From jeff at ellisplace.net Sat Jul 1 01:31:40 2006 From: jeff at ellisplace.net (Jeff Ellis) Date: Sat Jul 1 01:31:48 2006 Subject: MailScanner -debug errors In-Reply-To: References: Message-ID: <44A5C26C.9050007@ellisplace.net> Curtis, Roger wrote: >> OK, I looked in the directories that the document listed but still >> nothing. I will try to scour the machine using recursive grep until I >> find those config lines. Thanks. >> > > > I grepped everywhere and no file came up with a razor1 option. So, I am > stumped! Where is MailScanner -debug getting a config file that has the > use_razor1 option? > Check if you have an "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" file. If you do, that entry should be near the bottom. I'm too new to MS to know much more than where to find the entries but I hope this helps. From ms at 1984.is Sat Jul 1 03:19:28 2006 From: ms at 1984.is (Mordur Ingolfsson) Date: Sat Jul 1 03:19:41 2006 Subject: More observations on "Mailscanner stopped delivering to outgoing queue" Message-ID: <44A5DBB0.4080707@1984.is> I apologize for not having been thorough enough in the first place, but I have been looking better into the problem described in my previous mail to this list under the subject ."Mailscanner stopped delivering to outgoing queue" a few hours ago. Below is an excerpt from syslog. Everything is fine and messages get nicely processed and delivered, as the first five lines indicate. Then, at 12:53:13, something happens and Debian-exim (the exim user and the username under which mailscanner operates) starts to complain about something (lines in syslog excerpt below marked with"--------->" ) . And the message gets scanned and rescanned. After this, nothing gets delivered. If you read further into the syslog excerpt you will see that this messages, and messages delivered to the host subsequently, do not get delivered. Messages are piling up on the incoming queue and MailScanner refuses to deliver. The child processes are zombies and I simply cannot find a way arount this. Thank you, Mordur * *Jun 30 12:49:36 mx0 MailScanner[25216]: New Batch: Scanning 1 messages, 3149 bytes Jun 30 12:49:36 mx0 MailScanner[25216]: Expired 1 records from the SpamAssassin cache Jun 30 12:49:41 mx0 dccproc[25664]: socket(UDP): Address family not supported by protocol Jun 30 12:49:42 mx0 MailScanner[25216]: Virus and Content Scanning: Starting Jun 30 12:49:43 mx0 MailScanner[25216]: Uninfected: Delivered 1 messages Jun 30 12:49:43 mx0 MailScanner[25216]: Batch (1 messages) processed in 6.62 seconds Jun 30 12:49:43 mx0 cyrus/master[25674]: about to exec /usr/lib/cyrus/bin/lmtpd Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: executed Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: telling master 2 Jun 30 12:49:43 mx0 cyrus/master[3106]: service lmtpunix pid 25674 in READY state: now unavailable and in BUSY state Jun 30 12:49:43 mx0 cyrus/master[3106]: service lmtpunix now has 0 ready workers Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: accepted connection Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: telling master 3 Jun 30 12:49:43 mx0 cyrus/master[3106]: service lmtpunix pid 25674 in BUSY state: now serving connection Jun 30 12:49:43 mx0 cyrus/master[3106]: service lmtpunix now has 0 ready workers Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: lmtp connection preauth'd as postman Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: duplicate_check: <003c01c69c43$b01cfef0$99dfdfdf@bakuhatsu.net> user.el 0 Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: duplicate_check: <003c01c69c43$b01cfef0$99dfdfdf@bakuhatsu.net> user.el 0 Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: mystore: starting txn 2147484511 Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: mystore: committing txn 2147484511 Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: duplicate_mark: <003c01c69c43$b01cfef0$99dfdfdf@bakuhatsu.net> user.el 1151671783 134536267 Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: mystore: starting txn 2147484512 Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: mystore: committing txn 2147484512 Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: duplicate_mark: <003c01c69c43$b01cfef0$99dfdfdf@bakuhatsu.net> .el+@.sieve. 1151671783 0 Jun 30 12:49:43 mx0 cyrus/lmtpunix[25674]: telling master 1 Jun 30 12:49:43 mx0 cyrus/master[3106]: service lmtpunix pid 25674 in BUSY state: now available and in READY state Jun 30 12:49:43 mx0 cyrus/master[3106]: service lmtpunix now has 1 ready workers Jun 30 12:50:16 mx0 cyrus/master[25675]: about to exec /usr/sbin/ctl_cyrusdb Jun 30 12:50:16 mx0 cyrus/ctl_cyrusdb[25675]: checkpointing cyrus databases Jun 30 12:50:16 mx0 cyrus/ctl_cyrusdb[25675]: archiving database file: /var/lib/cyrus/annotations.db Jun 30 12:50:16 mx0 cyrus/ctl_cyrusdb[25675]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 30 12:50:16 mx0 cyrus/ctl_cyrusdb[25675]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 30 12:50:16 mx0 cyrus/ctl_cyrusdb[25675]: archiving database file: /var/lib/cyrus/mailboxes.db Jun 30 12:50:16 mx0 cyrus/ctl_cyrusdb[25675]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 30 12:50:16 mx0 cyrus/ctl_cyrusdb[25675]: done checkpointing cyrus databases Jun 30 12:50:16 mx0 cyrus/master[3106]: process 25675 exited, status 0 Jun 30 12:50:43 mx0 cyrus/master[3106]: process 25674 exited, status 0 Jun 30 12:50:43 mx0 cyrus/master[3106]: service lmtpunix now has 0 ready workers --------->Jun 30 12:53:13 mx0 MailScanner[24762]: New Batch: Scanning 1 messages, 8473216 bytes --------->Jun 30 12:53:13 mx0 MailScanner[24762]: Expired 1 records from the SpamAssassin cache --------->Jun 30 12:53:13 mx0 dccproc[25683]: socket(UDP): Address family not supported by protocol --------->Jun 30 12:53:14 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 --------->Jun 30 12:53:14 mx0 MailScanner[25684]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... --------->Jun 30 12:53:14 mx0 MailScanner[25684]: Read 714 hostnames from the phishing whitelist --------->Jun 30 12:53:14 mx0 MailScanner[25684]: Using SpamAssassin results cache --------->Jun 30 12:53:14 mx0 MailScanner[25684]: Connected to SpamAssassin cache database --------->Jun 30 12:53:14 mx0 MailScanner[25684]: Enabling SpamAssassin auto-whitelist functionality... --------->Jun 30 12:53:19 mx0 MailScanner[25561]: New Batch: Scanning 1 messages, 8473216 bytes --------->Jun 30 12:53:19 mx0 MailScanner[25561]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 --------->Jun 30 12:53:19 mx0 MailScanner[25051]: New Batch: Scanning 1 messages, 8473216 bytes --------->Jun 30 12:53:19 mx0 MailScanner[25051]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 --------->Jun 30 12:53:19 mx0 MailScanner[25117]: New Batch: Scanning 1 messages, 8473216 bytes --------->Jun 30 12:53:20 mx0 MailScanner[25117]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:53:21 mx0 dccproc[25688]: socket(UDP): Address family not supported by protocol --------->Jun 30 12:53:21 mx0 MailScanner[25684]: ClamAV scanner using unrar command /usr/bin/unrar-free --------->Jun 30 12:53:21 mx0 MailScanner[25684]: Using locktype = posix --------->Jun 30 12:53:21 mx0 MailScanner[25684]: Creating hardcoded struct_flock subroutine for linux (Linux-type) --------->Jun 30 12:53:21 mx0 MailScanner[25684]: New Batch: Scanning 1 messages, 8473216 bytes --------->Jun 30 12:53:21 mx0 MailScanner[25684]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 --------->Jun 30 12:53:25 mx0 MailScanner[25216]: New Batch: Scanning 1 messages, 8473216 bytes --------->Jun 30 12:53:25 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 --------->Jun 30 12:53:25 mx0 MailScanner[25216]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 --------->Jun 30 12:53:25 mx0 MailScanner[25689]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... --------->Jun 30 12:53:25 mx0 MailScanner[25689]: Read 714 hostnames from the phishing whitelist --------->Jun 30 12:53:25 mx0 MailScanner[25689]: Using SpamAssassin results cache --------->Jun 30 12:53:25 mx0 MailScanner[25689]: Connected to SpamAssassin cache database --------->Jun 30 12:53:25 mx0 MailScanner[25689]: Enabling SpamAssassin auto-whitelist functionality... --------->Jun 30 12:53:31 mx0 MailScanner[24836]: New Batch: Scanning 1 messages, 8473216 bytes --------->Jun 30 12:53:31 mx0 MailScanner[24836]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 --------->Jun 30 12:53:32 mx0 dccproc[25693]: socket(UDP): Address family not supported by protocol --------->Jun 30 12:53:32 mx0 MailScanner[25689]: ClamAV scanner using unrar command /usr/bin/unrar-free --------->Jun 30 12:53:32 mx0 MailScanner[25689]: Using locktype = posix --------->Jun 30 12:53:32 mx0 MailScanner[25689]: Creating hardcoded struct_flock subroutine for linux (Linux-type) --------->Jun 30 12:53:32 mx0 MailScanner[25689]: New Batch: Scanning 1 messages, 8473216 bytes Jun 30 12:53:32 mx0 MailScanner[25689]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:53:36 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:53:36 mx0 MailScanner[25694]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:53:36 mx0 MailScanner[25694]: Read 714 hostnames from the phishing whitelist Jun 30 12:53:36 mx0 MailScanner[25694]: Using SpamAssassin results cache Jun 30 12:53:36 mx0 MailScanner[25694]: Connected to SpamAssassin cache database Jun 30 12:53:36 mx0 MailScanner[25694]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:53:43 mx0 dccproc[25698]: socket(UDP): Address family not supported by protocol Jun 30 12:53:43 mx0 MailScanner[25694]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:53:43 mx0 MailScanner[25694]: Using locktype = posix Jun 30 12:53:43 mx0 MailScanner[25694]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:53:43 mx0 MailScanner[25694]: New Batch: Scanning 1 messages, 8473216 bytes Jun 30 12:53:43 mx0 MailScanner[25694]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:53:47 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:53:47 mx0 MailScanner[25699]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:53:47 mx0 MailScanner[25699]: Read 714 hostnames from the phishing whitelist Jun 30 12:53:47 mx0 MailScanner[25699]: Using SpamAssassin results cache Jun 30 12:53:47 mx0 MailScanner[25699]: Connected to SpamAssassin cache database Jun 30 12:53:47 mx0 MailScanner[25699]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:53:50 mx0 dccproc[25704]: socket(UDP): Address family not supported by protocol Jun 30 12:53:51 mx0 MailScanner[25699]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:53:51 mx0 MailScanner[25699]: Using locktype = posix Jun 30 12:53:51 mx0 MailScanner[25699]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:53:51 mx0 MailScanner[25699]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:53:52 mx0 dccproc[25707]: socket(UDP): Address family not supported by protocol Jun 30 12:53:53 mx0 MailScanner[25699]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:53:58 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:53:58 mx0 MailScanner[25708]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:53:58 mx0 MailScanner[25708]: Read 714 hostnames from the phishing whitelist Jun 30 12:53:58 mx0 MailScanner[25708]: Using SpamAssassin results cache Jun 30 12:53:58 mx0 MailScanner[25708]: Connected to SpamAssassin cache database Jun 30 12:53:58 mx0 MailScanner[25708]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:54:01 mx0 dccproc[25712]: socket(UDP): Address family not supported by protocol Jun 30 12:54:02 mx0 MailScanner[25708]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:54:02 mx0 MailScanner[25708]: Using locktype = posix Jun 30 12:54:02 mx0 MailScanner[25708]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:54:02 mx0 MailScanner[25708]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:54:02 mx0 MailScanner[25708]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:54:02 mx0 MailScanner[25708]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:54:09 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:54:09 mx0 MailScanner[25713]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:54:09 mx0 MailScanner[25713]: Read 714 hostnames from the phishing whitelist Jun 30 12:54:09 mx0 MailScanner[25713]: Using SpamAssassin results cache Jun 30 12:54:09 mx0 MailScanner[25713]: Connected to SpamAssassin cache database Jun 30 12:54:09 mx0 MailScanner[25713]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:54:16 mx0 dccproc[25717]: socket(UDP): Address family not supported by protocol Jun 30 12:54:16 mx0 MailScanner[25713]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:54:16 mx0 MailScanner[25713]: Using locktype = posix Jun 30 12:54:16 mx0 MailScanner[25713]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:54:16 mx0 MailScanner[25713]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:54:16 mx0 MailScanner[25713]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:54:17 mx0 MailScanner[25713]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:54:20 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:54:20 mx0 MailScanner[25718]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:54:20 mx0 MailScanner[25718]: Read 714 hostnames from the phishing whitelist Jun 30 12:54:20 mx0 MailScanner[25718]: Using SpamAssassin results cache Jun 30 12:54:21 mx0 MailScanner[25718]: Connected to SpamAssassin cache database Jun 30 12:54:21 mx0 MailScanner[25718]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:54:24 mx0 dccproc[25722]: socket(UDP): Address family not supported by protocol Jun 30 12:54:24 mx0 MailScanner[25718]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:54:24 mx0 MailScanner[25718]: Using locktype = posix Jun 30 12:54:24 mx0 MailScanner[25718]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:54:24 mx0 MailScanner[25718]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:54:24 mx0 MailScanner[25718]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:54:24 mx0 MailScanner[25718]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:54:31 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:54:31 mx0 MailScanner[25723]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:54:31 mx0 MailScanner[25723]: Read 714 hostnames from the phishing whitelist Jun 30 12:54:32 mx0 MailScanner[25723]: Using SpamAssassin results cache Jun 30 12:54:32 mx0 MailScanner[25723]: Connected to SpamAssassin cache database Jun 30 12:54:32 mx0 MailScanner[25723]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:54:34 mx0 dccproc[25727]: socket(UDP): Address family not supported by protocol Jun 30 12:54:34 mx0 MailScanner[25723]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:54:34 mx0 MailScanner[25723]: Using locktype = posix Jun 30 12:54:34 mx0 MailScanner[25723]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:54:34 mx0 MailScanner[25723]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:54:34 mx0 MailScanner[25723]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:54:34 mx0 MailScanner[25723]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:54:42 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:54:42 mx0 MailScanner[25728]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:54:42 mx0 MailScanner[25728]: Read 714 hostnames from the phishing whitelist Jun 30 12:54:43 mx0 MailScanner[25728]: Using SpamAssassin results cache Jun 30 12:54:43 mx0 MailScanner[25728]: Connected to SpamAssassin cache database Jun 30 12:54:43 mx0 MailScanner[25728]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:54:49 mx0 dccproc[25732]: socket(UDP): Address family not supported by protocol Jun 30 12:54:49 mx0 MailScanner[25728]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:54:49 mx0 MailScanner[25728]: Using locktype = posix Jun 30 12:54:49 mx0 MailScanner[25728]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:54:49 mx0 MailScanner[25728]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:54:49 mx0 MailScanner[25728]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:54:50 mx0 MailScanner[25728]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:54:53 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:54:53 mx0 MailScanner[25733]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:54:53 mx0 MailScanner[25733]: Read 714 hostnames from the phishing whitelist Jun 30 12:54:54 mx0 MailScanner[25733]: Using SpamAssassin results cache Jun 30 12:54:54 mx0 MailScanner[25733]: Connected to SpamAssassin cache database Jun 30 12:54:54 mx0 MailScanner[25733]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:54:56 mx0 dccproc[25737]: socket(UDP): Address family not supported by protocol Jun 30 12:54:56 mx0 MailScanner[25733]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:54:56 mx0 MailScanner[25733]: Using locktype = posix Jun 30 12:54:56 mx0 MailScanner[25733]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:54:56 mx0 MailScanner[25733]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:54:56 mx0 MailScanner[25733]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:54:56 mx0 MailScanner[25733]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:55:04 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:55:04 mx0 MailScanner[25738]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:55:04 mx0 MailScanner[25738]: Read 714 hostnames from the phishing whitelist Jun 30 12:55:05 mx0 MailScanner[25738]: Using SpamAssassin results cache Jun 30 12:55:05 mx0 MailScanner[25738]: Connected to SpamAssassin cache database Jun 30 12:55:05 mx0 MailScanner[25738]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:55:11 mx0 dccproc[25742]: socket(UDP): Address family not supported by protocol Jun 30 12:55:11 mx0 MailScanner[25738]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:55:11 mx0 MailScanner[25738]: Using locktype = posix Jun 30 12:55:11 mx0 MailScanner[25738]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:55:11 mx0 MailScanner[25738]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:55:12 mx0 MailScanner[25738]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:55:12 mx0 MailScanner[25738]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:55:15 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:55:15 mx0 MailScanner[25743]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:55:15 mx0 MailScanner[25743]: Read 714 hostnames from the phishing whitelist Jun 30 12:55:16 mx0 MailScanner[25743]: Using SpamAssassin results cache Jun 30 12:55:16 mx0 MailScanner[25743]: Connected to SpamAssassin cache database Jun 30 12:55:16 mx0 MailScanner[25743]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:55:22 mx0 dccproc[25747]: socket(UDP): Address family not supported by protocol Jun 30 12:55:22 mx0 MailScanner[25743]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:55:22 mx0 MailScanner[25743]: Using locktype = posix Jun 30 12:55:22 mx0 MailScanner[25743]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:55:22 mx0 MailScanner[25743]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:55:23 mx0 MailScanner[25743]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:55:23 mx0 MailScanner[25743]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:55:26 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:55:26 mx0 MailScanner[25748]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:55:26 mx0 MailScanner[25748]: Read 714 hostnames from the phishing whitelist Jun 30 12:55:27 mx0 MailScanner[25748]: Using SpamAssassin results cache Jun 30 12:55:27 mx0 MailScanner[25748]: Connected to SpamAssassin cache database Jun 30 12:55:27 mx0 MailScanner[25748]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:55:33 mx0 dccproc[25752]: socket(UDP): Address family not supported by protocol Jun 30 12:55:33 mx0 MailScanner[25748]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:55:33 mx0 MailScanner[25748]: Using locktype = posix Jun 30 12:55:33 mx0 MailScanner[25748]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:55:33 mx0 MailScanner[25748]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:55:34 mx0 MailScanner[25748]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:55:34 mx0 MailScanner[25748]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:55:37 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:55:37 mx0 MailScanner[25753]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:55:37 mx0 MailScanner[25753]: Read 714 hostnames from the phishing whitelist Jun 30 12:55:38 mx0 MailScanner[25753]: Using SpamAssassin results cache Jun 30 12:55:38 mx0 MailScanner[25753]: Connected to SpamAssassin cache database Jun 30 12:55:38 mx0 MailScanner[25753]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:55:41 mx0 dccproc[25757]: socket(UDP): Address family not supported by protocol Jun 30 12:55:41 mx0 MailScanner[25753]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:55:41 mx0 MailScanner[25753]: Using locktype = posix Jun 30 12:55:41 mx0 MailScanner[25753]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:55:41 mx0 MailScanner[25753]: New Batch: Scanning 2 messages, 8476568 bytes Jun 30 12:55:41 mx0 