cooper wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Randal, Phil >> Sent: Thursday, January 05, 2006 7:36 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Beta 4.50.4 released -- faster than 4.49 >> > [...] >> >> Not just auto-learning - if I detect a flood of low-scoring spam and >> manually sa-learn it then I want any new Bayes score to be effective >> ASAP. >> >> With this new infrastructure in place it should be possible to >> introduce >> some spam flooding detection into MailScanner. You'd then need a >> permitted-flooders whitelist too, of course. >> >> As a completely unrelated aside, www.mailscanner.info is inaccessible >> here at the moment. >> > > I would think if caching is going to be implemented there needs to > be a > command line, or separate program, that will allow the admin to > flush the > cache at will. For this very reason. Assuming (I haven't looked at > the new > releases) that the spam, virus, etc caches are in different tables, > I would > think a way to flush one, or all should be implemented, for the > very reasons > described above. Not to mention, for instance, suppose a message is > flagged > as spam and a user requests the sender be whitelisted? Again not > having > looked at the code, what happens if the sender resends the exact same > message expecting it to come through again *to that user*? Ok, I > just looked > at the table creation code and do not see a sender address, so if I > add the > sender to an SA whitelist how do I tell MS to updated or ignore the > cache? > Perhaps if the sender address is added to the cache information then a > utility could be developed fairly easily that would allow the > system admin > to run it with a sender address and have the cache record flagged > as recheck > or, removed all together, for any cached information relating to > that sender > address? It would appear that since the table is created any time > it is > missing, flushing the cache would be as simple as removing the > table and > restarting MS. You can flush the cache with this: rm -f /var/spool/MailScanner/incoming/SpamAssassin.cache.db service MailScanner reload - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ7017Pw32o+k+q+hAQHx1wf/SXkq5M5bCT7ONWq6izpbe/TuegmBt95S EicPFN7quTsmTy5jSoF1NMdGs46Xg5gjQnczq5pese6o+c2bsvI9d//aWnpTVDaV XzYVkGryJAiy2kv0gmBpqh6f03SEE35/kA809yZsxPU/HM6UWjFgo6poDBvgEtBe 4hMqsHfP3ShwTBfGRcSGrvexqJPk1HTwEti51C8pL9L8ddeS+a9GgYSv+b7wOY2H wLR/ih1B7g771to+oFRo6fpJ5ZmYxFtnSlTqttl3wvQ9QWsx+rUwWIBNy3hc26NK NkUhUQ0cpfBSnSFPW+RL/gctblNb/ewFOZSZsUIxNTnZSiQYH42AaQ== =zhve -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jan 5 15:51:13 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:39 2006 Subject: All_Trusted Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > > Ah, I see what you mean. So having set trusted_networks and > internal_networks per Mail::SpamAssassin::Conf, the ALL_TRUSTED trigger > went away. But is there anything I should be looking at regarding the > Received: header parsing or is that pretty much taken care of now? That's fixed now. Received: header parsing depends on SA's ability to determine which hosts are trusted/internal and which aren't. Without a trusted_networks declared, SA will try to guess, but that guess doesn't work well for networks with NATed mailservers and some other configurations. > Things seem to be flowing OK. Hopefully it's catching more spam than > ever? You should definitely see better performance out of DUL RBLs, and the HELO_DYNAMIC type rules. There's also a good handful of other rules affected by the trust/untrust decisions. > I take it that it would be prudent to check my other MS boxes and rem > out the "score ALL_TRUSTED 0" if it's there? Yes, that would be prudent, as if ALL_TRUSTED is misfiring, it's a sign you need a manual trusted_networks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu Jan 5 15:50:02 2006 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.5 released Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I have just released version 4.50.5. > > This is basically a lot of tidying up done since yesterday's 4.50.4. > No dramatic new features. I've saw SQLite mentioned in a few of the posts. Are you just using it for SpamAssassin in your rpm builds, or is it being used for other parts of MailScanner? I switched my SpamAssassin over to using MySQL for both bayes and auto-white listing several months ago. Not only do the bayes rebuilds run faster, I can expire enteries out of the autowhitelist easily based on a last update time. As well as a custom function in MailScanner to log spam and viruses to a sql table for generating a local blacklist. It works much better than trying to process the mail log to build one. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN Phone: 260.920.2808 E-mail: amoore@dekalbmemorial.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Thu Jan 5 15:38:02 2006 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: Or Julian could call the next release "foo" Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jase at SENSIS.COM Thu Jan 5 15:56:39 2006 From: jase at SENSIS.COM (Desai, Jason) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On 5 Jan 2006, at 09:42, Raymond Dijkxhoorn wrote: >> Hi! >> >>>> - spam after 6 hours from the initial creation of the cache record. >>> >> >> Been chatting with Steve last night, he promised to rewrite some >> code when he would wake up :) >> >> So far its going just fine. >> >> I hope it will be configurable, would really help. High spam is >> perfect as it is now, low spam we want to get higher once they are >> learned... so a really low timeout to cut out the first batfhes is >> fine, after that i want to recheck if its not added to more RBLs. >> So for us low spam caching could even have a 5-10 mins expire... > > I would like to get a set of timeouts we basically agree on, then > leave them set at that. No-one will ever actually change the values > we supply, so I see no great reason to make the conf file any bigger > than it already is. Perhaps the cache time could be specified as one of the options for (Spam|High Scoring Spam|Non Spam) Actions? The defaults could be set if nothing were specified. And if someone wanted different times based on certain entries in SpamAssassin report, they could just write a custom function to do so. Ex. - To cache high scoring spam for 10 minutes High Scoring Spam Actions = store delete cache:10 This way you're not really adding more configuration options, just an additional action, and you can default it to what everyone agrees would be sensible. Just a thought. Jase ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jan 5 16:07:36 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:39 2006 Subject: All_Trusted Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] shuttlebox wrote: > On 1/5/06, *Matt Kettler* > wrote: > > It's a good thing the upgrade removed that statement.. setting > ALL_TRUSTED to a > 0 score covers up a lot of serious problems. > > > What kind of problems do you mean? Problems regarding other things than > the trusted mechanism? Just the trusted mechanism, but this affects a LOT of rules in SA. Most rules that examine the Received: headers are affected by trusted_networks or internal_networks. (and if neither is declared, these two are both set to the same guess). For what it's worth, here's a quick rundown of things affected by trust/internal networks detection in SA 3.1.0. affected by internal_networks: All RBLs checks Affected by trusted_networks: whitelist_from_rcvd RCVD_IN_BSP_TRUSTED HABEAS_* ALL_TRUSTED HELO_DYNAMIC_* rules MSGID_FROM_MTA_ID FORGED_*_RCVD rules FAKE_HELO_* RCVD_HELO_IP_MISMATCH RCVD_NUMERIC_HELO RCVD_ILLEGAL_IP SPF plugin AWL plugin RelayCountry plugin AccessDB plugin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 16:19:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 15:56, Desai, Jason wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 5 Jan 2006, at 09:42, Raymond Dijkxhoorn wrote: >>> Hi! >>> >>>>> - spam after 6 hours from the initial creation of the cache >>>>> record. >>>> >>> >>> Been chatting with Steve last night, he promised to rewrite some >>> code when he would wake up :) >>> >>> So far its going just fine. >>> >>> I hope it will be configurable, would really help. High spam is >>> perfect as it is now, low spam we want to get higher once they are >>> learned... so a really low timeout to cut out the first batfhes is >>> fine, after that i want to recheck if its not added to more RBLs. >>> So for us low spam caching could even have a 5-10 mins expire... >> >> I would like to get a set of timeouts we basically agree on, then >> leave them set at that. No-one will ever actually change the values >> we supply, so I see no great reason to make the conf file any bigger >> than it already is. > > Perhaps the cache time could be specified as one of the options for > (Spam|High Scoring Spam|Non Spam) Actions? The defaults could be > set if > nothing were specified. And if someone wanted different times > based on > certain entries in SpamAssassin report, they could just write a custom > function to do so. > > Ex. - To cache high scoring spam for 10 minutes > > High Scoring Spam Actions = store delete cache:10 > > This way you're not really adding more configuration options, just an > additional action, and you can default it to what everyone agrees > would > be sensible. That's the most sensible suggestion so far. Trouble is it wants a different value for viruses as well, and I'm not sure where to put that. So I'm not sure that will happen. I might just end up putting in the 4 config options to do it. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ71HBfw32o+k+q+hAQF3fwf+NrOP6GfYpTcVOQ/Epq2HofwJUTKt7rRh UAd1UlHRPVYE68gZThSs7aFN4O2t/sLNiIKCcLxqpRs9g9yaMjd62vy/VxggGjVf Br9h0Nn85tpqBf6Elsfz+uzwHlBOuWEGMicoOmajbe7jo9OA+ef/J7HFxcJTkUSP BvB5o6ksmQTBQG3VQZasmQtVLOu6kwoPPqm6KKE0v5T4EWUzE0loip8MAWaWeuxu 3A+nbwuZyjmIrXo+7EQrzmaJFBIYOEFLnpqtxEDBi24wKBSmUsM6SybQnvMCcc5U vBARvnAL8xcPDRGUgV6f4hG6mTeM+0wDRiYSxzJWhK6/VHDK0USHTw== =IA06 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 16:21:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.5 released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 15:50, Aaron K. Moore wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I have just released version 4.50.5. >> >> This is basically a lot of tidying up done since yesterday's 4.50.4. >> No dramatic new features. > > I've saw SQLite mentioned in a few of the posts. Are you just > using it > for SpamAssassin in your rpm builds, or is it being used for other > parts > of MailScanner? I'm using it for the new SpamAssassin cache. Very quick and easy shared database. But it is optional. If it's not installed then you can't use the new feature, that's all. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ71Hi/w32o+k+q+hAQHAgwgAmhEtxP2POR2T9VEznquwjONYFsp50E0r /ORdbfrKGhLUlpn1W8OLclLiEzP2xTy0exdZPlOos+CLAZnCqPFhl3aEJTgVbc5x VdGKqXjPWUOKMjq36wT4ML2Ars2FpAECfxhfrJCQ/OEBGNABlEOV10XcOmoQe3GF YhzlR9mvzHUpVGdlTJDiofUB3p8n4z87OqW1EUHDMtZwoC0FYaleV0FNYgx06CML FTigLOnaJA3dSgtMVPCYRN+jFwUX+ORMvZ+JmE29J1D+zEVCH8VRybgpUFlHijbV Nb/XeIUwXlj5r1x9acnMMHMSJN9UNeY/rDtMHGuc6Sl1U37LCtNqiQ== =quyA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Thu Jan 5 16:21:26 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Did you run my ./install.sh? This should upgrade DBI for you anyway. > If so, why did my DBI install fail? Yes, with ./install.sh. Sorry, but I'm not sure exactly. > What output was produced? Below is the relevant output. Hope this helps. Thanks, Ken A Pacific.Net ---- snip ----- Attempting to build and install perl-DBI-1.50-1 Installing perl-DBI-1.50-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.33425 + umask 022 + cd /usr/src/redhat/BUILD + LANG=C + export LANG + unset DISPLAY + cd /usr/src/redhat/BUILD + rm -rf DBI-1.50 + /bin/gzip -dc /usr/src/redhat/SOURCES/DBI-1.50.tar.gz + tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd DBI-1.50 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.33425 + umask 022 + cd /usr/src/redhat/BUILD + cd DBI-1.50 + LANG=C + export LANG + unset DISPLAY + CFLAGS='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables' + perl Makefile.PL PREFIX=/var/tmp/perl-DBI-1.50-1-root/usr *** You are using a perl configured with threading enabled. *** You should be aware that using multiple threads is *** not recommended for production environments. *** Note: The optional PlRPC-modules (RPC::PlServer etc) are not installed. If you want to use the DBD::Proxy driver and DBI::ProxyServer modules, then you'll need to install the RPC::PlServer, RPC::PlClient, Storable and Net::Daemon modules. The CPAN Bundle::DBI may help you. You can install them any time after installing the DBI. You do *not* need these modules for typical DBI usage. Optional modules are available from any CPAN mirror, in particular http://search.cpan.org/ http://www.perl.com/CPAN/modules/by-module http://www.perl.org/CPAN/modules/by-module ftp://ftp.funet.fi/pub/languages/perl/CPAN/modules/by-module Creating DBI::PurePerl test variant: t/zvpp_01basics.t Creating DBI::PurePerl test variant: t/zvpp_02dbidrv.t Creating DBI::PurePerl test variant: t/zvpp_03handle.t Creating DBI::PurePerl test variant: t/zvpp_04mods.t Creating DBI::PurePerl test variant: t/zvpp_05thrclone.t (use threads) Creating DBI::PurePerl test variant: t/zvpp_06attrs.t Creating DBI::PurePerl test variant: t/zvpp_07kids.t Creating DBI::PurePerl test variant: t/zvpp_08keeperr.t Creating DBI::PurePerl test variant: t/zvpp_09trace.t Creating DBI::PurePerl test variant: t/zvpp_10examp.t Creating DBI::PurePerl test variant: t/zvpp_11fetch.t Creating DBI::PurePerl test variant: t/zvpp_14utf8.t Creating DBI::PurePerl test variant: t/zvpp_15array.t Creating DBI::PurePerl test variant: t/zvpp_20meta.t Creating DBI::PurePerl test variant: t/zvpp_30subclass.t Creating DBI::PurePerl test variant: t/zvpp_40profile.t Creating DBI::PurePerl test variant: t/zvpp_41prof_dump.t Creating DBI::PurePerl test variant: t/zvpp_42prof_data.t Creating DBI::PurePerl test variant: t/zvpp_43profenv.t Creating DBI::PurePerl test variant: t/zvpp_50dbm.t Creating DBI::PurePerl test variant: t/zvpp_60preparse.t Creating DBI::PurePerl test variant: t/zvpp_70callbacks.t Creating DBI::PurePerl test variant: t/zvpp_72childhandles.t Creating DBI::PurePerl test variant: t/zvpp_80proxy.t Checking if your kit is complete... Looks good I see you're using perl 5.008006 on i386-linux-thread-multi, okay. Remember to actually *read* the README file! Use 'make' to build the software (dmake or nmake on Windows). Then 'make test' to execute self tests. Then 'make install' to install the DBI and then delete this working directory before unpacking and building any DBD::* drivers. Writing Makefile for DBI + make /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Changes.pm cp Changes blib/lib/DBI/Changes.pm /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Roadmap.pm cp Roadmap.pod blib/lib/DBI/Roadmap.pm cp dbd_xsh.h blib/arch/auto/DBI/dbd_xsh.h cp dbivport.h blib/arch/auto/DBI/dbivport.h cp lib/DBI/FAQ.pm blib/lib/DBI/FAQ.pm cp Driver_xst.h blib/arch/auto/DBI/Driver_xst.h cp lib/DBI/SQL/Nano.pm blib/lib/DBI/SQL/Nano.pm cp lib/DBD/Proxy.pm blib/lib/DBD/Proxy.pm cp lib/DBI/Const/GetInfo/ANSI.pm blib/lib/DBI/Const/GetInfo/ANSI.pm cp lib/DBD/DBM.pm blib/lib/DBD/DBM.pm cp DBI.pm blib/lib/DBI.pm cp lib/DBI/Const/GetInfoReturn.pm blib/lib/DBI/Const/GetInfoReturn.pm cp DBIXS.h blib/arch/auto/DBI/DBIXS.h cp lib/DBD/Sponge.pm blib/lib/DBD/Sponge.pm cp Roadmap.pod blib/lib/Roadmap.pod cp lib/DBI/Const/GetInfoType.pm blib/lib/DBI/Const/GetInfoType.pm cp lib/DBI/W32ODBC.pm blib/lib/DBI/W32ODBC.pm cp lib/DBI/DBD/Metadata.pm blib/lib/DBI/DBD/Metadata.pm cp lib/DBI/Const/GetInfo/ODBC.pm blib/lib/DBI/Const/GetInfo/ODBC.pm cp lib/DBI/ProfileDumper/Apache.pm blib/lib/DBI/ProfileDumper/Apache.pm cp lib/Bundle/DBI.pm blib/lib/Bundle/DBI.pm cp lib/DBI/Profile.pm blib/lib/DBI/Profile.pm cp lib/DBI/ProfileDumper.pm blib/lib/DBI/ProfileDumper.pm cp lib/DBD/File.pm blib/lib/DBD/File.pm cp Driver.xst blib/arch/auto/DBI/Driver.xst cp lib/DBI/ProxyServer.pm blib/lib/DBI/ProxyServer.pm cp dbipport.h blib/arch/auto/DBI/dbipport.h cp lib/DBD/NullP.pm blib/lib/DBD/NullP.pm cp lib/DBI/DBD.pm blib/lib/DBI/DBD.pm cp lib/Win32/DBIODBC.pm blib/lib/Win32/DBIODBC.pm cp lib/DBI/PurePerl.pm blib/lib/DBI/PurePerl.pm cp lib/DBD/ExampleP.pm blib/lib/DBD/ExampleP.pm cp dbi_sql.h blib/arch/auto/DBI/dbi_sql.h cp lib/DBI/ProfileData.pm blib/lib/DBI/ProfileData.pm /usr/bin/perl -p -e "s/~DRIVER~/Perl/g" ./Driver.xst > Perl.xsi /usr/bin/perl /usr/lib/perl5/5.8.6/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.6/ExtUtils/typemap -typemap typemap Perl.xs > Perl.xsc && mv Perl.xsc Perl.c gcc -c -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -Wdisabled-optimization -Wmissing-noreturn -Wno-unused-parameter Perl.c /usr/bin/perl /usr/lib/perl5/5.8.6/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.6/ExtUtils/typemap -typemap typemap DBI.xs > DBI.xsc && mv DBI.xsc DBI.c gcc -c -D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl5/5.8.6/i386-linux-thread-multi/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -Wdisabled-optimization -Wmissing-noreturn -Wno-unused-parameter DBI.c Running Mkbootstrap for DBI () chmod 644 DBI.bs rm -f blib/arch/auto/DBI/DBI.so gcc -shared -L/usr/local/lib DBI.o -o blib/arch/auto/DBI/DBI.so chmod 755 blib/arch/auto/DBI/DBI.so cp DBI.bs blib/arch/auto/DBI/DBI.bs chmod 644 blib/arch/auto/DBI/DBI.bs /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiprof.PL dbiprof Extracted dbiprof from dbiprof.PL with variable substitutions. cp dbiprof blib/script/dbiprof /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiprof /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiproxy.PL dbiproxy Extracted dbiproxy from dbiproxy.PL with variable substitutions. cp dbiproxy blib/script/dbiproxy /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiproxy Manifying blib/man1/dbiprof.1 Manifying blib/man1/dbiproxy.1 Manifying blib/man3/DBI::FAQ.3pm Manifying blib/man3/DBD::Proxy.3pm Manifying blib/man3/DBI::SQL::Nano.3pm Manifying blib/man3/DBI::Const::GetInfo::ANSI.3pm Manifying blib/man3/DBD::DBM.3pm Manifying blib/man3/DBI::Const::GetInfoReturn.3pm Manifying blib/man3/DBI.3pm Manifying blib/man3/DBD::Sponge.3pm Manifying blib/man3/DBI::Const::GetInfoType.3pm Manifying blib/man3/Roadmap.3pm Manifying blib/man3/DBI::DBD::Metadata.3pm Manifying blib/man3/DBI::W32ODBC.3pm Manifying blib/man3/DBI::Const::GetInfo::ODBC.3pm Manifying blib/man3/DBI::ProfileDumper::Apache.3pm Manifying blib/man3/Bundle::DBI.3pm Manifying blib/man3/DBI::Profile.3pm Manifying blib/man3/DBD::File.3pm Manifying blib/man3/DBI::ProfileDumper.3pm Manifying blib/man3/DBI::ProxyServer.3pm Manifying blib/man3/DBI::DBD.3pm Manifying blib/man3/Win32::DBIODBC.3pm Manifying blib/man3/DBI::PurePerl.3pm Manifying blib/man3/DBI::ProfileData.3pm + make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/01basics...............ok 4/131 skipped: developer tests t/02dbidrv...............ok t/03handle...............ok t/04mods.................ok t/05thrclone.............ok t/06attrs................ok t/07kids.................ok t/08keeperr..............ok t/09trace................ok t/10examp................ok t/11fetch................ok t/14utf8.................ok t/15array................ok t/20meta.................ok t/30subclass.............ok t/40profile..............ok t/41prof_dump............ok t/42prof_data............ok t/43profenv..............ok t/50dbm..................ok t/60preparse.............ok t/70callbacks............ok t/72childhandles.........ok t/80proxy................skipped all skipped: modules required for proxy are probably not installed (e.g., RPC/PlClient.pm) t/pod....................skipped all skipped: Test::Pod 1.00 required for testing POD t/zvpp_01basics..........ok 4/131 skipped: developer tests t/zvpp_02dbidrv..........ok 10/51 skipped: various reasons t/zvpp_03handle..........ok 76/135 skipped: various reasons t/zvpp_04mods............ok t/zvpp_05thrclone........ok t/zvpp_06attrs...........ok 7/137 skipped: various reasons t/zvpp_07kids............skipped all skipped: $h->{Kids} attribute not supported for DBI::PurePerl t/zvpp_08keeperr.........ok t/zvpp_09trace...........ok t/zvpp_10examp...........ok 39/253 skipped: various reasons t/zvpp_11fetch...........ok t/zvpp_14utf8............ok t/zvpp_15array...........ok t/zvpp_20meta............ok t/zvpp_30subclass........ok t/zvpp_40profile.........skipped all skipped: profiling not supported for DBI::PurePerl t/zvpp_41prof_dump.......skipped all skipped: profiling not supported for DBI::PurePerl t/zvpp_42prof_data.......skipped all skipped: profiling not supported for DBI::PurePerl t/zvpp_43profenv.........skipped all skipped: profiling not supported for DBI::PurePerl t/zvpp_50dbm.............ok t/zvpp_60preparse........skipped all skipped: preparse not supported for DBI::PurePerl t/zvpp_70callbacks.......skipped all skipped: $h->{Callbacks} attribute not supported for DBI::PurePerl t/zvpp_72childhandles....ok t/zvpp_80proxy...........skipped all skipped: modules required for proxy are probably not installed (e.g., RPC/PlClient.pm) All tests successful, 10 tests and 140 subtests skipped. Files=49, Tests=2306, 39 wallclock secs (26.86 cusr + 9.98 csys = 36.84 CPU) PERL_DL_NONLAZY=1 /usr/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl test.pl DBI test application $Revision: 11.7 $ Switch: DBI 1.50 by Tim Bunce, 1.50 Available Drivers: DBM, ExampleP, File, Proxy, Sponge dbi:ExampleP:: testing 5 sets of 20 connections: Connecting... 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Disconnecting... Connecting... 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Disconnecting... Connecting... 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Disconnecting... Connecting... 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Disconnecting... Connecting... 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Disconnecting... Made 100 connections in 0 wallclock secs ( 0.02 usr + 0.00 sys = 0.02 CPU) Testing handle creation speed... 8064 NullP sth/s perl 5.008006 i386-linux-thread-multi (gcc 4.0.2 -O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables) test.pl done + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.47884 + umask 022 + cd /usr/src/redhat/BUILD + cd DBI-1.50 + LANG=C + export LANG + unset DISPLAY + rm -rf /var/tmp/perl-DBI-1.50-1-root ++ perl -V:installarchlib + eval 'installarchlib='\''/usr/lib/perl5/5.8.6/i386-linux-thread-multi'\'';' ++ installarchlib=/usr/lib/perl5/5.8.6/i386-linux-thread-multi + mkdir -p /var/tmp/perl-DBI-1.50-1-root//usr/lib/perl5/5.8.6/i386-linux-thread-multi + make install Manifying blib/man1/dbiprof.1 Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/dbipport.h Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DBI.so Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/Driver.xst Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/dbd_xsh.h Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/dbivport.h Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DBIXS.h Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/dbi_sql.h Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DBI.bs Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/Driver_xst.h Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/Roadmap.pod Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/Win32/DBIODBC.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/ProfileDumper.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Changes.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Roadmap.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/ProfileData.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/W32ODBC.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/FAQ.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/DBD.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Profile.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/ProxyServer.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/PurePerl.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/SQL/Nano.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/ProfileDumper/Apache.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/DBD/Metadata.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Const/GetInfoType.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Const/GetInfoReturn.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Const/GetInfo/ANSI.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Const/GetInfo/ODBC.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/File.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/NullP.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/Sponge.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/DBM.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/ExampleP.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/Proxy.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/Bundle/DBI.pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man1/dbiprof.1 Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man1/dbiproxy.1 Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBD::Proxy.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::W32ODBC.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBD::File.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::SQL::Nano.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/Roadmap.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::Const::GetInfoType.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::FAQ.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::PurePerl.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBD::DBM.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/Bundle::DBI.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::ProxyServer.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::ProfileDumper::Apache.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::ProfileData.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/Win32::DBIODBC.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBD::Sponge.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::DBD::Metadata.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::DBD.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::Const::GetInfoReturn.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::Profile.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/share/man/man3/DBI::ProfileDumper.3pm Installing /var/tmp/perl-DBI-1.50-1-root/usr/bin/dbiproxy Installing /var/tmp/perl-DBI-1.50-1-root/usr/bin/dbiprof Writing /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/.packlist Appending installation info to /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/5.8.6/i386-linux-thread-multi/perllocal.pod + '[' -x /usr/lib/rpm/brp-compress ']' + /usr/lib/rpm/brp-compress + find /var/tmp/perl-DBI-1.50-1-root/usr -type f -print + sed 's@^/var/tmp/perl-DBI-1.50-1-root@@g' + grep -v perllocal.pod + grep -v '\.packlist' ++ cat DBI-1.50-filelist + '[' '/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/Bundle/DBI.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/Win32/DBIODBC.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Const/GetInfo/ANSI.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Const/GetInfo/ODBC.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Const/GetInfoReturn.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Const/GetInfoType.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/FAQ.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/SQL/Nano.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/ProfileDumper/Apache.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/ProxyServer.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Profile.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Changes.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/ProfileDumper.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/PurePerl.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/W32ODBC.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/Roadmap.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/ProfileData.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/DBD/Metadata.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBI/DBD.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/Roadmap.pod /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/DBM.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/Sponge.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/File.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/Proxy.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/NullP.