MailScanner[25753]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:55:41 mx0 MailScanner[25753]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:55:48 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:55:48 mx0 MailScanner[25760]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:55:48 mx0 MailScanner[25760]: Read 714 hostnames from the phishing whitelist Jun 30 12:55:49 mx0 MailScanner[25760]: Using SpamAssassin results cache Jun 30 12:55:49 mx0 MailScanner[25760]: Connected to SpamAssassin cache database Jun 30 12:55:49 mx0 MailScanner[25760]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:55:55 mx0 dccproc[25765]: socket(UDP): Address family not supported by protocol Jun 30 12:55:56 mx0 MailScanner[25760]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:55:56 mx0 MailScanner[25760]: Using locktype = posix Jun 30 12:55:56 mx0 MailScanner[25760]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:55:56 mx0 MailScanner[25760]: New Batch: Scanning 5 messages, 8488266 bytes Jun 30 12:55:59 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:55:59 mx0 MailScanner[25768]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:55:59 mx0 MailScanner[25768]: Read 714 hostnames from the phishing whitelist Jun 30 12:56:00 mx0 MailScanner[25768]: Using SpamAssassin results cache Jun 30 12:56:00 mx0 MailScanner[25768]: Connected to SpamAssassin cache database Jun 30 12:56:00 mx0 MailScanner[25768]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:56:01 mx0 dccproc[25771]: socket(UDP): Address family not supported by protocol Jun 30 12:56:03 mx0 dccproc[25775]: socket(UDP): Address family not supported by protocol Jun 30 12:56:03 mx0 MailScanner[25768]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:56:03 mx0 MailScanner[25768]: Using locktype = posix Jun 30 12:56:03 mx0 MailScanner[25768]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:56:06 mx0 dccproc[25776]: socket(UDP): Address family not supported by protocol Jun 30 12:56:06 mx0 MailScanner[25760]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:56:06 mx0 MailScanner[25760]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:56:07 mx0 dccproc[25779]: socket(UDP): Address family not supported by protocol Jun 30 12:56:09 mx0 MailScanner[25768]: New Batch: Scanning 5 messages, 8488266 bytes Jun 30 12:56:09 mx0 MailScanner[25768]: SpamAssassin cache hit for message 1FwIXH-0006hY-OV Jun 30 12:56:09 mx0 MailScanner[25768]: SpamAssassin cache hit for message 1FwIX9-0006hS-NQ Jun 30 12:56:09 mx0 MailScanner[25768]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:56:09 mx0 MailScanner[25768]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:56:09 mx0 MailScanner[25768]: SpamAssassin cache hit for message 1FwIX9-0006hT-SX Jun 30 12:56:10 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 Jun 30 12:56:10 mx0 MailScanner[25780]: MailScanner E-Mail Virus Scanner version 4.51.5 starting... Jun 30 12:56:10 mx0 MailScanner[25780]: Read 714 hostnames from the phishing whitelist Jun 30 12:56:11 mx0 MailScanner[25780]: Using SpamAssassin results cache Jun 30 12:56:11 mx0 MailScanner[25780]: Connected to SpamAssassin cache database Jun 30 12:56:11 mx0 MailScanner[25780]: Enabling SpamAssassin auto-whitelist functionality... Jun 30 12:56:17 mx0 dccproc[25784]: socket(UDP): Address family not supported by protocol Jun 30 12:56:18 mx0 MailScanner[25780]: ClamAV scanner using unrar command /usr/bin/unrar-free Jun 30 12:56:18 mx0 MailScanner[25780]: Using locktype = posix Jun 30 12:56:18 mx0 MailScanner[25780]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 30 12:56:18 mx0 MailScanner[25780]: New Batch: Scanning 5 messages, 8488266 bytes Jun 30 12:56:18 mx0 MailScanner[25780]: SpamAssassin cache hit for message 1FwIXH-0006hY-OV Jun 30 12:56:18 mx0 MailScanner[25780]: SpamAssassin cache hit for message 1FwIX9-0006hS-NQ Jun 30 12:56:18 mx0 MailScanner[25780]: SpamAssassin cache hit for message 1FwIVI-0006gW-4J Jun 30 12:56:18 mx0 MailScanner[25780]: SpamAssassin cache hit for message 1FwIUe-0006gB-T4 Jun 30 12:56:18 mx0 MailScanner[25780]: SpamAssassin cache hit for message 1FwIX9-0006hT-SX Jun 30 12:56:21 mx0 Debian-exim: Process did not exit cleanly, returned 28 with signal 0 From nauman at worldcall.net.pk Sat Jul 1 04:14:17 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Sat Jul 1 04:14:26 2006 Subject: Best Way to Control Relaying? References: <00f001c674d3$12142770$3004010a@martinhlaptop> <014f01c674d7$d0d97260$23c051cb@noc><44634ED6.1040600@nkpanama.com> <4463510D.1080407@nkpanama.com> Message-ID: <001801c69cbc$72afb3e0$2300a8c0@noc> Hi all, Despite having this in my access fil # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY AUTH : OK * : REJECT and i can clearly see the my sendmail is compiled with AUTH options 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 15000000 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP Its still relaying mail 250 HELP Mail from:no@no.com 250 2.1.0 no@no.com... Sender ok RCPT to:no@no.com 250 2.1.5 no@no.com... Recipient ok Any idea to why is it still acting like this - where it should not !! can any one tell me - how to find out - why its doing so !! -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From mike at vesol.com Sat Jul 1 14:12:51 2006 From: mike at vesol.com (Mike Kercher) Date: Sat Jul 1 14:13:10 2006 Subject: Best Way to Control Relaying? In-Reply-To: <001801c69cbc$72afb3e0$2300a8c0@noc> Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > Hi all, > > Despite having this in my access fil > > # The /usr/share/doc/sendmail/README.cf is part of the > sendmail-doc # package. > # > # by default we allow relaying from localhost... > localhost.localdomain RELAY > localhost RELAY > AUTH : OK > * : REJECT > > and i can clearly see the my sendmail is compiled with AUTH options > > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE 15000000 > 250-AUTH LOGIN PLAIN > 250-DELIVERBY > 250 HELP > > Its still relaying mail > > 250 HELP > Mail from:no@no.com > 250 2.1.0 no@no.com... Sender ok > RCPT to:no@no.com > 250 2.1.5 no@no.com... Recipient ok > > Any idea to why is it still acting like this - where it should not !! > > can any one tell me - how to find out - why its doing so !! > > Ummm...you didn't do this test from localhost, did you? Mike From pascal.maes at elec.ucl.ac.be Sat Jul 1 14:29:38 2006 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Sat Jul 1 14:29:46 2006 Subject: use of bayes Message-ID: Hello, When I'm running "spamassassin -D < spam.txt" on the command line, I can see that bayes is used because BAYES_99 is in the report. But for all the mails which are tagged as spam by MailScanner, I don't see BAYES in the report. Any idea why ? -- Pascal From uxbod at splatnix.net Sat Jul 1 16:53:04 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Sat Jul 1 15:53:14 2006 Subject: Quarantine Directory Message-ID: <20060701155304.1a1b5d78@cyborg> Hi, Not sure exactly when this started but for some reason when the next day starts the quarantine spam directory is not automatically being created :- Jun 30 10:49:40 mailhub MailScanner[21881]: writing to /var/spool/MailScanner/quarantine/20060630/spam/555F0185BB9.191A3: No such file or directory Once I stop MailScanner, create the directory with the right perms, and restart all works fine. Anybody else seen this ? Thanks, --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Sat Jul 1 16:09:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sat Jul 1 16:08:37 2006 Subject: use of bayes In-Reply-To: Message-ID: <045101c69d20$5aa847d0$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Pascal Maes > Sent: Saturday, July 01, 2006 9:30 AM > To: mailscanner@lists.mailscanner.info > Subject: use of bayes > > Hello, > > > When I'm running "spamassassin -D < spam.txt" on the command line, I > can see that bayes is used because BAYES_99 is in the report. > > But for all the mails which are tagged as spam by MailScanner, I > don't see BAYES in the report. > > Any idea why ? > > -- > Pascal try running: spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint To use your MailScanner settings. Note that the location of your spam.assassin.prefs.conf may be different depending on the operation system you are using, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From nauman at worldcall.net.pk Sat Jul 1 19:24:01 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Sat Jul 1 19:25:37 2006 Subject: Best Way to Control Relaying? References: Message-ID: <03db01c69d3b$bb75d210$2300a8c0@noc> >> Hi all, >> >> Despite having this in my access fil >> >> # The /usr/share/doc/sendmail/README.cf is part of the >> sendmail-doc # package. >> # >> # by default we allow relaying from localhost... >> localhost.localdomain RELAY >> localhost RELAY >> AUTH : OK >> * : REJECT >> >> and i can clearly see the my sendmail is compiled with AUTH options >> >> 250-ENHANCEDSTATUSCODES >> 250-PIPELINING >> 250-8BITMIME >> 250-SIZE 15000000 >> 250-AUTH LOGIN PLAIN >> 250-DELIVERBY >> 250 HELP >> >> Its still relaying mail >> >> 250 HELP >> Mail from:no@no.com >> 250 2.1.0 no@no.com... Sender ok >> RCPT to:no@no.com >> 250 2.1.5 no@no.com... Recipient ok >> >> Any idea to why is it still acting like this - where it should not !! >> >> can any one tell me - how to find out - why its doing so !! >> >> > > > Ummm...you didn't do this test from localhost, did you? > > Mike No i telnet it on port 25 from another machine . where i could find any error abt it ? -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From glenn.steen at gmail.com Sat Jul 1 20:22:05 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jul 1 20:22:10 2006 Subject: More observations on "Mailscanner stopped delivering to outgoing queue" In-Reply-To: <44A5DBB0.4080707@1984.is> References: <44A5DBB0.4080707@1984.is> Message-ID: <223f97700607011222u3bc03d86p61ba84743db17e4a@mail.gmail.com> On 01/07/06, Mordur Ingolfsson wrote: > I apologize for not having been thorough enough in the first place, but > I have been looking better into the problem described in my previous > mail to this list under the subject ."Mailscanner stopped delivering to > outgoing queue" a few hours ago. > > Below is an excerpt from syslog. Everything is fine and messages get > nicely processed and delivered, as the first five lines indicate. Then, > at 12:53:13, something happens and Debian-exim (the exim user and the > username under which mailscanner operates) starts to complain about > something (lines in syslog excerpt below marked with"--------->" ) . And > the message gets scanned and rescanned. > > After this, nothing gets delivered. If you read further into the syslog > excerpt you will see that this messages, and messages delivered to the > host subsequently, do not get delivered. Messages are piling up on the > incoming queue and MailScanner refuses to deliver. The child processes > are zombies and I simply cannot find a way arount this. > > > Thank you, > > Mordur > (snip) > Jun 30 12:53:21 mx0 dccproc[25688]: socket(UDP): Address family not > supported by protocol (snip) > --------->Jun 30 12:53:25 mx0 Debian-exim: Process did not exit cleanly, > returned 28 with signal 0 (snip) I'm not sure the dcc error is the culprit, but... well, something exits with an error, probably "agitating" exim... you should look into that:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Sat Jul 1 20:28:48 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Jul 1 20:29:13 2006 Subject: Best Way to Control Relaying? In-Reply-To: <03db01c69d3b$bb75d210$2300a8c0@noc> References: <03db01c69d3b$bb75d210$2300a8c0@noc> Message-ID: <44A6CCF0.2050408@nkpanama.com> Muhammad Nauman wrote: > >>> Hi all, >>> >>> Despite having this in my access fil >>> >>> # The /usr/share/doc/sendmail/README.cf is part of the >>> sendmail-doc # package. >>> # >>> # by default we allow relaying from localhost... >>> localhost.localdomain RELAY >>> localhost RELAY >>> AUTH : OK >>> * : REJECT >>> > > No i telnet it on port 25 from another machine . > > where i could find any error abt it ? > > > Did you recompile the access file? Usually "make -C /etc/mail" or "makemap hash < /etc/mail/access > /etc/mail/access.db" and then restart the sendmail process (or MailScanner) should do it. I never have to use "AUTH: OK" and "*: REJECT" ... it's set up that way implicitly. From proclus at gnu-darwin.org Sat Jul 1 20:36:51 2006 From: proclus at gnu-darwin.org (proclus@gnu-darwin.org) Date: Sat Jul 1 20:37:03 2006 Subject: FOSS, Science, and Public activism Message-ID: <20060701193651.B2CC46B0FD8@gnu-darwin.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (Sorry if you get more than one copy of this message, but I felt that it was urgent to get this important info out.) The values of freedom and openness are crucial to understanding itself, so that civilization and public welfare now depend on them, as I argue below. These values may find their best expression in the free and open source software (FOSS) movement, and the foresightful example of FOSS developers should now be beneficially applied to many other disciplines in the context of a global and public Internet. It is crucial that we occasionally take time to discuss the reasons _why_ we release our source code, and this is one of those occasions. There are good reasons for the freedom and openness which are characteristics of FOSS development, reasons which should receive wider attention now that they can be readily communicated to other arenas. The consequences of doing otherwise are often catastrophic. For example, it incomprehensible that Genentech could consider withdrawing a cheap cure for blindness (ARMD) from the market. http://lists.essential.org/pipermail/random-bits/2006-june/001374.html The mechanism of this drug is public knowledge. http://sourceforge.net/mailarchive/forum.php?thread_id=14183567&forum_id=6042 This abhorrent situation is a great example of the kind of thing that will happen if people don't get behind the values of freedom and openness that we are espousing. Please let Genentech know that you find what they are doing offensive. Publicize the mechanism so that new compounds can be obtained as replacements. For the future, continued vociferous public activism is required to prevent such outrages from occurring in the future. It becomes clear that the compounds which come from common roots, fruits, and vegetables are a shared human heritage and the free and open source of the future. Tannins are another interesting case in point, because as molecules, and as anti-oxidents, they are similar to resveratrol (resV), and that molecular mechanism has been anchored to the public domain via a prior art declaration. It is a so-called CR-memetic, which may increase healthy human longevity by many decades. Here are some links about it. Resveratrol mechanism posts from GNU-Darwin list http://proclus.gnu-darwin.org/gdposts.html CR protocol for human bodies http://proclus.gnu-darwin.org/bootstrap.html Here is some important recent news about it. http://www.imminst.org/forum/index.php?s=&act=print&client=printer&f=237&t=10749 It is exciting to suppose that people can get off the pharmaceuticals that they are taking with calorie restriction or CR-memetics. I personally am trying to get off the cholesterol drug Pravachol, a statin compound, starting a few of weeks ago. Write me, and I'll let you know how it turns out. From the article... "Fontana says ... evidence of "younger" hearts in people on calorie restriction, suggest that humans on CR have the same adaptive responses as did animals whose rates of aging were slowed by CR." I think that it is time to look at the tannins in tobacco leaves. There may be other treasures lurking there too. As you may be aware there is ample public research into any possible beneficial compounds that may be obtained from tobacco leaves. The mechanisms are there waiting to be discovered. If you want to post them, just reply to me and I'd be delighted to host them. The public establishment of prior art is a time-honed method of entering inventions into the public domain. We now have other methods at our disposal as well. If you are planning to establish prior art against future CR-memetic related patents, you might want to have a look at www.creativecommons.org. Perhaps it goes without saying at this point that you should please choose a license that provides for free and broad public access to your memetic. In that way you will assure that the public health is served by anchoring them to the public common, where they cannot be exploited by those who would withhold them for their own profit. The DRM situation is precisely analogous to this. Can you imagine doing science in a world where your ability to read and write your data is filtered through secret protocols that are hidden from you? I recommend the Defective By Design campaign to fight the outrage of DRM, which is incompatible with the scientific pursuit. http://www.defectivebydesign.org/ It is clear that scientific tools must be demonstrably and penetratingly understood, or else our claims will likely be skewed and called into question. Free and open source software is a great example of how to make your science verifiable to the public. Establishing prior art against future patents is another good one, which is precisely analogous in method, making the result explicit to the public, free and open to all. Thank goodness for the free and open software movement, which gave us such a great example of how to serve the public in this manner. I am willing to grant that there are particular exceptions to these rules of freedom and openness, and such exceptions may be relatively harmless; however, let us posit the opposite, that freedom and openness are _not_ crucial to understanding. Think of the implications. When people are compelled to learn, they do not receive the intended message. It is not understood correctly or completely. When crucial facts are withheld from the people you are trying to teach they become paranoid, possibly unteachable. Freedom and openness are obviously the best approach to understanding. This is not a metaphor for the pursuit of science, but a fact. We are learning from nature, and it is ultimately required that our tools be demonstrably and penetratingly understood, or else we will receive incorrect lessons from nature. Clearly this requires public access to the source code and more. This is why many of us are pressing for public access to scientific publications. Moreover FOSS tools are becoming ever more important to the pursuit of the scientific endeavor itself. In our biophysics department we are obsolescing proprietary hardware and software in favor of open standards and free software, which is a widespread phenomenon in the science sector, and sure to continue. We build most of the workstations ourselves with commodity hardware, but we also have some clusters running Debian and FedoraCore. Some of you will know that I am the lead developer for the GNU-Darwin distribution. GNU-Darwin has a FOSS operating system, which is getting alot of press these days. Here is an example How Apple and Microsoft are advancing desktop Linux http://www.desktopLinux.com/news/ns7294331817.html I see the article as counter-productive against building a FOSS coalition that includes democracy, freedom, and public access activists, Apple, GNU-Darwin, GNU, and GNU/Linux all linked together in spectrum. It is important to alert the whole FOSS community that Darwin cannot be classified as a free or open source operation system as of the Darwin-8 revision, because AppleACPIplatform-39 which is required to boot the system is proprietary. It is notable that only the current version of Darwin from Apple is a non-free OS. GNU-Darwin has a free version, an earlier revision that includes the source code. It is FOSS, and we call upon Apple to maintain Darwin as such, as it has been in the past. We hope that the current situation with the kernel and ACPI driver will soon be remedied so that Darwin will continue as a FOSS OS. We are asking for free software developers to please write to the *nix core of Darwin, which is the core OS for both Mac OS X and GNU-Darwin OS. Darwin OS, which underlies both systems, comprises parts from GNU, the BSD's, mach, plus Apple's substantial contributions to the free software community. Be consistent with your philosophy and avoid linkage to proprietary binaries, such as OpenGL and CoreAudio, except when it is imperatively required in order to lead users to the values of software freedom. Under that principle, another reason to maintain compatibility with the *nix core, is so that your code will be readily portable to new platforms and usable by free-software-only aficionados too. GNU-Darwin OS is not an obsolete implementation of Darwin OS, or to be superseded by Mac OS X. We are trying to lead users to freedom, not away from it. By maintaining Darwin core compatibility your code will remain valuable as the marketplace and industry continues to evolve (trust me here), particularly as DRM-related problems continue to come forward. Of course, that means releasing your source code under a FOSS license, such as APSL. Darwin OS is a free and open source operating system that is not going away, so try to focus your coding towards supporting that standard instead of proprietary software. Here is the essence of the current problem with Darwin OS. Apple replaced working boot code with the following proprietary drivers, which are required for the system to boot. Darwin-7: AppleAPIC.kext/ Applei386genericplatform.kext/ Darwin-8: AppleACPIplatform In addition the kernel (xnu) has been taken proprietary in the recent revisions. We are not asking for Apple to give away such things, but rather to continue maintaining Darwin OS as FOSS, which it already was. After repeated attempts by many FOSS developers to get this situation remedied, nothing has happened. It is now time for us to better use the measures at our disposal in order to assure that Darwin OS remains free and open. If you are unhappy that xnu and the boot drivers have not been released, I would encourage you to spread your dissatisfaction to other forums, so that Apple will take notice and commit to a workable free and open Darwin OS from now on. Moving on to coalition strategy now, some of you may not know that GNU/Linux system administration is one of my day jobs. I manage a wide range of systems. Here is a screen-shot of my work desktop, so that you can see I use the same tools at work that I use at home at night on GNU-Darwin. (weekends too, so please read I am your friend) http://proclus.gnu-darwin.org/debian.html The only time that I ever use proprietary software is when I am trying to help other users learn free and open source free software. I'm a long time Apple and GNU/Linux user, and here is the old proof doc ;-}. http://proclus.tripod.com/indulge.html Now, it is embarrassing but, I want you to have a look at my cv. http://biophysics.med.jhmi.edu/love/thesis/cv6.html In all my years I have never used Microsoft Windows. There are only two exceptions to this statement, where I was helping Windows users to access our servers at Hopkins. Clearly, you can get a few things done without it ;-}. One of the primary reasons for founding GNU-Darwin was to help people to put Microsoft behind them, and it is definitely possible to do it now. You have many resources at your disposal to help you leave Microsoft behind. Look at the link below to see what you can do with free software. Apple, GNU-Darwin, GNU.org, and GNU/Linux will all help, and we are largely all helping together, because we have a shared foundation of free software. http://www.gnu-darwin.org/gdc/ Microsoft is only one example. That is why we are so insistent that Apple keep true to free and open source software principles. We should ultimately try to leave all proprietary software behind us, so that we can participate fully in the freedom and openness of the internet culture and public domain. What more do we need, when we have such a rich store of information and so many capable people at our sides? Finally, as a scientist, it is obvious to me that this situation is relevant current and ongoing discussion in the scientific community, and as such, it is also clear that many members of the various lists would be interested in the current state of Darwin with respect to FOSS and with respect to science. Here is the crucial point. The principles of FOSS and scientific inquiry converge. In practical terms, how else can you know is what happening in your experiments? Free and open source software, open standards, best promote the scientific endeavor by mirroring its method, but also they assure that the work is accessible to the public. Freedom and openness are crucial to understanding, and foundational to the scientific endeavor, and they should not be compromised. There are a few examples of exceptions, but clearly, this matter will find further debate in the appropriate forums. We should not quell debate because a few people are offended or complaining. - From a scientific perspective that would be incorrect. On that last point, I would suggest that Apple get on the right side of the debate, and they will make tremendous headway. Now is the time. Some people will find this message annoying and divisive, and the delete button is ready at hand for them, but other people will find it interesting and engaging. All as you like. Let us not quell discussion because a few people are annoyed. Some will call this a troll, but I hope that folks will see through such name-calling. Trolls are mythological creatures, so don't believe in them. Everyone has a right to have their opinion heard, even if those opinions are divisive or unpopular. It is clear that the idea of trolls is being used to attack freedom of expression. In fact, freedom of expression demands that we listen to the so-called-trolls sometimes, and if you are civil, it helps, so don't resort to name-calling. On cross-posting; when there are matters of urgent importance that affect a broad range of subscriber lists, courtesy must sometimes take a back seat, and cross-posting is an example of that. Cross-posting is to be encouraged when the subject of the post is on topic. Each of the various lists will respond in the way that seems appropriate to the people in that forum, and the threads on the various lists will diverge accordingly. As the threads diverge, the cross-posting addresses should be removed as needed. Relevance to all people is an unattainable goal, but messages of the broadest applicability should have the broadest reach, and discussion should not be stymied because some find it irrelevant. I have given this method due consideration; it is not trolling, not spam, not off-topic, and cross-posting is an example of something that is sometimes required according to the felt importance and relevance of a given subject matter. In summary, Freedom and openness are now the bedrock of our civilization and public welfare depends on these values, so that we should actively engage ourselves in preserving and making them happen. In keeping with these principles it is crucial to note that there are exceptions to etiquette, otherwise free expression will be overly channeled, damped, and ultimately suppressed in our forums. This notion of courtesy will certainly receive additional consideration, but meanwhile, let us together get to work on the activism now. Duly, I am amenable to valid criticism and able to respond, but please reply with kindness. Obviously, feel free to write back, copy, or send these comments along to anyone else as you see fit. Regards, Michael L. Love Ph.D Department of Biophysics and Biophysical Chemistry School of Medicine Johns Hopkins University 725 N. Wolfe Street Room 608B WBSB Baltimore MD 21205-2185 Interoffice Mail: 608B WBSB, SoM office: 410-614-2267 lab: 410-614-3179 fax: 410-502-6910 cell: 443-824-3451 http://www.gnu-darwin.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEpIl6u0oI3iz5oZcRAtpQAJ9X7D6kq1vmWKXkG/3LBvx3gGrK1QCZAbgI 8Ww6QABLiZtmFmS9Ekea5nI= =a0Oy -----END PGP SIGNATURE----- From arturs at netvision.net.il Sat Jul 1 21:47:51 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jul 1 20:50:05 2006 Subject: Help! [MailScanner] Message-ID: <001c01c69d4f$9ea07190$3701a8c0@lapxp> 'ps aux' shows this and mail doesn't flow: --- root 2989 0.0 0.3 9456 3364 ? Ss 22:27 0:00 sendmail: accepting connections smmsp 2999 0.0 0.2 8196 2804 ? Ss 22:27 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue root 3171 0.0 0.0 0 0 ? Z 22:30 0:00 [MailScanner] root 3172 0.0 0.0 0 0 ? Z 22:30 0:00 [MailScanner] root 3173 0.2 0.0 0 0 ? Z 22:30 0:00 [MailScanner] --- What to do? Please help! Best, -- Arthur Sherman +972-52-4878851 CPTeam From nauman at worldcall.net.pk Sat Jul 1 20:53:18 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Sat Jul 1 20:53:24 2006 Subject: Best Way to Control Relaying? References: <03db01c69d3b$bb75d210$2300a8c0@noc> <44A6CCF0.2050408@nkpanama.com> Message-ID: <040601c69d48$00cd52a0$2300a8c0@noc> > Muhammad Nauman wrote: >> >>>> Hi all, >>>> >>>> Despite having this in my access fil >>>> >>>> # The /usr/share/doc/sendmail/README.cf is part of the >>>> sendmail-doc # package. >>>> # >>>> # by default we allow relaying from localhost... >>>> localhost.localdomain RELAY >>>> localhost RELAY >>>> AUTH : OK >>>> * : REJECT >>>> >> >> No i telnet it on port 25 from another machine . >> >> where i could find any error abt it ? >> >> >> > Did you recompile the access file? Usually "make -C /etc/mail" or "makemap > hash < /etc/mail/access > /etc/mail/access.db" and then restart the > sendmail process (or MailScanner) should do it. > > I never have to use "AUTH: OK" and "*: REJECT" ... it's set up that way > implicitly. how are you controlling your RELAYING feature then ? yes i did all that -- makemap hash /etc/mail/access.db < /etc/mail/access and have restart mailscanner ( or only just sendmail ) but the output is same where as - if i do check the option in my mail client to AUTH SMPT - then it verifies and works fine the PROBLEM is - why is it not blocking those who are not AUTHORIZING !!! its like an OPEN RELAY - with out it -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From raymond at prolocation.net Sat Jul 1 20:57:54 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sat Jul 1 20:57:52 2006 Subject: Help! [MailScanner] In-Reply-To: <001c01c69d4f$9ea07190$3701a8c0@lapxp> References: <001c01c69d4f$9ea07190$3701a8c0@lapxp> Message-ID: Hi! > 'ps aux' shows this and mail doesn't flow: > --- > root 2989 0.0 0.3 9456 3364 ? Ss 22:27 0:00 sendmail: > accepting connections > smmsp 2999 0.0 0.2 8196 2804 ? Ss 22:27 0:00 sendmail: > Queue runner@01:00:00 for /var/spool/clientmqueue > root 3171 0.0 0.0 0 0 ? Z 22:30 0:00 [MailScanner] > > root 3172 0.0 0.0 0 0 ? Z 22:30 0:00 [MailScanner] > > root 3173 0.2 0.0 0 0 ? Z 22:30 0:00 [MailScanner] > > --- Please upgrade to the last beta to be sure the TNEF issue isnt troubling you. Bye, Raymond. From ms at 1984.is Sat Jul 1 21:07:15 2006 From: ms at 1984.is (Mordur Ingolfsson) Date: Sat Jul 1 21:07:20 2006 Subject: More observations on "Mailscanner stopped delivering to outgoing queue" In-Reply-To: <223f97700607011222u3bc03d86p61ba84743db17e4a@mail.gmail.com> References: <44A5DBB0.4080707@1984.is> <223f97700607011222u3bc03d86p61ba84743db17e4a@mail.gmail.com> Message-ID: <44A6D5F3.7070707@1984.is> Glenn Steen wrote: > On 01/07/06, Mordur Ingolfsson wrote: >> I apologize for not having been thorough enough in the first place, but >> I have been looking better into the problem described in my previous >> mail to this list under the subject ."Mailscanner stopped delivering to >> outgoing queue" a few hours ago. >> >> Below is an excerpt from syslog. Everything is fine and messages get >> nicely processed and delivered, as the first five lines indicate. Then, >> at 12:53:13, something happens and Debian-exim (the exim user and the >> username under which mailscanner operates) starts to complain about >> something (lines in syslog excerpt below marked with"--------->" ) . And >> the message gets scanned and rescanned. >> >> After this, nothing gets delivered. If you read further into the syslog >> excerpt you will see that this messages, and messages delivered to the >> host subsequently, do not get delivered. Messages are piling up on the >> incoming queue and MailScanner refuses to deliver. The child processes >> are zombies and I simply cannot find a way arount this. >> >> >> Thank you, >> >> Mordur >> > (snip) >> Jun 30 12:53:21 mx0 dccproc[25688]: socket(UDP): Address family not >> supported by protocol > (snip) >> --------->Jun 30 12:53:25 mx0 Debian-exim: Process did not exit cleanly, >> returned 28 with signal 0 > (snip) > > I'm not sure the dcc error is the culprit, but... well, something > exits with an error, probably "agitating" exim... you should look into > that:) > The dcc error is not the culprit. I have solved that by setting ipv6 to off in dcc config and it changed nothing. From ms at 1984.is Sat Jul 1 21:13:56 2006 From: ms at 1984.is (Mordur Ingolfsson) Date: Sat Jul 1 21:14:04 2006 Subject: Help! [MailScanner] In-Reply-To: References: <001c01c69d4f$9ea07190$3701a8c0@lapxp> Message-ID: <44A6D784.3000608@1984.is> This is exactly the same thing I experienced, as described in a mail from last night entitled "More observations on "Mailscanner stopped delivering to outgoing queue". It manifested itself exactly like this. Is this a known issue? What is this "the TNEF issue"? Mordur Raymond Dijkxhoorn wrote: > Hi! > >> 'ps aux' shows this and mail doesn't flow: >> --- >> root 2989 0.0 0.3 9456 3364 ? Ss 22:27 0:00 sendmail: >> accepting connections >> smmsp 2999 0.0 0.2 8196 2804 ? Ss 22:27 0:00 sendmail: >> Queue runner@01:00:00 for /var/spool/clientmqueue >> root 3171 0.0 0.0 0 0 ? Z 22:30 0:00 >> [MailScanner] >> >> root 3172 0.0 0.0 0 0 ? Z 22:30 0:00 >> [MailScanner] >> >> root 3173 0.2 0.0 0 0 ? Z 22:30 0:00 >> [MailScanner] >> >> --- > > Please upgrade to the last beta to be sure the TNEF issue isnt > troubling you. > > Bye, > Raymond. From raymond at prolocation.net Sat Jul 1 21:16:15 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sat Jul 1 21:16:13 2006 Subject: Help! [MailScanner] In-Reply-To: <44A6D784.3000608@1984.is> References: <001c01c69d4f$9ea07190$3701a8c0@lapxp> <44A6D784.3000608@1984.is> Message-ID: Hi! > from last night entitled "More observations on "Mailscanner stopped > delivering to outgoing queue". It manifested itself exactly like this. > Is this a known issue? What is this "the TNEF issue"? >> Please upgrade to the last beta to be sure the TNEF issue isnt >> troubling you. The is issues with TNEF in the current stabil. In the beta this is fixed. Please check if it solved the defuncts for you. For us it did. Bye, Raymond. From jrudd at ucsc.edu Sat Jul 1 21:17:32 2006 From: jrudd at ucsc.edu (John Rudd) Date: Sat Jul 1 21:18:00 2006 Subject: Best Way to Control Relaying? In-Reply-To: <040601c69d48$00cd52a0$2300a8c0@noc> References: <03db01c69d3b$bb75d210$2300a8c0@noc> <44A6CCF0.2050408@nkpanama.com> <040601c69d48$00cd52a0$2300a8c0@noc> Message-ID: On Jul 1, 2006, at 12:53 PM, Muhammad Nauman wrote: > the PROBLEM is - why is it not blocking those who are not AUTHORIZING > !!! > > its like an OPEN RELAY - with out it What's in your /et/mail/relay-domains file? From alex at nkpanama.com Sat Jul 1 21:20:01 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Jul 1 21:20:28 2006 Subject: Best Way to Control Relaying? In-Reply-To: <040601c69d48$00cd52a0$2300a8c0@noc> References: <03db01c69d3b$bb75d210$2300a8c0@noc> <44A6CCF0.2050408@nkpanama.com> <040601c69d48$00cd52a0$2300a8c0@noc> Message-ID: <44A6D8F1.1090405@nkpanama.com> > > how are you controlling your RELAYING feature then ? Well, every single sendmail instance (MailScanner-protected or not) that I've ever set up will *not* relay for anyone unless you *explicitly* tell it to, or authenticate. Why would your sendmail relay *always*? There are several things to look for: 1. /etc/mail/access - you say you've modified it - without knowing what distribution you're using, you could be modifying the wrong file. Try renaming both files (access and access.db) and see if it stops sendmail from loading. 2. /etc/relay-domains - You could be set up to relay to the domain you're using to test. 3. "relay-based-on-mx" or some other similar setting set wrong in your /etc/mail/sendmail.mc (and thus your sendmail.cf) There is *no* reason for sendmail to be relaying without AUTH. You just have to find out where exactly you've told it to relay. From dhawal at netmagicsolutions.com Sat Jul 1 21:23:17 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Jul 1 21:23:34 2006 Subject: Help! [MailScanner] In-Reply-To: <001c01c69d4f$9ea07190$3701a8c0@lapxp> References: <001c01c69d4f$9ea07190$3701a8c0@lapxp> Message-ID: <44A6D9B5.2060608@netmagicsolutions.com> Arthur Sherman wrote: > 'ps aux' shows this and mail doesn't flow: > --- > root 2989 0.0 0.3 9456 3364 ? Ss 22:27 0:00 sendmail: > accepting connections > smmsp 2999 0.0 0.2 8196 2804 ? Ss 22:27 0:00 sendmail: > Queue runner@01:00:00 for /var/spool/clientmqueue > root 3171 0.0 0.0 0 0 ? Z 22:30 0:00 [MailScanner] > > root 3172 0.0 0.0 0 0 ? Z 22:30 0:00 [MailScanner] > > root 3173 0.2 0.0 0 0 ? Z 22:30 0:00 [MailScanner] > > --- This is the intended behavio(u)r for MailScanner when restarting (every 4 hours by default).. see the "Restart Every" parameter in MailScanner.conf But, if you notice this all the time, then it could be the dreaded 'tnef' error.. You do not mention version of MS and MTA.. please post more details. - dhawal > What to do? > > Please help! > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > From nauman at worldcall.net.pk Sat Jul 1 22:01:15 2006 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Sat Jul 1 22:01:37 2006 Subject: Best Way to Control Relaying? References: <03db01c69d3b$bb75d210$2300a8c0@noc><44A6CCF0.2050408@nkpanama.com><040601c69d48$00cd52a0$2300a8c0@noc> Message-ID: <044501c69d51$8847b370$2300a8c0@noc> > > On Jul 1, 2006, at 12:53 PM, Muhammad Nauman wrote: > >> the PROBLEM is - why is it not blocking those who are not AUTHORIZING >> !!! >> >> its like an OPEN RELAY - with out it > > What's in your /et/mail/relay-domains file? > i do'nt have relay-domains file in /etc/mail/ but after some recompiling - i have managed to stop relaying mail which are out of my domain. ie ( for example : abcxyz.com) 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 15000000 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP Mail from:no@no.com 250 2.1.0 no@no.com... Sender ok RCPT to:no@no.com 550 5.7.1 no@no.com... Relaying denied. Proper authentication required. But Still it is Relaying Mails to Users with RCPT of my domain - it do'nt ask for auth from them - how can i fix it ? 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 15000000 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP Mail from:<> 250 2.1.0 <>... Sender ok RCPT To:nauman@abcxyz.com 250 2.1.5 nauman@abcxyz.com... Recipient ok data 354 Enter mail, end with "." on a line by itself . 