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/DBD/ExampleP.pm /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/Driver.xst /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/dbd_xsh.h /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/dbivport.h /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DBIXS.h /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/Driver_xst.h /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DBI.so /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DBI.bs /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/dbi_sql.h /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/dbipport.h /usr/share/man/man3/DBI::ProfileData.3pm.gz /usr/share/man/man3/DBI::Profile.3pm.gz /usr/share/man/man3/DBI::ProfileDumper.3pm.gz /usr/share/man/man3/DBD::Sponge.3pm.gz /usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm.gz /usr/share/man/man3/DBI::PurePerl.3pm.gz /usr/share/man/man3/Roadmap.3pm.gz /usr/share/man/man3/DBI::ProxyServer.3pm.gz /usr/share/man/man3/DBI::FAQ.3pm.gz /usr/share/man/man3/DBD::DBM.3pm.gz /usr/share/man/man3/DBD::File.3pm.gz /usr/share/man/man3/Bundle::DBI.3pm.gz /usr/share/man/man3/DBI::ProfileDumper::Apache.3pm.gz /usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm.gz /usr/share/man/man3/Win32::DBIODBC.3pm.gz /usr/share/man/man3/DBI::Const::GetInfoType.3pm.gz /usr/share/man/man3/DBI::DBD.3pm.gz /usr/share/man/man3/DBI::SQL::Nano.3pm.gz /usr/share/man/man3/DBI::W32ODBC.3pm.gz /usr/share/man/man3/DBD::Proxy.3pm.gz /usr/share/man/man3/DBI.3pm.gz /usr/share/man/man3/DBI::Const::GetInfoReturn.3pm.gz /usr/share/man/man3/DBI::DBD::Metadata.3pm.gz /usr/share/man/man1/dbiprof.1.gz /usr/share/man/man1/dbiproxy.1.gz /usr/bin/dbiprof /usr/bin/dbiproxyX' = X ']' + /usr/lib/rpm/find-debuginfo.sh /usr/src/redhat/BUILD/DBI-1.50 extracting debug info from /var/tmp/perl-DBI-1.50-1-root/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DBI.so 643 blocks + /usr/lib/rpm/redhat/brp-compress + /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump Processing files: perl-DBI-1.50-1 Provides: DBI.so perl(Bundle::DBI) = 11.3 perl(DBD::DBM) = 0.03 perl(DBD::DBM::Statement) perl(DBD::DBM::Table) perl(DBD::DBM::db) perl(DBD::DBM::dr) perl(DBD::DBM::st) perl(DBD::ExampleP) = 11.12 perl(DBD::File) = 0.33 perl(DBD::File::Statement) perl(DBD::File::Table) perl(DBD::File::db) perl(DBD::File::dr) perl(DBD::File::st) perl(DBD::NullP) = 11.4 perl(DBD::Proxy) = 0.2004 perl(DBD::Proxy::db) perl(DBD::Proxy::dr) perl(DBD::Proxy::st) perl(DBD::Sponge) = 11.10 perl(DBDI) perl(DBI) perl(DBI::Const::GetInfo::ANSI) = 1.3 perl(DBI::Const::GetInfo::ODBC) = 1.3 perl(DBI::Const::GetInfoReturn) = 1.4 perl(DBI::Const::GetInfoType) = 1.5 perl(DBI::DBD) = 11.21 perl(DBI::DBD::Metadata) = 1.5 perl(DBI::FAQ) = 0.38 perl(DBI::Profile) = 1.7 perl(DBI::ProfileData) = 1.0 perl(DBI::ProfileDumper) = 1.0 perl(DBI::ProfileDumper::Apache) = 1.1 perl(DBI::ProxyServer) = 0.3005 perl(DBI::ProxyServer::db) perl(DBI::ProxyServer::dr) perl(DBI::ProxyServer::st) perl(DBI::SQL::Nano) = 0.03 perl(DBI::SQL::Nano::Statement_) perl(DBI::SQL::Nano::Table_) perl(DBI::common) Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1 Requires: /usr/bin/perl libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.3.4) perl >= 0:5.004 perl >= 0:5.005_03 perl >= 0:5.006_00 perl(Carp) perl(Config) perl(Cwd) perl(DBI) perl(DBI::Const::GetInfo::ANSI) perl(DBI::Const::GetInfo::ODBC) perl(DBI::Const::GetInfoType) perl(DBI::Profile) perl(DBI::ProfileData) perl(DBI::ProfileDumper) perl(DBI::ProxyServer) perl(DBI::SQL::Nano) perl(Data::Dumper) perl(DynaLoader) perl(Exporter) perl(Fcntl) perl(File::Spec) perl(Getopt::Long) perl(IO::File) perl(RPC::PlClient) >= 0.2000 perl(RPC::PlServer) >= 0.2001 perl(Symbol) perl(UNIVERSAL) perl(Win32::ODBC) perl(base) perl(constant) perl(strict) perl(utf8) perl(vars) perl(warnings) Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/perl-DBI-1.50-1-root warning: Installed (but unpackaged) file(s) found: /usr/lib/debug/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DBI.so.debug /usr/lib/perl5/5.8.6/i386-linux-thread-multi/perllocal.pod /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/.packlist /usr/src/debug/DBI-1.50/DBI.c /usr/src/debug/DBI-1.50/DBI.xs /usr/src/debug/DBI-1.50/DBIXS.h Wrote: /usr/src/redhat/RPMS/noarch/perl-DBI-1.50-1.noarch.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.23721 + umask 022 + cd /usr/src/redhat/BUILD + cd DBI-1.50 + rm -rf /var/tmp/perl-DBI-1.50-1-root + exit 0 Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.23721 + umask 022 + cd /usr/src/redhat/BUILD + rm -rf DBI-1.50 + exit 0 Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. I have to force installation of DBI. Sorry. error: Failed dependencies: perl(RPC::PlClient) >= 0.2000 is needed by perl-DBI-1.50-1.noarch perl(RPC::PlServer) >= 0.2001 is needed by perl-DBI-1.50-1.noarch perl(Win32::ODBC) is needed by perl-DBI-1.50-1.noarch Attempting to build and install perl-DBD-SQLite-1.11-1 Installing perl-DBD-SQLite-1.11-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.41844 + umask 022 + cd /usr/src/redhat/BUILD + LANG=C + export LANG + unset DISPLAY + cd /usr/src/redhat/BUILD + rm -rf DBD-SQLite-1.11 + /bin/gzip -dc /usr/src/redhat/SOURCES/DBD-SQLite-1.11.tar.gz + tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd DBD-SQLite-1.11 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.41844 + umask 022 + cd /usr/src/redhat/BUILD + cd DBD-SQLite-1.11 + LANG=C + export LANG + unset DISPLAY + CFLAGS='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables' + perl Makefile.PL PREFIX=/var/tmp/perl-DBD-SQLite-1.11-1-root/usr Checking installed SQLite version... SQLite version must be at least 3.1.3. No header file at that version or higher was found. Using the local version instead. Checking if your kit is complete... Looks good Warning: prerequisite DBI 1.21 not found. Writing Makefile for DBD::SQLite + make cp lib/DBD/SQLite.pm blib/lib/DBD/SQLite.pm /usr/bin/perl /usr/lib/perl5/5.8.6/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.6/ExtUtils/typemap SQLite.xs > SQLite.xsc && mv SQLite.xsc SQLite.c Cannot open 'SQLite.xsi': No such file or directory in SQLite.xs, line 72 make: *** [SQLite.c] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.41844 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.41844 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-DBD-SQLite-1.11-1.noarch.rpm. Maybe it did not build correctly? --- snip --- > On 4 Jan 2006, at 22:49, Ken A wrote: > >> Upgrading DBI with CPAN fixed install problems on FC4 as well. >> Thanks, >> Ken A >> Pacific.Net >> >> >> Ken A wrote: >>> Raymond Dijkxhoorn wrote: >>>> Hi! >>>> >>>>> One thing worth mentioning: if you use rcpt splitting (one >>>>> message per recipient) then you should see a massive speed >>>>> improvement with this version. >>>>> >>>>> Raymond --- this may help you! >>>>>> I would be very interested to hear what speedups you see from >>>>>> this new faster version. >>>> Ok, after fetching a RPM from DAG we got SQLite going, the >>>> version on CPAN gave errors on FC1. >>> Issues with SQLite on FC4 too. >>>> Checking installed SQLite version... >>>> SQLite version must be at least 3.1.3. No header file at that >>>> version or higher was found. Using the local version instead. >>>> Checking if your kit is complete... >>>> Looks good >>>> Warning: prerequisite DBI 1.21 not found. >>>> Writing Makefile for DBD::SQLite >>>> + make >>>> cp lib/DBD/SQLite.pm blib/lib/DBD/SQLite.pm >>>> /usr/bin/perl /usr/lib/perl5/5.8.6/ExtUtils/xsubpp -typemap /usr/ >>>> lib/perl5/5.8.6/ExtUtils/typemap SQLite.xs > SQLite.xsc && mv >>>> SQLite.xsc SQLite.c >>>> Cannot open 'SQLite.xsi': No such file or directory in SQLite.xs, >>>> line 72 >>>> make: *** [SQLite.c] Error 1 >>>> error: Bad exit status from /var/tmp/rpm-tmp.78484 (%build) >>>> >>>> RPM build errors: >>>> Bad exit status from /var/tmp/rpm-tmp.78484 (%build) >>>> >>>> Missing file /usr/src/redhat/RPMS/noarch/perl-DBD- >>>> SQLite-1.11-1.noarch.rpm. >>>> Maybe it did not build correctly? >>> Ken A >>>> Works: >>>> >>>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>>> k04M8POB022446 >>>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>>> k04M8POC022446 >>>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>>> k04M8POA022446 >>>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>>> k04M8PO8022446 >>>> Jan 4 23:08:26 vmx30 MailScanner[21711]: Cache hit for message >>>> k04M8PO9022446 >>>> Jan 4 23:08:36 vmx30 MailScanner[21955]: Cache hit for message >>>> k04M8Zcb022532 >>>> Jan 4 23:08:40 vmx30 MailScanner[21232]: Cache hit for message >>>> k04M8d8h022583 >>>> Jan 4 23:08:48 vmx30 MailScanner[21176]: Cache hit for message >>>> k04M8iIc022599 >>>> Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message >>>> k04M6gST021587 >>>> Jan 4 23:08:50 vmx30 MailScanner[21176]: Cache hit for message >>>> k04M8hFS022595 >>>> Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message >>>> k04M8nTe022611 >>>> Jan 4 23:08:51 vmx30 MailScanner[21650]: Cache hit for message >>>> k04M8nTY022611 >>>> >>>> [root@vmx30]# grep "Cache hit for message" current | wc -l >>>> 77 >>>> >>>> In a couple of mins. Looking promising. Cheers! >>>> >>>> Bye, >>>> Raymond. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> Support MailScanner development - buy the book off the website! >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.3 (Build 2932) > > iQEVAwUBQ7zmVPw32o+k+q+hAQEPcggAjZ8qaqOD7L+GgxWv4p5SJOSU6RoGf+Uq > VO6TIowvJe48+5cxQ2aapV/YMdqVR0XjktNV9nIQDnm2/C/xs1gGbalRWw5NLSUF > sFJ+3ZH5PRlOqC1/M8Jmnjxoqwbmhps8EOWHon0EZ0ewfZcfuESFYewm1vQdjPRR > buYvq1nlKW+4Q5wuudUhCKqeGGpf7gV/PiKICLM78MzLE3RYgSgYG49jXE2toPPB > yMUqJ+UfwlNfTmR1ekph0hErShVOruyZ6V9IoGbvLq+ZqoRdYGK2a3WUke0ahDXt > 34ZUsWBM1BZlt5Bj4FdnGFBWtD5husdtLUS9FO527CBFdF4imQGDoA== > =OcxF > -----END PGP SIGNATURE----- > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Jan 5 16:29:25 2006 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi, > -----BEGIN PGP SIGNED MESSAGE----- > > > On 5 Jan 2006, at 15:56, Desai, Jason wrote: > > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> On 5 Jan 2006, at 09:42, Raymond Dijkxhoorn wrote: > >>> Hi! > >>> > > > > Perhaps the cache time could be specified as one of the options for > > (Spam|High Scoring Spam|Non Spam) Actions? The defaults could be > > set if > > nothing were specified. And if someone wanted different times > > based on > > certain entries in SpamAssassin report, they could just write a custom > > function to do so. > > > > Ex. - To cache high scoring spam for 10 minutes > > > > High Scoring Spam Actions = store delete cache:10 > > > > This way you're not really adding more configuration options, just an > > additional action, and you can default it to what everyone agrees > > would > > be sensible. > > That's the most sensible suggestion so far. Trouble is it wants a > different value for viruses as well, and I'm not sure where to put > that. So I'm not sure that will happen. > I might just end up putting in the 4 config options to do it. Just a thought. Could you create a single config option that took one or more parameters, a little like the way SpamAssassin sets the scores for rules. For example: Cache Timeout = 10 60 120 Which would set the time outs as Spam = 10 High Scoring Spam = 60 Viruses = 120 If a single value is given all are set to that one value: Cache Timeout = 0 Would disable all caching. I am not too sure if this fits in with any other config styles in MailScanner. Just a thought to throw into the pot. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 16:45:26 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The critical lines are these: On 5 Jan 2006, at 16:21, Ken A wrote: > error: Failed dependencies: > perl(RPC::PlClient) >= 0.2000 is needed by perl- > DBI-1.50-1.noarch > perl(RPC::PlServer) >= 0.2001 is needed by perl- > DBI-1.50-1.noarch > perl(Win32::ODBC) is needed by perl-DBI-1.50-1.noarch I don't understand why it thinks it needs these. My system hasn't got them installed and didn't need them for DBI. The output of Makefile.PL includes this: *** Note: The optional PlRPC-modules (RPC::PlServer etc) are not installed. If you want to use the DBD::Proxy driver and DBI::ProxyServer modules, then you'll need to install the RPC::PlServer, RPC::PlClient, Storable and Net::Daemon modules. The CPAN Bundle::DBI may help you. You can install them any time after installing the DBI. You do *not* need these modules for typical DBI usage. So it knows they are optional. So why does it think it needs them? Confused. There is a Bundle::DBI, but I don't see why I should need to install all these modules that it knows are optional anyway. What OS and version are you using? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ71NKPw32o+k+q+hAQGtcgf/SbDCigMgj/kLdZWOewFY0OYPM21jDSfj DH9j5c4CHyFw80jaNMtC6hgtFWGzjOkXVjG5578NFwNhDTB9lEhonnik0/nBtRHu qNE8JiGE+ix0pIckEb+LoKMYkXuNCrwU/YA1h/CrqwLSt1niU5breaGxRIBa1The 4thvuSzD9+Bl3wKhlDAYv1hAInZFg2v7QOwg/MEpaunnvOn9QKUXJaFK+u1BqjGt ixTT78T7wYt65DG3yxX0TOfRK0PH/arnvCnIM0DuVd5z1pihI3WfqT0lQj65uIIz DlTDhvpDE22QxkpVw3CXSEKQ7unwQ5GbAVZXRRX9SvxM02gCryLaFw== =iTds -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 16:50:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Also what do you see when you do this? [root@karla noarch]# rpm -q --requires -p perl-DBI-1.50-1.noarch.rpm I get this: /usr/bin/perl libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1 On 5 Jan 2006, at 16:21, Ken A wrote: > error: Failed dependencies: > perl(RPC::PlClient) >= 0.2000 is needed by perl- > DBI-1.50-1.noarch > perl(RPC::PlServer) >= 0.2001 is needed by perl- > DBI-1.50-1.noarch > perl(Win32::ODBC) is needed by perl-DBI-1.50-1.noarch - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ71OW/w32o+k+q+hAQHLjgf/b/YNs6CfsgnQE1GznykPZ5trgM+wVmmA 7mQ6sekWlYxcQ5hZIQ3wGwFQUmX9gvgRVRfz+DahrYENVg09pr86wB3DvLzVJGD4 2AlpOC7gMOSDbwA8Q1vWD8wx1bwNDeWrQ8zyPz7qfI5Ia/cbohyIJn48QOB5W6bW xWHpLS8Ds31rmQq3TV5xHB0fefvK22IyY4iVK250NA0zJSeCjo9AZIR83umSHI2u 44qm8zB5N29pkRXezTHvg8fQTp6Mq1GVm0D9urshnmyBibcWNHd3j4KOntPRJGOu Z/59rrcy5GcaBTLq70+iuZKGRNHPD1tbzLLr0lHU1Cee5g/20Yn6Cg== =aMgG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Thu Jan 5 16:57:29 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > The critical lines are these: > > On 5 Jan 2006, at 16:21, Ken A wrote: > >> error: Failed dependencies: >> perl(RPC::PlClient) >= 0.2000 is needed by perl- >> DBI-1.50-1.noarch >> perl(RPC::PlServer) >= 0.2001 is needed by perl- >> DBI-1.50-1.noarch >> perl(Win32::ODBC) is needed by perl-DBI-1.50-1.noarch > > I don't understand why it thinks it needs these. My system hasn't got > them installed and didn't need them for DBI. > > The output of Makefile.PL includes this: > > *** Note: > The optional PlRPC-modules (RPC::PlServer etc) are not installed. > If you want to use the DBD::Proxy driver and DBI::ProxyServer > modules, then you'll need to install the RPC::PlServer, > RPC::PlClient, > Storable and Net::Daemon modules. The CPAN Bundle::DBI may help > you. > You can install them any time after installing the DBI. > You do *not* need these modules for typical DBI usage. > > So it knows they are optional. So why does it think it needs them? > Confused. There is a Bundle::DBI, but I don't see why I should need > to install all these modules that it knows are optional anyway. This is on Fedora Core 4. After the install failed, I used CPAN to "install DBI", I did not have to install "Bundle::DBI". It installed okay. After installing DBI, I used the SQLlite you provided: cd /usr/src/redhat/BUILD/DBD-SQLite-1.11/ perl Makefile.PL make make install Then MailScanner found the SA cache db. So, it seems to me that something is wrong with the DBI that's in the MailScanner package, or at least it's not happy on FC4.. Thanks, Ken A Pacific.Net > What OS and version are you using? > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.3 (Build 2932) > > iQEVAwUBQ71NKPw32o+k+q+hAQGtcgf/SbDCigMgj/kLdZWOewFY0OYPM21jDSfj > DH9j5c4CHyFw80jaNMtC6hgtFWGzjOkXVjG5578NFwNhDTB9lEhonnik0/nBtRHu > qNE8JiGE+ix0pIckEb+LoKMYkXuNCrwU/YA1h/CrqwLSt1niU5breaGxRIBa1The > 4thvuSzD9+Bl3wKhlDAYv1hAInZFg2v7QOwg/MEpaunnvOn9QKUXJaFK+u1BqjGt > ixTT78T7wYt65DG3yxX0TOfRK0PH/arnvCnIM0DuVd5z1pihI3WfqT0lQj65uIIz > DlTDhvpDE22QxkpVw3CXSEKQ7unwQ5GbAVZXRRX9SvxM02gCryLaFw== > =iTds > -----END PGP SIGNATURE----- > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Jan 5 16:57:56 2006 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi Julian, On Thu, 2006-01-05 at 16:45 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > The critical lines are these: > > On 5 Jan 2006, at 16:21, Ken A wrote: > > > error: Failed dependencies: > > perl(RPC::PlClient) >= 0.2000 is needed by perl- > > DBI-1.50-1.noarch > > perl(RPC::PlServer) >= 0.2001 is needed by perl- > > DBI-1.50-1.noarch > > perl(Win32::ODBC) is needed by perl-DBI-1.50-1.noarch > > I don't understand why it thinks it needs these. My system hasn't got > them installed and didn't need them for DBI. > I had exactly the same issues building Perl modules for DefenderMX - it is caused by the RPM find-requires script that searches for all the dependencies for the RPM including the optional libraries too. Personally I use the cpan2rpm script http://perl.arix.com/cpan2rpm/ which you can tell to ignore requirements: # - DBI - # This spec file was automatically generated by cpan2rpm [ver: 2.028] # The following arguments were used: # '--packager=Steve Freegard ' '--distribution=Fort Systems - DefenderMX' --make-maker=PREFIX=/opt/Fortress/utils --make-install=DESTDIR= %{buildroot} --spec-only --no-prfx '--define=_defaultdocdir /opt/Fortress/utils/doc' '--define=_prefix /' --name=fsmg-perl-DBI --no-requires=perl(Win32::Registry) --no-requires=perl(RPC::PlClient) --no-requires=perl(RPC::PlServer) --no-requires=perl(Win32::ODBC) --no-requires=perl(Apache) ../SOURCES/DBI-1.48.tar.gz Hope this helps. Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ka at PACIFIC.NET Thu Jan 5 17:02:34 2006 From: ka at PACIFIC.NET (Ken A) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] rpm -q --requires -p /usr/src/redhat/RPMS/noarch/perl-DBI-1.50-1.noarch.rpm /usr/bin/perl libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.3.4) perl >= 0:5.004 perl >= 0:5.005_03 perl >= 0:5.006_00 perl(Carp) perl(Config) perl(Cwd) perl(DBI) perl(DBI::Const::GetInfo::ANSI) perl(DBI::Const::GetInfo::ODBC) perl(DBI::Const::GetInfoType) perl(DBI::Profile) perl(DBI::ProfileData) perl(DBI::ProfileDumper) perl(DBI::ProxyServer) perl(DBI::SQL::Nano) perl(Data::Dumper) perl(DynaLoader) perl(Exporter) perl(Fcntl) perl(File::Spec) perl(Getopt::Long) perl(IO::File) perl(RPC::PlClient) >= 0.2000 perl(RPC::PlServer) >= 0.2001 perl(Symbol) perl(UNIVERSAL) perl(Win32::ODBC) perl(base) perl(constant) perl(strict) perl(utf8) perl(vars) perl(warnings) rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1 However, I did not have to install the RPC Proxy stuff to get DBI to install, I just installed DBI from CPAN. Ken A Pacific.Net Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Also what do you see when you do this? > > [root@karla noarch]# rpm -q --requires -p perl-DBI-1.50-1.noarch.rpm > > I get this: > > /usr/bin/perl > libc.so.6()(64bit) > libc.so.6(GLIBC_2.2.5)(64bit) > libc.so.6(GLIBC_2.3)(64bit) > rpmlib(CompressedFileNames) <= 3.0.4-1 > rpmlib(PayloadFilesHavePrefix) <= 4.0-1 > rpmlib(VersionedDependencies) <= 3.0.3-1 > > > On 5 Jan 2006, at 16:21, Ken A wrote: > >> error: Failed dependencies: >> perl(RPC::PlClient) >= 0.2000 is needed by perl- >> DBI-1.50-1.noarch >> perl(RPC::PlServer) >= 0.2001 is needed by perl- >> DBI-1.50-1.noarch >> perl(Win32::ODBC) is needed by perl-DBI-1.50-1.noarch > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.3 (Build 2932) > > iQEVAwUBQ71OW/w32o+k+q+hAQHLjgf/b/YNs6CfsgnQE1GznykPZ5trgM+wVmmA > 7mQ6sekWlYxcQ5hZIQ3wGwFQUmX9gvgRVRfz+DahrYENVg09pr86wB3DvLzVJGD4 > 2AlpOC7gMOSDbwA8Q1vWD8wx1bwNDeWrQ8zyPz7qfI5Ia/cbohyIJn48QOB5W6bW > xWHpLS8Ds31rmQq3TV5xHB0fefvK22IyY4iVK250NA0zJSeCjo9AZIR83umSHI2u > 44qm8zB5N29pkRXezTHvg8fQTp6Mq1GVm0D9urshnmyBibcWNHd3j4KOntPRJGOu > Z/59rrcy5GcaBTLq70+iuZKGRNHPD1tbzLLr0lHU1Cee5g/20Yn6Cg== > =aMgG > -----END PGP SIGNATURE----- > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 5 18:21:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Freegard wrote: >Hi Julian, > >On Thu, 2006-01-05 at 16:45 +0000, Julian Field wrote: > > >>-----BEGIN PGP SIGNED MESSAGE----- >> >>The critical lines are these: >> >>On 5 Jan 2006, at 16:21, Ken A wrote: >> >> >> >>>error: Failed dependencies: >>> perl(RPC::PlClient) >= 0.2000 is needed by perl- >>>DBI-1.50-1.noarch >>> perl(RPC::PlServer) >= 0.2001 is needed by perl- >>>DBI-1.50-1.noarch >>> perl(Win32::ODBC) is needed by perl-DBI-1.50-1.noarch >>> >>> >>I don't understand why it thinks it needs these. My system hasn't got >>them installed and didn't need them for DBI. >> >> >> > > >I had exactly the same issues building Perl modules for DefenderMX - it >is caused by the RPM find-requires script that searches for all the >dependencies for the RPM including the optional libraries too. > > I have already fixed that. Just make /usr/lib/rpm/perl.req start with "exit 0;". That stops it trying to be too clever. If I try building the DBI RPM on an older host, we can see if that helps. I haven't got any real ancient hosts to build RPMs on any more, older ==> better for building perl rpms. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Thu Jan 5 20:12:40 2006 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote on 05-01-2006 14:13: > Just curious, what will it take for > MailScanner to go to version 5? It will be called MailScanner X (MSX for short) when it supports Sendmail X. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvX24Mbmy+DDgnIURAjWUAKDFBhX09tCO25EIyIohVa1E50a70gCfTopH hgM0zBcWJHij0lkN3LLirIA= =TXJt -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Jan 5 21:00:18 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Gerry Doris wrote: > I would like to see Julian release Version MS XP Pro 7.1. > No thanks.. I'd rather my MailScanner not be associated with a product so readily exploitable by simple data files. http://isc.sans.org/diary.php?storyid=972 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Thu Jan 5 21:28:41 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:39 2006 Subject: 4.50.4 restarts the child after each batch? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 5 Jan 2006 13:49, James Gray wrote: > Just installed 4.49.7 on my production gateways - all is well. They are > behaving as I expected them to. > > However, I've installed the latest beta (4.50.4 from the tar ball) on my > test machine (system is an Exim 4.50-8 box running on Debian Sarge, with > MailWatch) and noticed it now restarts the child after every batch: ---8<--- SNIPPED ---8<--- I installed 4.50.5 and the behaviour is the same. The install.sh script rebuilt the following Perl modules (sorry if the names are no 100% exact, I just scribbled them on a piece of paper): IO::String 2.108 - no errors or skipped/failed tests Mime::Base64 3.05 - as above. TimeDate 1.1301 - as above. Mail::Tools 1.50 - as above. DBI 1.50 - Warning about running in production with threaded Perl Warning during thrclone tests about dereferencing a scalar vector during global destroy. I have DBD:SQLite 1.11 installed and tested with no warnings or errors. I'm stumped. The debug output is the same as 4.50.4 - after every batch, MailScanner kills off the child due to old age, even though it's (often) less than a minute old. The "Restart MailScanner" option in MailScanner.conf is set to "14400" (4 hours right?). As always - any help is very welcome :) Cheers, James -- Fred Brooks, Jr., _The Mythical Man Month_ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gdoris at rogers.com Thu Jan 5 20:56:58 2006 From: gdoris at rogers.com (Gerry Doris) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote on 05-01-2006 14:13: >> Just curious, what will it take for >> MailScanner to go to version 5? > > It will be called MailScanner X (MSX for short) when it supports Sendmail > X. > I would like to see Julian release Version MS XP Pro 7.1. MS = MailScanner XP = eXtra Powerful Pro = for the Professional Jumping levels would indicate that something really, really good has occurred. It avoids the issue that all even releases are buggy and that Julian has moved directly to the solid odd numbered fix release. It also has the advantage that the announcement of an MS XP Pro release at such a high level will trigger a flood of cheques from those so conditioned. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Thu Jan 5 21:08:03 2006 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Gerry Doris wrote: > > I would like to see Julian release Version MS XP Pro 7.1. > > > >No thanks.. I'd rather my MailScanner not be associated with a product so >readily exploitable by simple data files. > > > WMF is more like PostScript in the sense that it's not really a data file, it's more like high-level programming language that you can store GDI functions in. In that sense it's more of a logical design flaw in the way the WMF concept is allowed to do this than a flaw in the "product". It's just that nobody seemed to care/think about it that way until now. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Thu Jan 5 21:05:26 2006 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks, I really needed a good laugh. The odd version numbers bit is golden. :) On Thu, 2006-01-05 at 15:56 -0500, Gerry Doris wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote on 05-01-2006 14:13: >> Just curious, what will it take for >> MailScanner to go to version 5? > > It will be called MailScanner X (MSX for short) when it supports Sendmail > X. > I would like to see Julian release Version MS XP Pro 7.1. MS = MailScanner XP = eXtra Powerful Pro = for the Professional Jumping levels would indicate that something really, really good has occurred. It avoids the issue that all even releases are buggy and that Julian has moved directly to the solid odd numbered fix release. It also has the advantage that the announcement of an MS XP Pro release at such a high level will trigger a flood of cheques from those so conditioned. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ___________________________________________ Wess Bechard Information Technology Manager eliquidMEDIA International Inc. Visit: www.eliquid.com Office: 519.973.1930 - 1.800.561.7525 Fax: 519.253.0337 Cell: 519.791.9492 ___________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Thu Jan 5 21:43:36 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:39 2006 Subject: 4.50.4 restarts the child after each batch? -=SOLVED=- Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, 5 Jan 2006 13:49, James Gray wrote: > Just installed 4.49.7 on my production gateways - all is well. They are > behaving as I expected them to. > > However, I've installed the latest beta (4.50.4 from the tar ball) on my > test machine (system is an Exim 4.50-8 box running on Debian Sarge, with > MailWatch) and noticed it now restarts the child after every batch: ... > MailScanner[12542]: New Batch: Scanning 1 messages, 5532 bytes The failure to complete in debug mode with MailWatch enabled should have pointed me in the right direction. Now repeat after me: when installing a new tar-ball version COPY THE CUSTOM FUNCTIONS TO THE NEW VERSION! Once I copied the MailWatch.pm from /opt/MailScanner-4.42.9/lib/MailScanner/CustomFunctions to /opt/MailScanner-4.50.5/lib/MailScanner/CustomFunctions restarted and VOILA! I'm such a tool. That'll teach me to leave it so long between upgrades - I completely forgot all the bits I needed to copy. Really makes me appreciate the effort Julian puts into the RPM packages. The CentOS gateways and such a breeze to upgrade!! Thanks Julian :) Thanks also to Matt Hampton and Raymond Dijkxhoorn who offered suggestions. Cheers, James -- add a GF2/3, a sizable hard drive, and a 15" flat panel and you've got a pretty damned portable machine. a GeForce Two-Thirds? Coderjoe: yes, a GeForce two-thirds, ie, any card from ATI. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Thu Jan 5 21:46:08 2006 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:39 2006 Subject: Beta 4.50.4 released -- faster than 4.49 Message-ID: Hi! > I might just end up putting in the 4 config options to do it. Hooray! :) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Jan 5 22:27:14 2006 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: Hi, Come on, you guys are kicking the question around like it was totally bogus. I thought that it was a reasonable if somewhat out-there question. Julian has the final word here, but I would guess: a) The version that allows one to specify the order of scanning, ie virus then spam or vice-versa. This topic comes up regularly and Julian says it is non-trivial. If he ever does implement this, then maybe that version is 5.0. b) Julian sells MailScanner off to a Major Corporation and we all have to start paying license fees. Then Major Widgets LTD will raise the version number, make it incompatible with all previous versions, have a call center that plays obnoxious music, and charge us beaucoup dollars/euros. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Thu Jan 5 23:31:05 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/5/06, Jeff A. Earickson wrote: b) Julian sells MailScanner off to a Major Corporation and we all have to start paying license fees. Then Major Widgets LTD will raise the version number, make it incompatible with all previous versions, have a call center that plays obnoxious music, and charge us beaucoup dollars/euros. :-) -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Fri Jan 6 00:01:48 2006 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Isn't MailScanner GPL? Wouldn't such an action be called "pulling a Nessus"? (compare to http://en.wikipedia.org/wiki/Pull_a_homer) :) Jeff A. Earickson wrote: > Hi, > Come on, you guys are kicking the question around like it was > totally bogus. I thought that it was a reasonable if somewhat out-there > question. Julian has the final word here, but I would guess: > > a) The version that allows one to specify the order of scanning, ie > virus then spam or vice-versa. This topic comes up regularly and > Julian says it is non-trivial. If he ever does implement this, > then maybe that version is 5.0. > > b) Julian sells MailScanner off to a Major Corporation and we all > have to start paying license fees. Then Major Widgets LTD will raise > the version number, make it incompatible with all previous versions, > have a call center that plays obnoxious music, and charge us beaucoup > dollars/euros. > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Fri Jan 6 06:30:29 2006 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:39 2006 Subject: test setup Message-ID: First like to say my copy of the MailScanner book has just arrived and I'm ready to try to set up a test system to install MS, SA, SAV, MCP,etc. What I would like to do is have mail from our regular mail server send a copy to this server, so we can see how the setup works with real mail. We are using a Debian server with postfix as our MTA. Any ideas or diagram/instructions available on the subject? Thanks JLM ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "HTML" Text/PLAIN 24 lines. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Fri Jan 6 09:05:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 22:27, Jeff A. Earickson wrote: > b) Julian sells MailScanner off to a Major Corporation and we all > have to start paying license fees. Then Major Widgets LTD will raise > the version number, make it incompatible with all previous versions, > have a call center that plays obnoxious music, and charge us > beaucoup dollars/euros. Now there's a good idea! Just need to choose the music. t.A.T.u. should do nicely. The one thing you forgot is that I will of course be the majority stockholder in Major Corporation. Why make money once when you can make it twice? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ74yzfw32o+k+q+hAQFCzggAk+MaHoc0/NanP5TK/nf8h/3zcmU2Vvlg yPSksdov+TfpdQLHM/cOLsioNMxzj0bNUyRvVwCdC0ZZIuUKAM1VYWGMAiW1JfGr Iev+1o4LOwb0xabmzgovwzyUF/CpCEg3rdhsy9Tzk8Ys2sX8keG5pl5R0i0Z7wXS FNdGkweh/oa/KWIPKIHJPOud4UKboAxsis6wLPNuOK9/9PL5A84JdD0+WCjXsNQM 5GteoZw+q7e9WnhlSpNAifZmFE7khZ61yuSJFACD4vBEOKZAgZMADlyYNCbdoz1B xHASzV0LdblmBHpbAu4eYLysDssO9t0BjsFt9bGKza4LgioCdQq6pg== =j0u7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Fri Jan 6 09:29:09 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:39 2006 Subject: test setup Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/6/06, Jon Miller wrote: First like to say my copy of the MailScanner book has just arrived and I'm ready to try to set up a test system to install MS, SA, SAV, MCP,etc. What I would like to do is have mail from our regular mail server send a copy to this server, so we can see how the setup works with real mail. We are using a Debian server with postfix as our MTA. Any ideas or diagram/instructions available on the subject? I test mine by manually sending mail from them to an external account (e.g. Gmail). Then I can test plain text, forbidden attachments, eicar viruses and spam (gtube). It doesn't really matter which way mail travels through a mail server. When you know it delivers mail you can put it into production, just limit its use to a few people by using rulesets. Then you can test reasonable values and actions for spam and other things. -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Jan 6 09:50:42 2006 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:39 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 06/01/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 5 Jan 2006, at 22:27, Jeff A. Earickson wrote: > > > b) Julian sells MailScanner off to a Major Corporation and we all > > have to start paying license fees. Then Major Widgets LTD will raise > > the version number, make it incompatible with all previous versions, > > have a call center that plays obnoxious music, and charge us > > beaucoup dollars/euros. Um, Jules, Steve and Steve are just too nice people... What fsl sell is pretty much the light version of this, wouldn't you say?:-) > > Now there's a good idea! > Just need to choose the music. > t.A.T.u. should do nicely. euw... Please Jules, stick to programming.... You're way to evil as a muzak selector....:-) (Sorry all you t.A.T.u. lovers.... Just can't stand them... please don't flame me for my tender ears:-) > > The one thing you forgot is that I will of course be the majority > stockholder in Major Corporation. Why make money once when you can > make it twice? ... So you'll be buying into fsl now?-):-) (Just couldn't resist... As usual, just ignore;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Jan 6 09:58:25 2006 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:39 2006 Subject: test setup Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 06/01/06, shuttlebox wrote: > On 1/6/06, Jon Miller wrote: > > First like to say my copy of the MailScanner book has just arrived and I'm > ready to try to set up a test system to install MS, SA, SAV, MCP,etc. > > What I would like to do is have mail from our regular mail server send a > copy to this server, so we can see how the setup works with real mail. > > We are using a Debian server with postfix as our MTA. > > Any ideas or diagram/instructions available on the subject? > > > > I test mine by manually sending mail from them to an external account (e.g. > Gmail). Then I can test plain text, forbidden attachments, eicar viruses and > spam (gtube). It doesn't really matter which way mail travels through a mail > server. When you know it delivers mail you can put it into production, just > limit its use to a few people by using rulesets. Then you can test > reasonable values and actions for spam and other things. > > -- > /peter > Good thought. What I tend to do (to test out all the postfix UCE stuff) is to "script up some telnets" from an untrusted local client. No test like putting it into the loop though:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Jan 6 12:29:05 2006 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:39 2006 Subject: test setup Message-ID: On 6 Jan 2006, at 06:30, Jon Miller wrote: > First like to say my copy of the MailScanner book has just arrived > and I'm ready to try to set up a test system to install MS, SA, > SAV, MCP,etc. > What I would like to do is have mail from our regular mail server > send a copy to this server, so we can see how the setup works with > real mail. > We are using a Debian server with postfix as our MTA. > Any ideas or diagram/instructions available on the subject? > When the test server is up and running you could always just tell your existing Postfix server to BCC an account on the test box with all mail. That would give it a real life testing (Although it would only test mail that has made it's way through the existing server, so valid recipients, non RBL listed IP's etc. This shouldn't be too bad though as you are after testing MailScanner, right?). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From radislav.vrnata at PORCELA.CZ Fri Jan 6 13:10:31 2006 From: radislav.vrnata at PORCELA.CZ (Radislav Vrnata) Date: Thu Jan 12 21:31:39 2006 Subject: Filetype code BUG ? Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I have big problem with regular detecting of MPEG attachments based on Filetype rules. When I sent "PLAIN TEXT" e-mail with ISO-8859-2 encoding and first two characters of body are "V" e.g. in Czech "Ven" (in English "Dear"), then MS recognize him as "MPEG movie" !!! (log says "Filetype Checks: No MPEG movies (42C121B907CA.60823 msg-24637-201.txt)"). If I write "space character" before "V", then everything is all right... Any suggestions ? Regards, Radislav. Postfix 2.1.5 Cyrus IMAP 2.2.12 This is Fedora Core release 3 (Heidelberg) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.49.7 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.67 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000004 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.55 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 6 14:40:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Filetype code BUG ? Message-ID: [ The following text is in the "WINDOWS-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- This is a bug in the "file" command. Please report it to the authors. On 6 Jan 2006, at 13:10, Radislav Vrnata wrote: > Hi all, > > I have big problem with regular detecting of MPEG attachments based on > Filetype rules. > > When I sent "PLAIN TEXT" e-mail with ISO-8859-2 encoding and first two > characters of body are "V" e.g. in Czech "V^en" (in English > "Dear"), > then MS recognize him as "MPEG movie" !!! (log says "Filetype > Checks: No > MPEG movies (42C121B907CA.60823 msg-24637-201.txt)"). > If I write "space character" before "V", then everything is all > right... > > Any suggestions ? > > Regards, > > Radislav. > > > Postfix 2.1.5 > Cyrus IMAP 2.2.12 > This is Fedora Core release 3 (Heidelberg) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.49.7 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.67 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.08 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.814 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.000004 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.18 Net::CIDR::Lite > 0.55 Net::DNS > 0.31 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.56 Test::Harness > 0.62 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ76BU/w32o+k+q+hAQEKpgf/flzxnvz8WW0hPDagWUY/N55lsc38IPB1 UKppx93ykrkO+3t86DJNABC9yQOyR1+pq/eLiv0LzRTio9NhSKoPg79B164Q8Rcq PGIU7jowFo0fsD01qvfxGOTcl1wdkDzr49X2l2xZULvKPvZW+3kkGDxTdjzFg99A jz4ZbLYENZax60F76Sf7NEsWCczs158zYMk9+DZhvnfdMh5Pd5PjjH+mVcG9XfPD EcBLRRspjZMfsw17o3ba6udb4LOomG/iyyP0Athc6JANc8agkpmvI2AvedOoiTQ9 yMOkSGDaqiSipEHDTo7Ggl0iWquM3dFfjRltFLyWETb/7sS3DqhkOw== =QS9P -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgi at BYTESINTERACTIVE.COM Fri Jan 6 15:03:58 2006 From: cgi at BYTESINTERACTIVE.COM (David Jay) Date: Thu Jan 12 21:31:39 2006 Subject: Recover Attachments Message-ID: Hi, I'm fairly new to administrating e-mail. I've installed mailscanner with spam assassin and clam. I like the fact that the program removes attachements but a customer asked to recover a particular attachment. The attachements are in: /var/spool/MailScanner/quarantine/20060103 (message k0406wN7026968) I see that the attachments are there. How does one recover the attachments and send them to the client by e-mail without being quarantined again. Thank-you in advance David J. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Fri Jan 6 15:47:52 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:39 2006 Subject: Recover Attachments Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/6/06, David Jay wrote: I like the fact that the program removes attachements but a customer asked to recover a particular attachment. The attachements are in: /var/spool/MailScanner/quarantine/20060103 (message k0406wN7026968) I see that the attachments are there. How does one recover the attachments and send them to the client by e-mail without being quarantined again. That depends on your MTA. Look here: http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dave.list at PIXELHAMMER.COM Fri Jan 6 16:35:15 2006 From: dave.list at PIXELHAMMER.COM (DAve) Date: Thu Jan 12 21:31:39 2006 Subject: Virus slow down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is anyone else noticing a huge drop in viruses? Last night at 10pm EST my virus captures dropped to an all time low. I generally catch around 1100 per day, per server, and I have only caught 60 so far today. Everything else in MailScanner MRTG looks good, Clam and BD are up to date, no problems in the logs. I don't suspect anything wrong on my end, just a pleasent lack of viruses. DAve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgi at BYTESINTERACTIVE.COM Fri Jan 6 16:36:43 2006 From: cgi at BYTESINTERACTIVE.COM (David Jourard) Date: Thu Jan 12 21:31:39 2006 Subject: Recover Attachments Message-ID: Hi, Thanks Peter, At 04:47 PM 06/01/2006 +0100, shuttlebox wrote: >/var/spool/MailScanner/quarantine/20060103 (message k0406wN7026968) >> >>That depends on your MTA. Look here: >>http:/ >>/wiki.mailscanner.info/doku.php?id=maq:index#misc._questions I have sendmail. From Wiki: Copy the qf- and df- files in the outgoing queue (usually /var/spool/mqueue) How do I create qf and df files into the outgoing queue given the fact that the attachments are in a folder called: k0406wN7026968 Again Thanks David J. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.371 / Virus Database: 267.14.13/221 - Release Date: 04/01/2006 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alvaro at HOSTALIA.COM Fri Jan 6 16:24:46 2006 From: alvaro at HOSTALIA.COM (Alvaro Marin) Date: Thu Jan 12 21:31:39 2006 Subject: Problems with clamavmodule Message-ID: Hi, I'm using version 4.49.7 of MailScanner and I trying to use Clamavmodule to scan messages for virus. Here the configuration: Virus Scanners = clamavmodule ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 ClamAVmodule Maximum Compression Ratio = 250 Some attachments are scanned and detected fine : Jan 6 16:30:16 linux01 MailScanner[8985]: ClamAVModule::INFECTED:: Worm.SomeFool.P:: ./1EutXc-0005QP-F0/message.scr but other ones: Jan 6 13:02:38 linux01 MailScanner[19498]: ClamAVModule::ERROR:: File size limit exceeded.:: ./1EuqIj-0005Gm-Fs/downloadm.zip where downloadm.zip is a 55ks file (sober.U-3) sent by me: -rw-r--r-- 1 split users 55K ene 6 11:56 downloadm.zip In other servers with same MS configuration (different SO) this virus is detected. Here MailScanner -v output: This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008007 (5.8.7) This is MailScanner version 4.49.7 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.07 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.11 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.07 MIME::Base64 5.418 MIME::Decoder 5.418 MIME::Decoder::UU 5.418 MIME::Head 5.418 MIME::Parser 3.07 MIME::QuotedPrint 5.418 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.06 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.55 Net::DNS 0.33 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.48 Test::Harness 0.54 Test::Simple 1.95 Text::Balanced 1.35 URI Any ideas? Thx :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ard at pergamentum.com Fri Jan 6 16:44:26 2006 From: ard at pergamentum.com (Alisdair Davey) Date: Thu Jan 12 21:31:39 2006 Subject: Virus slow down? Message-ID: On Fri, 2006-01-06 at 11:35 -0500, DAve wrote: > Is anyone else noticing a huge drop in viruses? Last night at 10pm EST > my virus captures dropped to an all time low. I generally catch around > 1100 per day, per server, and I have only caught 60 so far today. > > Everything else in MailScanner MRTG looks good, Clam and BD are up to > date, no problems in the logs. I don't suspect anything wrong on my end, > just a pleasent lack of viruses. Since I upgraded to 4.48.4, I have had a week with pretty much zero virus detections (some filename catches by MailScanner)...after a couple of days of this it scared me! So I tried sending EICAR and a few less friendly viruses through the system and the detection seems to work fine. On the other hand spam detection is at an all time high! It looks like pretty much everything is being detected as High Spam. Cheers Alisdair -- Pergamentum Solutions Alisdair Davey ard@pergamentum.com 2066 Dailey Ln www.pergamentum.com Superior, CO 80027 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Fri Jan 6 17:01:57 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:39 2006 Subject: Recover Attachments Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/6/06, David Jourard wrote: I have sendmail. From Wiki: Copy the qf- and df- files in the outgoing queue (usually /var/spool/mqueue) How do I create qf and df files into the outgoing queue given the fact that the attachments are in a folder called: k0406wN7026968 It's there to: If you don't quarantine as queue files: * Sendmail : sendmail -toi user@domain < messagefile Otherwise set "Quarantine Whole Messages As Queue Files" to yes. I use that. -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lbcadmin at gmail.com Fri Jan 6 16:46:48 2006 From: lbcadmin at gmail.com (Information Services) Date: Thu Jan 12 21:31:39 2006 Subject: Hard Lock Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I posted this on the CentOS forumn, and received no responses. I am really not sure where the issue is coming from, but my mailscanner systems occassionally lock up, and I have been unable to resolve why this is happening. can anyone shed some light on this for me. here is what I have on the centos forumn ---------------------------------------------------------------------------- I have two CentOS 4.1 mailscanner servers that like to lock up for some unknown reason. Both machines are Dell Optiplex G1's with powerleaps installed to make them 1.1Ghz processors. 512 RAM As I said above, running 4.1 Other information: mailscanner-4.47.4-2 clamav-0.87 inoculate mailwatch-1.0.1 sendmail-8.13.4-1 webmin-1.210 phpmyadmin-2.6.3-pl1 spamassassin-3.1.0 Both machines are setup this way. I have two issues with both, and cannot figure them out. First, When I reboot the systems, it takes about 20 minutes before the login screen appears. I am able to shell into the systems themselves and work on them, but I would like to resolve why they don't bring the login screen up right away after the boot process. The GUI either sets at the blank screen with the black curser outlined in white and is an 'X' symbol, or at the progress bar at 100 percent until it finally shows the login screen. Issue 2: I have been havin problems with both servers locking up. One server more than the other. Here is information I have from the logs and am not sure what do to about them. Today I downloaded chkrootkit to see if my systems have been tampered with, but not sure what to make of a line of information. Below is information from my var/log/messages, var/log/maillog, and piped info from running the chkrootkit. /VAR/LOG/MAILLOG ------------------------------ Dec 23 00:37:55 wks-lin9 MailScanner[24300]: Started SQL Logging child Dec 23 00:38:00 wks-lin9 MailScanner[24300]: Logging message jBN6bgKn030181 to SQL Dec 23 00:38:00 wks-lin9 MailScanner[24300]: Logging message jBN6bfED030180 to SQL Dec 23 00:38:00 wks-lin9 MailScanner[30202]: jBN6bgKn030181: Logged to MailWatch SQL Dec 23 00:38:00 wks-lin9 MailScanner[30202]: jBN6bfED030180: Logged to MailWatch SQL Dec 23 00:40:01 wks-lin9 sendmail[30089]: jBMLmqie001220: timeout waiting for input from jacobson-fw.jacobsonco.com. during client greeting Dec 23 00:40:01 wks-lin9 sendmail[30089]: jBMLmqie001220: to=,, delay=08:51:09, xdelay=00:05:00, mailer=esmtp, pri=4906016, relay=jacobson-fw.jacobsonco.com. [numericlinkwarning 65.201.33.146], dsn=4.0.0, stat=Deferred: Connection timed out with jacobson-fw.jacobsonco.com. Dec 23 14:28:27 wks-lin9 sendmail[2295]: alias database /etc/aliases rebuilt by root ------------------------------ /VAR/LOG/MESSAGES ------------------------------ Dec 23 00:35:01 wks-lin9 crond(pam_unix)[30112]: session opened for user root by (uid=0) Dec 23 00:35:01 wks-lin9 crond(pam_unix)[30114]: session opened for user root by (uid=0) Dec 23 00:35:02 wks-lin9 crond(pam_unix)[30112]: session closed for user root Dec 23 00:35:09 wks-lin9 crond(pam_unix)[30114]: session closed for user root Dec 23 00:40:01 wks-lin9 crond(pam_unix)[30204]: session opened for user root by (uid=0) Dec 23 00:40:01 wks-lin9 crond(pam_unix)[30207]: session opened for user root by (uid=0) Dec 23 00:40:01 wks-lin9 crond(pam_unix)[30205]: session opened for user root by (uid=0) Dec 23 00:40:02 wks-lin9 crond(pam_unix)[30207]: session closed for user root Dec 23 00:40:03 wks-lin9 crond(pam_unix)[30204]: session closed for user root Dec 23 00:40:10 wks-lin9 crond(pam_unix)[30205]: session closed for user root Dec 23 14:28:22 wks-lin9 syslogd 1.4.1: restart. Dec 23 14:28:22 wks-lin9 syslog: syslogd startup succeeded Dec 23 14:28:22 wks-lin9 kernel: klogd 1.4.1, log source = /proc/kmsg started. ------------------------------ OUTPUT FROM RUNNING CHKROOTKIT ------------------------------ [snip] Searching for suspicious files and dirs, it may take a while... /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Gaim/.packlist/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlis /usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/razor-agents/.packl st/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/SpamAssassin/. acklist/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/razor-agents-sdk/.p cklist /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock /usr/lib/qt-3.3/etc/settings/.qtrc.lock [snip] ------------------------------ I am stuck at the moment. It does not appear to me that my systems have been 'hijacked' or any other meaningful information has been given so I can narrow down the cause of my problems. Of course, that is from my knowledge level, maybe someone else can tell me what they see from this information, or I could provide even further information to figure this out. I checked my cron jobs to see if there would be anything that would be causing this lockup, but I have the nothing out of the ordinary, and I am not too concerned with it because I think it would be causing a problem at a set time if it was something in cron causing the issue. Any help is appreciated. Casey ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ralloway at WINBEAM.COM Fri Jan 6 17:30:50 2006 From: ralloway at WINBEAM.COM (Richard D Alloway) Date: Thu Jan 12 21:31:39 2006 Subject: Virus slow down? Message-ID: On Fri, 6 Jan 2006, DAve wrote: > Is anyone else noticing a huge drop in viruses? Last night at 10pm EST my > virus captures dropped to an all time low. I generally catch around 1100 per > day, per server, and I have only caught 60 so far today. > > Everything else in MailScanner MRTG looks good, Clam and BD are up to date, > no problems in the logs. I don't suspect anything wrong on my end, just a > pleasent lack of viruses. I've noticed a HUGE drop is viruses, too. About 1/4 to 1/8 the "normal" traffic....not that I'm complaining! :) -Richard D Alloway, Esq Chief Technical Officer Winbeam ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 6 17:30:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:39 2006 Subject: Problem installing DBI solved Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Just to let you know that I have found the problem with DBI not installing on Fedora (and other) systems. The /usr/lib/rpm/perl.req is far too keen to find Perl dependencies where there are none. So I replace it with an "exit 0;" script and save the original, which is replaced at the end of the script. It doesn't matter too much if you lose perl.req, it's pretty useless anyway as it works very badly. This will be in the next release. For now, just use CPAN which doesn't suffer this problem, or use "-- nodeps" which will force it to work. It shouldn't do any harm. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ76pM/w32o+k+q+hAQG/qgf/VWD0E7sKWcC3oMdInbyEHkSOp/tiF1By TRJp4+qrnah2BAyHyfC8m6tfncFg8vNKRD/XpySqNJgLVYv77JZCIkfAU+yNVJbL ht8E9x523cmgbdpUlwPHuUuqYL9uxXgejW/fM9L1mYQyYeoGD6ezJIonIDXNdvdY 01BgZzQQm4HDTSTGuP5BAciey0tzH5ytseMZ4cPI/1u1Lg7xdBDr/Yj6q9j4OWqe wx8HZ4/kBRBumDnlOyEYEEra9BtAuqDDa6LrqU9O1A9vdkhc/R5IG9ffNcpfcck2 tAY1kQZlp4VmzzUaO3LxA2iJsP7N8hxLydbS108tHan0k1VmK8/0og== =usaX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Fri Jan 6 17:17:25 2006 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:31:39 2006 Subject: Virus slow down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DAve wrote on 06-01-2006 17:35: > Is anyone else noticing a huge drop in viruses? Last night at 10pm EST > my virus captures dropped to an all time low. I generally catch around > 1100 per day, per server, and I have only caught 60 so far today. I can see a rise at the end of november. And it dropped down at midnight monday to tuesday. I have had a rise during the afternoon on tuesday (3 times the amount per minute compared to monday) but after that I haven't seen barely any virusses. An average of 1 virus every two minutes. December was top with 20 virusses per minute. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDvqYlMbmy+DDgnIURAjhkAKD4+5fRKvtBvQX5LX7epMo62IseEwCdF+9B cS6/V64dQH/X5F++jyrqmBw= =fH/h -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jan 6 17:13:10 2006 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:39 2006 Subject: Virus slow down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alisdair Davey spake the following on 1/6/2006 8:44 AM: > On Fri, 2006-01-06 at 11:35 -0500, DAve wrote: > >>Is anyone else noticing a huge drop in viruses? Last night at 10pm EST >>my virus captures dropped to an all time low. I generally catch around >>1100 per day, per server, and I have only caught 60 so far today. >> >>Everything else in MailScanner MRTG looks good, Clam and BD are up to >>date, no problems in the logs. I don't suspect anything wrong on my end, >>just a pleasent lack of viruses. > > > Since I upgraded to 4.48.4, I have had a week with pretty much zero > virus detections (some filename catches by MailScanner)...after a couple > of days of this it scared me! So I tried sending EICAR and a few less > friendly viruses through the system and the detection seems to work > fine. On the other hand spam detection is at an all time high! It looks > like pretty much everything is being detected as High Spam. > Cheers > Alisdair > > If you are using Pyzor, Razor, DCC a lot of the viruses that don't mutate heavily are getting marked as spam. Be careful if you let users release their own spam! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Jan 6 17:22:09 2006 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:39 2006 Subject: Virus slow down? Message-ID: The latest Sober variant switched off yesterday - we've only received 4 copies today. See http://www.f-secure.com/weblog/#00000772 Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Peter Peters > Sent: 06 January 2006 17:17 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus slow down? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > DAve wrote on 06-01-2006 17:35: > > Is anyone else noticing a huge drop in viruses? Last night > at 10pm EST > > my virus captures dropped to an all time low. I generally > catch around > > 1100 per day, per server, and I have only caught 60 so far today. > > I can see a rise at the end of november. And it dropped down > at midnight monday to tuesday. I have had a rise during the > afternoon on tuesday (3 times the amount per minute compared > to monday) but after that I haven't seen barely any virusses. > An average of 1 virus every two minutes. > December was top with 20 virusses per minute. > > - -- > Peter Peters, senior beheerder (Security) Dienst > Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, > http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFDvqYlMbmy+DDgnIURAjhkAKD4+5fRKvtBvQX5LX7epMo62IseEwCdF+9B > cS6/V64dQH/X5F++jyrqmBw= > =fH/h > -----END PGP SIGNATURE----- > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Jan 6 17:28:08 2006 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:39 2006 Subject: Virus slow down? Message-ID: See http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/277.html We're still seeing a drop in virus numbers today. The calm before the next storm, probably. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva > Sent: 06 January 2006 17:13 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Virus slow down? > > Alisdair Davey spake the following on 1/6/2006 8:44 AM: > > On Fri, 2006-01-06 at 11:35 -0500, DAve wrote: > > > >>Is anyone else noticing a huge drop in viruses? Last night > at 10pm EST > >>my virus captures dropped to an all time low. I generally > catch around > >>1100 per day, per server, and I have only caught 60 so far today. > >> > >>Everything else in MailScanner MRTG looks good, Clam and BD > are up to > >>date, no problems in the logs. I don't suspect anything wrong on my > >>end, just a pleasent lack of viruses. > > > > > > Since I upgraded to 4.48.4, I have had a week with pretty much zero > > virus detections (some filename catches by MailScanner)...after a > > couple of days of this it scared me! So I tried sending EICAR and a > > few less friendly viruses through the system and the > detection seems > > to work fine. On the other hand spam detection is at an all > time high! > > It looks like pretty much everything is being detected as High Spam. > > Cheers > > Alisdair > > > > > If you are using Pyzor, Razor, DCC a lot of the viruses that > don't mutate heavily are getting marked as spam. Be careful > if you let users release their own spam! > > > -- > > /-----------------------\ |~~\_____/~~\__ | > | MailScanner; The best |___________ \N1____====== )-+ > | protection on the net!| ~~~|/~~ | > \-----------------------/ () > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cgi at BYTESINTERACTIVE.COM Fri Jan 6 17:26:17 2006 From: cgi at BYTESINTERACTIVE.COM (David Jourard) Date: Thu Jan 12 21:31:39 2006 Subject: Recover Attachments Message-ID: Hi, Thanks. At 06:01 PM 06/01/2006 +0100, you wrote: > * Sendmail : sendmail -toi user@domain < messagefile It comes in the message body. Any ideas? Thanks David J. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.371 / Virus Database: 267.14.13/221 - Release Date: 04/01/2006 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lbergman at WTXS.NET Fri Jan 6 17:59:33 2006 From: lbergman at WTXS.NET (Lewis Bergman) Date: Thu Jan 12 21:31:39 2006 Subject: Virus slow down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] DAve wrote: > Is anyone else noticing a huge drop in viruses? Last night at 10pm EST > my virus captures dropped to an all time low. I generally catch around > 1100 per day, per server, and I have only caught 60 so far today. > > Everything else in MailScanner MRTG looks good, Clam and BD are up to > date, no problems in the logs. I don't suspect anything wrong on my end, > just a pleasent lack of viruses. Yep, We were catching around 26,000 a day up till today. Today sitting at 80 so far. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Jan 6 20:01:15 2006 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:40 2006 Subject: Hard Lock Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Information Services writes: > I posted this on the CentOS forumn, and received no responses. I am really > not sure where the issue is coming from, but my mailscanner systems > occassionally lock up, and I have been unable to resolve why this is > happening. can anyone shed some light on this for me. > > here is what I have on the centos forumn > > ---------------------------------------------------------------------------- > I have two CentOS 4.1 mailscanner servers that like to lock up for some > unknown reason. > > Both machines are Dell Optiplex G1's with powerleaps installed to make them > 1.1Ghz processors. > 512 RAM > > As I said above, running 4.1 > > Other information: > > mailscanner-4.47.4-2 > clamav-0.87 > inoculate > mailwatch-1.0.1 > sendmail-8.13.4-1 > webmin-1.210 > phpmyadmin-2.6.3-pl1 > spamassassin-3.1.0 > > > Both machines are setup this way. I have two issues with both, and cannot > figure them out. > > First, > > When I reboot the systems, it takes about 20 minutes before the login screen > appears. I am able to shell into the systems themselves and work on them, > but I would like to resolve why they don't bring the login screen up right > away after the boot process. The GUI either sets at the blank screen with > the black curser outlined in white and is an 'X' symbol, or at the progress > bar at 100 percent until it finally shows the login screen. > > Issue 2: > > I have been havin problems with both servers locking up. One server more > than the other. > > Here is information I have from the logs and am not sure what do to about > them. Today I downloaded chkrootkit to see if my systems have been tampered > with, but not sure what to make of a line of information. Below is > information from my var/log/messages, var/log/maillog, and piped info from > running the chkrootkit. > > /VAR/LOG/MAILLOG > ------------------------------ > Dec 23 00:37:55 wks-lin9 MailScanner[24300]: Started SQL Logging child > Dec 23 00:38:00 wks-lin9 MailScanner[24300]: Logging message jBN6bgKn030181 > to SQL > Dec 23 00:38:00 wks-lin9 MailScanner[24300]: Logging message jBN6bfED030180 > to SQL > Dec 23 00:38:00 wks-lin9 MailScanner[30202]: jBN6bgKn030181: Logged to > MailWatch SQL > Dec 23 00:38:00 wks-lin9 MailScanner[30202]: jBN6bfED030180: Logged to > MailWatch SQL > Dec 23 00:40:01 wks-lin9 sendmail[30089]: jBMLmqie001220: timeout waiting > for input from jacobson-fw.jacobsonco.com. during client greeting > Dec 23 00:40:01 wks-lin9 sendmail[30089]: jBMLmqie001220: to=< > Jarrod.Carley@jacobsonco.com>,, delay=08:51:09, > xdelay=00:05:00, mailer=esmtp, pri=4906016, relay=jacobson-fw.jacobsonco.com. > [65.201.33.146], dsn=4.0.0, stat=Deferred: Connection timed out with > jacobson-fw.jacobsonco.com. > Dec 23 14:28:27 wks-lin9 sendmail[2295]: alias database /etc/aliases rebuilt > by root > ------------------------------ > > /VAR/LOG/MESSAGES > ------------------------------ > Dec 23 00:35:01 wks-lin9 crond(pam_unix)[30112]: session opened for user > root by (uid=0) > Dec 23 00:35:01 wks-lin9 crond(pam_unix)[30114]: session opened for user > root by (uid=0) > Dec 23 00:35:02 wks-lin9 crond(pam_unix)[30112]: session closed for user > root > Dec 23 00:35:09 wks-lin9 crond(pam_unix)[30114]: session closed for user > root > Dec 23 00:40:01 wks-lin9 crond(pam_unix)[30204]: session opened for user > root by (uid=0) > Dec 23 00:40:01 wks-lin9 crond(pam_unix)[30207]: session opened for user > root by (uid=0) > Dec 23 00:40:01 wks-lin9 crond(pam_unix)[30205]: session opened for user > root by (uid=0) > Dec 23 00:40:02 wks-lin9 crond(pam_unix)[30207]: session closed for user > root > Dec 23 00:40:03 wks-lin9 crond(pam_unix)[30204]: session closed for user > root > Dec 23 00:40:10 wks-lin9 crond(pam_unix)[30205]: session closed for user > root > Dec 23 14:28:22 wks-lin9 syslogd 1.4.1: restart. > Dec 23 14:28:22 wks-lin9 syslog: syslogd startup succeeded > Dec 23 14:28:22 wks-lin9 kernel: klogd 1.4.1, log source = /proc/kmsg > started. > ------------------------------ > > OUTPUT FROM RUNNING CHKROOTKIT > ------------------------------ > [snip] > > Searching for suspicious files and dirs, it may take a while... > /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Gaim/.packlist > /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlist > /usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/razor-agents/.packlist > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Mail/SpamAssassin/.packlist > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/razor-agents-sdk/.packlist > /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock /usr/lib/qt-3.3 > /etc/settings/.qtrc.lock > > [snip] > ------------------------------ > > I am stuck at the moment. It does not appear to me that my systems have been > 'hijacked' or any other meaningful information has been given so I can > narrow down the cause of my problems. Of course, that is from my knowledge > level, maybe someone else can tell me what they see from this information, > or I could provide even further information to figure this out. I checked my > cron jobs to see if there would be anything that would be causing this > lockup, but I have the nothing out of the ordinary, and I am not too > concerned with it because I think it would be causing a problem at a set > time if it was something in cron causing the issue. > > Any help is appreciated. Nothing really odd from what you've posted.. here's a few things to try. An alternate to chkrootkit. wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz md5sum -b rkhunter-1.2.7.tar.gz # this ought to be 288ba8a87352716384823c9ea1958fa7 rpmbuild -tb rkhunter-1.2.7.tar.gz rkhunter --update rkhunter -c Next check the output of dmesg carefully (and slowly) Also why do your servers need to run in 'init 5'? i would change it to '3' Also install sysstat (yum -y install sysstat) and monitor the output of 'iostat -x 5' for some time. Could be a bad Disk causing IO contention. Check the output of 'chkconfig --list | grep 3:on | sort' and shutdown unnecessary services (spamd,clamd etc.) Finally, install some utilities from dell (omsa or something) to check the physical state of the machine. All i can think of now, HTH. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mrm at MEDICINE.WISC.EDU Fri Jan 6 20:16:33 2006 From: mrm at MEDICINE.WISC.EDU (Michael Masse) Date: Thu Jan 12 21:31:40 2006 Subject: Virus slow down? Message-ID: Same here.. Typically average around 2k/day. Sitting at 60 right now. Is this the calm before the storm? Mike >>> dave.list@PIXELHAMMER.COM 1/6/2006 2:13 PM >>> Lewis Bergman wrote: > DAve wrote: > >> Is anyone else noticing a huge drop in viruses? Last night at 10pm EST >> my virus captures dropped to an all time low. I generally catch around >> 1100 per day, per server, and I have only caught 60 so far today. >> >> Everything else in MailScanner MRTG looks good, Clam and BD are up to >> date, no problems in the logs. I don't suspect anything wrong on my >> end, just a pleasent lack of viruses. > > Yep, We were catching around 26,000 a day up till today. Today sitting > at 80 so far. Don't misunderstand me, I am not complaining, but it is kinda spooky to see MailScanner so quiet. DAve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dave.list at PIXELHAMMER.COM Fri Jan 6 20:19:42 2006 From: dave.list at PIXELHAMMER.COM (DAve) Date: Thu Jan 12 21:31:40 2006 Subject: Virus slow down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] DAve wrote: > Lewis Bergman wrote: > >> DAve wrote: >> >>> Is anyone else noticing a huge drop in viruses? Last night at 10pm >>> EST my virus captures dropped to an all time low. I generally catch >>> around 1100 per day, per server, and I have only caught 60 so far today. >>> >>> Everything else in MailScanner MRTG looks good, Clam and BD are up to >>> date, no problems in the logs. I don't suspect anything wrong on my >>> end, just a pleasent lack of viruses. >> >> >> Yep, We were catching around 26,000 a day up till today. Today sitting >> at 80 so far. > > > Don't misunderstand me, I am not complaining, but it is kinda spooky to > see MailScanner so quiet. > > DAve Spooky as in... "I feel like one of those survivors who peers out from beneath the fire blanket after noise dies down". I know the levels of Viruses we saw in the last 18 months would have burned us if not for MailScanner. Thanks Julian, DAve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dave.list at PIXELHAMMER.COM Fri Jan 6 20:13:10 2006 From: dave.list at PIXELHAMMER.COM (DAve) Date: Thu Jan 12 21:31:40 2006 Subject: Virus slow down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lewis Bergman wrote: > DAve wrote: > >> Is anyone else noticing a huge drop in viruses? Last night at 10pm EST >> my virus captures dropped to an all time low. I generally catch around >> 1100 per day, per server, and I have only caught 60 so far today. >> >> Everything else in MailScanner MRTG looks good, Clam and BD are up to >> date, no problems in the logs. I don't suspect anything wrong on my >> end, just a pleasent lack of viruses. > > Yep, We were catching around 26,000 a day up till today. Today sitting > at 80 so far. Don't misunderstand me, I am not complaining, but it is kinda spooky to see MailScanner so quiet. DAve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.siddall at ELIRION.NET Fri Jan 6 20:25:17 2006 From: richard.siddall at ELIRION.NET (Richard Siddall) Date: Thu Jan 12 21:31:40 2006 Subject: Problem installing DBI solved Message-ID: Julian Field wrote: > The /usr/lib/rpm/perl.req is far too keen to find Perl dependencies > where there are none. > So I replace it with an "exit 0;" script and save the original, which > is replaced at the end of the script. > It doesn't matter too much if you lose perl.req, it's pretty useless > anyway as it works very badly. > Oh, yuck. Julian, could you do something like: rpm --define='__perl_requires=/path/to/julians/script' in install.sh, so you don't make any persistent changes to the development environment? Regards, Richard Siddall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.siddall at ELIRION.NET Fri Jan 6 20:32:13 2006 From: richard.siddall at ELIRION.NET (Richard Siddall) Date: Thu Jan 12 21:31:40 2006 Subject: CPAN -> RPM, was: Beta 4.50.4 released -- faster than 4.49 Message-ID: Steve Freegard wrote: [snip] > > Personally I use the cpan2rpm script http://perl.arix.com/cpan2rpm/ > which you can tell to ignore requirements: > [snip] FWIW, I've been using Ovid (http://search.cpan.org/~gyepi/Ovid-0.06/) recently, mainly because it's recursive and builds RPMs for all the dependencies. (OTOH, it's not perfect: it generates horrible .spec files and doesn't handle embedded Bundles or Module::Build Makefiles correctly.) Regards, Richard Siddall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Edge at TWU.CA Fri Jan 6 20:47:17 2006 From: Edge at TWU.CA (Richard Edge) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner problem Message-ID: I am having a problem with MailScanner after upgrading both email gateways yesterday to 4.50.4. Both gateways were upgraded using exactly the same steps but on the primary gateway it is having an issue with delivering email to our Exchange servers. It is receiving the email fine, but it is not being logged to the MailWatch database or being forwarded on to our Exchange server. When starting MailScanner on this gateway I no longer see it finding new batches of received email. and when runnin ps -ax | grep MailScanner I get the following output: 19323 ? S 0:00 MailScanner: starting children 19324 ? Z 0:00 [MailScanner ] 19352 ? Z 0:00 [MailScanner ] 19360 pts/0 S 0:00 grep MailScanner I have checked other log files but cannot see anything out of the ordinary. As mentioned the second gateway is working fine with exactly the same setup. Any suggestion of where to look next? Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Fri Jan 6 21:07:40 2006 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner problem Message-ID: --On Friday, January 06, 2006 12:47 PM -0800 Richard Edge wrote: > I am having a problem with MailScanner after upgrading both email > gateways yesterday to 4.50.4. Both gateways were upgraded using exactly I saw this myself, and it was beause I hadn't moved over the MailWatch.pm file from the old directory. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Vermont State Colleges martelm@quark.vsc.edu | Systems Administrator http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Jan 6 21:07:42 2006 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner problem Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard Edge writes: > I am having a problem with MailScanner after upgrading both email > gateways yesterday to 4.50.4. Both gateways were upgraded using exactly > the same steps but on the primary gateway it is having an issue with > delivering email to our Exchange servers. It is receiving the email > fine, but it is not being logged to the MailWatch database or being > forwarded on to our Exchange server. When starting MailScanner on this > gateway I no longer see it finding new batches of received email. and > when runnin ps -ax | grep MailScanner I get the following output: > > 19323 ? S 0:00 MailScanner: starting children > > 19324 ? Z 0:00 [MailScanner ] > 19352 ? Z 0:00 [MailScanner ] > 19360 pts/0 S 0:00 grep MailScanner > > I have checked other log files but cannot see anything out of the > ordinary. > > As mentioned the second gateway is working fine with exactly the same > setup. Any suggestion of where to look next? Did you remember to copy the files in the CustomFunctions dir to the new installation (not required for RPM based installs) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 6 21:29:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:40 2006 Subject: Problem installing DBI solved Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard Siddall wrote: >Julian Field wrote: > > >>The /usr/lib/rpm/perl.req is far too keen to find Perl dependencies >>where there are none. >>So I replace it with an "exit 0;" script and save the original, which >>is replaced at the end of the script. >>It doesn't matter too much if you lose perl.req, it's pretty useless >>anyway as it works very badly. >> >> >> > >Oh, yuck. > >Julian, could you do something like: > rpm --define='__perl_requires=/path/to/julians/script' >in install.sh, so you don't make any persistent changes to the >development environment? > > Don't see quite what you mean. What I need to do is kill perl.req, I don't see what I can do apart from put it back afterwards. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mrm at MEDICINE.WISC.EDU Fri Jan 6 21:42:26 2006 From: mrm at MEDICINE.WISC.EDU (Michael Masse) Date: Thu Jan 12 21:31:40 2006 Subject: 4.49.7-1 process name feature keeps adding processes Message-ID: Using the 4.49.7-1 rpm install on a RHEL3 system. My max processes setting is set to 5 and PS shows I have 5 "mailScanner" master waiting for children, sleeping" lines and a bunch of "MailScanner: waiting for messages" lines. System seems to be working fine. The problem is that the number "MailScanner:waiting for messages" processes are increasing linearly with time with no relavance to load. Mailscanner-mrtg shows a linear graph of these processes increasing in a very straight line.. Essentially every hour on the hour 5 more of these processes are added to the running total regardless of load. I've been paranoid about this so I've been restarting MailScanner about once a day since I noticed this because I don't know if it will stop creating new processes before running out of ram, and I really don't want to find out the hard way. A look at PS after a day or so of MS running makes unfiltered PS very hard to read with the hundred+ waiting for messages entries. Is this something I should be concerned with? Will the number of these processes eventually cap out at a safe level before running out of ram? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Fri Jan 6 21:44:43 2006 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner version 5 Message-ID: On Thu, 5 Jan 2006, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Thu, Jan 05, 2006 at 02:29:07PM +0100, Raymond Dijkxhoorn wrote: >> Hi! >> >>> Just curious, what will it take for >>> MailScanner to go to version 5? >> >> I want MailScanner XP, Oh MailScanner 2005... uh its just a number :) >> > > > Are you familiar with Version Numbering contril? yep, most of us are, but how can you be taken seriously with a username like yours :) > >> Bye, >> Raymond. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mrm at MEDICINE.WISC.EDU Fri Jan 6 22:20:09 2006 From: mrm at MEDICINE.WISC.EDU (Michael Masse) Date: Thu Jan 12 21:31:40 2006 Subject: 4.49.7-1 process name feature keeps adding processes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Try killing mailscanner-mrtg, just to prove that it's not guilty of > generating them... > It appears to be a problem with check_MailScanner which I have running once an hour. It can't seem to detect that MailScanner is running, so it starts up new processes. If I do a ps axww the relavant lines are: 15006 ? S 0:00 MailScanner: master waiting for children, sleeping 15007 ? S 0:02 MailScanner: waiting for messages 15068 ? S 0:02 MailScanner: waiting for messages 15187 ? S 0:02 MailScanner: waiting for messages 15234 ? S 0:02 MailScanner: waiting for messages 15258 ? S 0:01 MailScanner: waiting for messages and I'm running check_MailScanner version 1.13.2.8 dated 2003/07/29 Is there a newer version that the rpm install isn't updating for some reason? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From richard.siddall at ELIRION.NET Fri Jan 6 21:48:43 2006 From: richard.siddall at ELIRION.NET (Richard Siddall) Date: Thu Jan 12 21:31:40 2006 Subject: Problem installing DBI solved Message-ID: Julian Field wrote: > Don't see quite what you mean. What I need to do is kill perl.req, I > don't see what I can do apart from put it back afterwards. > Well, first off, I meant rpmbuild, not rpm. If I understand rpmbuild correctly, it calls perl.req because that's the program specified in the __perl_requires macro. Do an rpmbuild --showrc and look for __perl_requires. If you redefine the macro successfully then the standard perl.req shouldn't be called. You can get rpmbuild to call your replacement script instead, without making any changes to perl.req. I was just suggesting trying to redefine the macro on the command line. I don't know if that would work. You could also try redefining it in the .spec file or in an rcfile you pass via the --rcfile command line switch. Does that make more sense? Regards, Richard Siddall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 6 21:47:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:40 2006 Subject: 4.49.7-1 process name feature keeps adding processes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try killing mailscanner-mrtg, just to prove that it's not guilty of generating them... Michael Masse wrote: >Using the 4.49.7-1 rpm install on a RHEL3 system. >My max processes setting is set to 5 and PS shows I have 5 >"mailScanner" master waiting for children, sleeping" lines and a bunch >of >"MailScanner: waiting for messages" lines. > >System seems to be working fine. > >The problem is that the number "MailScanner:waiting for messages" >processes are increasing linearly with time with no relavance to load. > Mailscanner-mrtg shows a linear graph of these processes increasing in >a very straight line.. Essentially every hour on the hour 5 more of >these processes are added to the running total regardless of load. >I've been paranoid about this so I've been restarting MailScanner about >once a day since I noticed this because I don't know if it will stop >creating new processes before running out of ram, and I really don't >want to find out the hard way. A look at PS after a day or so of >MS running makes unfiltered PS very hard to read with the hundred+ >waiting for messages entries. Is this something I should be concerned >with? Will the number of these processes eventually cap out at a safe >level before running out of ram? > >Mike > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Edge at TWU.CA Fri Jan 6 22:05:34 2006 From: Edge at TWU.CA (Richard Edge) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner problem Message-ID: Whew!! Problem solved. Thanks for everyone's suggestions. It appears that during my cleanup yesterday on the one gateway, I had deleted the /var/clamav directory and its contents. It was a left over from a previous ClamAV install I must have done for version .81. There are obviously some configuration files somewhere still pointing to that directory. I re-install version .87 from an RPM which put things back the way they were except with version .87 until I can find where the real problem is. This now allowed MailScanner to load and do its thing as it should. Now I will just have to hunt down which config is still pointing to that directory. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dhawal Doshy Sent: Friday, January 06, 2006 1:08 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] MailScanner problem Richard Edge writes: > I am having a problem with MailScanner after upgrading both email > gateways yesterday to 4.50.4. Both gateways were upgraded using > exactly the same steps but on the primary gateway it is having an > issue with delivering email to our Exchange servers. It is receiving > the email fine, but it is not being logged to the MailWatch database > or being forwarded on to our Exchange server. When starting > MailScanner on this gateway I no longer see it finding new batches of > received email. and when runnin ps -ax | grep MailScanner I get the following output: > > 19323 ? S 0:00 MailScanner: starting children > > 19324 ? Z 0:00 [MailScanner ] > 19352 ? Z 0:00 [MailScanner ] > 19360 pts/0 S 0:00 grep MailScanner > > I have checked other log files but cannot see anything out of the > ordinary. > > As mentioned the second gateway is working fine with exactly the same > setup. Any suggestion of where to look next? Did you remember to copy the files in the CustomFunctions dir to the new installation (not required for RPM based installs) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jan 6 22:31:32 2006 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:40 2006 Subject: 4.49.7-1 process name feature keeps adding processes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Masse spake the following on 1/6/2006 2:20 PM: > Julian Field wrote: > >> Try killing mailscanner-mrtg, just to prove that it's not guilty of >> generating them... >> > It appears to be a problem with check_MailScanner which I have running > once an hour. It can't seem to detect that MailScanner is running, so > it starts up new processes. If I do a ps axww the relavant lines are: > > 15006 ? S 0:00 MailScanner: master waiting for children, > sleeping 15007 ? S > 0:02 MailScanner: waiting for > messages 15068 > ? S 0:02 MailScanner: waiting for > messages 15187 > ? S 0:02 MailScanner: waiting for > messages 15234 > ? S 0:02 MailScanner: waiting for > messages 15258 > ? S 0:01 MailScanner: waiting for messages > > > and I'm running > check_MailScanner version 1.13.2.8 dated 2003/07/29 > > Is there a newer version that the rpm install isn't updating for some > reason? > > Mike > Sorry! Brainfart... Mine is as follows; $Id: check_mailscanner,v 1.13.2.11 2005/12/09 11:42:42 jkf Exp $ -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Jan 6 22:29:42 2006 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:40 2006 Subject: 4.49.7-1 process name feature keeps adding processes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Masse spake the following on 1/6/2006 2:20 PM: > Julian Field wrote: > >> Try killing mailscanner-mrtg, just to prove that it's not guilty of >> generating them... >> > It appears to be a problem with check_MailScanner which I have running > once an hour. It can't seem to detect that MailScanner is running, so > it starts up new processes. If I do a ps axww the relavant lines are: > > 15006 ? S 0:00 MailScanner: master waiting for children, > sleeping 15007 ? S > 0:02 MailScanner: waiting for > messages 15068 > ? S 0:02 MailScanner: waiting for > messages 15187 > ? S 0:02 MailScanner: waiting for > messages 15234 > ? S 0:02 MailScanner: waiting for > messages 15258 > ? S 0:01 MailScanner: waiting for messages > > > and I'm running > check_MailScanner version 1.13.2.8 dated 2003/07/29 > > Is there a newer version that the rpm install isn't updating for some > reason? > > Mike > Mine has no version info, but is dated 1/1/2006. Maybe yours is locked in some way (immutable bit set?), and the rpm install can't get it. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Fri Jan 6 23:58:45 2006 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner version 5 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > > The one thing you forgot is that I will of course be the majority > stockholder in Major Corporation. Why make money once when you can > make it twice? > Um Julian, what about world domination? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Sat Jan 7 06:34:47 2006 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:31:40 2006 Subject: 4.49.7-1 process name feature keeps adding processes Message-ID: On Fri, 6 Jan 2006, Michael Masse wrote: > It appears to be a problem with check_MailScanner which I have running once > an hour. It can't seem to detect that MailScanner is running, so it starts > up new processes. If I do a ps axww the relavant lines are: Run this (pid= is all on one line, change path to MailScanner if not in /opt #!/bin/sh pid=`ps axww |egrep MailScanner'[:]|\['MailScanner'\]|[ ]'/opt/MailScanner/bin/MailScanner | awk '{ print $1 }'` ; echo MailScanner running with pid $pid if [ "x$pid" = "x" ]; then echo MailScanner not running else if [ "x$1" != "x-q" ]; then echo MailScanner running with pid $pid fi fi thats all the check process does what does it print out ? and example here is: root@valhalla:/opt/MailScanner/bin# ./test MailScanner running with pid 13863 26862 27237 27411 27429 28249 root@valhalla:/opt/MailScanner/bin# /etc/rc.d/rc.sendmail stop root@valhalla:/opt/MailScanner/bin# ./test MailScanner not running root@valhalla:/opt/MailScanner/bin# -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From radislav.vrnata at PORCELA.CZ Sat Jan 7 11:33:26 2006 From: radislav.vrnata at PORCELA.CZ (Radislav Vrnata) Date: Thu Jan 12 21:31:40 2006 Subject: Filetype code BUG ? Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. Fedora Core 3, 4 (file ver. 4.10 - 4.16(author latest)) have this bug... Fedora Core 2 (file ver. 4.07) is O.K. Radislav. Julian Field napsal(a): > This is a bug in the "file" command. Please report it to the authors. > > On 6 Jan 2006, at 13:10, Radislav Vrnata wrote: > >>> Hi all, >>> >>> I have big problem with regular detecting of MPEG attachments based on >>> Filetype rules. >>> >>> When I sent "PLAIN TEXT" e-mail with ISO-8859-2 encoding and first two >>> characters of body are "V" e.g. in Czech "V~en" (in English >>> "Dear"), >>> then MS recognize him as "MPEG movie" !!! (log says "Filetype >>> Checks: No >>> MPEG movies (42C121B907CA.60823 msg-24637-201.txt)"). >>> If I write "space character" before "V", then everything is all >>> right... >>> >>> Any suggestions ? >>> >>> Regards, >>> >>> Radislav. >>> >>> >>> Postfix 2.1.5 >>> Cyrus IMAP 2.2.12 >>> This is Fedora Core release 3 (Heidelberg) >>> This is Perl version 5.008005 (5.8.5) >>> This is MailScanner version 4.49.7 >>> Module versions are: >>> 1.00 AnyDBM_File >>> 1.14 Archive::Zip >>> 1.03 Carp >>> 1.119 Convert::BinHex >>> 1.00 DirHandle >>> 1.05 Fcntl >>> 2.73 File::Basename >>> 2.08 File::Copy >>> 2.01 FileHandle >>> 1.06 File::Path >>> 0.16 File::Temp >>> 1.29 HTML::Entities >>> 3.45 HTML::Parser >>> 2.30 HTML::TokeParser >>> 1.21 IO >>> 1.10 IO::File >>> 1.123 IO::Pipe >>> 1.67 Mail::Header >>> 3.05 MIME::Base64 >>> 5.417 MIME::Decoder >>> 5.417 MIME::Decoder::UU >>> 5.417 MIME::Head >>> 5.417 MIME::Parser >>> 3.03 MIME::QuotedPrint >>> 5.417 MIME::Tools >>> 0.10 Net::CIDR >>> 1.08 POSIX >>> 1.77 Socket >>> 0.08 Sys::Syslog >>> 1.02 Time::localtime >>> >>> Optional module versions are: >>> 0.17 Convert::TNEF >>> 1.814 DB_File >>> 1.08 Digest >>> 1.01 Digest::HMAC >>> 2.36 Digest::MD5 >>> 2.10 Digest::SHA1 >>> 0.44 Inline >>> 0.17 Mail::ClamAV >>> 3.000004 Mail::SpamAssassin >>> 1.997 Mail::SPF::Query >>> 0.18 Net::CIDR::Lite >>> 0.55 Net::DNS >>> 0.31 Net::LDAP >>> 1.94 Parse::RecDescent >>> missing SAVI >>> 1.4 Sys::Hostname::Long >>> 2.56 Test::Harness >>> 0.62 Test::Simple >>> 1.95 Text::Balanced >>> 1.35 URI >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 7 13:14:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:40 2006 Subject: Problem installing DBI solved Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good idea, I see your point now. Unfortunately, I can't quite see what to put in the /tmp/MSrpmrc file. I have tried %__perl_requires /bin/true but that doesn't appear to work. I'll carry on digging. Richard Siddall wrote: >Julian Field wrote: > > >>Don't see quite what you mean. What I need to do is kill perl.req, I >>don't see what I can do apart from put it back afterwards. >> >> >> > >Well, first off, I meant rpmbuild, not rpm. > >If I understand rpmbuild correctly, it calls perl.req because that's the >program specified in the __perl_requires macro. Do an > > rpmbuild --showrc > >and look for __perl_requires. > >If you redefine the macro successfully then the standard perl.req >shouldn't be called. You can get rpmbuild to call your replacement >script instead, without making any changes to perl.req. > >I was just suggesting trying to redefine the macro on the command line. > I don't know if that would work. You could also try redefining it in >the .spec file or in an rcfile you pass via the --rcfile command line >switch. > >Does that make more sense? > >Regards, > > Richard Siddall > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 7 13:52:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:40 2006 Subject: Problem installing DBI solved Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All sorted now. Works a treat. Julian Field wrote: > Good idea, I see your point now. > Unfortunately, I can't quite see what to put in the /tmp/MSrpmrc file. > I have tried > %__perl_requires /bin/true > but that doesn't appear to work. > I'll carry on digging. > > Richard Siddall wrote: > >> Julian Field wrote: >> >> >>> Don't see quite what you mean. What I need to do is kill perl.req, I >>> don't see what I can do apart from put it back afterwards. >>> >>> >> >> >> Well, first off, I meant rpmbuild, not rpm. >> >> If I understand rpmbuild correctly, it calls perl.req because that's the >> program specified in the __perl_requires macro. Do an >> >> rpmbuild --showrc >> >> and look for __perl_requires. >> >> If you redefine the macro successfully then the standard perl.req >> shouldn't be called. You can get rpmbuild to call your replacement >> script instead, without making any changes to perl.req. >> >> I was just suggesting trying to redefine the macro on the command line. >> I don't know if that would work. You could also try redefining it in >> the .spec file or in an rcfile you pass via the --rcfile command line >> switch. >> >> Does that make more sense? >> >> Regards, >> >> Richard Siddall >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Edge at TWU.CA Fri Jan 6 21:17:48 2006 From: Edge at TWU.CA (Richard Edge) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner problem Message-ID: Where is is supposed to be and where can this information be found? Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael H. Martel Sent: Friday, January 06, 2006 1:08 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: [MAILSCANNER] MailScanner problem --On Friday, January 06, 2006 12:47 PM -0800 Richard Edge wrote: > I am having a problem with MailScanner after upgrading both email > gateways yesterday to 4.50.4. Both gateways were upgraded using > exactly I saw this myself, and it was beause I hadn't moved over the MailWatch.pm file from the old directory. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Vermont State Colleges martelm@quark.vsc.edu | Systems Administrator http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From BBourdage at TECHPRO.COM Sat Jan 7 22:24:10 2006 From: BBourdage at TECHPRO.COM (Barry Bourdage) Date: Thu Jan 12 21:31:40 2006 Subject: Field in a message object. Message-ID: I am trying to find the action ("Deliver/Store/Delete/...) in the $message object. I have used the dump.pm, but cannot seem to find the info. Could anyone please shed some light on this for me. Thank you. Barry Bourdage ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Sun Jan 8 04:09:11 2006 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:40 2006 Subject: Hard Lock Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 06/01/06, Information Services wrote: (snip) > clamav-0.87 Update cam asap. (snip) > > First, > > When I reboot the systems, it takes about 20 minutes before the login > screen appears. I am able to shell into the systems themselves and work on > them, but I would like to resolve why they don't bring the login screen up > right away after the boot process. The GUI either sets at the blank screen > with the black curser outlined in white and is an 'X' symbol, or at the > progress bar at 100 percent until it finally shows the login screen. Assuming you are referring to a graphical logon screen, this is usually a display manager for X.... Which in turn usually means that extreme slowness is due to a network misconfiguration. Having no valid name lookup (in /etc/hosts) for the loopback IF address usually has this effect... So check that all names (including loopback) resolve as they should. If you have it configured for a X font sever, check that it is running, and that you have no network issues in reaching it. > > Issue 2: > > I have been havin problems with both servers locking up. One server more > than the other. > (snip) Nothing jumps out and grabs ones attention.... So suspect the usual things: HW and kernel. One is easy to change.... so why not try your hand on doing a "custom kernel";-). since both machines are more or less of an age, and fairly similar in makeup..... shoddy drivers come to mind, as well as diverse age-related cr*p. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Sun Jan 8 07:43:40 2006 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:40 2006 Subject: test setup Message-ID: Correct and thanks Jon >>> drew@THEMARSHALLS.CO.UK 8:29:05 pm 6/01/2006 >>> On 6 Jan 2006, at 06:30, Jon Miller wrote: > First like to say my copy of the MailScanner book has just arrived > and I'm ready to try to set up a test system to install MS, SA, > SAV, MCP,etc. > What I would like to do is have mail from our regular mail server > send a copy to this server, so we can see how the setup works with > real mail. > We are using a Debian server with postfix as our MTA. > Any ideas or diagram/instructions available on the subject? > When the test server is up and running you could always just tell your existing Postfix server to BCC an account on the test box with all mail. That would give it a real life testing (Although it would only test mail that has made it's way through the existing server, so valid recipients, non RBL listed IP's etc. This shouldn't be too bad though as you are after testing MailScanner, right?). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Sun Jan 8 11:03:34 2006 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner problem Message-ID: --On Friday, January 06, 2006 1:17 PM -0800 Richard Edge wrote: > Where is is supposed to be and where can this information be found? MailWatch.pm should be in the CustomFunctions directory. Did you install from tar file or RPM ? If it's the tar file, it's wherever you put it. For me its : /opt/MailScanner/lib/MailScanner/CustomFunctions In the RPM version it's : /usr/lib/MailScanner/MailScanner/CustomFunctions Michael -- --------------------------------o--------------------------------- Michael H. Martel | Vermont State Colleges martelm@quark.vsc.edu | Systems Administrator http://probe.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 8 11:33:22 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:40 2006 Subject: Field in a message object. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The reason you can't find it is that it isn't there :-) It wasn't needed, so I didn't put it in. Barry Bourdage wrote: > I am trying to find the action ("Deliver/Store/Delete/...) in the > $message object. > > I have used the dump.pm, but cannot seem to find the info. > > Could anyone please shed some light on this for me. > > Thank you. > > Barry Bourdage > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Sun Jan 8 13:22:25 2006 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 08/01/06, Michael H. Martel wrote: > --On Friday, January 06, 2006 1:17 PM -0800 Richard Edge > wrote: > > > Where is is supposed to be and where can this information be found? > > MailWatch.pm should be in the CustomFunctions directory. Did you install > from tar file or RPM ? > > If it's the tar file, it's wherever you put it. For me its : > > /opt/MailScanner/lib/MailScanner/CustomFunctions > > In the RPM version it's : > > /usr/lib/MailScanner/MailScanner/CustomFunctions > > > > Michael > > -- I think Richard is talking about where clamav is supposed to be, or rather where the config files are.... Your answer is correct for that too:-) If installed from source and using the defaults (just a plain ./configure) then it's installed to /usr/local ... so any config files are in /usr/local/etc ... If you've used any RPMs, well then anything goes... Probably in /etc, but ...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Sun Jan 8 15:47:48 2006 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:40 2006 Subject: Virus slow down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Since I "discovered" clamav-milter I've barely - if ever - seen MailScanner detect a virus. Most things that get past clamav-milter get picked up by filename rules. Now that I've implemented greylisting it's even lower. Michael Masse wrote: >Same here.. Typically average around 2k/day. Sitting at 60 right >now. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 8 16:21:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:40 2006 Subject: Virus slow down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] We are still seeing 1500 viruses out of 180k messages per day. No drop off here at all. Alex Neuman van der Hans wrote: > Since I "discovered" clamav-milter I've barely - if ever - seen > MailScanner detect a virus. Most things that get past clamav-milter > get picked up by filename rules. Now that I've implemented greylisting > it's even lower. > > Michael Masse wrote: > >> Same here.. Typically average around 2k/day. Sitting at 60 right >> now. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From BBourdage at TECHPRO.COM Sun Jan 8 17:40:34 2006 From: BBourdage at TECHPRO.COM (Barry Bourdage) Date: Thu Jan 12 21:31:40 2006 Subject: Field in a message object. Message-ID: Thank you Julian, I have written a custom function that allows for individual actions per user/Domain/Admin, for each No-Spam, Low Spam, and High spam score, from a SQL Table. I would like to have the ability to display the action that was taken in the detail side of the report. Barry -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: Sunday, January 08, 2006 5:33 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Field in a message object. The reason you can't find it is that it isn't there :-) It wasn't needed, so I didn't put it in. Barry Bourdage wrote: > I am trying to find the action ("Deliver/Store/Delete/...) in the > $message object. > > I have used the dump.pm, but cannot seem to find the info. > > Could anyone please shed some light on this for me. > > Thank you. > > Barry Bourdage > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Sun Jan 8 21:50:34 2006 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:40 2006 Subject: Field in a message object. Message-ID: Hi Barry, I've already submitted a patch to Julian for this (as I want to put this in the next MailWatch release) and is in the current beta so it will be in the next stable MailScanner release. The new property is called $message->{actions} and contains a comma separated list of the actions that were taken on a message. Cheers, Steve. On Sun, 2006-01-08 at 11:40 -0600, Barry Bourdage wrote: > Thank you Julian, > I have written a custom function that allows for individual actions per > user/Domain/Admin, for each No-Spam, Low Spam, and High spam score, from > a SQL Table. I would like to have the ability to display the action that > was taken in the detail side of the report. > > > Barry > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Sunday, January 08, 2006 5:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Field in a message object. > > The reason you can't find it is that it isn't there :-) It wasn't > needed, so I didn't put it in. > > Barry Bourdage wrote: > > > I am trying to find the action ("Deliver/Store/Delete/...) in the > > $message object. > > > > I have used the dump.pm, but cannot seem to find the info. > > > > Could anyone please shed some light on this for me. > > > > Thank you. > > > > Barry Bourdage > > > > ------------------------ MailScanner list ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From BBourdage at TECHPRO.COM Sun Jan 8 21:54:57 2006 From: BBourdage at TECHPRO.COM (Barry Bourdage) Date: Thu Jan 12 21:31:40 2006 Subject: Field in a message object. Message-ID: Thank you Steve, I also sent you a minor update to support a refresh from the SQL table, rather than require a MailScanner restart. Please let me know if you have any other questions ?. Barry -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Freegard Sent: Sunday, January 08, 2006 3:51 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Field in a message object. Hi Barry, I've already submitted a patch to Julian for this (as I want to put this in the next MailWatch release) and is in the current beta so it will be in the next stable MailScanner release. The new property is called $message->{actions} and contains a comma separated list of the actions that were taken on a message. Cheers, Steve. On Sun, 2006-01-08 at 11:40 -0600, Barry Bourdage wrote: > Thank you Julian, > I have written a custom function that allows for individual actions > per user/Domain/Admin, for each No-Spam, Low Spam, and High spam > score, from a SQL Table. I would like to have the ability to display > the action that was taken in the detail side of the report. > > > Barry > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Sunday, January 08, 2006 5:33 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Field in a message object. > > The reason you can't find it is that it isn't there :-) It wasn't > needed, so I didn't put it in. > > Barry Bourdage wrote: > > > I am trying to find the action ("Deliver/Store/Delete/...) in the > > $message object. > > > > I have used the dump.pm, but cannot seem to find the info. > > > > Could anyone please shed some light on this for me. > > > > Thank you. > > > > Barry Bourdage > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Sun Jan 8 23:01:35 2006 From: Dave (Dave) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: Quick question. With MailScanner, is their an exclusion list for a user that does not have their mail scanned? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Jan 8 23:20:35 2006 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Quick question. > > With MailScanner, is their an exclusion list for a user that > does not have their mail scanned? > Have a look in MailScanner.conf and search the archives for rulesets Short answer - yes you can do it -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 9 09:07:29 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: As Michelle said, the short answer is yes, The longer answer is, you'll have to create a ruleset for all tests to exclude that user from that test. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dave Shariff Yadallee - System Administrator a.k.a. The Root of > the Problem > Sent: 08 January 2006 23:02 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Exclusion List > > Quick question. > > With MailScanner, is their an exclusion list for a user that > does not have their mail scanned? > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Mon Jan 9 09:39:19 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/9/06, Martin Hepworth wrote: As Michelle said, the short answer is yes, The longer answer is, you'll have to create a ruleset for all tests to exclude that user from that test. Yes, but "Scan Messages" is the big switch so if he wants to avoid scanning totally he only needs one ruleset. -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 9 09:46:34 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: Ah yes of course I'd forgot about that....... Hey, its still early Monday AM - that's my excuse and I'm sticking by it.... :-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of shuttlebox > Sent: 09 January 2006 09:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exclusion List > > On 1/9/06, Martin Hepworth wrote: > > As Michelle said, the short answer is yes, > > The longer answer is, you'll have to create a ruleset for all tests > to > exclude that user from that test. > > > > Yes, but "Scan Messages" is the big switch so if he wants to avoid > scanning totally he only needs one ruleset. > > -- > /peter > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Mon Jan 9 12:08:11 2006 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: Martin Hepworth <> said on 09 January 2006 09:07: > As Michelle said, the short answer is yes, > Oi! Stop changing my gender!! Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Mon Jan 9 15:13:06 2006 From: Dave (Dave) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: On Mon, Jan 09, 2006 at 12:08:11PM -0000, Michele Neylon :: Blacknight Solutions wrote: > Martin Hepworth <> said on 09 January 2006 09:07: > > > As Michelle said, the short answer is yes, > > > > Oi! Stop changing my gender!! > So is Michele Irish for Michael? > > Mr Michele Neylon > Blacknight Solutions > Hosting & Colocation, Brand Protection > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > UK: 0870 163 0607 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 9 15:18:31 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: Yup - its pronounced differently though Mickayli I think is a reasonable phonetically.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dave Shariff Yadallee - System Administrator a.k.a. The Root of > the Problem > Sent: 09 January 2006 15:13 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Exclusion List > > On Mon, Jan 09, 2006 at 12:08:11PM -0000, Michele Neylon :: Blacknight > Solutions wrote: > > Martin Hepworth <> said on 09 January 2006 09:07: > > > > > As Michelle said, the short answer is yes, > > > > > > > Oi! Stop changing my gender!! > > > > So is Michele Irish for Michael? > > > > > Mr Michele Neylon > > Blacknight Solutions > > Hosting & Colocation, Brand Protection > > http://www.blacknight.ie/ > > Tel. 1850 927 280 > > Intl. +353 (0) 59 9183072 > > UK: 0870 163 0607 > > Direct Dial: +353 (0)59 9183090 > > Fax. +353 (0) 59 9164239 > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lbcadmin at GMAIL.COM Mon Jan 9 17:03:28 2006 From: lbcadmin at GMAIL.COM (Information Services) Date: Thu Jan 12 21:31:40 2006 Subject: Hard Lock Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I am going to check into the HDs. All three systems have the exact same HDs in them. All the same sw is running on them also, except for squid on the two mailscanner boxes. I will also try the suggestions posted in a previous reply to this also. I definitely need to resolve this issue. I don't want my production systems to be locking up, especially not at 0200 hours. On 1/7/06, Glenn Steen wrote: On 06/01/06, Information Services wrote: (snip) > clamav-0.87 Update cam asap. (snip) > > First, > > When I reboot the systems, it takes about 20 minutes before the login > screen appears. I am able to shell into the systems themselves and work on > them, but I would like to resolve why they don't bring the login screen up > right away after the boot process. The GUI either sets at the blank screen > with the black curser outlined in white and is an 'X' symbol, or at the > progress bar at 100 percent until it finally shows the login screen. Assuming you are referring to a graphical logon screen, this is usually a display manager for X.... Which in turn usually means that extreme slowness is due to a network misconfiguration. Having no valid name lookup (in /etc/hosts) for the loopback IF address usually has this effect... So check that all names (including loopback) resolve as they should. If you have it configured for a X font sever, check that it is running, and that you have no network issues in reaching it. > > Issue 2: > > I have been havin problems with both servers locking up. One server more > than the other. > (snip) Nothing jumps out and grabs ones attention.... So suspect the usual things: HW and kernel. One is easy to change.... so why not try your hand on doing a "custom kernel";-). since both machines are more or less of an age, and fairly similar in makeup..... shoddy drivers come to mind, as well as diverse age-related cr*p. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Jan 9 17:47:50 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:40 2006 Subject: exe extension in url Message-ID: The reason why you need anti-virus on the desktop.... ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Information Services > Sent: 09 January 2006 17:42 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] exe extension in url > > Here is something I haven't seen, and maybe these have been coming through > but this is the first I have taken notice too. > > I have an email (posted below), that tries to get the user to go to a link > with an executable file. Where would I go in order to block this type of > email? > I could block the postcard domain, but that would resolve only them. I am > concerned about hackers sending to less knowledgeable users. > > ################################################ > > From: Best Postcard [mailto:service@postcard.com] > Sent: Friday, January 06, 2006 5:46 PM > To: munged@munged.com > Subject: Online Greeting Card Waiting For You > > > > Hello, > > A Greeting Card is waiting for you at our virtual post office! > > Sender: your dear friend > > If you don't pick up your Greeting Card within 4 weeks, our postal clerk > may discard it! > > CLICK this pick-up address or COPY and PASTE into your browser : > > http://www.freeforall.home.ro/postcard.gif.exe > > > (c) All-Yours Greeting Cards Provided as a free service by All-Yours > Greeting Cards http://www.freeforall.home.ro > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lbcadmin at GMAIL.COM Mon Jan 9 17:41:58 2006 From: lbcadmin at GMAIL.COM (Information Services) Date: Thu Jan 12 21:31:40 2006 Subject: exe extension in url Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Here is something I haven't seen, and maybe these have been coming through but this is the first I have taken notice too. I have an email (posted below), that tries to get the user to go to a link with an executable file. Where would I go in order to block this type of email? I could block the postcard domain, but that would resolve only them. I am concerned about hackers sending to less knowledgeable users. ################################################ From: Best Postcard [mailto:service@postcard.com] Sent: Friday, January 06, 2006 5:46 PM To: munged@munged.com Subject: Online Greeting Card Waiting For You Hello, A Greeting Card is waiting for you at our virtual post office! Sender: your dear friend If you don't pick up your Greeting Card within 4 weeks, our postal clerk may discard it! CLICK this pick-up address or COPY and PASTE into your browser : http://www.freeforall.home.ro/postcard.gif.exe (c) All-Yours Greeting Cards Provided as a free service by All-Yours Greeting Cards http://www.freeforall.home.ro ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Mon Jan 9 21:11:20 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:40 2006 Subject: exe extension in url Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/9/06, Information Services wrote: Here is something I haven't seen, and maybe these have been coming through but this is the first I have taken notice too. I have an email (posted below), that tries to get the user to go to a link with an executable file. Where would I go in order to block this type of email? I could block the postcard domain, but that would resolve only them. I am concerned about hackers sending to less knowledgeable users. ################################################ From: Best Postcard [mailto:service@postcard.com ] Sent: Friday, January 06, 2006 5:46 PM To: munged@munged.com Subject: Online Greeting Card Waiting For You Hello, A Greeting Card is waiting for you at our virtual post office! Sender: your dear friend If you don't pick up your Greeting Card within 4 weeks, our postal clerk may discard it! CLICK this pick-up address or COPY and PASTE into your browser : http://www.freeforall.home.ro/postcard.gif.exe You could write a SpamAssassin rule to score web links to executable files. -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at KONSULTEX.COM.BR Mon Jan 9 20:00:30 2006 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:31:40 2006 Subject: Header Syntax Error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Gentlemen; I never saw this message in the logs of a new server installed this weekend: Jan 9 16:49:37 aradhana sendmail[3186]: k09JnWfC003175: SYSERR(root): header syntax error, line "X-Sesamo Regalos-MailScanner-From: " Environment: Fedora Core 4 (fully patched) MailScanner 4.47.4-2 Clamav 0.87.1 Sendmail 8.13.4 mail clients: Outlook/Outlook Express with versions ranging from Win98 to WinXP. Is this header syntax error something to worry about? Is it because the "From:" is empty? Miguel -- Esta mensagem foi verificada pelo sistema de antivrus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Mon Jan 9 21:24:15 2006 From: Dave (Dave) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: On Mon, Jan 09, 2006 at 09:46:34AM -0000, Martin Hepworth wrote: > Ah yes of course I'd forgot about that....... > > Hey, its still early Monday AM - that's my excuse and I'm sticking by it.... > :-) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of shuttlebox > > Sent: 09 January 2006 09:39 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] Exclusion List > > > > On 1/9/06, Martin Hepworth wrote: > > > > As Michelle said, the short answer is yes, > > > > The longer answer is, you'll have to create a ruleset for all tests > > to > > exclude that user from that test. > > > > > > > > Yes, but "Scan Messages" is the big switch so if he wants to avoid > > scanning totally he only needs one ruleset. > > So far so good, but what about case sensitivity issues? > > -- > > /peter > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jan 9 21:25:11 2006 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:40 2006 Subject: ClamAV 0.88 is out!! Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] For those waiting for the stable release of clamav, which is supposed to correct the scanning of certain new sober variants.. http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=216552 - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Jan 9 20:08:03 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:40 2006 Subject: Header Syntax Error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Miguel Koren O'Brien de Lacy wrote: > Gentlemen; > > I never saw this message in the logs of a new server installed this > weekend: > > Jan 9 16:49:37 aradhana sendmail[3186]: k09JnWfC003175: SYSERR(root): > header syntax error, line "X-Sesamo Regalos-MailScanner-From: " > > Environment: > Fedora Core 4 (fully patched) > MailScanner 4.47.4-2 > Clamav 0.87.1 > Sendmail 8.13.4 > mail clients: Outlook/Outlook Express with versions ranging from Win98 > to WinXP. > > Is this header syntax error something to worry about? Is it because the > "From:" is empty? > The syntax error is because the header name has a space in it between Sesamo and Regalos. That's an RFC violation. Check your %org-name% setting in Mailscanner.conf and make sure it has no spaces in it. Use - instead. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Mon Jan 9 21:31:14 2006 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem writes: > On Mon, Jan 09, 2006 at 09:46:34AM -0000, Martin Hepworth wrote: >> Ah yes of course I'd forgot about that....... >> >> Hey, its still early Monday AM - that's my excuse and I'm sticking by it.... >> :-) >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> > -----Original Message----- >> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> > Behalf Of shuttlebox >> > Sent: 09 January 2006 09:39 >> > To: MAILSCANNER@JISCMAIL.AC.UK >> > Subject: Re: [MAILSCANNER] Exclusion List >> > >> > On 1/9/06, Martin Hepworth wrote: >> > >> > As Michelle said, the short answer is yes, >> > >> > The longer answer is, you'll have to create a ruleset for all tests >> > to >> > exclude that user from that test. >> > >> > >> > >> > Yes, but "Scan Messages" is the big switch so if he wants to avoid >> > scanning totally he only needs one ruleset. >> > > > So far so good, but what about case sensitivity issues? Well.. if you are a 'System Administrator' you will just go ahead and try it out.. won't you? - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Mon Jan 9 22:18:56 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:40 2006 Subject: Header Syntax Error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/9/06, Miguel Koren O'Brien de Lacy wrote: Gentlemen; I never saw this message in the logs of a new server installed this weekend: Jan 9 16:49:37 aradhana sendmail[3186]: k09JnWfC003175: SYSERR(root): header syntax error, line "X-Sesamo Regalos-MailScanner-From: " This is a very common question. However, I don't think Julian can make it any more clear: # RULE: It must not contain any spaces! %org-name% = yoursite -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Mon Jan 9 22:21:48 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/9/06, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: So far so good, but what about case sensitivity issues? It's in the documentation, you should try it sometime. :-) etc/rules/README: "You can put them in upper or lower case, it doesn't matter." -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Mon Jan 9 22:29:19 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:40 2006 Subject: exe extension in url Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday 10 January 2006 04:41, Information Services wrote: > Here is something I haven't seen, and maybe these have been coming through > but this is the first I have taken notice too. > > I have an email (posted below), that tries to get the user to go to a link > with an executable file. Where would I go in order to block this type of > email? > I could block the postcard domain, but that would resolve only them. I am > concerned about hackers sending to less knowledgeable users. I have written a number of SpamAssassin rules that increase the score for messages that link to executables (exe/dll/bat/etc... but NOT ".com"...think about it :P). Unfortunately some of them also hit legitimate websites (like www.ht.com.au which uses a program called "xworks.exe" for its dynamic content). All my rules are available at http://files.grayonline.id.au - all the URL/URI rules are in the "local_uri.cf" which is in the tar ball. The rest of the instructions are on the website. Pick and choose as you see fit :) Cheers, James -- You will triumph over your enemy. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Mon Jan 9 22:34:52 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:40 2006 Subject: Header Syntax Error Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday 10 January 2006 09:18, shuttlebox wrote: > On 1/9/06, Miguel Koren O'Brien de Lacy wrote: > > Gentlemen; > > > > I never saw this message in the logs of a new server installed this > > weekend: > > > > Jan 9 16:49:37 aradhana sendmail[3186]: k09JnWfC003175: SYSERR(root): > > header syntax error, line "X-Sesamo Regalos-MailScanner-From: " > > This is a very common question. However, I don't think Julian can make it > any more clear: > > # RULE: It must not contain any spaces! > %org-name% = yoursite ..and some characters (the dot "." specifically) have caused problems for people as well. James -- mophobia, n.: Fear of being verbally abused by a Mississippian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From penguin at DHCP.NET Mon Jan 9 23:11:03 2006 From: penguin at DHCP.NET (A. Eijkhoudt) Date: Thu Jan 12 21:31:40 2006 Subject: Mail subject not getting modified Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, I'm getting a lot of mail recently that is correctly being recognized as spam, yet not having it subject modified. This shouldn't be happening, at all, as they're usually high-scoring spam E-mails (think >10.0), and therefore they should be quarantined by my config settings. Does anyone have an idea why this would happen? I've copied example headers of an E-mail in question: X-MS-INFO: Contact the network management staff if you have questions X-MS: **CLEAN** X-MS-SPAM: not spam X-MS-SPAM-SCORE: 40 X-MS-FROM: Doesn't seem right... Kind regards, A. Eijkhoudt -- This message has been scanned for viruses and dangerous HTML content by Valethosting. Dit bericht is gecontroleerd op virussen en gevaarlijke HTML door Valethosting's MailScanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Jan 9 23:30:33 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:40 2006 Subject: Mail subject not getting modified Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A. Eijkhoudt wrote: > Hello all, > > I'm getting a lot of mail recently that is correctly being recognized as > spam, yet not having it subject modified. This shouldn't be happening, > at all, as they're usually high-scoring spam E-mails (think >10.0), and > therefore they should be quarantined by my config settings. Does anyone > have an idea why this would happen? I've copied example headers of an > E-mail in question: > > X-MS-INFO: Contact the network management staff if you have questions > X-MS: **CLEAN** > X-MS-SPAM: not spam > X-MS-SPAM-SCORE: 40 > X-MS-FROM: > > Doesn't seem right... No it doesn't... Suggestion turn on this setting in your MailScanner.conf: Always Include SpamAssassin Report = yes That should give us a better idea as to what's going on. My guess is that the message in question is matching your MailScanner whitelist, which will cause the mail to go un-marked no matter how high the spamassassin score is. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Jan 9 23:33:47 2006 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:40 2006 Subject: exe extension in url Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] James Gray wrote: > I have written a number of SpamAssassin rules that increase the score for > messages that link to executables (exe/dll/bat/etc... but NOT ".com"...think > about it :P). Unfortunately some of them also hit legitimate websites (like > www.ht.com.au which uses a program called "xworks.exe" for its dynamic > content). Suggestion: use a $ to look for uris that END in .exe, instead of just looking for URIs that contain them. Most dynamic content sites using exe have parameters passed after it, such as the above site which ends in "/xworks.exe?M" Something like this would work: uri L_URI_EXE /\/.+\.exe$/i score L_URI_EXE 0.1 describe L_URI_EXE Contains link to a .exe file > > > All my rules are available at http://files.grayonline.id.au - all the URL/URI > rules are in the "local_uri.cf" which is in the tar ball. The rest of the > instructions are on the website. > Erm, you don't seem to have them in the 12/02/2005 tarball, which is the latest that's up there. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Tue Jan 10 00:43:53 2006 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:40 2006 Subject: tnef rpm Message-ID: Hello, On RH 7.3 system I get: Installing tnef decoder error: failed dependencies: libc.so.6(GLIBC_2.3) is needed by tnef-1.3.4-1 I suggest including tnef source rpm, instead of binary one. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Tue Jan 10 01:17:28 2006 From: Dave (Dave) Date: Thu Jan 12 21:31:40 2006 Subject: Exclusion List Message-ID: On Mon, Jan 09, 2006 at 11:21:48PM +0100, shuttlebox wrote: > On 1/9/06, Dave Shariff Yadallee - System Administrator a.k.a. The Root of > the Problem wrote: > > > > So far so good, but what about case sensitivity issues? > > > > It's in the documentation, you should try it sometime. :-) > > etc/rules/README: > > "You can put them in upper or lower case, it doesn't matter." > For the to/from rules yes, but it is not clear on the subject of e-mail addreses, ie. field 2. > -- > /peter > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Tue Jan 10 01:46:53 2006 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:40 2006 Subject: cron message is incorrect Message-ID: Hello, When I stop MailScanner, I get such message from cron every hour: /etc/cron.hourly/check_MailScanner: MailScanner manually shut down (no /var/lock/subsys/MailScanner.off file). Not restarting. It is incorrect. Actually /var/lock/subsys/MailScanner.off file exists. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at KONSULTEX.COM.BR Tue Jan 10 01:50:05 2006 From: miguelk at KONSULTEX.COM.BR (Miguel Koren OBrien de Lacy) Date: Thu Jan 12 21:31:40 2006 Subject: Header Syntax Error Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks everyone for the suggestions. I replaced the space with a dash and the errors disappeared. Some things are taken for granted and not read enough times ;-) Miguel -- Konsultex Informatica (http://www.konsultex.com.br) ---------- Original Message ----------- From: James Gray To: MAILSCANNER@JISCMAIL.AC.UK Sent: Tue, 10 Jan 2006 09:34:52 +1100 Subject: Re: Header Syntax Error > On Tuesday 10 January 2006 09:18, shuttlebox wrote: > > On 1/9/06, Miguel Koren O'Brien de Lacy wrote: > > > Gentlemen; > > > > > > I never saw this message in the logs of a new server installed this > > > weekend: > > > > > > Jan 9 16:49:37 aradhana sendmail[3186]: k09JnWfC003175: SYSERR(root): > > > header syntax error, line "X-Sesamo Regalos-MailScanner-From: " > > > > This is a very common question. However, I don't think Julian can make it > > any more clear: > > > > # RULE: It must not contain any spaces! > > %org-name% = yoursite > > ..and some characters (the dot "." specifically) have caused problems for > people as well. > > James > -- > mophobia, n.: > Fear of being verbally abused by a Mississippian. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > Esta mensagem foi verificada pelo sistema de [UTF-8?]antivrus e > acredita-se estar livre de perigo. ------- End of Original Message ------- -- Esta mensagem foi verificada pelo sistema de antivrus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Tue Jan 10 02:53:55 2006 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:40 2006 Subject: unneeded archive in MailScanner-4.49.7-1.tar.gz Message-ID: Hello, There is unneeded archive cz.tar.gz (older Czech messages) in /etc/reports directory of MailScanner-4.49.7-1.tar.gz. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Jan 10 03:49:44 2006 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:40 2006 Subject: Feature request - sort of... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Would it be possible to have: http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-latest.rpm.tar.gz and http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-beta.rpm.tar.gz redirect or point to the latest stable and beta releases? I'm updating my automation scripts (which save me at least an hour when installing a server with MS+ClamAV+BitDefender+SpamAssassin(razor+pyzor+dcc)+clamavmilter+spf+greylisting+domainkeys+SMTPAuth+imaps/pop3s+webmail+everythingelse) and I thought it would save a couple of lines of code and prevent changes to the design of the webpage from breaking my scripts. I currently do it with: export LATESTMSURL=http://www.sng.ecs.soton.ac.uk/mailscanner/`lynx --source http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml | grep .tar.gz |head -1 | cut -d \" -f 2` export LATESTMS=`echo $LATESTMSURL|cut -d / -f 8` wget $LATESTMSURL tar xvfz $LATESTMS ... and so on. Any suggestions? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Tue Jan 10 03:48:41 2006 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:40 2006 Subject: zombie processes Message-ID: Hello, On a Debian woody box with exim3, I get zombie process after starting MailScanner: # ps axw|grep -i mailsc 15355 ? S 0:00 MailScanner: starting children 15356 ? S 0:00 MailScanner: waiting for messages 15360 ? Z 0:00 [MailScanner ] 15366 ? S 0:00 MailScanner: waiting for messages After some time: # ps axw|grep -i mailsc 15355 ? S 0:00 MailScanner: master waiting for children, sleeping 15356 ? S 0:00 MailScanner: waiting for messages 15360 ? Z 0:00 [MailScanner ] 15366 ? S 0:00 MailScanner: waiting for messages After message is received: # ps axw|grep -i mailsc 15355 ? S 0:00 MailScanner: master waiting for children, sleeping 15356 ? S 0:00 MailScanner: waiting for messages 15360 ? Z 0:00 [MailScanner ] 15366 ? S 0:00 MailScanner: waiting for messages 15396 ? Z 0:00 [MailScanner ] Sometimes some zombies disappear and new ones appear, but usually there are 2 of them. They don't seem to be doing any harm and they disappear after stopping mailscanner, but still something is wrong. Any ideas? Nothing wrong in logs. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Tue Jan 10 04:22:46 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:40 2006 Subject: exe extension in url Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday 10 January 2006 10:33, Matt Kettler wrote: > James Gray wrote: > > I have written a number of SpamAssassin rules that increase the score for > > messages that link to executables (exe/dll/bat/etc... but NOT > > ".com"...think about it :P). Unfortunately some of them also hit > > legitimate websites (like www.ht.com.au which uses a program called > > "xworks.exe" for its dynamic content). > > Suggestion: use a $ to look for uris that END in .exe, instead of just > looking for URIs that contain them. Most dynamic content sites using exe > have parameters passed after it, such as the above site which ends in > "/xworks.exe?M" > > > Something like this would work: > > > uri L_URI_EXE /\/.+\.exe$/i > score L_URI_EXE 0.1 > describe L_URI_EXE Contains link to a .exe file Good suggestion - done. New tar ball uploaded and change logs edited. > > > > All my rules are available at http://files.grayonline.id.au - all the > > URL/URI rules are in the "local_uri.cf" which is in the tar ball. The > > rest of the instructions are on the website. > > > > Erm, you don't seem to have them in the 12/02/2005 tarball, which is the > latest that's up there. Really? It was in there when I opened it. Anyway, there's a new tar ball dated 10-Jan-2006 that I KNOW has the local_uri.cf file in it. Cheers, James > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! James -- It's hard to argue that God hated Oklahoma. If He didn't, why is it so close to Texas? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 09:18:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:40 2006 Subject: zombie processes Message-ID: -----BEGIN PGP SIGNED MESSAGE----- And on my DOS 6.2 machine I find the multi-tasking a little slow too :-) You have an error in your MailScanner.conf, check your maillog. What version of MailScanner are you running? woody shipped with 3.27. On 10 Jan 2006, at 03:48, Nerijus Baliunas wrote: > Hello, > > On a Debian woody box with exim3, I get zombie process after > starting MailScanner: > > # ps axw|grep -i mailsc > 15355 ? S 0:00 MailScanner: starting children > 15356 ? S 0:00 MailScanner: waiting for messages > 15360 ? Z 0:00 [MailScanner ] > 15366 ? S 0:00 MailScanner: waiting for messages > > After some time: > > # ps axw|grep -i mailsc > 15355 ? S 0:00 MailScanner: master waiting for > children, sleeping > 15356 ? S 0:00 MailScanner: waiting for messages > 15360 ? Z 0:00 [MailScanner ] > 15366 ? S 0:00 MailScanner: waiting for messages > > After message is received: > > # ps axw|grep -i mailsc > 15355 ? S 0:00 MailScanner: master waiting for > children, sleeping > 15356 ? S 0:00 MailScanner: waiting for messages > 15360 ? Z 0:00 [MailScanner ] > 15366 ? S 0:00 MailScanner: waiting for messages > 15396 ? Z 0:00 [MailScanner ] > > Sometimes some zombies disappear and new ones appear, but usually > there are 2 of them. They don't seem to be doing any harm and they > disappear after stopping mailscanner, but still something is wrong. > Any ideas? Nothing wrong in logs. > > Regards, > Nerijus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ8N72Pw32o+k+q+hAQHPYgf/e9D10rZYB7dNmvW9NDXIJKnooucROE8T bbiKX7HQ/Hk/bgxRyp9W89zuaTNWyEi5jF9qyoICdPFQWXMgwmmmGTN1KlJucHaP XbPq223AcaCwZmuBu1yBd92NkORFwT10LJe5u33McOvgrCA4H4jbpW+vJioR5ad3 WZvNrya7Net4em7c0ecBpy+X/nEBoMdAWYKBfDA460/zyZ/LUQ2F3ccxRU2Lgw55 F5610DW2XE8t51tQiPlwm7kfkK3ePQQ6Fgh6CqYXeeb+3JjAroVAKWkiLYsbFcPu MTWlPDyKLnm3CwgeTAbanrFwstKUeXBjYfHxpQr8bzT62uOx7BJviA== =23Ln -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 09:11:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:40 2006 Subject: ClamAV 0.88 is out!! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have updated by easy-to-install ClamAV+SpamAssassin package at www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz to include this update. On 9 Jan 2006, at 21:25, Dhawal Doshy wrote: > For those waiting for the stable release of clamav, which is > supposed to correct the scanning of certain new sober variants.. > http://freshmeat.net/projects/clamav/? > branch_id=29355&release_id=216552 > - dhawal - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ8N6Wfw32o+k+q+hAQFd2wf/ZHOWckS9fpolxIQ4wOWnV/Xg8uDV7jsS d4dbO8kizefb4gle7lEmwPDhGFC6iRiHmyrD+Q1BTEFxvwwXj7Wz1Q3zU8+dXUWz tge2ZcSq03cBT0ogmq7sDc6XP01KdMhyqXzI/bQhsOuGo1vC2vWZuK+uk0b7YlUb NNsaW8v0cXNdSEhjHXPdfcW0uVcxY779itLJUI2rlAz26iE35FDmD4lZw1qHx3rx kTtnwDwDNRh2FKYYcaF9PAFwOw/whTtKjX4E2Cm6HQUdziZ9rKSxFO/y3It5m7rO tHSAwMoHshkBZUVVhQxjlhRMN27OTKQ52mB7ZlrBtVVOwrlnjjVoAg== =IUJ+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 10 09:51:36 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:40 2006 Subject: exe extension in url Message-ID: James Any chance you could modify the rules dir so they are individual ones and then I can create a RuleDuJour setup for them. Yes I could you update_spam script, but then I'd have two scripts to do this when I only really one. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of James Gray > Sent: 10 January 2006 04:23 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] exe extension in url > > On Tuesday 10 January 2006 10:33, Matt Kettler wrote: > > James Gray wrote: > > > I have written a number of SpamAssassin rules that increase the score > for > > > messages that link to executables (exe/dll/bat/etc... but NOT > > > ".com"...think about it :P). Unfortunately some of them also hit > > > legitimate websites (like www.ht.com.au which uses a program called > > > "xworks.exe" for its dynamic content). > > > > Suggestion: use a $ to look for uris that END in .exe, instead of just > > looking for URIs that contain them. Most dynamic content sites using exe > > have parameters passed after it, such as the above site which ends in > > "/xworks.exe?M" > > > > > > Something like this would work: > > > > > > uri L_URI_EXE /\/.+\.exe$/i > > score L_URI_EXE 0.1 > > describe L_URI_EXE Contains link to a .exe file > > Good suggestion - done. New tar ball uploaded and change logs edited. > > > > > > > All my rules are available at http://files.grayonline.id.au - all the > > > URL/URI rules are in the "local_uri.cf" which is in the tar ball. The > > > rest of the instructions are on the website. > > > > > > > Erm, you don't seem to have them in the 12/02/2005 tarball, which is the > > latest that's up there. > > Really? It was in there when I opened it. Anyway, there's a new tar ball > dated 10-Jan-2006 that I KNOW has the local_uri.cf file in it. > > Cheers, > > James > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > James > -- > It's hard to argue that God hated Oklahoma. If He didn't, why is it so > close to Texas? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From james at grayonline.id.au Tue Jan 10 10:08:13 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jan 12 21:31:40 2006 Subject: exe extension in url Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, 10 Jan 2006 20:51, Martin Hepworth wrote: > James > > Any chance you could modify the rules dir so they are individual ones and > then I can create a RuleDuJour setup for them. Yes I could you > update_spam script, but then I'd have two scripts to do this when I only > really one. I *could* but then the 20 odd people who requested the current version\file-foo.cf hierachy will scream blue murder. All the scripts I've written were for my own use, but I can write you an "unpack-flat" script or something if you want. Alternatively, if you want to contact me off-list I could sort out direct access to the rules in CVS, then you can bundle them up however you want :) I'm aware of RuleDuJour stuff, but it didn't do what I wanted (back when I inherited the mail administrator hat 5 years ago) with simple "roll-back-to-previous" simply by changing a symlink etc. My rules kinda evolved by accident to where they are now...I guess if I had intended to fit in with what everyone else was doing from the start it would've been a little more friendly to our friends over at RuleDuJour. Like everything in the F/OSS world - if you don't like it, make it better :) Cheers, James -- I respect faith, but doubt is what gives you an education. -- Wilson Mizner ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From penguin at DHCP.NET Tue Jan 10 10:20:12 2006 From: penguin at DHCP.NET (Arnim Eijkhoudt) Date: Thu Jan 12 21:31:40 2006 Subject: Mail subject not getting modified Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'd do that if it weren't enabled already! Which is why I haven't been able to troubleshoot this myself, incidentally :P Here's a complete copy of all the headers (excuse the spam): ---- SNIP Return-Path: Received: from STARRSTRUCKHOME.ironoh.adelphia.net (winchester-motorola1--70-35-219-251.ironoh.adelphia.net [70.35.219.251]) by www.valethosting.net (8.13.4/8.13.4) with SMTP id k0AAEHWD021224 for ; Tue, 10 Jan 2006 11:14:23 +0100 Date: Tue, 10 Jan 2006 11:14:18 +0100 Message-Id: From: Millie Costa To: penguin@dhcp.net Subject: Re: from you MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" X-Priority: 3 (Normal) X-Mailer: 0013$01a2ca59$094bea57@STARRSTRUCKHOME X-MS-INFO: Contact the network management staff if you have questions X-MS: **CLEAN** X-MS-SPAM: not spam X-MS-SPAM-SCORE: 44.90 X-MS-FROM: ----- SNIP I still don't understand why this is happening. I find the Return-Path's and empty X-MS-FROM: headers a bit odd though. Kind regards, A. Eijkhoudt Matt Kettler wrote: > Suggestion turn on this setting in your MailScanner.conf: > > Always Include SpamAssassin Report = yes > > That should give us a better idea as to what's going on. My guess is that the > message in question is matching your MailScanner whitelist, which will cause the > mail to go un-marked no matter how high the spamassassin score is. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From helge.waastad at SMARTNET.NO Tue Jan 10 11:04:23 2006 From: helge.waastad at SMARTNET.NO (Helge Waastad) Date: Thu Jan 12 21:31:40 2006 Subject: MailScanner login Message-ID: Hi, I've just installed the 4.49.7 version of MailScanner and it works great. Hoewever I hvae a question regarding logging. When I catch spam messages, I get: mail postfix/smtpd[29931]: 439FF49C00D: reject_warning: RCPT from unknown[217.219.173.8]: 450 Client host rejected: cannot find your hostname, [217.219.173.8]; from=<[spamuser]@hotmail.com> to=<[user]@[mydomain]> proto=SMTP helo= Jan 10 11:28:24 mail postfix/cleanup[29934]: 439FF49C00D: hold: header Received: from mail.[mydomain] (unknown [217.219.173.8])??by mail.[mydomain] (Postfix) with SMTP id 439FF49C00D??for <[user]@[mydomain]>; Tue, 10 Jan 2006 11:28:23 +0100 (CET) from unknown[217.219.173.8]; from=<[spamuser]@hotmail.com> to=<[user]@[mydomain]> proto=SMTP helo= Jan 10 11:28:30 mail MailScanner[29925]: Message 439FF49C00D.C2AA0 from 217.219.173.8 ([spamuser]@hotmail.com) to [mydomain] is NJABL, DSBL It is actually the last linje I'm wondering about. Is it correct that only the domain should be printed out in the to address? br, hw ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Tue Jan 10 11:39:04 2006 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:31:40 2006 Subject: Upgraded to 4.49 now I have language messages in log file Message-ID: Upgraded to 4.49 OK (and DID run the upgrade scripts), but in the maillog I am getting: Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string score in language translation file /etc/MailScanner/reports/en/languages.conf Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string required in language translation file /etc/MailScanner/reports/en/languages.conf Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string spamassassin in language translation file /etc/MailScanner/reports/en/languages.conf Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string unreadablearchive in language translation file /etc/MailScanner/reports/en/languages.conf Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf Is this expected? Thanks NK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Tue Jan 10 12:04:05 2006 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:31:41 2006 Subject: Upgraded to 4.49 now I have language messages in log file Message-ID: Following the upgrade routine gives me a zero byte languages.conf -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: 10 January 2006 11:56 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Upgraded to 4.49 now I have language messages in log file Nigel You sure you rand upgrade_languages_conf ? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Nigel kendrick > Sent: 10 January 2006 11:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Upgraded to 4.49 now I have language messages > in log file > > Upgraded to 4.49 OK (and DID run the upgrade scripts), but in the > maillog I am getting: > > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string score in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string required in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string spamassassin in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > > Is this expected? > > Thanks > > NK > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at GMAIL.COM Tue Jan 10 12:22:58 2006 From: devonharding at GMAIL.COM (Devon Harding) Date: Thu Jan 12 21:31:41 2006 Subject: Beta 4.50.5 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What is the procedure in converting bayes to MYSQL? I'm getting too much Spamassassin time outs. On 1/5/06, Julian Field < MailScanner@ecs.soton.ac.uk> wrote: -----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 2006, at 15:50, Aaron K. Moore wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I have just released version 4.50.5. >> >> This is basically a lot of tidying up done since yesterday's 4.50.4. >> No dramatic new features. > > I've saw SQLite mentioned in a few of the posts. Are you just > using it > for SpamAssassin in your rpm builds, or is it being used for other > parts > of MailScanner? I'm using it for the new SpamAssassin cache. Very quick and easy shared database. But it is optional. If it's not installed then you can't use the new feature, that's all. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ71Hi/w32o+k+q+hAQHAgwgAmhEtxP2POR2T9VEznquwjONYFsp50E0r /ORdbfrKGhLUlpn1W8OLclLiEzP2xTy0exdZPlOos+CLAZnCqPFhl3aEJTgVbc5x VdGKqXjPWUOKMjq36wT4ML2Ars2FpAECfxhfrJCQ/OEBGNABlEOV10XcOmoQe3GF YhzlR9mvzHUpVGdlTJDiofUB3p8n4z87OqW1EUHDMtZwoC0FYaleV0FNYgx06CML FTigLOnaJA3dSgtMVPCYRN+jFwUX+ORMvZ+JmE29J1D+zEVCH8VRybgpUFlHijbV Nb/XeIUwXlj5r1x9acnMMHMSJN9UNeY/rDtMHGuc6Sl1U37LCtNqiQ== =quyA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki ( http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Jan 10 11:56:05 2006 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:41 2006 Subject: Upgraded to 4.49 now I have language messages in log file Message-ID: Nigel You sure you rand upgrade_languages_conf ? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Nigel kendrick > Sent: 10 January 2006 11:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Upgraded to 4.49 now I have language messages in > log file > > Upgraded to 4.49 OK (and DID run the upgrade scripts), but in the maillog > I > am getting: > > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string > score in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string > required in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string > spamassassin in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > > Is this expected? > > Thanks > > NK > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Tue Jan 10 12:01:17 2006 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:31:41 2006 Subject: Upgraded to 4.49 now I have language messages in log file Message-ID: Yep - on two servers - will do it again tho' -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Martin Hepworth Sent: 10 January 2006 11:56 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Upgraded to 4.49 now I have language messages in log file Nigel You sure you rand upgrade_languages_conf ? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Nigel kendrick > Sent: 10 January 2006 11:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Upgraded to 4.49 now I have language messages > in log file > > Upgraded to 4.49 OK (and DID run the upgrade scripts), but in the > maillog I am getting: > > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string score in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string required in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string spamassassin in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > > Is this expected? > > Thanks > > NK > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 12:27:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:41 2006 Subject: Upgraded to 4.49 now I have language messages in log file Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Can the MailScanner "Run As User" read the languages.conf file? For some reason it isn't finding it or managing to read it. On 10 Jan 2006, at 11:39, Nigel kendrick wrote: > Upgraded to 4.49 OK (and DID run the upgrade scripts), but in the > maillog I > am getting: > > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string > score in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string > required in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string > spamassassin in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > > Is this expected? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ8OoHPw32o+k+q+hAQHaKwf/SqpUv3uMjybA8fO6g7cleHgRX11W/3AD i3SkZ/e52JzSZlJ4RgSrYfsG68BoCYumrteWmXHP8Ca8D/JJI7ArQDdfAk83Mz3D A65PiNv9gQCDSftn/9oBc/htJF+n4Fv3tLyoB6ckziSJHG+7gFXPw++hhU3HIbc3 sc31T9dvalxG492z9gHAsQFLC0Crt3cPNno6MpIkxvkig3uptxSTnEfJDEmEekmR FhFJqMtG6OIKhPSp4P9Os6VFIvr2C1XpQPkgGVYdbu3BV4gS6pFtmWNmz2zDi4Vv dwGn91vOuY2qiufr68eAO378gOWQDV92ab37HxRZpJIV/QnZmacPkw== =eVsP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 12:24:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner login Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Yes, that's correct. That is what most people wanted. Feel free to edit the code :-) On 10 Jan 2006, at 11:04, Helge Waastad wrote: > Hi, I've just installed the 4.49.7 version of MailScanner and it > works great. > Hoewever I hvae a question regarding logging. > When I catch spam messages, I get: > > mail postfix/smtpd[29931]: 439FF49C00D: reject_warning: RCPT from > unknown[217.219.173.8]: 450 Client host rejected: cannot find your > hostname, > [217.219.173.8]; from=<[spamuser]@hotmail.com> to=<[user]@[mydomain]> > proto=SMTP helo= > Jan 10 11:28:24 mail postfix/cleanup[29934]: 439FF49C00D: hold: header > Received: from mail.[mydomain] (unknown [217.219.173.8])??by mail. > [mydomain] > (Postfix) with SMTP id 439FF49C00D??for <[user]@[mydomain]>; Tue, > 10 Jan > 2006 11:28:23 +0100 (CET) from unknown[217.219.173.8]; > from=<[spamuser]@hotmail.com> to=<[user]@[mydomain]> proto=SMTP > helo= > Jan 10 11:28:30 mail MailScanner[29925]: Message 439FF49C00D.C2AA0 > from > 217.219.173.8 ([spamuser]@hotmail.com) to [mydomain] is NJABL, DSBL > > It is actually the last linje I'm wondering about. Is it correct > that only > the domain should be printed out in the to address? > > br, > hw > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ8Onhvw32o+k+q+hAQHXLAf/Wt8bu5MkZIhgOIjoBvbF+phkSR4ZAxJm TB2ywHXdHVIBdloy5A4g1exd8PKZ1mTVmDF9ov+JcrmGxvdXYyvkNlGXkW7sdrIm jbl2ki/L9OSlQ/OLCNQgH+8R+oHpiluEJcxfGtR8LBJXHccsR/xApWMkP78d85IE rtIK7ieDw9vccf5J5wKYlfonXNSd6Rzd8xiHUXRFZ01+mGJqJnRl+ZpoD3l0oxCq RDrKGiVUdIOykB6Zq9LxsJiLM7FZWpEm4w6O9h+/RTfGLMlSt3Hfw+NNx18SGskJ HdL3rACZJ5tfyI2sqW92HsNpK4BRcBYKPQZ3jPVsjPP1eaEt1O1jXw== =gzMc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Jan 10 12:47:13 2006 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:41 2006 Subject: Beta 4.50.5 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, January 10, 2006 12:22, Devon Harding wrote: > What is the procedure in converting bayes to MYSQL? I'm getting too much > Spamassassin time outs. It's in the wiki http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sql will do it! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From support-lists at PETDOCTORS.CO.UK Tue Jan 10 13:12:13 2006 From: support-lists at PETDOCTORS.CO.UK (Nigel kendrick) Date: Thu Jan 12 21:31:41 2006 Subject: Upgraded to 4.49 now I have language messages in log file Message-ID: Yes - I can read the file. This is what is happening if I blindly follow the upgrade instructions.. 1) There's no .rpmnew (problem?) 2) upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new throws up the 'usage' screen and creates a zero byte .new file. 3) mv -f languages.conf languages.old backs up existing .conf 4) mv -f languages.new languages.conf puts zero byte file in place Just tried this on a third server (all CentOS4 uaing redHat rpm) - same result. NK -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 10 January 2006 12:27 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Upgraded to 4.49 now I have language messages in log file -----BEGIN PGP SIGNED MESSAGE----- Can the MailScanner "Run As User" read the languages.conf file? For some reason it isn't finding it or managing to read it. On 10 Jan 2006, at 11:39, Nigel kendrick wrote: > Upgraded to 4.49 OK (and DID run the upgrade scripts), but in the > maillog I am getting: > > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string score in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string required in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string spamassassin in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown > string archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > > Is this expected? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ8OoHPw32o+k+q+hAQHaKwf/SqpUv3uMjybA8fO6g7cleHgRX11W/3AD i3SkZ/e52JzSZlJ4RgSrYfsG68BoCYumrteWmXHP8Ca8D/JJI7ArQDdfAk83Mz3D A65PiNv9gQCDSftn/9oBc/htJF+n4Fv3tLyoB6ckziSJHG+7gFXPw++hhU3HIbc3 sc31T9dvalxG492z9gHAsQFLC0Crt3cPNno6MpIkxvkig3uptxSTnEfJDEmEekmR FhFJqMtG6OIKhPSp4P9Os6VFIvr2C1XpQPkgGVYdbu3BV4gS6pFtmWNmz2zDi4Vv dwGn91vOuY2qiufr68eAO378gOWQDV92ab37HxRZpJIV/QnZmacPkw== =eVsP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 13:40:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:41 2006 Subject: Upgraded to 4.49 now I have language messages in log file Message-ID: -----BEGIN PGP SIGNED MESSAGE----- If there is no .rpmnew file then you don't need to upgrade it anyway. On 10 Jan 2006, at 13:12, Nigel kendrick wrote: > Yes - I can read the file. > > This is what is happening if I blindly follow the upgrade > instructions.. > > 1) There's no .rpmnew (problem?) > 2) upgrade_languages_conf languages.conf languages.conf.rpmnew > > languages.new throws up the 'usage' screen and creates a zero > byte .new > file. > 3) mv -f languages.conf languages.old backs up existing .conf > 4) mv -f languages.new languages.conf puts zero byte file in place > > Just tried this on a third server (all CentOS4 uaing redHat rpm) - > same > result. > > NK > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On Behalf > Of Julian Field > Sent: 10 January 2006 12:27 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Upgraded to 4.49 now I have language messages in log file > > * PGP Bad Signature, Signed by a unverified key: 01/10/06 at 12:27:08 > > Can the MailScanner "Run As User" read the languages.conf file? > For some reason it isn't finding it or managing to read it. > > On 10 Jan 2006, at 11:39, Nigel kendrick wrote: > >> Upgraded to 4.49 OK (and DID run the upgrade scripts), but in the >> maillog I am getting: >> >> Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown >> string score in language translation file >> /etc/MailScanner/reports/en/languages.conf >> Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown >> string required in language translation file >> /etc/MailScanner/reports/en/languages.conf >> Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown >> string spamassassin in language translation file >> /etc/MailScanner/reports/en/languages.conf >> Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown >> string mailscanner in language translation file >> /etc/MailScanner/reports/en/languages.conf >> Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown >> string unreadablearchive in language translation file >> /etc/MailScanner/reports/en/languages.conf >> Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown >> string passwordedarchive in language translation file >> /etc/MailScanner/reports/en/languages.conf >> Jan 10 11:32:18 petdoctors MailScanner[15670]: Looked up unknown >> string archivetoodeep in language translation file >> /etc/MailScanner/reports/en/languages.conf >> >> Is this expected? > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 > D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * Julian Field > * 0xA4FAAFA1 - Unverified (L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ8O5a/w32o+k+q+hAQEqEAgAu5B3kYDbg02x2onRGCaeKn0tn9VTDUZn YVJJJUiYT/NbFYfes5HiIWPqF5NOLcL8oRef4a96lHsi/fKMkJihginYoCa5s/KF 4AMnLDyQYrtxIwxRtaQhi9Z2YrwIdMZ6154J6h8jGJevj/9ZdM98vkW7wBZwaERv yUrssoaFrOvjC0kwf7cnNGVXOefn6LhA80m70DwSVWbKQS4qo6izdXWmxwbi+/6D yrE2oMHxNnW1/42oS6r7Tb0GG1gkWlXnLXmNL1OQCeX9JoS4h52i+9PpNqktWXVo HS7lbpMIaO3VCEdMT03iZsArKqO/c1NVCZxPH//TBemosJJSLLGF3w== =Rwp0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Tue Jan 10 14:03:27 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner login Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/10/06, Helge Waastad wrote: Jan 10 11:28:30 mail MailScanner[29925]: Message 439FF49C00D.C2AA0 from numericlinkwarning 217.219.173.8 ([spamuser]@hotmail.com) to [mydomain] is NJABL, DSBL It is actually the last linje I'm wondering about. Is it correct that only the domain should be printed out in the to address? I've always assumed that it would be a problem to log correctly if the spam was addressed to 10:s or 100:s of recipients. I think a syslog line can be only 512 bytes, I might be wrong about that but it definitely has some limit since I've seen truncated lines. -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Jan 10 13:38:20 2006 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:41 2006 Subject: How did I turn off html emails? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Guys I know that this is not a good idea but I am getting calls about html e-mail looking like this http://www.google.co.uk/imghp?hl=en&tab=wi&client=firefox-a&rls=org.mozilla:en-GB:official_s Images http://groups.google.co.uk/grphp?hl=en&tab=wg&client=firefox-a&rls=org.mozilla:en-GB:official_s Groups http://news.google.co.uk/nwshp?hl=en&tab=wn&client=firefox-a&rls=org.mozilla:en-GB:official_s News I must have implemented a setting in MS that caused this can someone help point me in the right direction. Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Tue Jan 10 14:06:12 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:41 2006 Subject: How did I turn off html emails? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/10/06, Lance Haig wrote: Hi Guys I know that this is not a good idea but I am getting calls about html e-mail looking like this http://www.google.co.uk/imghp?hl=en&tab=wi&client=firefox-a&rls=org.mozilla:en- B:official_s Images http://groups.google.co.uk/grphp?hl=en&tab=wg&client=firefox-a&rls=org.mozilla: n-GB:official_s Groups http://news.google.co.uk/nwshp?hl=en&tab=wn&client=firefox-a&rls=org.mozilla:en GB:official_s News I must have implemented a setting in MS that caused this can someone help point me in the right direction. Could you have used this one? # Do you want to convert all HTML messages into plain text? # This is very useful for users who are children or are easily offended # by nasty things like pornographic spam. # This can also be the filename of a ruleset, so you can switch this # feature on and off for particular users or domains. Convert HTML To Text = no -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Jan 10 14:10:38 2006 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:41 2006 Subject: How did I turn off html emails? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter, Yup that is what I had. I need to set-up a rule for the complainers. thanks again. Lance shuttlebox wrote: On 1/10/06, Lance Haig wrote: Hi Guys I know that this is not a good idea but I am getting calls about html e-mail looking like this http://www.google.co.uk/imghp?hl=en&tab=wi&client=firefox-a&rls=org.mozilla:en- B:official_s Images http://groups.google.co.uk/grphp?hl=en&tab=wg&client=firefox-a&rls=org.mozilla: n-GB:official_s Groups http://news.google.co.uk/nwshp?hl=en&tab=wn&client=firefox-a&rls=org.mozilla:en GB:official_s News I must have implemented a setting in MS that caused this can someone help point me in the right direction. Could you have used this one? # Do you want to convert all HTML messages into plain text? # This is very useful for users who are children or are easily offended # by nasty things like pornographic spam. # This can also be the filename of a ruleset, so you can switch this # feature on and off for particular users or domains. Convert HTML To Text = no -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Red Armour MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 10 15:20:13 2006 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anyone having trouble upgrading Clamav? The last successfull database update was done in January 8 in my installation... Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Jan 10 15:23:23 2006 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Jochem wrote: > Anyone having trouble upgrading Clamav? The last successfull database > update was done in January 8 in my installation... > > Regards > > Roger Jochem > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Depends... how old *is* your install? Are you using 0.88? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From shuttlebox at GMAIL.COM Tue Jan 10 15:24:38 2006 From: shuttlebox at GMAIL.COM (shuttlebox) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 1/10/06, Roger Jochem wrote: Anyone having trouble upgrading Clamav? The last successfull database update was done in January 8 in my installation... I just got 1236 an hour ago. They always publish the latest file on clamav.net. -- /peter ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 10 15:33:55 2006 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I was using 0.87.1. I just upgraded and it is working fine again... Regards ----- Original Message ----- From: "Alex Neuman van der Hans" To: Sent: Tuesday, January 10, 2006 1:23 PM Subject: Re: ClamAV Database Update > Roger Jochem wrote: > >> Anyone having trouble upgrading Clamav? The last successfull database >> update was done in January 8 in my installation... >> >> Regards >> >> Roger Jochem >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > Depends... how old *is* your install? Are you using 0.88? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ryan at MARINOCRANE.COM Tue Jan 10 15:37:30 2006 From: ryan at MARINOCRANE.COM (Ryan Pitt) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can I ask how you upgraded. I am having trouble. FC2 ClamAV 0.87.1 Thanks Ryan Roger Jochem wrote: > I was using 0.87.1. > I just upgraded and it is working fine again... > > Regards > > ----- Original Message ----- From: "Alex Neuman van der Hans" > > To: > Sent: Tuesday, January 10, 2006 1:23 PM > Subject: Re: ClamAV Database Update > > >> Roger Jochem wrote: >> >>> Anyone having trouble upgrading Clamav? The last successfull >>> database update was done in January 8 in my installation... >>> >>> Regards >>> >>> Roger Jochem >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> Depends... how old *is* your install? Are you using 0.88? >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Tue Jan 10 15:51:03 2006 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday January 10 2006 10:20 am, Roger Jochem wrote: > Anyone having trouble upgrading Clamav? The last successfull database > update was done in January 8 in my installation... > > Regards > > Roger Jochem > I was running 0.87-1 until this morning (when I upgraded to 0.88) on CentOS 3 and 4 and FC2 boxes without a problem. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Jan 10 15:52:23 2006 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Best way to upgrade is usually, in the following order: 1. Download from clamav.net - extract, ./configure && make && make install && freshclam 2. Use Julian's script (updates SpamAssassin too, which is something you *may* or *may not* want) 3. Update from RPM's at dag.wieers.com or other repositories (if you're using RHEL or FC) Ryan Pitt wrote: > Can I ask how you upgraded. > I am having trouble. > FC2 > ClamAV 0.87.1 > Thanks > Ryan > > Roger Jochem wrote: > >> I was using 0.87.1. >> I just upgraded and it is working fine again... >> >> Regards >> >> ----- Original Message ----- From: "Alex Neuman van der Hans" >> >> To: >> Sent: Tuesday, January 10, 2006 1:23 PM >> Subject: Re: ClamAV Database Update >> >> >>> Roger Jochem wrote: >>> >>>> Anyone having trouble upgrading Clamav? The last successfull >>>> database update was done in January 8 in my installation... >>>> >>>> Regards >>>> >>>> Roger Jochem >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> Depends... how old *is* your install? Are you using 0.88? >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Tue Jan 10 16:22:24 2006 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner init-script (feature request?) Message-ID: Hello all... When I'm upgrading MailScanner (this is on a RH Linux box), I generally like to shut down MS and bring up the MTA (Postfix in our case)... so as to at least receive the mail during the 'downtime'. At the moment the init-script (as in the RPM package) handles shutting down/starting up the MTA and MailScanner in one... Is it possible to add some sort of 'custom' setting to /etc/sysconfig/MailScanner so the script *only* stops/starts MS? At the moment I edit the init-script by hand, but naturally every time I upgrade I end up with an .rpmnew ... Just a slight request... I appreciate that for some cases handling both tasks is easier. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at CSFS.CO.ZA Tue Jan 10 16:13:53 2006 From: craig at CSFS.CO.ZA (Craig) Date: Thu Jan 12 21:31:41 2006 Subject: Child Process Hangs Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, I freshly installed MailScanner 4.50.5, spamassassin, clamav 0.88, razor, pyzor, dcc and MailWatch 1.0.3. I also updated all perl modules to the latest. When I send a message, the MailScanner proccess stays is the "MailScanner: finishing batch" state. I noticed that MailScanner dies after all the child processes have processed a batch. If I kill one of the child processes, the MailScanner master starts a new process thus indicating that something in the processing of the message batch prevents the child process of dying. Is there a way that I can check what might be causing this as I have checked the logs and done spamassassin lint test which produces no errors that indicate anything??? Thanks Craig ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jan 10 16:48:50 2006 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:31:41 2006 Subject: OT: Open Proxy DNSBL Message-ID: Any recommendations? Preferably one that would allow rsync access ... Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Tue Jan 10 16:38:20 2006 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:31:41 2006 Subject: help with these errors Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday January 10 2006 11:35 am, Michael Baird wrote: > On Tue, 2006-01-10 at 11:28 -0500, Dimitri Yioulos wrote: > > Hello to all. > > > > After upgrading to the latest version of MS, following "errors" are > > reported by logwatch: > > > > Unrecognised keyword "spamassassinprefsfile" at line 1335 : 29 > > Time(s) Closing down by-domain spam blacklist : 29 Time(s) > > Closing down by-domain spam whitelist : 29 Time(s) > > Looks like you have a syntax error in your MailScanner.conf, where are > the spaces in that directive? > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > Regards > Michael Baird > I checked MailScanner.conf, and the line in question is as it should be. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craig at CSFS.CO.ZA Tue Jan 10 16:47:27 2006 From: craig at CSFS.CO.ZA (Craig Retief (CSFS)) Date: Thu Jan 12 21:31:41 2006 Subject: Child Process Hangs Message-ID: Hi Julian: I checked and debug = no. You are right on the DB logging, it is not taking place. Hi Steve: I changed the Always Looked Up Last to no and it seems to have done the trick – thanks ;-). I ran the perl -w MailWatch.pm command and got this -> “Useless use of private variable in void context at MailWatch.pm line 247.” This is the section of MailWatch.pm that it is complaining about: while(($file, $text) = each %{$message->{allreports}}) { $file = "the entire message" if $file eq ""; # Use the sanitised filename to avoid problems caused by people forcing # logging of attachment filenames which contain nasty SQL instructions. $file = $message->{file2safefile}{$file} or $file; $text =~ s/\n/ /; # Make sure text report only contains 1 line $text =~ s/\t/ /; # and no tab characters push (@report_array, $text); } Is this as Julian made me realize maybe a DB logging error? ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 10 January 2006 06:33 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Child Process Hangs On 10 Jan 2006, at 16:13, Craig wrote: Hi All, I freshly installed MailScanner 4.50.5, spamassassin, clamav 0.88, razor, pyzor, dcc and MailWatch 1.0.3. I also updated all perl modules to the latest. When I send a message, the MailScanner proccess stays is the "MailScanner: finishing batch" state. This sounds like it is failing to do the MailWatch database logging. I noticed that MailScanner dies after all the child processes have processed a batch. If I kill one of the child processes, the MailScanner master starts a new process thus indicating that something in the processing of the message batch prevents the child process of dying. Are you sure you do not have "Debug = yes" in MailScanner.conf? Is there a way that I can check what might be causing this as I have checked the logs and done spamassassin lint test which produces no errors that indicate anything??? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Tue Jan 10 16:28:08 2006 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:31:41 2006 Subject: help with these errors Message-ID: Hello to all. After upgrading to the latest version of MS, following "errors" are reported by logwatch: Unrecognised keyword "spamassassinprefsfile" at line 1335 : 29 Time(s) Closing down by-domain spam blacklist : 29 Time(s) Closing down by-domain spam whitelist : 29 Time(s) what's cauing this? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Tue Jan 10 16:32:00 2006 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:41 2006 Subject: Child Process Hangs Message-ID: Hi Craig, On Tue, 2006-01-10 at 18:13 +0200, Craig wrote: > Hi All, > > I freshly installed MailScanner 4.50.5, spamassassin, clamav 0.88, > razor, pyzor, dcc and MailWatch 1.0.3. I also updated all perl modules > to the latest. > > When I send a message, the MailScanner proccess stays is the > "MailScanner: finishing batch" state. The 'finishing batch' state would indicate that MailScanner is processing the 'Always Looked Up Last' value. See if disabling MailWatch fixes this problem by setting 'Always Looked Up Last = no' and restarting MailScanner. If this does fix the problem then run 'perl -w MailWatch.pm' from the CustomFunctions directory to make sure that no errors are reported. Hope this helps. Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 16:31:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner init-script (feature request?) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 10 Jan 2006, at 16:22, Peter Bates wrote: > Hello all... > > When I'm upgrading MailScanner (this is on a RH Linux box), > I generally like to shut down MS and bring up the MTA > (Postfix in our case)... so as to at least receive the mail > during the 'downtime'. > > At the moment the init-script (as in the RPM package) > handles shutting down/starting up the MTA and MailScanner > in one... > > Is it possible to add some sort of 'custom' setting to > /etc/sysconfig/MailScanner so the script *only* stops/starts MS? I've implemented it the other way around. You can service MailScanner stop service MailScanner startin service MailScanner startout Do all the MailScanner stuff you want to do service MailScanner restart - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ8PhTvw32o+k+q+hAQGjFggAkAVnUpzJZd9XpfXGSa0iXBnEmk2SRc33 euJ3YpophZs8RahjoqLdP79lMkDI+fn4z6AODd8esn2VodZe4790ByPLN7F8bCRn yue+bBpq8c/rp+Cd2c6nXZfoCiqjicYrxbIkWoYlfzDGpqCVwvlfMi+i9m6Z7dTE r8izuOZw02KPjUPoCycVXp48grchCVgVPmdKvVdoy/DBnO1xeh91vWo+WTr8YdEK Jx/l4rfFWDsjbBFQkCEip23Te6fjdX6s5pUmgi2rgXw+E0UygrgHIQKYRpHZBoP+ g9jjZSJIEvvHcwF8yyIVrINjsW9Iy5nLuwH0K0J0Lg+K2n1Qe+WHsw== =ULRs -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 16:29:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 10 Jan 2006, at 15:52, Alex Neuman van der Hans wrote: > Best way to upgrade is usually, in the following order: > > 2. Use Julian's script (updates SpamAssassin too, which is > something you *may* or *may not* want) If you don't want it to update SpamAssassin, just press Ctrl-C before it gets that far. Today I just thumped Ctrl-C as it was starting to install the various Perl modules, as I just want ClamAV updated and nothing else. > Ryan Pitt wrote: > >> Can I ask how you upgraded. >> I am having trouble. >> FC2 >> ClamAV 0.87.1 >> Thanks >> Ryan >> >> Roger Jochem wrote: >> >>> I was using 0.87.1. >>> I just upgraded and it is working fine again... >>> >>> Regards >>> >>> ----- Original Message ----- From: "Alex Neuman van der Hans" >>> >>> To: >>> Sent: Tuesday, January 10, 2006 1:23 PM >>> Subject: Re: ClamAV Database Update >>> >>> >>>> Roger Jochem wrote: >>>> >>>>> Anyone having trouble upgrading Clamav? The last successfull >>>>> database update was done in January 8 in my installation... >>>>> >>>>> Regards >>>>> >>>>> Roger Jochem >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> Depends... how old *is* your install? Are you using 0.88? >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ8Pgz/w32o+k+q+hAQHsQwf/SyTp31YH+6ZsuPDlmtZKDG7qZ2NFgZVb xCcZSxnjC3NtIpzUnw7Y3U0qJnXnMhtu9ETG4a2HlLEM7USp/SDnmhynJt3Am4sx Mu6KqixgTgbmwN2Wi4TaNjljO+3mXfr8C6niZ984W/Q6xag4Ti/fcaRHLKaX0XfO 6wHyOcBx9PQkfjQRkxsuNnVDjYvebOcOblR33puu0LrSof4lQ4V+xvkwdhP5bG+f yLuh9fxnsyOxXQnV3NeuzL46n4Ut061uy0igbO8oYsZDV5KSYGVdX62LAuCKwxUl TSaSxslNp8Zw0SE6Mcrb5RXqPBiruO2lr5Jq03yy1+k67n7gG4muaA== =AWUj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Tue Jan 10 17:05:04 2006 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:31:41 2006 Subject: help with these errors Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday January 10 2006 11:52 am, Dimitri Yioulos wrote: > On Tuesday January 10 2006 11:41 am, Randal, Phil wrote: > > > On Tue, 2006-01-10 at 11:28 -0500, Dimitri Yioulos wrote: > > > > Hello to all. > > > > > > > > After upgrading to the latest version of MS, following "errors" are > > > > reported by logwatch: > > > > > > > > Unrecognised keyword "spamassassinprefsfile" at line > > > > > > 1335 : 29 Time(s) > > > > > > > Closing down by-domain spam blacklist : 29 Time(s) > > > > Closing down by-domain spam whitelist : 29 Time(s) > > > > > > Looks like you have a syntax error in your MailScanner.conf, > > > where are the spaces in that directive? > > > > > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > > > > > Regards > > > Michael Baird > > > > Looks like upgrade_MailScanner_conf wasn't run properly. I see no such > > option in mu /etc/MailScanner/MailScanner.conf. > > > > Phil > > ---- > > I've run upgrade_MailScanner_conf with each version upgrade (including this > one) without incident. Is the line "SpamAssassin Prefs File = > %etc-dir%/spam.assassin.prefs.conf" deprecated? Oh, my own stupidity kills me (hope it's not killing you. :-) ) I was leaving out a step in the upgrade process! Once done, joy. Sorry to take up needless space. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Tue Jan 10 16:58:41 2006 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:41 2006 Subject: OT: Open Proxy DNSBL Message-ID: Hi Michele, http://cbl.abuseat.org/ http://opm.blitzed.org/info/ And possibly: http://www.njabl.org/ All three are used to build xbl.spamhaus.org list - so are well trusted. Cheers, Steve. On Tue, 2006-01-10 at 16:48 +0000, Michele Neylon :: Blacknight Solutions wrote: > Any recommendations? > > Preferably one that would allow rsync access ... > > Michele > > Mr Michele Neylon > Blacknight Solutions > Hosting & Colocation, Brand Protection > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > UK: 0870 163 0607 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Jan 10 17:03:10 2006 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:41 2006 Subject: help with these errors Message-ID: > > Looks like upgrade_MailScanner_conf wasn't run properly. I see no > > such option in mu /etc/MailScanner/MailScanner.conf. > > I've run upgrade_MailScanner_conf with each version upgrade > (including this > one) without incident. Is the line "SpamAssassin Prefs File > = %etc-dir%/spam.assassin.prefs.conf" deprecated? Yes, which is why I queried whether your conf file upgrade was successful. From bogus@does.not.exist.com Thu Jan 12 21:14:02 2006 From: bogus@does.not.exist.com () Date: Thu Jan 12 21:31:41 2006 Subject: No subject Message-ID: "1/12/2005 Released stable version 4.48.4. Major new feature this month is a rearrangement of how the spam.assassin.prefs.conf is used. This is now linked into the site-rules directory of SpamAssassin, so it is automatically read by SpamAssassin's startup code, and no special file-reading code is done in MailScanner any more. The installation scripts should take care of all of this for you, don't worry." Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Tue Jan 10 16:52:55 2006 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:31:41 2006 Subject: help with these errors Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tuesday January 10 2006 11:41 am, Randal, Phil wrote: > > On Tue, 2006-01-10 at 11:28 -0500, Dimitri Yioulos wrote: > > > Hello to all. > > > > > > After upgrading to the latest version of MS, following "errors" are > > > reported by logwatch: > > > > > > Unrecognised keyword "spamassassinprefsfile" at line > > > > 1335 : 29 Time(s) > > > > > Closing down by-domain spam blacklist : 29 Time(s) > > > Closing down by-domain spam whitelist : 29 Time(s) > > > > Looks like you have a syntax error in your MailScanner.conf, > > where are the spaces in that directive? > > > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > > > Regards > > Michael Baird > > Looks like upgrade_MailScanner_conf wasn't run properly. I see no such > option in mu /etc/MailScanner/MailScanner.conf. > > Phil > ---- I've run upgrade_MailScanner_conf with each version upgrade (including this one) without incident. Is the line "SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf" deprecated? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Jan 10 16:51:02 2006 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV Database Update Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You could also have a --clamav-only option, for example. Wouldn't be too hard to code in; I've modified install.sh a few times to add stuff like --enable-milter to clamav's config. Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > >>2. Use Julian's script (updates SpamAssassin too, which is >>something you *may* or *may not* want) >> >> > >If you don't want it to update SpamAssassin, just press Ctrl-C before >it gets that far. Today I just thumped Ctrl-C as it was starting to >install the various Perl modules, as I just want ClamAV updated and >nothing else. > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Tue Jan 10 17:26:35 2006 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:41 2006 Subject: zombie processes Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, 10 Jan 2006 09:18:11 +0000 Julian Field wrote: > You have an error in your MailScanner.conf, check your maillog. > What version of MailScanner are you running? woody shipped with 3.27. Nothing wrong in log: Jan 10 05:40:03 mail MailScanner[15356]: MailScanner E-Mail Virus Scanner version 4.49.7 starting... Jan 10 05:40:03 mail MailScanner[15356]: Read 695 hostnames from the phishing whitelist Jan 10 05:40:03 mail MailScanner[15356]: Using locktype = posix Jan 10 05:40:03 mail MailScanner[15356]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jan 10 05:40:03 mail MailScanner[15356]: New Batch: Scanning 1 messages, 4259 bytes Jan 10 05:40:03 mail MailScanner[15356]: Virus and Content Scanning: Starting Jan 10 05:40:03 mail MailScanner[15356]: Uninfected: Delivered 1 messages Jan 10 05:40:14 mail MailScanner[15366]: MailScanner E-Mail Virus Scanner version 4.49.7 starting... Jan 10 05:40:14 mail MailScanner[15366]: Read 695 hostnames from the phishing whitelist Jan 10 05:40:14 mail MailScanner[15366]: Using locktype = posix Jan 10 05:40:14 mail MailScanner[15366]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Tue Jan 10 17:17:41 2006 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner init-script (feature request?) Message-ID: On Tue, 2006-01-10 at 16:31 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > I've implemented it the other way around. You can > service MailScanner stop > service MailScanner startin > service MailScanner startout > Do all the MailScanner stuff you want to do > service MailScanner restart It would be really useful to have fine grained control of these processes. I've been meaning to hack at this for ages but its a matter of time... for instance, it is useful to be able to stop the incoming listener and let the queue drain. Or just start MailScanner to process some sample emails from one queue to another with no real delivery. If I ever get around to it I'll post to the list unless someone beats me to it... G > > - -- > Julian Field -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Jan 10 17:11:42 2006 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:31:41 2006 Subject: ClamAV 0.88 is out!! Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It would be nice if this script had an option to install only Clamav. SpamAssassin is not updated so often like clamav, and I allways use the ctrl-c to stop the script like you said before, Julian. But this option would be intersting, i guess... ./install.sh ./install.sh clamav ./install.sh spamassassin The fist option would install both, and the others would install one or another... Regards Roger Jochem ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, January 10, 2006 7:11 AM Subject: Re: ClamAV 0.88 is out!! > -----BEGIN PGP SIGNED MESSAGE----- > > I have updated by easy-to-install ClamAV+SpamAssassin package at > > www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > > to include this update. > > On 9 Jan 2006, at 21:25, Dhawal Doshy wrote: > >> For those waiting for the stable release of clamav, which is >> supposed to correct the scanning of certain new sober variants.. >> http://freshmeat.net/projects/clamav/? >> branch_id=29355&release_id=216552 >> - dhawal > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.3 (Build 2932) > > iQEVAwUBQ8N6Wfw32o+k+q+hAQFd2wf/ZHOWckS9fpolxIQ4wOWnV/Xg8uDV7jsS > d4dbO8kizefb4gle7lEmwPDhGFC6iRiHmyrD+Q1BTEFxvwwXj7Wz1Q3zU8+dXUWz > tge2ZcSq03cBT0ogmq7sDc6XP01KdMhyqXzI/bQhsOuGo1vC2vWZuK+uk0b7YlUb > NNsaW8v0cXNdSEhjHXPdfcW0uVcxY779itLJUI2rlAz26iE35FDmD4lZw1qHx3rx > kTtnwDwDNRh2FKYYcaF9PAFwOw/whTtKjX4E2Cm6HQUdziZ9rKSxFO/y3It5m7rO > tHSAwMoHshkBZUVVhQxjlhRMN27OTKQ52mB7ZlrBtVVOwrlnjjVoAg== > =IUJ+ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 16:32:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:41 2006 Subject: Child Process Hangs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 10 Jan 2006, at 16:13, Craig wrote: Hi All, I freshly installedMailScanner 4.50.5, spamassassin, clamav 0.88, razor, pyzor, dcc and MailWatch 1.0.3. I also updated all perl modules to the latest. When I send a message, the MailScanner proccess stays is the "MailScanner: finishing batch" state. This sounds like it is failing to do the MailWatch database logging. I noticed that MailScanner dies after all the child processes have processed a batch. If I kill one of the child processes, the MailScanner master starts a new process thus indicating that something in the processing of the message batchprevents the child process of dying. Are you sure you do not have "Debug = yes" in MailScanner.conf? Is there a way that I can check what might be causing this as I have checked the logs and done spamassassin lint test which produces no errors that indicate anything??? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From smf at F2S.COM Tue Jan 10 17:13:05 2006 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:41 2006 Subject: Child Process Hangs Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Craig, On Tue, 2006-01-10 at 18:47 +0200, Craig Retief (CSFS) wrote: > > > I ran the perl -w MailWatch.pm command and got this -> ^^Useless use of > private variable in void context at MailWatch.pm line 247.^^ > This is a harmless warning - it can be ignored. > > Is this as Julian made me realize maybe a DB logging error? > Yes - it looks to be - though I've never seen MailWatch.pm hang a MailScanner system like this before. Check that DBI, DBD-MySQL, Sys::Hostname, Socket and Storable perl modules are installed correctly - also make sure that you aren't doing anything 'funky' with TCP port 11553 (e.g. delaying or dropping packets using iptables etc.). Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Jan 10 17:00:28 2006 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:41 2006 Subject: Open Proxy DNSBL Message-ID: cbl.abuseat.org springs to mind. They support rsync too. http://cbl.abuseat.org/ Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michele > Neylon :: Blacknight Solutions > Sent: 10 January 2006 16:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Open Proxy DNSBL > > Any recommendations? > > Preferably one that would allow rsync access ... > > Michele > > Mr Michele Neylon > Blacknight Solutions > Hosting & Colocation, Brand Protection > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > UK: 0870 163 0607 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Jan 10 16:41:03 2006 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:41 2006 Subject: help with these errors Message-ID: > On Tue, 2006-01-10 at 11:28 -0500, Dimitri Yioulos wrote: > > Hello to all. > > > > After upgrading to the latest version of MS, following "errors" are > > reported by logwatch: > > > > Unrecognised keyword "spamassassinprefsfile" at line > 1335 : 29 Time(s) > > Closing down by-domain spam blacklist : 29 Time(s) > > Closing down by-domain spam whitelist : 29 Time(s) > Looks like you have a syntax error in your MailScanner.conf, > where are the spaces in that directive? > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > Regards > Michael Baird Looks like upgrade_MailScanner_conf wasn't run properly. I see no such option in mu /etc/MailScanner/MailScanner.conf. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at TC3NET.COM Tue Jan 10 16:35:46 2006 From: mike at TC3NET.COM (Michael Baird) Date: Thu Jan 12 21:31:41 2006 Subject: help with these errors Message-ID: On Tue, 2006-01-10 at 11:28 -0500, Dimitri Yioulos wrote: > Hello to all. > > After upgrading to the latest version of MS, following "errors" are reported > by logwatch: > > Unrecognised keyword "spamassassinprefsfile" at line 1335 : 29 Time(s) > Closing down by-domain spam blacklist : 29 Time(s) > Closing down by-domain spam whitelist : 29 Time(s) Looks like you have a syntax error in your MailScanner.conf, where are the spaces in that directive? SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf Regards Michael Baird ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From penguin at DHCP.NET Tue Jan 10 18:16:49 2006 From: penguin at DHCP.NET (A. Eijkhoudt) Date: Thu Jan 12 21:31:41 2006 Subject: Mail subject not getting modified Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Matt & others, Small follow-up with more info: Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = append There should be a full report in the headers but it's not there. Can anyone please shed some light on this, since there are a lot of spam E-mails getting through now. Kind regards, A. Eijkhoudt Arnim Eijkhoudt wrote: > Hi, > > I'd do that if it weren't enabled already! Which is why I haven't been > able to troubleshoot this myself, incidentally :P Here's a complete copy > of all the headers (excuse the spam): > > ---- SNIP > Return-Path: > Received: from STARRSTRUCKHOME.ironoh.adelphia.net > (winchester-motorola1--70-35-219-251.ironoh.adelphia.net [70.35.219.251]) > by www.valethosting.net (8.13.4/8.13.4) with SMTP id k0AAEHWD021224 > for ; Tue, 10 Jan 2006 11:14:23 +0100 > Date: Tue, 10 Jan 2006 11:14:18 +0100 > Message-Id: > From: Millie Costa > To: penguin@dhcp.net > Subject: Re: from you > MIME-Version: 1.0 > Content-Type: text/html; > charset="ISO-8859-1" > X-Priority: 3 (Normal) > X-Mailer: 0013$01a2ca59$094bea57@STARRSTRUCKHOME > X-MS-INFO: Contact the network management staff if you have questions > X-MS: **CLEAN** > X-MS-SPAM: not spam > X-MS-SPAM-SCORE: 44.90 > X-MS-FROM: > ----- SNIP > > I still don't understand why this is happening. I find the Return-Path's > and empty X-MS-FROM: headers a bit odd though. > > Kind regards, > > A. Eijkhoudt -- This message has been scanned for viruses and dangerous HTML content by Valethosting. Dit bericht is gecontroleerd op virussen en gevaarlijke HTML door Valethosting's MailScanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Jan 10 18:55:37 2006 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:41 2006 Subject: Mail subject not getting modified Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just a dumb question: are you sure these headers come from YOUR MailScanner? I see some headers that my MS doesn't add... Denis A. Eijkhoudt wrote: > Hi Matt & others, > > Small follow-up with more info: > > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Multiple Headers = append > > There should be a full report in the headers but it's not there. Can > anyone please shed some light on this, since there are a lot of spam > E-mails getting through now. > > Kind regards, > > A. Eijkhoudt > > Arnim Eijkhoudt wrote: > >> Hi, >> >> I'd do that if it weren't enabled already! Which is why I haven't >> been able to troubleshoot this myself, incidentally :P Here's a >> complete copy of all the headers (excuse the spam): >> >> ---- SNIP >> Return-Path: >> Received: from STARRSTRUCKHOME.ironoh.adelphia.net >> (winchester-motorola1--70-35-219-251.ironoh.adelphia.net >> [70.35.219.251]) >> by www.valethosting.net (8.13.4/8.13.4) with SMTP id k0AAEHWD021224 >> for ; Tue, 10 Jan 2006 11:14:23 +0100 >> Date: Tue, 10 Jan 2006 11:14:18 +0100 >> Message-Id: >> From: Millie Costa >> To: penguin@dhcp.net >> Subject: Re: from you >> MIME-Version: 1.0 >> Content-Type: text/html; >> charset="ISO-8859-1" >> X-Priority: 3 (Normal) >> X-Mailer: 0013$01a2ca59$094bea57@STARRSTRUCKHOME >> X-MS-INFO: Contact the network management staff if you have questions >> X-MS: **CLEAN** >> X-MS-SPAM: not spam >> X-MS-SPAM-SCORE: 44.90 >> X-MS-FROM: >> ----- SNIP >> >> I still don't understand why this is happening. I find the >> Return-Path's and empty X-MS-FROM: headers a bit odd though. >> >> Kind regards, >> >> A. Eijkhoudt > > -- _ v Denis Beauchemin, analyste /(_)\ Universit de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From penguin at DHCP.NET Tue Jan 10 19:15:19 2006 From: penguin at DHCP.NET (A. Eijkhoudt) Date: Thu Jan 12 21:31:41 2006 Subject: Mail subject not getting modified Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes they are... I have modified mine to report X-MS-... instead of X-MailScanner- etc. It makes it easier for me to track what mine does in case an E-mail passes through several MailScanners on its way. --- From my config --- Mail Header = X-MS: Spam Header = X-MS-SPAM: Spam Score Header = X-MS-SPAM-SCORE: Information Header = X-MS-INFO: ---------------------- So I don't think that's the reason the mails are not being tagged correctly... Arnim. Denis Beauchemin wrote: > Just a dumb question: are you sure these headers come from YOUR > MailScanner? I see some headers that my MS doesn't add... > > Denis > A. Eijkhoudt wrote: > >> Hi Matt & others, >> >> Small follow-up with more info: >> >> Detailed Spam Report = yes >> Include Scores In SpamAssassin Report = yes >> Always Include SpamAssassin Report = yes >> Multiple Headers = append >> >> There should be a full report in the headers but it's not there. Can >> anyone please shed some light on this, since there are a lot of spam >> E-mails getting through now. >> >> Kind regards, >> >> A. Eijkhoudt >> >> Arnim Eijkhoudt wrote: >> >>> Hi, >>> >>> I'd do that if it weren't enabled already! Which is why I haven't >>> been able to troubleshoot this myself, incidentally :P Here's a >>> complete copy of all the headers (excuse the spam): >>> >>> ---- SNIP >>> Return-Path: >>> Received: from STARRSTRUCKHOME.ironoh.adelphia.net >>> (winchester-motorola1--70-35-219-251.ironoh.adelphia.net >>> [70.35.219.251]) >>> by www.valethosting.net (8.13.4/8.13.4) with SMTP id k0AAEHWD021224 >>> for ; Tue, 10 Jan 2006 11:14:23 +0100 >>> Date: Tue, 10 Jan 2006 11:14:18 +0100 >>> Message-Id: >>> From: Millie Costa >>> To: penguin@dhcp.net >>> Subject: Re: from you >>> MIME-Version: 1.0 >>> Content-Type: text/html; >>> charset="ISO-8859-1" >>> X-Priority: 3 (Normal) >>> X-Mailer: 0013$01a2ca59$094bea57@STARRSTRUCKHOME >>> X-MS-INFO: Contact the network management staff if you have questions >>> X-MS: **CLEAN** >>> X-MS-SPAM: not spam >>> X-MS-SPAM-SCORE: 44.90 >>> X-MS-FROM: >>> ----- SNIP >>> >>> I still don't understand why this is happening. I find the >>> Return-Path's and empty X-MS-FROM: headers a bit odd though. >>> >>> Kind regards, >>> >>> A. Eijkhoudt >> >> > > -- This message has been scanned for viruses and dangerous HTML content by Valethosting. Dit bericht is gecontroleerd op virussen en gevaarlijke HTML door Valethosting's MailScanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 19:20:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:41 2006 Subject: help with these errors Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dimitri Yioulos wrote: >On Tuesday January 10 2006 11:41 am, Randal, Phil wrote: > > >>>On Tue, 2006-01-10 at 11:28 -0500, Dimitri Yioulos wrote: >>> >>> >>>>Hello to all. >>>> >>>>After upgrading to the latest version of MS, following "errors" are >>>>reported by logwatch: >>>> >>>> Unrecognised keyword "spamassassinprefsfile" at line >>>> >>>> >>>1335 : 29 Time(s) >>> >>> >>> >>>> Closing down by-domain spam blacklist : 29 Time(s) >>>> Closing down by-domain spam whitelist : 29 Time(s) >>>> >>>> >>>Looks like you have a syntax error in your MailScanner.conf, >>>where are the spaces in that directive? >>> >>>SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf >>> >>>Regards >>>Michael Baird >>> >>> >>Looks like upgrade_MailScanner_conf wasn't run properly. I see no such >>option in mu /etc/MailScanner/MailScanner.conf. >> >>Phil >>---- >> >> > >I've run upgrade_MailScanner_conf with each version upgrade (including this >one) without incident. Is the line "SpamAssassin Prefs File = >%etc-dir%/spam.assassin.prefs.conf" deprecated? > > > Yes. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 10 19:22:22 2006 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:31:41 2006 Subject: Question about start.. Message-ID: Hi there, i am using OpenSuse (SuSE10) with sendmail. Sendmail version 8.13.4 After a reboot of the System, within the Mail-Log i can find a line like: Jan 10 20:17:20 s23 sendmail-in[4084]: unable to write pid to /var/run/sendmail.pid: file in use by another process but, connects via port 25 are possible. After typing: rcMailScanner restart there is the following within the Maillog: Jan 10 20:19:07 s23 sendmail-client[4874]: starting daemon (8.13.4): persistent-queueing@00:01:00 and no connects on port 25 are possible. Is there a way to change this behaviour? Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 10 19:27:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:41 2006 Subject: Question about start.. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you disabled the sendmail init.d script? The install.sh in MailScanner tells you what to type at the end. Marcel Blenkers wrote: >Hi there, > >i am using OpenSuse (SuSE10) with sendmail. > Sendmail version 8.13.4 > >After a reboot of the System, within the Mail-Log i can find a line like: > >Jan 10 20:17:20 s23 sendmail-in[4084]: unable to write pid to >/var/run/sendmail.pid: file in use by another process > >but, connects via port 25 are possible. >After typing: rcMailScanner restart there is the following within the >Maillog: > >Jan 10 20:19:07 s23 sendmail-client[4874]: starting daemon (8.13.4): >persistent-queueing@00:01:00 > > >and no connects on port 25 are possible. > >Is there a way to change this behaviour? > >Marcel > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Jan 10 19:42:13 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:41 2006 Subject: Question about start.. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Marcel Blenkers > Sent: Tuesday, January 10, 2006 2:22 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Question about start.. > > Hi there, > > i am using OpenSuse (SuSE10) with sendmail. > Sendmail version 8.13.4 > > After a reboot of the System, within the Mail-Log i can find a line like: > > Jan 10 20:17:20 s23 sendmail-in[4084]: unable to write pid to > /var/run/sendmail.pid: file in use by another process > > but, connects via port 25 are possible. > After typing: rcMailScanner restart there is the following within the > Maillog: > > Jan 10 20:19:07 s23 sendmail-client[4874]: starting daemon (8.13.4): > persistent-queueing@00:01:00 > > > and no connects on port 25 are possible. > > Is there a way to change this behaviour? > > Marcel Try stopping MailScanner. Kill all sendmail processes and restart MailScanner. Also make sure that sendmail is not starting from an init script: chkconfig sendmail off The MailScanner init script starts and stops sendmail so the sendmail init script should never be enabled. Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Jan 10 20:41:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner and sendmail - Problems Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Marcel Blenkers > Sent: Tuesday, January 10, 2006 3:32 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner and sendmail - Problems > > Damn, > > MailServer blocked ML. > ok. > > But found the replies on the weblist. > > Julian, Stephen: > > sendmail is not started. > Only MailScanner is started with init-script. > > Tried it, with not starting MailScanner and sendmail. > Rebooted, then started MailScanner. > > Still the same. > > > Sorry > > Marcel > Are there any sendmail processes running after you stop sendmail? Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 10 20:40:34 2006 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner and sendmail - Problems Message-ID: Hi Michele, no i did not replaced the ini-files. I did disable the ini-file for sendmail on startup, and enabled the MailScanner one. as stated before, i even tried to reboot the maschine without any type of sendmail or MailScanner, and then started MailScanner with rcMailScanner. And still the same bugs then i tried downgrading. still the same. Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 10 20:31:58 2006 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner and sendmail - Problems Message-ID: Damn, MailServer blocked ML. ok. But found the replies on the weblist. Julian, Stephen: sendmail is not started. Only MailScanner is started with init-script. Tried it, with not starting MailScanner and sendmail. Rebooted, then started MailScanner. Still the same. Sorry Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Jan 10 20:31:17 2006 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner and sendmail - Problems Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marcel Blenkers wrote: > Hi there, > > i am trying to use the latest Version of MailScanner on SuSE10. > This looks very similar to an issue someone else posted about earlier this evening... Have you replaced the sendmail init file with the MailScanner one? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 10 20:24:44 2006 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner and sendmail - Problems Message-ID: Hi there, i am trying to use the latest Version of MailScanner on SuSE10. Starting MailScanner does not really work: rcMailScanner start Jan 10 21:21:29 s23 sendmail-in[5024]: starting daemon (8.13.4): SMTP Jan 10 21:21:29 s23 sendmail-client[5027]: starting daemon (8.13.4): persistent-queueing@00:01:00 Jan 10 21:21:29 s23 sendmail-out[5031]: starting daemon (8.13.4): queueing@00:30:00 Jan 10 21:21:29 s23 sendmail-out[5031]: unable to write pid to /var/run/sendmail.pid: file in use by another process Jan 10 21:21:31 s23 MailScanner[5051]: MailScanner E-Mail Virus Scanner version 4.49.7 starting... rcMailScanner stop does kill MailScanner, but there is still an istance of sendmail. The PID-File contains of the following: 5024 /usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in -L sendmail-in -Am -bd -om on a working system, the pid-file contains of this: 3310 /usr/sbin/sendmail -L sendmail-out -Am -q30m -om i am running the following: Sendmail: Sendmail version 8.13.4, config V10/Berkeley SuSE 10.0 Linux s23 2.6.13-15.7-default #1 Tue Nov 29 14:32:29 UTC 2005 i686 i686 i386 GNU/Linux MailScanner: Linux s23 2.6.13-15.7-default #1 Tue Nov 29 14:32:29 UTC 2005 i686 i686 i386 GNU/Linux This is SUSE LINUX 10.0 (i586) This is Perl version 5.008007 (5.8.7) This is MailScanner version 4.49.7 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.11 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.77 Socket 0.06 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.998 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.55 Net::DNS 0.33 Net::LDAP 1.80 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI Any Ideas are welcome.. Thanks in advance Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcel-ml at IRC-ADDICTS.DE Tue Jan 10 20:53:04 2006 From: marcel-ml at IRC-ADDICTS.DE (Marcel Blenkers) Date: Thu Jan 12 21:31:41 2006 Subject: MailScanner and sendmail - Problems Message-ID: Hi Stephen, > > > > Are there any sendmail processes running after you stop sendmail? > i tried the following: rcMailScanner start ps -aef | grep -i mail Tasks are running rcMailScanner stop ps -aef | grep -i mail root 5031 1 0 21:21 ? 00:00:00 sendmail: Queue runner@00:30:00 for /var/spool/mqueue killed this task then i tried: rcsendmail start ps -aef | grep -i mail root 5199 1 0 21:48 ? 00:00:00 sendmail: accepting connections mail 5204 1 0 21:48 ? 00:00:00 sendmail: Queue control mail 5205 5204 0 21:48 ? 00:00:00 sendmail: running queue: /var/spool/clientmqueue rcsendmail stop no sendmail-task this is what i do see on the running maschine after rcMailScanner start marcel:/etc # ps -aef | grep -i mail root 3841 1 0 21:50 ? 00:00:00 sendmail: accepting connections mail 3844 1 0 21:50 ? 00:00:00 sendmail: Queue control mail 3846 3844 0 21:50 ? 00:00:00 sendmail: running queue: /var/spool/clientmqueue root 3848 1 0 21:50 ? 00:00:00 sendmail: Queue runner@00:30:00 for /var/spool/mqueue root 3869 1 0 21:50 ? 00:00:00 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 3870 3869 15 21:50 ? 00:00:08 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 3873 3869 18 21:50 ? 00:00:08 /usr/bin/perl -I/usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/MailScanner.conf root 3877 3141 0 21:51 pts/2 00:00:00 grep -i mail marcel:/etc # and this on the not really working maschine: s23:/var/run # ps -aef | grep -i mail root 5250 1 0 21:51 ? 00:00:00 sendmail: accepting connections mail 5253 1 0 21:51 ? 00:00:00 sendmail: Queue control mail 5254 5253 0 21:51 ? 00:00:00 sendmail: running queue: /var/spool/clientmqueue root 5257 1 0 21:51 ? 00:00:00 sendmail: Queue runner@00:30:00 for /var/spool/mqueue root 5276 1 0 21:51 ? 00:00:00 MailScanner: master waiting for children, sleeping root 5277 5276 3 21:51 ? 00:00:02 MailScanner: waiting for messages root 5281 5276 4 21:51 ? 00:00:02 MailScanner: waiting for messages root 5284 4715 0 21:52 pts/0 00:00:00 grep -i mail s23:/var/run # hope maybe this helps if needed i could grant access to the maschine, as this maschine is just in the state of setup. Greetings Marcel ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From carl.andrews at CRACKERBARREL.COM Tue Jan 10 21:58:00 2006 From: carl.andrews at CRACKERBARREL.COM (Carl Andrews) Date: Thu Jan 12 21:31:41 2006 Subject: [Fwd: [SA18368] Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution Vulnerability] Message-ID: Anyone blocking these? My /etc/mime-magic does not have the ms/tnef and I can not find a winmail.dat file. Can anyone tell me what I need to add to mime-magic so I can put these in my filetype.rules ? Thanks! Carl -------- Forwarded Message -------- From: Secunia Security Advisories To: carl.andrews@crackerbarrel.com Subject: [SA18368] Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution Vulnerability Date: 10 Jan 2006 21:02:44 -0000 TITLE: Microsoft Outlook / Exchange TNEF Decoding Arbitrary Code Execution Vulnerability SECUNIA ADVISORY ID: SA18368 VERIFY ADVISORY: http://secunia.com/advisories/18368/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Exchange 2000 Enterprise Server http://secunia.com/product/42/ Microsoft Exchange 5 http://secunia.com/product/177/ Microsoft Exchange 5.5 http://secunia.com/product/148/ Microsoft Exchange Server 2000 http://secunia.com/product/41/ Microsoft Outlook 2000 http://secunia.com/product/33/ Microsoft Outlook 2002 http://secunia.com/product/34/ Microsoft Outlook 2003 http://secunia.com/product/3292/ DESCRIPTION: A vulnerability has been reported in Microsoft Outlook / Exchange, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to boundary error when decoding the Transport Neutral Encapsulation Format (TNEF) MIME attachment. This can be exploited to execute arbitrary code when the user opens or previews a specially crafted TNEF email message or when the Microsoft Exchange Server Information Store processes the message. SOLUTION: Apply patches. -- Microsoft Office 2000 Service Pack 3 -- Microsoft Outlook 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=64D0336D-F962-4AB1-A724-9F6BA2108CB9 Microsoft Office 2000 MultiLanguage Packs: http://www.microsoft.com/downloads/details.aspx?FamilyId=2C0FA7C7-91AA-49B4-9731-9E83E3E0823D Microsoft Outlook 2000 English MultiLanguage Packs: http://www.microsoft.com/downloads/details.aspx?FamilyId=2C0FA7C7-91AA-49B4-9731-9E83E3E0823D -- Microsoft Office XP Service Pack 3 -- Microsoft Outlook 2002: http://www.microsoft.com/downloads/details.aspx?FamilyId=9A85CEBB-0D9A-465D-A4BC-AF501562772D Microsoft Office XP Multilingual User Interface Packs: http://www.microsoft.com/downloads/details.aspx?FamilyId=CCA9399A-6DA3-4163-8398-C58DC328182B -- Microsoft Office 2003 Service Pack 1 and Service Pack 2 -- Microsoft Outlook 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=1D156043-B041-4305-8442-3C4E3B832788 Microsoft Office 2003 Multilingual User Interface Packs: http://www.microsoft.com/downloads/details.aspx?FamilyId=D69554AD-196F-4789-91E5-B2A753EED854 Microsoft Office 2003 Language Interface Packs: http://www.microsoft.com/downloads/details.aspx?FamilyID=db080de8-8193-4c32-9019-9980ecd6874a -- Microsoft Exchange Server -- Microsoft Exchange Server 5.0 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?FamilyId=0A8DF1C3-ABF9-4A21-9B49-81FA362B251F Microsoft Exchange Server 5.5 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?FamilyId=EC6BD30E-12DE-4CA1-9432-D2E73AF62427 Microsoft Exchange 2000 Server Pack 3 (with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004): http://www.microsoft.com/downloads/details.aspx?FamilyId=372FF07F-C3CA-4301-8559-9B90344EDC02 Note: Microsoft Exchange Server 2003 SP1/SP2 are not affected. PROVIDED AND/OR DISCOVERED