250 2.0.0 k61KuNfU024159 Message accepted for delivery -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. From alex at nkpanama.com Sat Jul 1 22:12:59 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Jul 1 22:13:40 2006 Subject: Best Way to Control Relaying? In-Reply-To: <044501c69d51$8847b370$2300a8c0@noc> References: <03db01c69d3b$bb75d210$2300a8c0@noc><44A6CCF0.2050408@nkpanama.com><040601c69d48$00cd52a0$2300a8c0@noc> <044501c69d51$8847b370$2300a8c0@noc> Message-ID: <44A6E55B.3040206@nkpanama.com> That's not relaying. It's delivering. It's your domain. You'd expect *YOUR* server to allow delivery of messages that are, in this case, *FOR YOU*. It's expected behaviour. > But Still it is Relaying Mails to Users with RCPT of my domain - it > do'nt ask for auth from them - how can i fix it ? > > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE 15000000 > 250-AUTH LOGIN PLAIN > 250-DELIVERBY > 250 HELP > Mail from:<> > 250 2.1.0 <>... Sender ok > RCPT To:nauman@abcxyz.com > 250 2.1.5 nauman@abcxyz.com... Recipient ok > data > 354 Enter mail, end with "." on a line by itself > . > 250 2.0.0 k61KuNfU024159 Message accepted for delivery > > > > > From raymond at prolocation.net Sat Jul 1 22:13:48 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sat Jul 1 22:13:47 2006 Subject: Help! [MailScanner] In-Reply-To: <44A6D9B5.2060608@netmagicsolutions.com> References: <001c01c69d4f$9ea07190$3701a8c0@lapxp> <44A6D9B5.2060608@netmagicsolutions.com> Message-ID: Hi! >> >> --- > > This is the intended behavio(u)r for MailScanner when restarting (every 4 > hours by default).. see the "Restart Every" parameter in MailScanner.conf > > But, if you notice this all the time, then it could be the dreaded 'tnef' > error.. > > You do not mention version of MS and MTA.. please post more details. Version MTA = sendmail, thats mentioned in the logs, so is the version MailScanner, was also mentioned, in the logs, when restarting ;) Did upgrading to the latest besta help? Bye, Raymond. From arturs at netvision.net.il Sat Jul 1 23:15:31 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jul 1 22:17:47 2006 Subject: Help! [MailScanner] In-Reply-To: <44A6D9B5.2060608@netmagicsolutions.com> Message-ID: <002f01c69d5b$ddba80d0$3701a8c0@lapxp> After setting debug on: --- [root@ns1 mail]# service MailScanner start Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: In Debugging mode, not forking... no connection to syslog available - _PATH_LOG not available in syslog.h at /usr/lib/MailScanner/MailScanner/Log.pm line 152 [ OK ] --- /usr/lib/MailScanner/MailScanner/Log.pm has this on 152: Sys::Syslog::syslog($level, $_) if $_ ne ""; I don't see it starting in maillog. All I see is mata getting the mail, then it disapears somewhere. Best, -- Arthur Sherman +972-52-4878851 CPTeam > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Dhawal Doshy > Sent: Saturday, July 01, 2006 10:23 PM > To: MailScanner discussion > Subject: Re: Help! [MailScanner] > > Arthur Sherman wrote: > > 'ps aux' shows this and mail doesn't flow: > > --- > > root 2989 0.0 0.3 9456 3364 ? Ss 22:27 > 0:00 sendmail: > > accepting connections > > smmsp 2999 0.0 0.2 8196 2804 ? Ss 22:27 > 0:00 sendmail: > > Queue runner@01:00:00 for /var/spool/clientmqueue > > root 3171 0.0 0.0 0 0 ? Z 22:30 > 0:00 [MailScanner] > > > > root 3172 0.0 0.0 0 0 ? Z 22:30 > 0:00 [MailScanner] > > > > root 3173 0.2 0.0 0 0 ? Z 22:30 > 0:00 [MailScanner] > > > > --- > > This is the intended behavio(u)r for MailScanner when > restarting (every > 4 hours by default).. see the "Restart Every" parameter in > MailScanner.conf > > But, if you notice this all the time, then it could be the dreaded > 'tnef' error.. > > You do not mention version of MS and MTA.. please post more details. > > - dhawal > > > What to do? > > > > Please help! > > > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From arturs at netvision.net.il Sat Jul 1 23:44:29 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jul 1 22:46:43 2006 Subject: Help! [MailScanner] In-Reply-To: <44A6D9B5.2060608@netmagicsolutions.com> Message-ID: <003101c69d5f$e9da7560$3701a8c0@lapxp> Hi, > > root 3173 0.2 0.0 0 0 ? Z 22:30 > 0:00 [MailScanner] > > > > --- > > This is the intended behavio(u)r for MailScanner when > restarting (every > 4 hours by default).. see the "Restart Every" parameter in > MailScanner.conf But I have never seen this before when running MS... And the mail doesn't flow. > But, if you notice this all the time, then it could be the dreaded > 'tnef' error.. I have just upgraded to latest beta version 4.55.7, as Raymond suggested, to avoid TNEF error. This didn't help. > You do not mention version of MS and MTA.. please post more details. Sendmail 8.13.1 (BlueQuartz on CentOS 4.3) Standard compliant: yum etc. > - dhawal Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Sun Jul 2 00:31:32 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jul 1 23:33:46 2006 Subject: Help! [MailScanner] Message-ID: <003301c69d66$7c3ff870$3701a8c0@lapxp> After setting debug on: --- [root@ns1 mail]# service MailScanner start Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: In Debugging mode, not forking... no connection to syslog available - _PATH_LOG not available in syslog.h at /usr/lib/MailScanner/MailScanner/Log.pm line 152 [ OK ] --- /usr/lib/MailScanner/MailScanner/Log.pm has this on 152: --- Sys::Syslog::syslog($level, $_) if $_ ne ""; --- MailScanner.conf has 'mail' as syslog facility. Not sure what is wrong with this... Also, it has this in head: --- use strict; use Sys::Syslog; use Carp; use vars qw($LogType $Banner); $LogType |= 'syslog'; --- Syslog is running. When running 'MailScanner -v' : --- [root@ns1 mail]# MailScanner -v Running on Linux ns1.cpt.co.il 2.6.9-34.0.1.EL #1 Wed May 24 07:40:56 CDT 2006 i686 athlon i386 GNU/Linux This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.55.7 Module versions are: 0.16 Sys::Syslog --- I don't see MailScanner starting in maillog. All I see is MTA passing the mail, then it disapears somewhere. Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Sun Jul 2 00:43:15 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sat Jul 1 23:45:28 2006 Subject: spamassassin -D --lint: module not installed Message-ID: <003401c69d68$1f729380$3701a8c0@lapxp> [9096] dbg: diag: module not installed: Net::Ident ('require' failed) [9096] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [9096] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) How could I disable them? Best, -- Arthur Sherman +972-52-4878851 CPTeam From ms at 1984.is Sun Jul 2 00:01:14 2006 From: ms at 1984.is (Mordur Ingolfsson) Date: Sun Jul 2 00:01:23 2006 Subject: Help! [MailScanner] In-Reply-To: <003101c69d5f$e9da7560$3701a8c0@lapxp> References: <003101c69d5f$e9da7560$3701a8c0@lapxp> Message-ID: <44A6FEBA.2090903@1984.is> I had the same problem. I tried everything suggested in this thread and more, f.ex. downgrading to Debian version stable, (4.41.3-2) but that one wont even start. Not a single complaint or anything in syslog. Just nothing. Since the incoming mailqueue was filling up and nobody got their mail yesterday, I made exim deliver directly from the incoming queue and thus cleared it., but all went unscanned, of course. I have since had mailscanner working allright, it seems. There are consistently 4-5 zombie mailscanner processes now, but mail gets delivered and there are 5 normal, or "unzombied" processes waiting. It seems that whenever a batch gets scanned the mailscanner process handling int gets zombied. Is this normal? Arthur Sherman wrote: > Hi, > > >>> root 3173 0.2 0.0 0 0 ? Z 22:30 >>> >> 0:00 [MailScanner] >> >>> >>> --- >>> >> This is the intended behavio(u)r for MailScanner when >> restarting (every >> 4 hours by default).. see the "Restart Every" parameter in >> MailScanner.conf >> > > > But I have never seen this before when running MS... > And the mail doesn't flow. > > >> But, if you notice this all the time, then it could be the dreaded >> 'tnef' error.. >> > > I have just upgraded to latest beta version 4.55.7, as Raymond suggested, to > avoid TNEF error. > This didn't help. > > >> You do not mention version of MS and MTA.. please post more details. >> > > Sendmail 8.13.1 (BlueQuartz on CentOS 4.3) > Standard compliant: yum etc. > > >> - dhawal >> > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > From alex at nkpanama.com Sun Jul 2 00:27:05 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Jul 2 00:27:27 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: <003401c69d68$1f729380$3701a8c0@lapxp> References: <003401c69d68$1f729380$3701a8c0@lapxp> Message-ID: <44A704C9.2000709@nkpanama.com> Arthur Sherman wrote: > [9096] dbg: diag: module not installed: Net::Ident ('require' failed) > [9096] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) > [9096] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) > > How could I disable them? > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > Why not install them? From arturs at netvision.net.il Sun Jul 2 01:34:42 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sun Jul 2 00:36:56 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: <44A704C9.2000709@nkpanama.com> Message-ID: <003601c69d6f$4f3371a0$3701a8c0@lapxp> > Why not install them? Cause it fails. Also, most of them I simply don't need. Best, -- Arthur Sherman +972-52-4878851 CPTeam From mkettler at evi-inc.com Sun Jul 2 01:04:04 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Sun Jul 2 01:04:16 2006 Subject: use of bayes In-Reply-To: References: Message-ID: <44A70D74.90201@evi-inc.com> Pascal Maes wrote: > Hello, > > > When I'm running "spamassassin -D < spam.txt" on the command line, I can > see that bayes is used because BAYES_99 is in the report. > > But for all the mails which are tagged as spam by MailScanner, I don't > see BAYES in the report. > > Any idea why ? 99% of the time this is due to running the two tools as different users, or with different configurations. Note that it's the user RUNNING the tool, not the recipient in the To: line, that matters. Odds are the spamassassin command line uses one bayes database (the one in the current user's home-dir most likely), and mailscanner using a different bayes database. Check carefully what user your are logged in as when you do this. Also, check carefully what user your MailScanner children are running as. From glenn.steen at gmail.com Sun Jul 2 01:33:24 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jul 2 01:33:29 2006 Subject: More observations on "Mailscanner stopped delivering to outgoing queue" In-Reply-To: <44A6D5F3.7070707@1984.is> References: <44A5DBB0.4080707@1984.is> <223f97700607011222u3bc03d86p61ba84743db17e4a@mail.gmail.com> <44A6D5F3.7070707@1984.is> Message-ID: <223f97700607011733w334891b0w219736573b652c5b@mail.gmail.com> On 01/07/06, Mordur Ingolfsson wrote: > Glenn Steen wrote: > > On 01/07/06, Mordur Ingolfsson wrote: > >> I apologize for not having been thorough enough in the first place, but > >> I have been looking better into the problem described in my previous > >> mail to this list under the subject ."Mailscanner stopped delivering to > >> outgoing queue" a few hours ago. > >> > >> Below is an excerpt from syslog. Everything is fine and messages get > >> nicely processed and delivered, as the first five lines indicate. Then, > >> at 12:53:13, something happens and Debian-exim (the exim user and the > >> username under which mailscanner operates) starts to complain about > >> something (lines in syslog excerpt below marked with"--------->" ) . And > >> the message gets scanned and rescanned. > >> > >> After this, nothing gets delivered. If you read further into the syslog > >> excerpt you will see that this messages, and messages delivered to the > >> host subsequently, do not get delivered. Messages are piling up on the > >> incoming queue and MailScanner refuses to deliver. The child processes > >> are zombies and I simply cannot find a way arount this. > >> > >> > >> Thank you, > >> > >> Mordur > >> > > (snip) > >> Jun 30 12:53:21 mx0 dccproc[25688]: socket(UDP): Address family not > >> supported by protocol > > (snip) > >> --------->Jun 30 12:53:25 mx0 Debian-exim: Process did not exit cleanly, > >> returned 28 with signal 0 > > (snip) > > > > I'm not sure the dcc error is the culprit, but... well, something > > exits with an error, probably "agitating" exim... you should look into > > that:) > > > The dcc error is not the culprit. I have solved that by setting ipv6 to > off in dcc config and it changed nothing. Good. Then... what changed between working/non-working? There's nothing strange in the queue dir? Nothing simple like problem with fs? No "huge" queue files? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Sun Jul 2 01:46:03 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Jul 2 01:46:25 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: <003601c69d6f$4f3371a0$3701a8c0@lapxp> References: <003601c69d6f$4f3371a0$3701a8c0@lapxp> Message-ID: <44A7174B.1030907@nkpanama.com> Arthur Sherman wrote: >> Why not install them? >> > > > Cause it fails. > Also, most of them I simply don't need. > Sorry... :-( I just usually install everything since everything installs cleanly, and they occupy very little space, etc. In any case, maybe if you tell us where and how they fail someone can help you ... From arturs at netvision.net.il Sun Jul 2 03:11:21 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sun Jul 2 02:13:38 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: <44A7174B.1030907@nkpanama.com> Message-ID: <01d901c69d7c$d0157310$3701a8c0@lapxp> > >> Why not install them? > >> > > > > > > Cause it fails. > > Also, most of them I simply don't need. > > > > Sorry... :-( > > I just usually install everything since everything installs > cleanly, and > they occupy very little space, etc. > > In any case, maybe if you tell us where and how they fail someone can > help you ... I get this error: root@ns1 mail]# MailScanner -debug --lint no connection to syslog available - _PATH_LOG not available in syslog.h at /usr/lib/MailScanner/MailScanner/Log.pm line 152 Best, -- Arthur Sherman +972-52-4878851 CPTeam From alex at nkpanama.com Sun Jul 2 02:23:05 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Jul 2 02:23:28 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: <01d901c69d7c$d0157310$3701a8c0@lapxp> References: <01d901c69d7c$d0157310$3701a8c0@lapxp> Message-ID: <44A71FF9.8020607@nkpanama.com> Arthur Sherman wrote: > I get this error: > > root@ns1 mail]# MailScanner -debug --lint > no connection to syslog available > - _PATH_LOG not available in syslog.h at > /usr/lib/MailScanner/MailScanner/Log.pm line 152 > > Sure... but I meant when you try and install the missing modules. What's the output of MailScanner -V (if I may ask)... From arturs at netvision.net.il Sun Jul 2 03:26:10 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sun Jul 2 02:28:24 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: <44A71FF9.8020607@nkpanama.com> Message-ID: <01f101c69d7e$e201b280$3701a8c0@lapxp> > > I get this error: > > > > root@ns1 mail]# MailScanner -debug --lint > > no connection to syslog available > > - _PATH_LOG not available in syslog.h at > > /usr/lib/MailScanner/MailScanner/Log.pm line 152 > > > > > Sure... but I meant when you try and install the missing modules. > > What's the output of MailScanner -V (if I may ask)... [root@ns1 mail]# MailScanner -v Running on Linux ns1.cpt.co.il 2.6.9-34.0.1.EL #1 Wed May 24 07:40:56 CDT 2006 i686 athlon i386 GNU/Linux This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.55.7 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 0.79 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.77 Socket 1.4 Sys::Hostname::Long 0.16 Sys::Syslog 1.87 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.12 DBD::SQLite 1.51 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001003 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.25 Net::IP 0.57 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 2.62 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI Thank you. Best, -- Arthur Sherman +972-52-4878851 CPTeam From alex at nkpanama.com Sun Jul 2 02:44:16 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Jul 2 02:44:56 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: <01f101c69d7e$e201b280$3701a8c0@lapxp> References: <01f101c69d7e$e201b280$3701a8c0@lapxp> Message-ID: <44A724F0.3040100@nkpanama.com> > missing Inline > missing Mail::ClamAV > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > > Thank you. > Have you tried installing http://www.mailscanner.info/files/4/install-Clam-SA.tar.gz ? It shouldn't choke without those modules, unless you wanted to use LDAP settings, Sophos, or clamavmodule. Sorry I can't help any further... From pascal.maes at elec.ucl.ac.be Sun Jul 2 07:35:55 2006 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Sun Jul 2 07:36:08 2006 Subject: use of bayes (Matt Kettler) In-Reply-To: <200607020039.k620d0e6019892@bkserver.blacknight.ie> References: <200607020039.k620d0e6019892@bkserver.blacknight.ie> Message-ID: <894F9A5F-B12B-4EEE-A427-F0CDA9275376@elec.ucl.ac.be> > > >> Hello, >> >> >> When I'm running "spamassassin -D < spam.txt" on the command line, >> I can >> see that bayes is used because BAYES_99 is in the report. >> >> But for all the mails which are tagged as spam by MailScanner, I >> don't >> see BAYES in the report. >> >> Any idea why ? > > 99% of the time this is due to running the two tools as different > users, or with > different configurations. Note that it's the user RUNNING the tool, > not the > recipient in the To: line, that matters. > > > Odds are the spamassassin command line uses one bayes database (the > one in the > current user's home-dir most likely), and mailscanner using a > different bayes > database. > > Check carefully what user your are logged in as when you do this. > > Also, check carefully what user your MailScanner children are > running as. > Thanks, MailScanner is running as postfix and the bayes files wasn't readable. I have changed the owner of the bayes files to postfix and now it's working. -- Pascal From res at ausics.net Sun Jul 2 08:08:48 2006 From: res at ausics.net (Res) Date: Sun Jul 2 08:08:55 2006 Subject: Help! [MailScanner] In-Reply-To: <003301c69d66$7c3ff870$3701a8c0@lapxp> References: <003301c69d66$7c3ff870$3701a8c0@lapxp> Message-ID: Arthur, I suggest you downgrade sys::syslog immediately, and then you just might find it works again, possibly... This is just another reason why I wish Julian took my "dont die on syslog failure" seriously rather than following the usual fanbois who say "the bigger issue is with why syslog is dying" ERRR wrong! Thius is unrelated to why syslog dies here, but this is the same outcome cant tlak to it, go night night. On Sun, 2 Jul 2006, Arthur Sherman wrote: > After setting debug on: > --- > [root@ns1 mail]# service MailScanner start > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: In Debugging mode, not forking... > no connection to syslog available > - _PATH_LOG not available in syslog.h at > /usr/lib/MailScanner/MailScanner/Log.pm line 152 > [ OK ] > --- > > /usr/lib/MailScanner/MailScanner/Log.pm has this on 152: > --- > Sys::Syslog::syslog($level, $_) if $_ ne ""; > --- > > MailScanner.conf has 'mail' as syslog facility. > > > Not sure what is wrong with this... > > > Also, it has this in head: > --- > use strict; > use Sys::Syslog; > use Carp; > use vars qw($LogType $Banner); > > $LogType |= 'syslog'; > --- > > Syslog is running. > > When running 'MailScanner -v' : > --- > [root@ns1 mail]# MailScanner -v > Running on > Linux ns1.cpt.co.il 2.6.9-34.0.1.EL #1 Wed May 24 07:40:56 CDT 2006 i686 > athlon i386 GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.55.7 > Module versions are: > > 0.16 Sys::Syslog > > --- > > I don't see MailScanner starting in maillog. > All I see is MTA passing the mail, then it disapears somewhere. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- Cheers Res From res at ausics.net Sun Jul 2 08:11:14 2006 From: res at ausics.net (Res) Date: Sun Jul 2 08:11:18 2006 Subject: Help! [MailScanner] In-Reply-To: <44A6FEBA.2090903@1984.is> References: <003101c69d5f$e9da7560$3701a8c0@lapxp> <44A6FEBA.2090903@1984.is> Message-ID: On Sat, 1 Jul 2006, Mordur Ingolfsson wrote: > I had the same problem. I tried everything suggested in this thread and > more, f.ex. downgrading to Debian version stable, (4.41.3-2) but that > one wont even start. Not a single complaint or anything in syslog. Just > nothing. > > Since the incoming mailqueue was filling up and nobody got their mail > yesterday, Yep, not nice when your queue is several hundred K because MS cant talk to lil ol syslog, try my suggestion to Arthur in another thread, howeer youer problem comes accross as slightly different keep it at version 0.15 or lower -- Cheers Res From spamtrap71892316634 at anime.net Sun Jul 2 09:47:25 2006 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Sun Jul 2 09:47:29 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <20060701193651.B2CC46B0FD8@gnu-darwin.org> References: <20060701193651.B2CC46B0FD8@gnu-darwin.org> Message-ID: On Sat, 1 Jul 2006, proclus@gnu-darwin.org wrote: > [... massive spam deleted ...] Is this spam allowed on this list? -Dan From arturs at netvision.net.il Sun Jul 2 12:07:37 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Sun Jul 2 11:09:53 2006 Subject: syslog.h Message-ID: <003201c69dc7$bac5b650$3701a8c0@lapxp> Someone running CentOS 4.3 on x86, could you please say what is on your Line 40 /usr/include/sys/syslog.h ? Best, -- Arthur Sherman +972-52-4878851 CPTeam From dhawal at netmagicsolutions.com Sun Jul 2 11:35:09 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sun Jul 2 11:39:31 2006 Subject: syslog.h In-Reply-To: <003201c69dc7$bac5b650$3701a8c0@lapxp> References: <003201c69dc7$bac5b650$3701a8c0@lapxp> Message-ID: <20060702160509.4nm16e7hes4s8o0s@mail.netmagicsolutions.com> Quoting Arthur Sherman :> Someone running CentOS 4.3 on x86, could you please say what is on your > Line 40 /usr/include/sys/syslog.h ? > #define _PATH_LOG "/dev/log"> Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060702/37bad943/attachment.html From ryanw at falsehope.com Sun Jul 2 13:56:25 2006 From: ryanw at falsehope.com (Ryan Weaver) Date: Sun Jul 2 13:56:33 2006 Subject: syslog.h In-Reply-To: <003201c69dc7$bac5b650$3701a8c0@lapxp> Message-ID: <003101c69dd6$f082e470$6627a8c0@fryguy> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Arthur Sherman Sent: Sunday, July 02, 2006 6:08 AM To: 'MailScanner discussion' Subject: syslog.h > Someone running CentOS 4.3 on x86, could you please say what is on > your > Line 40 /usr/include/sys/syslog.h ? 40: #define _PATH_LOG "/dev/log" From steve.swaney at fsl.com Sun Jul 2 14:45:34 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun Jul 2 14:44:42 2006 Subject: syslog.h In-Reply-To: <003101c69dd6$f082e470$6627a8c0@fryguy> Message-ID: <0da701c69ddd$cb4c0d10$2901010a@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ryan Weaver > Sent: Sunday, July 02, 2006 8:56 AM > To: 'MailScanner discussion' > Subject: RE: syslog.h > > ----Original Message---- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Arthur > Sherman Sent: Sunday, July 02, 2006 6:08 AM To: 'MailScanner discussion' > Subject: syslog.h > > > Someone running CentOS 4.3 on x86, could you please say what is on > > your > > Line 40 /usr/include/sys/syslog.h ? > > 40: #define _PATH_LOG "/dev/log" > Line 40: #define _PATH_LOG "/dev/log" Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From joni at connect.fi Sun Jul 2 19:04:27 2006 From: joni at connect.fi (Joni =?iso-8859-1?b?QuRja2x1bmQ=?=) Date: Sun Jul 2 19:04:34 2006 Subject: MailScanner + Spamassassin 3.13 autolearn not working ! Message-ID: <20060702210427.0cd8sjyksgocssgg@webmail.connect.fi> Hello Friends ! I have been running SA for years with mailscanner and some virus scanning software on our mail linux fedora server. This server now runs FC5 and I found out some two weeks ago that bayes database was somehow corrupted so I did go for fresh mysql bayes database and learned some thousands of saved ham and spam messages. Everything seems to be on order now and I see bayes hits on maillog as usual. The problems seems to be that SA never does autolearn even the spam value is very high ( like 15 or so ). So the bayes data stays permanent if I do not train some messages manually by sa-learn. I have tested also the system so that I used the normal bayes DB on /var/spool/spamassassin instead of mysql with same bayes data ! Same behavior ! I never see on the maillog the autolearn=spam ham or disabled. No autolearn markings at all ! The Autolearn module is loaded and everything else seems to be running ok. The same happens with autowhitelist. No entries are made to auto-whitelist ! That seems strange. The autowhitelist file itself is at /var/spool/spamassassin but its allways same size and does not grow ! Im running spamassassin 3.1.3 perl-5.8.8 mailscanner-4.55.7-1 and here are some lines from spam.assassin.prefs.conf that mailscanner uses with SA. # # JKF 28/04/2003 # The following settings has been pretty much superceded by the "Advanced # SpamAssassin Settings" in MailScanner.conf. # # JKF 26/03/2003 # If your root filesystem is filling up because SpamAssassin is putting # large databases in /.spamassassin or /root/.spamassassin, you can move # them using the following lines to point to their new locations. # The last part of the path is not a directory name, but actually the # start of the filenames. So with the settings below, the Bayes files will # be created as /var/spool/spamassassin/bayes_msgcount, etc. # auto_whitelist_path /var/spool/spamassassin/auto-whitelist auto_whitelist_file_mode 0600 use_auto_whitelist 1 #bayes_path /var/spool/spamassassin/bayes #bayes_file_mode 0600 bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:sa_bayes:localhost bayes_sql_username XXXX bayes_sql_password XXXXX bayes_sql_override_username XXXX # Most people don't use NFS-shared Bayes databases # so this is added for SpamAssassin 3 lock_method flock required_hits 4.5 bayes_auto_learn_threshold_spam 8.0 bayes_auto_learn 1 score BAYES_99 0 0 4.070 3.601 # Most people don't use NFS-shared Bayes databases # so this is added for SpamAssassin 3 lock_method flock The spamassassin -D --lint works without any problems and all required modules are loaded ! Are there some undocumented changes in autolearn behavior with mailscanner ? here is sa-learn --dump magic output 0.000 0 3 0 non-token data: bayes db version 0.000 0 5486 0 non-token data: nspam 0.000 0 7142 0 non-token data: nham 0.000 0 187972 0 non-token data: ntokens 0.000 0 1036499585 0 non-token data: oldest atime 0.000 0 1151841259 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 1151833489 0 non-token data: last expiry atime 0.000 0 22118400 0 non-token data: last expire atime delta 0.000 0 16694 0 non-token data: last expire reduction count So I just do not understand what is going wrong there as the SA with mailscanner system has been workin for years and autolearn etc. has been working nicely too ! Joni -- Joni B?cklund, Tel +358400665775, FAX +35898042007 Email: joni@connect.fi, oh2njr@sral.fi Amateur packet radio AX25: oh2njr@oh2rbj.fin.eu Some kind of Homepage: http://www.connect.fi/joni " The Choice of a GNU generation: SuSE Linux 10.1 " ------------------------------------------------------------------------------- This mail sent through Connect Services WebMail : https://webmail.connect.fi From alex at nkpanama.com Sun Jul 2 22:46:48 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Jul 2 22:47:30 2006 Subject: Help! [MailScanner] In-Reply-To: References: <003101c69d5f$e9da7560$3701a8c0@lapxp> <44A6FEBA.2090903@1984.is> Message-ID: <44A83EC8.1000206@nkpanama.com> Res wrote: > On Sat, 1 Jul 2006, Mordur Ingolfsson wrote: > >> I had the same problem. I tried everything suggested in this thread and >> more, f.ex. downgrading to Debian version stable, (4.41.3-2) but that >> one wont even start. Not a single complaint or anything in syslog. Just >> nothing. >> >> Since the incoming mailqueue was filling up and nobody got their mail >> yesterday, > > Yep, not nice when your queue is several hundred K because MS cant > talk to lil ol syslog, try my suggestion to Arthur in another thread, > howeer youer problem comes accross as slightly different keep it at > version 0.15 or lower > > Any good info/pointers/howtos on downgrading/uninstalling perl modules, for the faint of heart (or otherwise caffeine deprived)? From alex at nkpanama.com Sun Jul 2 22:48:08 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Jul 2 22:48:26 2006 Subject: syslog.h In-Reply-To: <003201c69dc7$bac5b650$3701a8c0@lapxp> References: <003201c69dc7$bac5b650$3701a8c0@lapxp> Message-ID: <44A83F18.8050504@nkpanama.com> Arthur Sherman wrote: > Someone running CentOS 4.3 on x86, could you please say what is on your > Line 40 /usr/include/sys/syslog.h ? #define _PATH_LOG "/dev/log" From alex at nkpanama.com Sun Jul 2 22:48:56 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Jul 2 22:49:17 2006 Subject: MailScanner + Spamassassin 3.13 autolearn not working ! In-Reply-To: <20060702210427.0cd8sjyksgocssgg@webmail.connect.fi> References: <20060702210427.0cd8sjyksgocssgg@webmail.connect.fi> Message-ID: <44A83F48.9060407@nkpanama.com> Have you looked at mailscanner.cf? Joni B?cklund wrote: > > Hello Friends ! > > I have been running SA for years with mailscanner and some virus > scanning software on our > mail linux fedora server. This server now runs FC5 and I found out > some two weeks ago > that bayes database was somehow corrupted so I did go for > fresh mysql bayes database and learned some thousands of saved ham and > spam messages. > Everything seems to be on order now and I see bayes hits on maillog > as usual. > > The problems seems to be that SA never does autolearn even the spam > value is very high ( > like 15 or so ). So the bayes data stays permanent if I do not > train some messages manually by sa-learn. > > I have tested also the system so that I used the normal bayes DB on > /var/spool/spamassassin instead of mysql with same bayes data ! Same > behavior ! > > I never see on the maillog the autolearn=spam ham or disabled. No > autolearn markings at all ! The Autolearn > module is loaded and everything else seems to be running ok. The same > happens with > autowhitelist. No entries are made to auto-whitelist ! That seems > strange. The autowhitelist file itself is at /var/spool/spamassassin > but its allways same size and does not grow ! > > Im running spamassassin 3.1.3 > perl-5.8.8 > mailscanner-4.55.7-1 > > and here are some lines from spam.assassin.prefs.conf that mailscanner > uses with SA. > > > # > # JKF 28/04/2003 > # The following settings has been pretty much superceded by the "Advanced > # SpamAssassin Settings" in MailScanner.conf. > # > # JKF 26/03/2003 > # If your root filesystem is filling up because SpamAssassin is putting > # large databases in /.spamassassin or /root/.spamassassin, you can move > # them using the following lines to point to their new locations. > # The last part of the path is not a directory name, but actually the > # start of the filenames. So with the settings below, the Bayes files > will > # be created as /var/spool/spamassassin/bayes_msgcount, etc. > # > auto_whitelist_path /var/spool/spamassassin/auto-whitelist > auto_whitelist_file_mode 0600 > use_auto_whitelist 1 > #bayes_path /var/spool/spamassassin/bayes > #bayes_file_mode 0600 > bayes_store_module Mail::SpamAssassin::BayesStore::SQL > bayes_sql_dsn DBI:mysql:sa_bayes:localhost > bayes_sql_username XXXX > bayes_sql_password XXXXX > bayes_sql_override_username XXXX > > > # Most people don't use NFS-shared Bayes databases > # so this is added for SpamAssassin 3 > lock_method flock > required_hits 4.5 > bayes_auto_learn_threshold_spam 8.0 > bayes_auto_learn 1 > score BAYES_99 0 0 4.070 3.601 > > # Most people don't use NFS-shared Bayes databases > # so this is added for SpamAssassin 3 > lock_method flock > > > The spamassassin -D --lint works without any problems and all required > modules are loaded ! > > Are there some undocumented changes in autolearn behavior with > mailscanner ? > > here is sa-learn --dump magic output > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 5486 0 non-token data: nspam > 0.000 0 7142 0 non-token data: nham > 0.000 0 187972 0 non-token data: ntokens > 0.000 0 1036499585 0 non-token data: oldest atime > 0.000 0 1151841259 0 non-token data: newest atime > 0.000 0 0 0 non-token data: last journal > sync atime > 0.000 0 1151833489 0 non-token data: last expiry atime > 0.000 0 22118400 0 non-token data: last expire > atime delta > 0.000 0 16694 0 non-token data: last expire > reduction count > > > So I just do not understand what is going wrong there as the SA with > mailscanner system > has been workin for years and autolearn etc. has been working > nicely too ! > > Joni > > > -- > Joni B?cklund, Tel +358400665775, FAX +35898042007 > Email: joni@connect.fi, oh2njr@sral.fi > Amateur packet radio AX25: oh2njr@oh2rbj.fin.eu > Some kind of Homepage: http://www.connect.fi/joni > " The Choice of a GNU generation: SuSE Linux 10.1 " > > > ------------------------------------------------------------------------------- > > This mail sent through Connect Services WebMail : > https://webmail.connect.fi > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From proclus at gnu-darwin.org Mon Jul 3 01:46:06 2006 From: proclus at gnu-darwin.org (proclus@gnu-darwin.org) Date: Mon Jul 3 01:46:40 2006 Subject: FOSS, Science, and Public activism In-Reply-To: Message-ID: <20060703004607.E240F168C67@gnu-darwin.org> On 2 Jul, Dan Hollis wrote: > On Sat, 1 Jul 2006, proclus@gnu-darwin.org wrote: >> [... massive spam deleted ...] > > Is this spam allowed on this list? The topic is certainly of interest to some members of the list, relevant to the topic at hand, and clearly not spam. I am sorry to hear that you think that the message was spam. Please don't throw around the label of spam so lightly, because list members should think of other members who might find such posts interesting, and expression itself is at stake. Let's be careful with this type of accusation, which could be use to wrongly quell discussion in our forums. Regards, proclus http://www.gnu-darwin.org/ > -Dan -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060702/f5236aa6/attachment.bin From csweeney at osubucks.org Mon Jul 3 05:14:56 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Mon Jul 3 05:15:31 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <20060703004607.E240F168C67@gnu-darwin.org> References: <20060703004607.E240F168C67@gnu-darwin.org> Message-ID: <44A899C0.6010905@osubucks.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It was SPAM as it had nothing to do with supporting MailScanner. Such posting's in message groups do more harm for your cause then good. proclus@gnu-darwin.org wrote: > On 2 Jul, Dan Hollis wrote: >> On Sat, 1 Jul 2006, proclus@gnu-darwin.org wrote: >>> [... massive spam deleted ...] >> Is this spam allowed on this list? > > The topic is certainly of interest to some members of the list, relevant > to the topic at hand, and clearly not spam. I am sorry to hear that > you think that the message was spam. > > Please don't throw around the label of spam so lightly, because list > members should think of other members who might find such posts > interesting, and expression itself is at stake. Let's be careful > with this type of accusation, which could be use to wrongly quell > discussion in our forums. > > Regards, > proclus > http://www.gnu-darwin.org/ > >> -Dan > - -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEqJnAS9AMNDUYgIcRAsFiAJ0UTq9k3hBBE7OEZ+iLHbpdbVYcpACg6jsL yz0/ScPE9x2NQ5gjSxIy1f4= =IKtz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060703/16bde3f2/attachment.html From alex at nkpanama.com Mon Jul 3 05:37:14 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Jul 3 05:38:46 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44A899C0.6010905@osubucks.org> References: <20060703004607.E240F168C67@gnu-darwin.org> <44A899C0.6010905@osubucks.org> Message-ID: <44A89EFA.2030309@nkpanama.com> Sounds like running into a crowded theater and shouting "there are people playing with fire next door!" :-) Chris Sweeney wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It was SPAM as it had nothing to do with supporting MailScanner. Such > posting's in message groups do more harm for your cause then good. > > proclus@gnu-darwin.org wrote: > > On 2 Jul, Dan Hollis wrote: > > >> On Sat, 1 Jul 2006, proclus@gnu-darwin.org wrote: > > >>> [... massive spam deleted ...] > > >> Is this spam allowed on this list? > > > > > > The topic is certainly of interest to some members of the list, > relevant > > > to the topic at hand, and clearly not spam. I am sorry to hear > that > > > you think that the message was spam. > > > > > > Please don't throw around the label of spam so lightly, because > list > > > members should think of other members who might find such posts > > > interesting, and expression itself is at stake. Let's be careful > > > with this type of accusation, which could be use to wrongly quell > > > discussion in our forums. > > > > > > Regards, > > > proclus > > > http://www.gnu-darwin.org/ > > > > > >> -Dan > > > > > - -- > Thanks Chris > > Check me out! > Finally setup a MySpace.com account http://www.osubucks.net > > csweeney@osubucks.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEqJnAS9AMNDUYgIcRAsFiAJ0UTq9k3hBBE7OEZ+iLHbpdbVYcpACg6jsL > yz0/ScPE9x2NQ5gjSxIy1f4= > =IKtz > -----END PGP SIGNATURE----- > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. From joni at connect.fi Mon Jul 3 05:50:21 2006 From: joni at connect.fi (Joni =?iso-8859-1?b?QuRja2x1bmQ=?=) Date: Mon Jul 3 05:50:26 2006 Subject: MailScanner + Spamassassin 3.13 autolearn not working ! In-Reply-To: <44A83F48.9060407@nkpanama.com> References: <20060702210427.0cd8sjyksgocssgg@webmail.connect.fi> <44A83F48.9060407@nkpanama.com> Message-ID: <20060703075021.l4k9n99z8gocwgsw@webmail.connect.fi> the mailscanner.cf is a symbolic link to spam.assassin.pfres.conf lrwxrwxrwx 1 root root 41 Jul 2 11:25 mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf Joni Quoting Alex Neuman van der Hans : > Have you looked at mailscanner.cf? > > Joni B?cklund wrote: >> >> Hello Friends ! >> >> I have been running SA for years with mailscanner and some virus >> scanning software on our >> mail linux fedora server. This server now runs FC5 and I found out >> some two weeks ago >> that bayes database was somehow corrupted so I did go for >> fresh mysql bayes database and learned some thousands of saved ham >> and spam messages. >> Everything seems to be on order now and I see bayes hits on maillog >> as usual. >> >> The problems seems to be that SA never does autolearn even the spam >> value is very high ( >> like 15 or so ). So the bayes data stays permanent if I do not >> train some messages manually by sa-learn. >> >> I have tested also the system so that I used the normal bayes DB on >> /var/spool/spamassassin instead of mysql with same bayes data ! >> Same behavior ! >> >> I never see on the maillog the autolearn=spam ham or disabled. No >> autolearn markings at all ! The Autolearn >> module is loaded and everything else seems to be running ok. The >> same happens with >> autowhitelist. No entries are made to auto-whitelist ! That seems >> strange. The autowhitelist file itself is at >> /var/spool/spamassassin but its allways same size and does not grow ! >> >> Im running spamassassin 3.1.3 >> perl-5.8.8 >> mailscanner-4.55.7-1 >> >> and here are some lines from spam.assassin.prefs.conf that >> mailscanner uses with SA. >> >> >> # >> # JKF 28/04/2003 >> # The following settings has been pretty much superceded by the "Advanced >> # SpamAssassin Settings" in MailScanner.conf. >> # >> # JKF 26/03/2003 >> # If your root filesystem is filling up because SpamAssassin is putting >> # large databases in /.spamassassin or /root/.spamassassin, you can move >> # them using the following lines to point to their new locations. >> # The last part of the path is not a directory name, but actually the >> # start of the filenames. So with the settings below, the Bayes files will >> # be created as /var/spool/spamassassin/bayes_msgcount, etc. >> # >> auto_whitelist_path /var/spool/spamassassin/auto-whitelist >> auto_whitelist_file_mode 0600 >> use_auto_whitelist 1 >> #bayes_path /var/spool/spamassassin/bayes >> #bayes_file_mode 0600 >> bayes_store_module Mail::SpamAssassin::BayesStore::SQL >> bayes_sql_dsn DBI:mysql:sa_bayes:localhost >> bayes_sql_username XXXX >> bayes_sql_password XXXXX >> bayes_sql_override_username XXXX >> >> >> # Most people don't use NFS-shared Bayes databases >> # so this is added for SpamAssassin 3 >> lock_method flock >> required_hits 4.5 >> bayes_auto_learn_threshold_spam 8.0 >> bayes_auto_learn 1 >> score BAYES_99 0 0 4.070 3.601 >> >> # Most people don't use NFS-shared Bayes databases >> # so this is added for SpamAssassin 3 >> lock_method flock >> >> >> The spamassassin -D --lint works without any problems and all >> required modules are loaded ! >> >> Are there some undocumented changes in autolearn behavior with mailscanner ? >> >> here is sa-learn --dump magic output >> 0.000 0 3 0 non-token data: bayes db version >> 0.000 0 5486 0 non-token data: nspam >> 0.000 0 7142 0 non-token data: nham >> 0.000 0 187972 0 non-token data: ntokens >> 0.000 0 1036499585 0 non-token data: oldest atime >> 0.000 0 1151841259 0 non-token data: newest atime >> 0.000 0 0 0 non-token data: last >> journal sync atime >> 0.000 0 1151833489 0 non-token data: last expiry atime >> 0.000 0 22118400 0 non-token data: last expire >> atime delta >> 0.000 0 16694 0 non-token data: last expire >> reduction count >> >> >> So I just do not understand what is going wrong there as the SA >> with mailscanner system >> has been workin for years and autolearn etc. has been working >> nicely too ! >> >> Joni >> >> >> -- >> Joni B?cklund, Tel +358400665775, FAX +35898042007 >> Email: joni@connect.fi, oh2njr@sral.fi >> Amateur packet radio AX25: oh2njr@oh2rbj.fin.eu >> Some kind of Homepage: http://www.connect.fi/joni >> " The Choice of a GNU generation: SuSE Linux 10.1 " >> >> >> ------------------------------------------------------------------------------- This mail sent through Connect Services WebMail : >> https://webmail.connect.fi >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Joni B?cklund, Tel +358400665775, FAX +35898042007 Email: joni@connect.fi, oh2njr@sral.fi Amateur packet radio AX25: oh2njr@oh2rbj.fin.eu Some kind of Homepage: http://www.connect.fi/joni " The Choice of a GNU generation: SuSE Linux 10.1 " ------------------------------------------------------------------------------- This mail sent through Connect Services WebMail : https://webmail.connect.fi From res at ausics.net Mon Jul 3 11:48:48 2006 From: res at ausics.net (Res) Date: Mon Jul 3 11:48:57 2006 Subject: Help! [MailScanner] In-Reply-To: <44A83EC8.1000206@nkpanama.com> References: <003101c69d5f$e9da7560$3701a8c0@lapxp> <44A6FEBA.2090903@1984.is> <44A83EC8.1000206@nkpanama.com> Message-ID: On Sun, 2 Jul 2006, Alex Neuman van der Hans wrote: > Res wrote: >> On Sat, 1 Jul 2006, Mordur Ingolfsson wrote: >> >>> I had the same problem. I tried everything suggested in this thread and >>> more, f.ex. downgrading to Debian version stable, (4.41.3-2) but that >>> one wont even start. Not a single complaint or anything in syslog. Just >>> nothing. >>> >>> Since the incoming mailqueue was filling up and nobody got their mail >>> yesterday, >> >> Yep, not nice when your queue is several hundred K because MS cant talk to >> lil ol syslog, try my suggestion to Arthur in another thread, howeer youer >> problem comes accross as slightly different keep it at version 0.15 or >> lower >> >> > Any good info/pointers/howtos on downgrading/uninstalling perl modules, for > the faint of heart (or otherwise caffeine deprived)? grab the 0.15 version of sys::syslog and install it, it will over write the later version perl Makefile.PL && make && make install > -- Cheers Res From res at ausics.net Mon Jul 3 11:49:57 2006 From: res at ausics.net (Res) Date: Mon Jul 3 11:50:03 2006 Subject: syslog.h In-Reply-To: <003201c69dc7$bac5b650$3701a8c0@lapxp> References: <003201c69dc7$bac5b650$3701a8c0@lapxp> Message-ID: On Sun, 2 Jul 2006, Arthur Sherman wrote: > Someone running CentOS 4.3 on x86, could you please say what is on your > Line 40 /usr/include/sys/syslog.h ? Arthur, do not tamper with this file, it is sys::syslog at fault -- Cheers Res From arturs at netvision.net.il Mon Jul 3 16:12:15 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Jul 3 15:14:32 2006 Subject: Help! [MailScanner] In-Reply-To: Message-ID: <01b801c69eb3$11894060$3701a8c0@lapxp> > >>> I had the same problem. I tried everything suggested in > this thread and > >>> more, f.ex. downgrading to Debian version stable, > (4.41.3-2) but that > >>> one wont even start. Not a single complaint or anything > in syslog. Just > >>> nothing. > >>> > >>> Since the incoming mailqueue was filling up and nobody > got their mail > >>> yesterday, > >> > >> Yep, not nice when your queue is several hundred K because > MS cant talk to > >> lil ol syslog, try my suggestion to Arthur in another > thread, howeer youer > >> problem comes accross as slightly different keep it at > version 0.15 or > >> lower > >> > >> > > Any good info/pointers/howtos on downgrading/uninstalling > perl modules, for > > the faint of heart (or otherwise caffeine deprived)? > > > grab the 0.15 version of sys::syslog and install it, it will > over write > the later version > > perl Makefile.PL && make && make install I didn't need to downgrade it. The only problem I had was uncommented path to log in sysconfig.h Since the fix, MS is up again. Thank you Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Mon Jul 3 16:13:09 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Jul 3 15:15:30 2006 Subject: syslog.h In-Reply-To: Message-ID: <01b901c69eb3$31f4a8d0$3701a8c0@lapxp> > > Someone running CentOS 4.3 on x86, could you please say > what is on your > > Line 40 /usr/include/sys/syslog.h ? > > Arthur, do not tamper with this file, it is sys::syslog at fault Learned this hard way... :) Thanks a lot. Best, -- Arthur Sherman +972-52-4878851 CPTeam From r.curtis at ywcaelpaso.org Mon Jul 3 16:17:00 2006 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Mon Jul 3 16:18:13 2006 Subject: MailScanner -debug errors Message-ID: > Curtis, Roger wrote: > >> OK, I looked in the directories that the document listed but still > >> nothing. I will try to scour the machine using recursive grep until I > >> find those config lines. Thanks. > > > > I grepped everywhere and no file came up with a razor1 option. So, I am > > stumped! Where is MailScanner -debug getting a config file that has the > > use_razor1 option? > > Check if you have an "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" > file. If you do, that entry should be near the bottom. > > I'm too new to MS to know much more than where to find the entries but I > hope this helps. Jeff, That was where those options were. Thanks! Still getting a couple other errors when using MailScanner -debug, related to MCP. When I turn MCP off, everything looks fine. If I comment out all options in mcp.spam.assassin.prefs.conf, I no longer get the error about parsing the use_XXX, but I still get these: [15749] dbg: message: ---- MIME PARSER END ---- [15749] dbg: dns: is Net::DNS::Resolver available? yes [15749] dbg: dns: Net::DNS version: 0.57 Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1009. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1011. [15749] dbg: config: read_scoreonly_config: cannot open "": No such file or directory Anybody else getting this type of error/warning when using MCP with MS 4.54.6? From steve.swaney at fsl.com Mon Jul 3 17:19:30 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Jul 3 17:18:40 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.88.3 Message-ID: <003101c69ebc$76f1b4b0$287ba8c0@office.fsl> -----Original Message----- From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli Sent: Saturday, July 01, 2006 12:38 PM To: ClamAV Announce Subject: [Clamav-announce] announcing ClamAV 0.88.3 Dear ClamAV users, release 0.88.3 is available for download. This version fixes handling of large binhex files and multiple alternatives in virus signatures. -- The ClamAV team (http://www.clamav.net/team.html) -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce I don't this I've seen this posted to the list yet. Sorry if it's a dupe. We've installed on several systems with no problems. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From martinh at solid-state-logic.com Mon Jul 3 17:24:08 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jul 3 17:24:20 2006 Subject: [Clamav-announce] announcing ClamAV 0.88.3 In-Reply-To: <003101c69ebc$76f1b4b0$287ba8c0@office.fsl> Message-ID: <000001c69ebd$1c572ac0$3004010a@martinhlaptop> Already running it for over 8 hours - no problems so far -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney > Sent: 03 July 2006 17:20 > To: 'MailScanner discussion' > Subject: FW: [Clamav-announce] announcing ClamAV 0.88.3 > > > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca > Gibelli > Sent: Saturday, July 01, 2006 12:38 PM > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.88.3 > > > Dear ClamAV users, > > > release 0.88.3 is available for download. > > This version fixes handling of large binhex files and multiple > alternatives > in > virus signatures. > > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit > [Tel] +44 2081239239 [Fax] +39 0187015046 [IM] nervous/jabber.linux.it > PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce > > I don't this I've seen this posted to the list yet. Sorry if it's a dupe. > We've installed on several systems with no problems. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jaearick at colby.edu Mon Jul 3 18:52:39 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Jul 3 18:54:47 2006 Subject: DCC config and SA lint complaints Message-ID: Gang, I googled for this one, lots of people ask, no answer found... I have the following in my spam.assassin.prefs.conf file, because I install DCC in /opt/dcc: dcc_path /opt/dcc/bin/dccproc dcc_home /opt/dcc If these two lines are there, spamassassin --lint chokes: /opt/perl5/bin/spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint [12758] warn: config: failed to parse line, skipping: dcc_path /opt/dcc/bin/dccproc [12758] warn: config: failed to parse line, skipping: dcc_home /opt/dcc [12758] warn: lint: 2 issues detected, please rerun with debug enabled for more information If the lines are not there, then DCC does not get used. I did a workaround by creating a symlink in /usr/bin for dccproc. The problem with this is that SA redirects its message output to dccproc instead of using the dccifd daemon (because SA can't find the dccifd socket if dcc_home is not specified). How do I use the two dcc specifiers for Mail::SpamAssassin::Plugin::DCC (see http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.1/lib/Mail/SpamAssassin/Plugin/DCC.pm) without having SA lint complain??? I ran into this when I installed Rules Du Jour today. Rules Du Jour won't work if SA doesn't pass the lint test. Aaaarrgh. Jeff Earickson Colby College From ssilva at sgvwater.com Mon Jul 3 20:05:21 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 3 20:05:35 2006 Subject: Quarantine Directory In-Reply-To: <20060701155304.1a1b5d78@cyborg> References: <20060701155304.1a1b5d78@cyborg> Message-ID: --[UxBoD]-- spake the following on 7/1/2006 8:53 AM: > Hi, > > Not sure exactly when this started but for some reason when the next day starts the quarantine spam directory is not automatically being created :- > > Jun 30 10:49:40 mailhub MailScanner[21881]: writing to /var/spool/MailScanner/quarantine/20060630/spam/555F0185BB9.191A3: No such file or directory > > Once I stop MailScanner, create the directory with the right perms, and restart all works fine. Anybody else seen this ? > > Thanks, Is the nonspam directory getting created? If not, look at the quarantine dir permissions, and follow all the way to root. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jul 3 20:09:33 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 3 20:10:12 2006 Subject: Best Way to Control Relaying? In-Reply-To: <040601c69d48$00cd52a0$2300a8c0@noc> References: <03db01c69d3b$bb75d210$2300a8c0@noc> <44A6CCF0.2050408@nkpanama.com> <040601c69d48$00cd52a0$2300a8c0@noc> Message-ID: Muhammad Nauman spake the following on 7/1/2006 12:53 PM: > >> Muhammad Nauman wrote: >>> >>>>> Hi all, >>>>> >>>>> Despite having this in my access fil >>>>> >>>>> # The /usr/share/doc/sendmail/README.cf is part of the >>>>> sendmail-doc # package. >>>>> # >>>>> # by default we allow relaying from localhost... >>>>> localhost.localdomain RELAY >>>>> localhost RELAY >>>>> AUTH : OK >>>>> * : REJECT >>>>> >>> >>> No i telnet it on port 25 from another machine . >>> >>> where i could find any error abt it ? >>> >>> >>> >> Did you recompile the access file? Usually "make -C /etc/mail" or >> "makemap hash < /etc/mail/access > /etc/mail/access.db" and then >> restart the sendmail process (or MailScanner) should do it. >> >> I never have to use "AUTH: OK" and "*: REJECT" ... it's set up that >> way implicitly. > > how are you controlling your RELAYING feature then ? > > yes i did all that -- > makemap hash /etc/mail/access.db < /etc/mail/access > > and have restart mailscanner ( or only just sendmail ) but the output is > same > > where as - if i do check the option in my mail client to AUTH SMPT - > then it verifies and works fine > > the PROBLEM is - why is it not blocking those who are not AUTHORIZING !!! > > its like an OPEN RELAY - with out it > You stated above that you restarted sendmail, but sendmail should not be started by itself. It should be stopped from starting in any init scripts, and MailScanner will start it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jul 3 20:23:37 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 3 20:24:06 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: <01f101c69d7e$e201b280$3701a8c0@lapxp> References: <44A71FF9.8020607@nkpanama.com> <01f101c69d7e$e201b280$3701a8c0@lapxp> Message-ID: Arthur Sherman spake the following on 7/1/2006 7:26 PM: >>> I get this error: >>> >>> root@ns1 mail]# MailScanner -debug --lint >>> no connection to syslog available >>> - _PATH_LOG not available in syslog.h at >>> /usr/lib/MailScanner/MailScanner/Log.pm line 152 >>> >>> >> Sure... but I meant when you try and install the missing modules. >> >> What's the output of MailScanner -V (if I may ask)... > > > [root@ns1 mail]# MailScanner -v > Running on > Linux ns1.cpt.co.il 2.6.9-34.0.1.EL #1 Wed May 24 07:40:56 CDT 2006 i686 > athlon i386 GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.55.7 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 0.79 Filesys::Df > 1.35 HTML::Entities > 3.54 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 1.74 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.77 Socket > 1.4 Sys::Hostname::Long > 0.16 Sys::Syslog > 1.87 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.809 DB_File > 1.12 DBD::SQLite > 1.51 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001003 Mail::SpamAssassin > 1.999001 Mail::SPF::Query > 0.20 Net::CIDR::Lite > 1.25 Net::IP > 0.57 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 2.62 Test::Harness > 0.62 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > Thank you. > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > In my install of CentOS 4.3 Sys::Syslog is only at 0.08. Maybe this newer version is causing your syslog problems. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From arturs at netvision.net.il Mon Jul 3 21:46:54 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Jul 3 20:49:12 2006 Subject: spamassassin -D --lint: module not installed In-Reply-To: Message-ID: <01e701c69ee1$d1592b70$3701a8c0@lapxp> > >>> I get this error: > >>> > >>> root@ns1 mail]# MailScanner -debug --lint > >>> no connection to syslog available > >>> - _PATH_LOG not available in syslog.h at > >>> /usr/lib/MailScanner/MailScanner/Log.pm line 152 > >>> > >>> > >> Sure... but I meant when you try and install the missing modules. > >> > >> What's the output of MailScanner -V (if I may ask)... > > > > > > [root@ns1 mail]# MailScanner -v > > Running on > > Linux ns1.cpt.co.il 2.6.9-34.0.1.EL #1 Wed May 24 07:40:56 > CDT 2006 i686 > > athlon i386 GNU/Linux > > This is CentOS release 4.3 (Final) > > This is Perl version 5.008005 (5.8.5) > > > > This is MailScanner version 4.55.7 > > Module versions are: > > 1.00 AnyDBM_File > > 1.16 Archive::Zip > > 1.03 Carp > > 1.119 Convert::BinHex > > 1.00 DirHandle > > 1.05 Fcntl > > 2.73 File::Basename > > 2.08 File::Copy > > 2.01 FileHandle > > 1.06 File::Path > > 0.16 File::Temp > > 0.79 Filesys::Df > > 1.35 HTML::Entities > > 3.54 HTML::Parser > > 2.37 HTML::TokeParser > > 1.23 IO > > 1.14 IO::File > > 1.13 IO::Pipe > > 1.74 Mail::Header > > 3.05 MIME::Base64 > > 5.420 MIME::Decoder > > 5.420 MIME::Decoder::UU > > 5.420 MIME::Head > > 5.420 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.420 MIME::Tools > > 0.11 Net::CIDR > > 1.08 POSIX > > 1.77 Socket > > 1.4 Sys::Hostname::Long > > 0.16 Sys::Syslog > > 1.87 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 0.17 Convert::TNEF > > 1.809 DB_File > > 1.12 DBD::SQLite > > 1.51 DBI > > 1.15 Digest > > 1.01 Digest::HMAC > > 2.36 Digest::MD5 > > 2.11 Digest::SHA1 > > missing Inline > > missing Mail::ClamAV > > 3.001003 Mail::SpamAssassin > > 1.999001 Mail::SPF::Query > > 0.20 Net::CIDR::Lite > > 1.25 Net::IP > > 0.57 Net::DNS > > missing Net::LDAP > > missing Parse::RecDescent > > missing SAVI > > 2.62 Test::Harness > > 0.62 Test::Simple > > 1.95 Text::Balanced > > 1.35 URI > > > > Thank you. > > > > > > Best, > > > > -- > > Arthur Sherman > > > > +972-52-4878851 > > CPTeam > > > In my install of CentOS 4.3 Sys::Syslog is only at 0.08. > Maybe this newer > version is causing your syslog problems. No, it was a log path in syslog.h Best, -- Arthur Sherman +972-52-4878851 CPTeam From alex at nkpanama.com Mon Jul 3 21:05:18 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Jul 3 21:07:05 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.88.3 In-Reply-To: <003101c69ebc$76f1b4b0$287ba8c0@office.fsl> References: <003101c69ebc$76f1b4b0$287ba8c0@office.fsl> Message-ID: <44A9787E.8070303@nkpanama.com> Running it on all servers since it came out. No problems so far. Stephen Swaney wrote: > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net > [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf Of Luca Gibelli > Sent: Saturday, July 01, 2006 12:38 PM > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.88.3 > > > Dear ClamAV users, > > > release 0.88.3 is available for download. > > This version fixes handling of large binhex files and multiple alternatives > in > virus signatures. > > > From alex at nkpanama.com Mon Jul 3 21:08:17 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Jul 3 21:11:50 2006 Subject: Best Way to Control Relaying? In-Reply-To: References: <03db01c69d3b$bb75d210$2300a8c0@noc> <44A6CCF0.2050408@nkpanama.com> <040601c69d48$00cd52a0$2300a8c0@noc> Message-ID: <44A97931.8000105@nkpanama.com> He wrote off list to say he already finished working the problem. It's an MTA issue - not a MailScanner issue. When he said "restart sendmail" he meant "restart all the stuff that has to do with it", meaning MailScanner (and, in turn, MailScanner's sendmail instances were restarted by MailScanner itself). Basically he was trying to undo some of the configuration mistakes he had made that had turned his server into an open relay, since sendmail isn't one by default anymore. > You stated above that you restarted sendmail, but sendmail should not be > started by itself. It should be stopped from starting in any init scripts, and > MailScanner will start it. > > From ugob at camo-route.com Mon Jul 3 22:52:39 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jul 3 22:53:31 2006 Subject: DCC config and SA lint complaints In-Reply-To: References: Message-ID: Jeff A. Earickson wrote: > Gang, > > I googled for this one, lots of people ask, no answer found... > I have the following in my spam.assassin.prefs.conf file, because > I install DCC in /opt/dcc: > > dcc_path /opt/dcc/bin/dccproc > dcc_home /opt/dcc > > If these two lines are there, spamassassin --lint chokes: > > /opt/perl5/bin/spamassassin -p > /opt/MailScanner/etc/spam.assassin.prefs.conf --lint > [12758] warn: config: failed to parse line, skipping: dcc_path > /opt/dcc/bin/dccproc > [12758] warn: config: failed to parse line, skipping: dcc_home /opt/dcc > [12758] warn: lint: 2 issues detected, please rerun with debug enabled > for more information > > If the lines are not there, then DCC does not get used. > I did a workaround by creating a symlink in /usr/bin for > dccproc. The problem with this is that SA redirects its message > output to dccproc instead of using the dccifd daemon (because SA > can't find the dccifd socket if dcc_home is not specified). > > How do I use the two dcc specifiers for Mail::SpamAssassin::Plugin::DCC > (see > http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.1/lib/Mail/SpamAssassin/Plugin/DCC.pm) > without having SA lint complain??? > > I ran into this when I installed Rules Du Jour today. Rules Du Jour > won't work if SA doesn't pass the lint test. Aaaarrgh. Look at your .pre files. You probably didn't comment out the line that enables dcc. Regards, > > Jeff Earickson > Colby College From jrudd at ucsc.edu Tue Jul 4 00:00:22 2006 From: jrudd at ucsc.edu (John Rudd) Date: Tue Jul 4 00:00:52 2006 Subject: (slightly OT) Sophos question Message-ID: Can sophos sweep, and/or the sophos SAVI module, directly scan an mbox/rfc822 formatted message with MIME attachments (the way Clam AV can), or do you have to break them down into individual files and then scan? (I realize that mailscanner might be breaking them down for other reasons, such as identifying a specifically infected attachment; the reason why this is "slightly OT" is that I'm asking the more general question of whether or not sophos can do it at all, not just whether or not mailscanner uses it that way) From proclus at gnu-darwin.org Tue Jul 4 00:21:34 2006 From: proclus at gnu-darwin.org (proclus@gnu-darwin.org) Date: Tue Jul 4 00:50:42 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44A899C0.6010905@osubucks.org> Message-ID: <20060703232136.DD3A5168C88@gnu-darwin.org> On 3 Jul, Chris Sweeney wrote: > It was SPAM as it had nothing to do with supporting MailScanner. Such > posting's in message groups do more harm for your cause then good. Obviously we are in disagreement about this, as per below. >> The topic is certainly of interest to some members of the list, relevant >> to the topic at hand, and clearly not spam. I am sorry to hear that >> you think that the message was spam. >> >> Please don't throw around the label of spam so lightly, because list >> members should think of other members who might find such posts >> interesting, and expression itself is at stake. Let's be careful >> with this type of accusation, which could be use to wrongly quell >> discussion in our forums. FOSS projects need to hear this message from time to time, IMHO. Regards, proclus http://www.gnu-darwin.org/ > - -- > Thanks Chris > > Check me out! > Finally setup a MySpace.com account http://www.osubucks.net > > csweeney@osubucks.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEqJnAS9AMNDUYgIcRAsFiAJ0UTq9k3hBBE7OEZ+iLHbpdbVYcpACg6jsL > yz0/ScPE9x2NQ5gjSxIy1f4= > =IKtz > -----END PGP SIGNATURE----- > > -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060703/6f452576/attachment.bin From alex at nkpanama.com Tue Jul 4 03:22:06 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Jul 4 03:24:24 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <20060703232136.DD3A5168C88@gnu-darwin.org> References: <20060703232136.DD3A5168C88@gnu-darwin.org> Message-ID: <44A9D0CE.8070404@nkpanama.com> proclus@gnu-darwin.org wrote: > > FOSS projects need to hear this message from time to time, IMHO. > > Still, you have to acknowledge the message is arguably off topic. You could have observed better etiquette by labeling your post as "off topic", or apologizing. Insisting your point - however valid it may be - may be construed by some individuals as discourteous. Another suggestion could be to make your post short (and label it OT for off topic). Maybe 3 lines. Something like: Blablabla open source blabla FOSS blabla activism blable. For more information visit http://blabla.com/blable/bloobloo.html I just hope I don't get flamed back for a simple difference of opinion... :-) From res at ausics.net Tue Jul 4 08:19:40 2006 From: res at ausics.net (Res) Date: Tue Jul 4 08:19:47 2006 Subject: Help! [MailScanner] In-Reply-To: <01b801c69eb3$11894060$3701a8c0@lapxp> References: <01b801c69eb3$11894060$3701a8c0@lapxp> Message-ID: On Mon, 3 Jul 2006, Arthur Sherman wrote: >> grab the 0.15 version of sys::syslog and install it, it will >> over write >> the later version >> >> perl Makefile.PL && make && make install > > > I didn't need to downgrade it. > > The only problem I had was uncommented path to log in sysconfig.h > Since the fix, MS is up again. > Thats a grave concern (and i hope you meant syslog.h) since its a glibc installed file, it should never have to be touched, ever! -- Cheers Res From arturs at netvision.net.il Tue Jul 4 10:36:16 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jul 4 09:38:47 2006 Subject: Help! [MailScanner] In-Reply-To: Message-ID: <022101c69f4d$4c1c0240$3701a8c0@lapxp> > >> grab the 0.15 version of sys::syslog and install it, it will > >> over write > >> the later version > >> > >> perl Makefile.PL && make && make install > > > > > > I didn't need to downgrade it. > > > > > The only problem I had was uncommented path to log in sysconfig.h > > Since the fix, MS is up again. > > > > Thats a grave concern (and i hope you meant syslog.h) since > its a glibc > installed file, it should never have to be touched, ever! You're right, mistype. It should be syslog.h Best, -- Arthur Sherman +972-52-4878851 CPTeam From pravin.rane at gmail.com Tue Jul 4 11:39:46 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Tue Jul 4 11:39:48 2006 Subject: Problem with signature Message-ID: <13c021a90607040339o3618f44ct478d72e8f695dcfb@mail.gmail.com> I have problem in attaching signature line. I dont want signature to be added to mails coming to my domain My singnature rule file contents are as below --------------------------------------------------------------------------- To: /[\@\.]domain\.ac\.in$/ no FromOrTo: default yes --------------------------------------------------------------------------------- Now the problem is when I send mail which contain To=mydomain and CC=some external domain the signature is not getting added for both internal external mail. But if I send mail to only an external domain then the things are working properlly -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060704/166e4c12/attachment.html From martinh at solid-state-logic.com Tue Jul 4 11:52:01 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jul 4 11:52:11 2006 Subject: Problem with signature In-Reply-To: <13c021a90607040339o3618f44ct478d72e8f695dcfb@mail.gmail.com> Message-ID: <008601c69f57$e166a710$3004010a@martinhlaptop> Pravin If you have local subnet on the LAN it's best to use that.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Pravin Rane > Sent: 04 July 2006 11:40 > To: MailScanner discussion > Subject: Problem with signature > > I have problem in attaching signature line. > > I dont want signature to be added to mails coming to my domain > My singnature rule file contents are as below > -------------------------------------------------------------------------- > - > To: /[\@\.]domain\.ac\.in$/ no > FromOrTo: default yes > -------------------------------------------------------------------------- > ------- > > Now the problem is when I send mail which contain To=mydomain and CC=some > external domain the signature is not getting added for both internal > external mail. But if I send mail to only an external domain then the > things are working properlly > > -- > Regards > > Pravin ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From anders.andersson at ltkalmar.se Tue Jul 4 13:08:15 2006 From: anders.andersson at ltkalmar.se (Anders Andersson, IT) Date: Tue Jul 4 13:08:25 2006 Subject: FOSS, Science, and Public activism Message-ID: <5EBABD62DC5AC048AD8AEC3312E02D4CCD31A9@exchange03.lkl.ltkalmar.se> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Alex Neuman van der Hans > Sent: Tuesday, July 04, 2006 4:22 AM > To: MailScanner discussion > Subject: Re: FOSS, Science, and Public activism > > proclus@gnu-darwin.org wrote: > > > > FOSS projects need to hear this message from time to time, IMHO. > > > > > Still, you have to acknowledge the message is arguably off > topic. You could have observed better etiquette by labeling > your post as "off topic", or apologizing. Insisting your > point - however valid it may be - may be construed by some > individuals as discourteous. > > Another suggestion could be to make your post short (and > label it OT for off topic). Maybe 3 lines. Something like: > > Blablabla open source blabla FOSS blabla activism blable. > > For more information visit http://blabla.com/blable/bloobloo.html > > > I just hope I don't get flamed back for a simple difference > of opinion... :-) No flame back from me, I second the opinion to keep the list clean from "SPAM" > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From matt at coders.co.uk Tue Jul 4 13:19:21 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue Jul 4 13:19:09 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <5EBABD62DC5AC048AD8AEC3312E02D4CCD31A9@exchange03.lkl.ltkalmar.se> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD31A9@exchange03.lkl.ltkalmar.se> Message-ID: <44AA5CC9.7060207@coders.co.uk> Sanity check - Everyone agrees to disagree. Now - anyone know why "MailScanner is responsible for SWAP usage". ;-) matt From uxbod at splatnix.net Tue Jul 4 14:25:22 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Tue Jul 4 13:25:26 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44AA5CC9.7060207@coders.co.uk> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD31A9@exchange03.lkl.ltkalmar.se> <44AA5CC9.7060207@coders.co.uk> Message-ID: <20060704132522.3ef00736@cyborg> Matt, what version ? what rules are being used ? some stats about the system ? --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From support-lists at petdoctors.co.uk Tue Jul 4 13:39:23 2006 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Tue Jul 4 13:39:54 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44AA5CC9.7060207@coders.co.uk> Message-ID: <026301c69f66$e3ce3360$1465a8c0@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hampton Sent: Tuesday, July 04, 2006 1:19 PM To: MailScanner discussion Subject: Re: FOSS, Science, and Public activism Sanity check - Everyone agrees to disagree. Now - anyone know why "MailScanner is responsible for SWAP usage". "Because it's there" Now move along please. From martinh at solid-state-logic.com Tue Jul 4 14:20:13 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jul 4 14:20:36 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44AA5CC9.7060207@coders.co.uk> Message-ID: <00ca01c69f6c$96efa550$3004010a@martinhlaptop> Matt As you haven't enough RAM it'll use swap. Spamassassin is normally the problem here, and using quite a lot of extra rules. Normal rule of thumb is 1GB per cpu... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Hampton > Sent: 04 July 2006 13:19 > To: MailScanner discussion > Subject: Re: FOSS, Science, and Public activism > > Sanity check - Everyone agrees to disagree. > > Now - anyone know why "MailScanner is responsible for SWAP usage". > > > ;-) > > > matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From matt at coders.co.uk Tue Jul 4 14:29:36 2006 From: matt at coders.co.uk (Matt Hampton) Date: Tue Jul 4 14:29:22 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <00ca01c69f6c$96efa550$3004010a@martinhlaptop> References: <00ca01c69f6c$96efa550$3004010a@martinhlaptop> Message-ID: <44AA6D40.6070208@coders.co.uk> Martin Hepworth wrote: >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Matt Hampton >> Sent: 04 July 2006 13:19 >> To: MailScanner discussion >> Subject: Re: FOSS, Science, and Public activism >> >> Sanity check - Everyone agrees to disagree. >> >> Now - anyone know why "MailScanner is responsible for SWAP usage". >> >> >> ;-) It was a joke! Has everyone forgotten that thread? Perhaps I should have put "does MailScanner use illegal Postfix processes" or even "which is better postfix or sendmail" Going to hide under my desk now - it's too hot. matt From glauciusjunior at gmail.com Tue Jul 4 17:02:52 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Tue Jul 4 17:02:59 2006 Subject: phishing ! Message-ID: <2360d6370607040902r52aed7f5m6eadf77cf141a432@mail.gmail.com> My MailScanner logs it : Content Checks: Detected and have disarmed script tags in HTML message in OK, great But MailScanner delivers it to postfix, how can I say to MailScanner block this ?? Best Regards !! From martinh at solid-state-logic.com Tue Jul 4 17:22:23 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jul 4 17:22:49 2006 Subject: phishing ! In-Reply-To: <2360d6370607040902r52aed7f5m6eadf77cf141a432@mail.gmail.com> Message-ID: <011c01c69f86$0a165e70$3004010a@martinhlaptop> Hi Depends on what the cause of the disarming was... There are several reasons.. Look in MailScanner.conf for the "Allow Iframe " etc settings.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of glaucius junior > Sent: 04 July 2006 17:03 > To: MailScanner discussion > Subject: phishing ! > > My MailScanner logs it : > > Content Checks: Detected and have disarmed script tags in HTML message in > > OK, great > > But MailScanner delivers it to postfix, how can I say to MailScanner > block this ?? > > Best Regards !! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From proclus at gnu-darwin.org Tue Jul 4 19:19:37 2006 From: proclus at gnu-darwin.org (proclus@gnu-darwin.org) Date: Tue Jul 4 19:19:56 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44A9D0CE.8070404@nkpanama.com> Message-ID: <20060704181931.A2FA5168C72@gnu-darwin.org> On 3 Jul, Alex Neuman van der Hans wrote: > proclus@gnu-darwin.org wrote: >> >> FOSS projects need to hear this message from time to time, IMHO. >> >> > Still, you have to acknowledge the message is arguably off topic. It is only arguably off-topic, because parts of the message are germane by analogy, or examples of where the values underlying FOSS development should be pushed up into other arenas. We can help push forward that fortunate development, because as FOSS developers we are part of the reason that is happening, a positive feedback loop in which we can participate further. FOSS itself benefits from our efforts. > You > could have observed better etiquette by labeling your post as "off > topic", or apologizing. Insisting your point - however valid it may be - > may be construed by some individuals as discourteous. It is not off-topic or discourteous only because some find it arguably so, and the method was necessary in order to get this important message out to the appropriate forum, such as this one. > Another suggestion could be to make your post short (and label it OT for > off topic). Maybe 3 lines. Something like: > > Blablabla open source blabla FOSS blabla activism blable. > > For more information visit http://blabla.com/blable/bloobloo.html > > > I just hope I don't get flamed back for a simple difference of > opinion... :-) Thank you for your suggestions, but I have given the method due consideration as indicated at the end of the first post. We can agree to differ about this, if you like, and I have no desire to flame you ;-}. Regards proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060704/d6fd5958/attachment.bin From rajlinux at gmail.com Tue Jul 4 20:41:44 2006 From: rajlinux at gmail.com (Raj) Date: Tue Jul 4 20:41:46 2006 Subject: Allowing .exe's In-Reply-To: <223f97700606280358g255083a1ifac0901e2592d5be@mail.gmail.com> References: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> <912a0c6a0606270708u4f3318bcjbbcb27dad3b48aac@mail.gmail.com> <20060627141651.G8268@mikea.ath.cx> <912a0c6a0606272228r3fcbe454hdf981aecf8e9e9d3@mail.gmail.com> <223f97700606280358g255083a1ifac0901e2592d5be@mail.gmail.com> Message-ID: <912a0c6a0607041241o3048152fm1b165ca524fa44b6@mail.gmail.com> Thanks Glenn Steen But i didn't got the solution yet. i gone through wiki , but failed to understood how to allow only outgoing mails with *.exe attaxhment or Can you please send me some example how to block only incomming attachment. Any help is appreiated ... thanks..> On 6/28/06, Glenn Steen wrote: > On 28/06/06, Raj wrote: > > Can we block the extension like *.exe for only for incomming messages.. Is > > that possible on MS....??? > > > > > Explore rulesets and overloading: > http://www.mailscanner.info/MailScanner.conf.index.html#Filename%20Rules > http://www.mailscanner.info/MailScanner.conf.index.html#Filetype%20Rules > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading > > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Rajeev Sekhar ph 9822751120 From proclus at gnu-darwin.org Tue Jul 4 20:44:09 2006 From: proclus at gnu-darwin.org (proclus@gnu-darwin.org) Date: Tue Jul 4 20:44:25 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <5EBABD62DC5AC048AD8AEC3312E02D4CCD31A9@exchange03.lkl.ltkalmar.se> Message-ID: <20060704194403.5A9B6168C43@gnu-darwin.org> On 4 Jul, Anders Andersson, IT wrote: > I second the opinion to keep the list clean from > "SPAM" Clearly I am arguing that the label of spam should not be used to quell expression. As a list moderator of several lists, I know what spam is, and it is usually dealt with automatically, but that process must not exclude legitimate speech, which could quell discussion in our forums. I've seen that happen too, and it is a really a shame to see a good forum go dark. Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060704/b3c68db1/attachment.bin From proclus at gnu-darwin.org Tue Jul 4 21:03:27 2006 From: proclus at gnu-darwin.org (proclus@gnu-darwin.org) Date: Tue Jul 4 21:03:43 2006 Subject: end of thread?: FOSS, Science, and Public activism In-Reply-To: <20060704194403.5A9B6168C43@gnu-darwin.org> Message-ID: <20060704200321.CB972168C43@gnu-darwin.org> Having started this thread, I now agree that it may be time to close it. I would also try to discourage users from leaving a useful forum like MailScanner because they perceive the discussion as apparently uncivil. Sometimes the adversarial form of discourse is the only way to get to an answer, which is not necessarily uncivil, and moreover you can use the delete button to remove posts and threads that you find distasteful. Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060704/aa540cb5/attachment.bin From csweeney at osubucks.org Tue Jul 4 22:12:28 2006 From: csweeney at osubucks.org (Chris Sweeney) Date: Tue Jul 4 22:12:56 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <20060704194403.5A9B6168C43@gnu-darwin.org> References: <20060704194403.5A9B6168C43@gnu-darwin.org> Message-ID: <44AAD9BC.604@osubucks.org> Only your speech has no place here in this forum. This is a forum for supporting MailScanner and not your soap box. What you are saying is its ok to SPAM if it applies to some people. Well that makes it ok for everyone to SPAM here. Let the present of the US come here and talk about war, its ok then it applies to some people here. Let the bankers come here and post about banking problems today, that applies to most everyone here we all use banks, oh and lets not leave out the oil company's, they deserve a place here to post why they think they are not taking us to the cleaners on oil prices! Keep your posting's where they really belong because all you have done here is draw support away from what you wanted us to support. Take your "expression" and post it on the list you moderate and don't subject people trying to support a product to your whim. Good day sir and good riddance. proclus@gnu-darwin.org wrote: > On 4 Jul, Anders Andersson, IT wrote: > >> I second the opinion to keep the list clean from >> "SPAM" >> > > Clearly I am arguing that the label of spam should not be used to quell > expression. As a list moderator of several lists, I know what spam > is, and it is usually dealt with automatically, but that process must > not exclude legitimate speech, which could quell discussion in our > forums. I've seen that happen too, and it is a really a shame to see a > good forum go dark. > > Regards, > proclus > http://www.gnu-darwin.org/ > > > -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney@osubucks.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060704/8e41edee/attachment.html From glauciusjunior at gmail.com Tue Jul 4 22:28:35 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Tue Jul 4 22:28:38 2006 Subject: tuning Message-ID: <2360d6370607041428x41e03ca7nc4bf3b930736b817@mail.gmail.com> Hi everyone, I'm using MailScanner (4.54.6-1), Postfix (2.2.8), FreeBSD (5.4) and SpamAssassin (3.1.3), now everything is working fine, but when I set "Use SpamAssassin = yes", my FreeBSD goes to a load average very high (15/30) and my queue becomes very high (the folder hold), and if I turn off the spamassassin, every goes to heaven again. This is the volume for today : Processed: 38,269 2.6Gb Clean: 37,757 98.7% Viruses: 0 0.0% Top Virus: None Blocked files: 38 0.1% Others: 136 0.4% Spam: 177 0.5% High Scoring Spam: 161 0.4% MCP: 0 0.0% High Scoring MCP: 0 0.0% My hardware is HP DL140 Intel(R) Xeon(TM) CPU 3.06GHz 2G Ram Memory IDE 70G Maybe I need another machine to do load-balance of my MTA, or maybe I can do some tuning in SpamAssassin and MailScanner to get a bether performance. Best regards !!! From drew at themarshalls.co.uk Tue Jul 4 22:32:05 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue Jul 4 22:32:13 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44AA5CC9.7060207@coders.co.uk> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD31A9@exchange03.lkl.ltkalmar.se> <44AA5CC9.7060207@coders.co.uk> Message-ID: <1277AD84-4C7B-4ED5-BCCC-51EDE79F0CFF@themarshalls.co.uk> On 4 Jul 2006, at 13:19, Matt Hampton wrote: > Sanity check - Everyone agrees to disagree. > > Now - anyone know why "MailScanner is responsible for SWAP usage". > Are you running Postfix? If so then it's because you are 'meddling with queue files' and using 'unsupported interfaces'. Due to the method that this is 'RAMmed' home in various other lists your RAM is now used up and your system is forced to swap. If you re-format your swap partition to allow it to swap common sense and new ideas for inflexibility and 'my way is always right' you will find this removes the need for RAMming and may bring the system load down around your ears. Or on the other hand... :-D Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From uxbod at splatnix.net Wed Jul 5 01:19:44 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Wed Jul 5 00:19:41 2006 Subject: tuning In-Reply-To: <2360d6370607041428x41e03ca7nc4bf3b930736b817@mail.gmail.com> References: <2360d6370607041428x41e03ca7nc4bf3b930736b817@mail.gmail.com> Message-ID: <20060705001944.617eea4a@cyborg> And what SA rules are you running ? On Tue, 4 Jul 2006 18:28:35 -0300 "glaucius junior" wrote: > Hi everyone, I'm using MailScanner (4.54.6-1), Postfix (2.2.8), > FreeBSD (5.4) and SpamAssassin (3.1.3), now everything is working > fine, but when I set "Use SpamAssassin = yes", my FreeBSD goes to a > load average very high (15/30) and my queue becomes very high (the > folder hold), and if I turn off the spamassassin, every goes to heaven > again. > > This is the volume for today : > Processed: 38,269 2.6Gb > Clean: 37,757 98.7% > Viruses: 0 0.0% > Top Virus: None > Blocked files: 38 0.1% > Others: 136 0.4% > Spam: 177 0.5% > High Scoring Spam: 161 0.4% > MCP: 0 0.0% > High Scoring MCP: 0 0.0% > > > My hardware is > > HP DL140 > Intel(R) Xeon(TM) CPU 3.06GHz > 2G Ram Memory > IDE 70G > > > Maybe I need another machine to do load-balance of my MTA, or maybe I > can do some tuning in SpamAssassin and MailScanner to get a bether > performance. > > > Best regards !!! --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glauciusjunior at gmail.com Wed Jul 5 02:47:59 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Wed Jul 5 02:48:02 2006 Subject: tuning In-Reply-To: <20060705001944.617eea4a@cyborg> References: <2360d6370607041428x41e03ca7nc4bf3b930736b817@mail.gmail.com> <20060705001944.617eea4a@cyborg> Message-ID: <2360d6370607041847j139b9a87sc58fb18f543f3141@mail.gmail.com> default rules, I did not made any change On 7/4/06, --[UxBoD]-- wrote: > And what SA rules are you running ? > > On Tue, 4 Jul 2006 18:28:35 -0300 > "glaucius junior" wrote: > > > Hi everyone, I'm using MailScanner (4.54.6-1), Postfix (2.2.8), > > FreeBSD (5.4) and SpamAssassin (3.1.3), now everything is working > > fine, but when I set "Use SpamAssassin = yes", my FreeBSD goes to a > > load average very high (15/30) and my queue becomes very high (the > > folder hold), and if I turn off the spamassassin, every goes to heaven > > again. > > > > This is the volume for today : > > Processed: 38,269 2.6Gb > > Clean: 37,757 98.7% > > Viruses: 0 0.0% > > Top Virus: None > > Blocked files: 38 0.1% > > Others: 136 0.4% > > Spam: 177 0.5% > > High Scoring Spam: 161 0.4% > > MCP: 0 0.0% > > High Scoring MCP: 0 0.0% > > > > > > My hardware is > > > > HP DL140 > > Intel(R) Xeon(TM) CPU 3.06GHz > > 2G Ram Memory > > IDE 70G > > > > > > Maybe I need another machine to do load-balance of my MTA, or maybe I > > can do some tuning in SpamAssassin and MailScanner to get a bether > > performance. > > > > > > Best regards !!! > > > > --[ UxBoD ]-- > // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 > // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 > > -- > This message has been scanned for viruses and dangerous content > by MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Wed Jul 5 02:49:17 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 5 02:57:07 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44AAD9BC.604@osubucks.org> References: <20060704194403.5A9B6168C43@gnu-darwin.org> <44AAD9BC.604@osubucks.org> Message-ID: <44AB1A9D.1060705@nkpanama.com> Well said. Best post so far. I'm archiving this thread next to "mailscanner causes swap" and "it's bad to use MailScanner with postfix because Wietsev Enema said so!"... ;-) Chris Sweeney wrote: > Only your speech has no place here in this forum. This is a forum for > supporting MailScanner and not your soap box. What you are saying is > its ok to SPAM if it applies to some people. Well that makes it ok > for everyone to SPAM here. Let the present of the US come here and > talk about war, its ok then it applies to some people here. Let the > bankers come here and post about banking problems today, that applies > to most everyone here we all use banks, oh and lets not leave out the > oil company's, they deserve a place here to post why they think they > are not taking us to the cleaners on oil prices! Keep your posting's > where they really belong because all you have done here is draw > support away from what you wanted us to support. Take your > "expression" and post it on the list you moderate and don't subject > people trying to support a product to your whim. > > Good day sir and good riddance. > > > proclus@gnu-darwin.org wrote: >> On 4 Jul, Anders Andersson, IT wrote: >> >>> I second the opinion to keep the list clean from >>> "SPAM" >>> >> >> Clearly I am arguing that the label of spam should not be used to quell >> expression. As a list moderator of several lists, I know what spam >> is, and it is usually dealt with automatically, but that process must >> not exclude legitimate speech, which could quell discussion in our >> forums. I've seen that happen too, and it is a really a shame to see a >> good forum go dark. >> >> Regards, >> proclus >> http://www.gnu-darwin.org/ >> >> >> > > -- > Thanks Chris > > Check me out! > Finally setup a MySpace.com account http://www.osubucks.net > > csweeney@osubucks.org > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. From shuttlebox at gmail.com Wed Jul 5 06:12:06 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jul 5 06:12:09 2006 Subject: phishing ! In-Reply-To: <2360d6370607040902r52aed7f5m6eadf77cf141a432@mail.gmail.com> References: <2360d6370607040902r52aed7f5m6eadf77cf141a432@mail.gmail.com> Message-ID: <625385e30607042212u7ad850f1g446d877f697294ad@mail.gmail.com> On 7/4/06, glaucius junior wrote: > My MailScanner logs it : > > Content Checks: Detected and have disarmed script tags in HTML message in > > OK, great > > But MailScanner delivers it to postfix, how can I say to MailScanner > block this ?? You have: Allow Script Tags = disarm and you want: Allow Script Tags = no -- /peter From shuttlebox at gmail.com Wed Jul 5 06:14:57 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jul 5 06:14:59 2006 Subject: Allowing .exe's In-Reply-To: <912a0c6a0607041241o3048152fm1b165ca524fa44b6@mail.gmail.com> References: <910ee2ac0606270626s47babb1cr2e41e0785231afa3@mail.gmail.com> <912a0c6a0606270708u4f3318bcjbbcb27dad3b48aac@mail.gmail.com> <20060627141651.G8268@mikea.ath.cx> <912a0c6a0606272228r3fcbe454hdf981aecf8e9e9d3@mail.gmail.com> <223f97700606280358g255083a1ifac0901e2592d5be@mail.gmail.com> <912a0c6a0607041241o3048152fm1b165ca524fa44b6@mail.gmail.com> Message-ID: <625385e30607042214u19a6af9ajabd91a8cacbb4dbd@mail.gmail.com> On 7/4/06, Raj wrote: > Thanks Glenn Steen > But i didn't got the solution yet. i gone through wiki , but failed to > understood > how to allow only outgoing mails with *.exe attaxhment or > Can you please send me some example how to block only incomming attachment. It's right here: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading You just need to put the ip address of your own server in the ruleset. -- /peter From pravin.rane at gmail.com Wed Jul 5 06:16:58 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Wed Jul 5 06:17:00 2006 Subject: Problem with signature In-Reply-To: <008601c69f57$e166a710$3004010a@martinhlaptop> References: <13c021a90607040339o3618f44ct478d72e8f695dcfb@mail.gmail.com> <008601c69f57$e166a710$3004010a@martinhlaptop> Message-ID: <13c021a90607042216o1614fe05s921751e6704383a6@mail.gmail.com> What if I have multiple servers for the same domain scattered geographically and each server have 2 NICs. one private and one public and Each server communicate each other through public interface. As per your instructions if I write rule for private interface then the mails coming from public interface will contain a signature though there To: address have my domain name. On 7/4/06, Martin Hepworth wrote: > > Pravin > > If you have local subnet on the LAN it's best to use that.... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Pravin Rane > > Sent: 04 July 2006 11:40 > > To: MailScanner discussion > > Subject: Problem with signature > > > > I have problem in attaching signature line. > > > > I dont want signature to be added to mails coming to my domain > > My singnature rule file contents are as below > > > -------------------------------------------------------------------------- > > - > > To: /[\@\.]domain\.ac\.in$/ no > > FromOrTo: default yes > > > -------------------------------------------------------------------------- > > ------- > > > > Now the problem is when I send mail which contain To=mydomain and > CC=some > > external domain the signature is not getting added for both internal > > external mail. But if I send mail to only an external domain then the > > things are working properlly > > > > -- > > Regards > > > > Pravin > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060705/f5fa5e08/attachment.html From martinh at solid-state-logic.com Wed Jul 5 09:40:40 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 5 09:41:23 2006 Subject: tuning In-Reply-To: <2360d6370607041428x41e03ca7nc4bf3b930736b817@mail.gmail.com> Message-ID: <014601c6a00e$c506c7a0$3004010a@martinhlaptop> Hi Well somethings obviously going very slow.... 1. First thing to check is DNS. Have you got a local caching name server on your machine. 2. In /etc/mail/spamassassin/*.pre what plugins are enabled? 3. Are you running ALL the RBLS in spamassassin. I find this really slows down the system esp if 1. isn't enabled. Turn the ones off you don't want by giving them a zero score in /etc/mail/spamassassin/mailscanner.cf. Load average on its own doesn't mean much (just means x processes actually waiting for CPU/disk/network), but if your hold queue is building then yes it's a problem.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of glaucius junior > Sent: 04 July 2006 22:29 > To: MailScanner discussion > Subject: tuning > > Hi everyone, I'm using MailScanner (4.54.6-1), Postfix (2.2.8), > FreeBSD (5.4) and SpamAssassin (3.1.3), now everything is working > fine, but when I set "Use SpamAssassin = yes", my FreeBSD goes to a > load average very high (15/30) and my queue becomes very high (the > folder hold), and if I turn off the spamassassin, every goes to heaven > again. > > This is the volume for today : > Processed: 38,269 2.6Gb > Clean: 37,757 98.7% > Viruses: 0 0.0% > Top Virus: None > Blocked files: 38 0.1% > Others: 136 0.4% > Spam: 177 0.5% > High Scoring Spam: 161 0.4% > MCP: 0 0.0% > High Scoring MCP: 0 0.0% > > > My hardware is > > HP DL140 > Intel(R) Xeon(TM) CPU 3.06GHz > 2G Ram Memory > IDE 70G > > > Maybe I need another machine to do load-balance of my MTA, or maybe I > can do some tuning in SpamAssassin and MailScanner to get a bether > performance. > > > Best regards !!! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From uxbod at splatnix.net Wed Jul 5 11:28:50 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Wed Jul 5 10:28:52 2006 Subject: [OT] Bayes & MySQL Woes Message-ID: <20060705102850.78924fce@cyborg> I am trying to move from DBM to MySQL for our Bayes database but have hit a problem :- [2743] dbg: bayes: database connection established [2743] dbg: bayes: found bayes db version 3 [2743] dbg: bayes: unable to initialize database for root user, aborting! I have followed the WiKi exactly and in the top of spam.assassin.prefs.conf I have the following :- bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:sa_bayes:localhost bayes_sql_username sabayes bayes_sql_password ********** bayes_sql_override_username root I made sure that the override was in place before I ran the sa-learn backup. Any ideas ? I have googled etc but cannot find a answer :( --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dean.plant at roke.co.uk Wed Jul 5 11:15:09 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Wed Jul 5 11:15:23 2006 Subject: Mouse over activated video email Message-ID: <2181C5F19DD0254692452BFF3EAF1D68026717CA@rsys005a.comm.ad.roke.co.uk> We have received a spam email that contains a video message which is activated by moving the mouse over a black box. Could someone with more knowledge of this kind of thing let me know if this action could be used maliciously and if so could this disarmed by MailScanner? The message is being viewed in MS outlook. Email source below

If you see the black box below, brush your mouse over it....

If you do not know the sender and believe you have been sent this in error, please click here to let us know.

Alternatively, if you wish to be taken off the mailing list please click here, fill out the form and submit. Thank you.

Thanks Dean Plant From martinh at solid-state-logic.com Wed Jul 5 11:25:22 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 5 11:25:32 2006 Subject: Mouse over activated video email In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D68026717CA@rsys005a.comm.ad.roke.co.uk> Message-ID: <018901c6a01d$52832520$3004010a@martinhlaptop> Dean What version of outleek??? Outleek 2003 has html display turned off by default....which is a good idea.. Also any downloaded rubbish should be trapped by the virus on the PC anyway (hopefully)... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Plant, Dean > Sent: 05 July 2006 11:15 > To: MailScanner discussion > Subject: Mouse over activated video email > > We have received a spam email that contains a video message which is > activated by moving the mouse over a black box. Could someone with more > knowledge of this kind of thing let me know if this action could be used > maliciously and if so could this disarmed by MailScanner? The message is > being viewed in MS outlook. > > Email source below > > > > ALINK="#000000" LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" > MARGINHEIGHT="0"> >

If you see the black box below, brush your mouse over > it....

border="0" cellpadding="0" cellspacing="0" > background="cid:B6FA7D6A88C8473F98F6986AF46CBEBB" align="center" > usemap="#Map"> > > > > > > > >

background="cid:F72AA01CB6424F38886CE30A8D210582" id="TopLeftTD"> src="cid:F72AA01CB6424F38886CE30A8D210582" width="99" height="128" > name="TopLeftImage" border=0 usemap="#TLMap">

background="cid:F72AA01CB6424F38886CE30A8D210582" id="TopRightTD"> src="cid:F72AA01CB6424F38886CE30A8D210582" width="501" height="128" > name="TopRightImage" border=0 usemap="#TRMap">

background="cid:F72AA01CB6424F38886CE30A8D210582" id="BottomLeftTD"> src="cid:F72AA01CB6424F38886CE30A8D210582" width="99" height="320" > name="BottomLeftImage" border=0 usemap="#BLMap">

> cellpadding="0"> > > > > > > > >

href="http://www.vismail.com/direct/VmailVIew.asp?fdVmailGUI={0C871974-3 > 5D0-4A34-821D-AB57B39AC72E}&fdEmailForwardEmailForward2Id=1314763"> dynsrc="cid:AD794F0637284678B93EBBB22F5E94A2" width="260" height="151" > border="0" start="mouseover" src="cid:DDED207641684B9F8FC0F29C9EB3C975" > id="ClickThrough">	background="cid:F72AA01CB6424F38886CE30A8D210582" id="BRTopRightTD"> src="cid:F72AA01CB6424F38886CE30A8D210582" width="241" height="151" > name="BRTopRightImage" border=0 usemap="#BRTRMap">
height="169" background="cid:F72AA01CB6424F38886CE30A8D210582" > id="BRBottomTD"> width="501" height="169" name="BRBottomImage" border=0 > usemap="#BRBottomMap">

If you do not know the sender and believe you have been sent > this in error, please click href="http://www.vismail.com/home/spam.asp" target="_blank">here to > let us know.

Alternatively, if you wish to be taken off the > mailing list please click href="http://www.vismail.com/home/unsubscribe.asp?fromEmail=(chris@deliv > erydotcom.com)&toEmail=jeremy.gane@roke.co.uk " > target="_blank">here, fill out the form and submit. Thank > you.

> href="http://www.vismail.com/CustomTemplateLinkRedirect.asp?fdCustomTemp > lateLinkVisitCustomTemplateLinkId=9537&fdVmailId=13863&fdCustomTemplateL > inkVisitRecipientId=3260436"> > > > href="http://www.vismail.com/Direct/VmailForward.asp?fdVmailGUI={0C87197 > 4-35D0-4A34-821D-AB57B39AC72E}&fdEmailForwardEmailForward2Id=1314763"> > href="http://www.vismail.com/CustomTemplateLinkRedirect.asp?fdCustomTemp > lateLinkVisitCustomTemplateLinkId=9539&fdVmailId=13863&fdCustomTemplateL > inkVisitRecipientId=3260436"> > href="http://www.vismail.com/CustomTemplateLinkRedirect.asp?fdCustomTemp > lateLinkVisitCustomTemplateLinkId=9540&fdVmailId=13863&fdCustomTemplateL > inkVisitRecipientId=3260436"> > > > > > Thanks > > Dean Plant > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From michele at blacknight.ie Wed Jul 5 11:30:40 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Wed Jul 5 11:31:02 2006 Subject: Vispan whitelist format? Message-ID: <01d101c6a01e$19f5a5b0$88c5c657@arthur> Does anyone using Vispan know if the whitelist will accept a filename? Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From David.While at uce.ac.uk Wed Jul 5 11:37:33 2006 From: David.While at uce.ac.uk (David While) Date: Wed Jul 5 11:38:29 2006 Subject: Vispan whitelist format? Message-ID: <294B4B3243E76C4BA4FF7F54003B3BE1EFAE2E@exchangea.staff.uce.ac.uk> No it doesn't. I assume you mean give the config option the name of a file that contains a list of entries to whitelist? -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michele Neylon :: Blacknight Solutions Sent: 05 July 2006 11:31 To: 'MailScanner discussion' Subject: Vispan whitelist format? Does anyone using Vispan know if the whitelist will accept a filename? Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From michele at blacknight.ie Wed Jul 5 11:56:00 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Wed Jul 5 11:56:02 2006 Subject: Vispan whitelist format? In-Reply-To: <294B4B3243E76C4BA4FF7F54003B3BE1EFAE2E@exchangea.staff.uce.ac.uk> Message-ID: <020601c6a021$9a2bbb40$88c5c657@arthur> David While <> said on 05 July 2006 11:38: > No it doesn't. I assume you mean give the config option the name of a > file that contains a list of entries to whitelist? Basically - yes I have a very long list of SMTP servers that I need to whitelist. We're seeing a lot of "nasty" activity from some Ips, so we need to be able to tarpit Ips / hostnames while maintaining a whitelist Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From mailscanner at mango.zw Wed Jul 5 12:05:07 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Jul 5 12:12:01 2006 Subject: Updating the MailScanner Wiki Message-ID: Hi Julian Some time ago I agreed to update the Wiki in relation to using /^$/ in a ruleset to match the null sender address <>. Sorry for the delay. Having looked at the Wiki, it seems to me that the appropriate places for this information are not there but in the EXAMPLES and README files that are installed by default in the /etc/MailScanner/rules directory. Not surprisingly, it is not possible to edit these files in the Wiki as they are set read-only, being copies of the original files. I will therefore send you separately my proposals for editing these two files to include the null sender matching rule. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From uxbod at splatnix.net Wed Jul 5 13:15:06 2006 From: uxbod at splatnix.net (--[UxBoD]--) Date: Wed Jul 5 12:15:06 2006 Subject: [OT] Bayes & MySQL Woes In-Reply-To: <20060705102850.78924fce@cyborg> References: <20060705102850.78924fce@cyborg> Message-ID: <20060705121506.201b3d37@cyborg> Resolved. --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at mango.zw Wed Jul 5 12:25:45 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Jul 5 12:34:36 2006 Subject: Updating the MailScanner Wiki In-Reply-To: Message-ID: On Wed, 5 Jul 2006, Jim Holland wrote: > Some time ago I agreed to update the Wiki in relation to using /^$/ in a > ruleset to match the null sender address <>. Sorry for the delay. I think we just need the following changes to these two files: (1) /etc/MailScanner/rules/README: Add: /^$/ # Null envelope sender address <> # used in MAILER-DAEMON bounces to the following section, eg: 2. The pattern describes what messages should match this rule. Some examples are: user@sub.domain.com # Individual address user@* # 1 user at any domain *@sub.domain.com # Any user at 1 domain *@*.domain.com # Any user at any sub-domain of "domain.com" *@domain.com # Any user at 1 specific domain /pattern/ # Any address matching this Perl regular # expression 192.168. # Any SMTP client IP address in this network /pattern-with-no-letters/ # Any SMTP client IP address matching this # Perl regular expression /^192\.168\.1[4567]\./ # Any SMTP client IP address in the networks # 192.168.14 - 192.168.17 /^$/ # Null envelope sender address <> # used in MAILER-DAEMON bounces *@* # Default value default # Default value You should be able to do just about anything with that. (2) /etc/MailScanner/rules/EXAMPLES: Add: # Match the null envelope sender address <> used in MAILER-DAEMON bounces From: /^$/ yes to the following section, eg: 9. Use perl's pattern matching to make more advanced rules: # Match user@domain.com as well as user@sub.domain.com, but not # foo-domain.com@spammer.com: From: /[\@\.]domain\.com$/ yes # Match all US .gov traffic: From: /\.gov$/ yes # Match the null envelope sender address <> used in MAILER-DAEMON bounces From: /^$/ yes Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From Q.G.Campbell at newcastle.ac.uk Wed Jul 5 12:46:59 2006 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Jul 5 12:47:05 2006 Subject: Is a new release due this month? Message-ID: <4165CF7A7F12DE4B96622CCBB905864707671079@largo.campus.ncl.ac.uk> Have been running MailScanner-4.55.7-1 (lastest BETA) with Spamassassin-3.1.3 on a production mail gateway. Have 11 other mail gateways to upgrade but want to do that with the STABLE version of MS-4.55. When is that due for release? Quentin --- PHONE: +44 191 222 8209 Information Systems and Services (ISS), Newcastle University, Newcastle upon Tyne, FAX: +44 191 222 8765 United Kingdom, NE1 7RU. ------------------------------------------------------------------ Opinions expressed above are mine. From dean.plant at roke.co.uk Wed Jul 5 12:51:36 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Wed Jul 5 12:51:57 2006 Subject: Mouse over activated video email Message-ID: <2181C5F19DD0254692452BFF3EAF1D68026717CB@rsys005a.comm.ad.roke.co.uk> Martin Hepworth wrote: > What version of outleek??? > > Outleek 2003 has html display turned off by default....which is a good > idea.. > > Also any downloaded rubbish should be trapped by the virus on the PC > anyway (hopefully)... > Outlook 2002 & 2003. I know virus scanners should pick up the malicious data but disarming the mouse over would give us protection without having to rely on updates. I am just not sure if this type of action within email is anything to worry about. Thanks Dean. From martinh at solid-state-logic.com Wed Jul 5 13:02:25 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 5 13:02:40 2006 Subject: Is a new release due this month? In-Reply-To: <4165CF7A7F12DE4B96622CCBB905864707671079@largo.campus.ncl.ac.uk> Message-ID: <019e01c6a02a$e14369c0$3004010a@martinhlaptop> Quentin No release July - will be 1st (ish) of August for next release. Julian's on holidays for next couple of weeks - that and requirement for more testing of betas has put off this months release. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Quentin Campbell > Sent: 05 July 2006 12:47 > To: MailScanner discussion > Subject: Is a new release due this month? > > Have been running MailScanner-4.55.7-1 (lastest BETA) with > Spamassassin-3.1.3 on a production mail gateway. > > Have 11 other mail gateways to upgrade but want to do that with the > STABLE version of MS-4.55. When is that due for release? > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > Newcastle University, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------ > Opinions expressed above are mine. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Danny_Beland at pch.gc.ca Wed Jul 5 14:03:34 2006 From: Danny_Beland at pch.gc.ca (Danny_Beland@pch.gc.ca) Date: Wed Jul 5 14:00:37 2006 Subject: Using MailScanner with a proxy Message-ID: Good morning, We use MailScanner behind a web proxy and unfortunately some scripts such as update_virus_scanners do not work. Is there a place where I could put the proxy name and port? Thank you, Danny From Bernard.Lheureux at ibsbe.be Wed Jul 5 14:17:07 2006 From: Bernard.Lheureux at ibsbe.be (Bernard.Lheureux@ibsbe.be) Date: Wed Jul 5 14:16:05 2006 Subject: Using MailScanner with a proxy In-Reply-To: Message-ID: Just edit the Update script and add "export http_proxy=http://your.proxy.IP.address:3128" and "export ftp_proxy=http://your.proxy.IP.address:3128" in the begining of the script (before it tries to connect the internet to perform the update... Best regards / Vriendelijke groeten / Cordialement, --- Bernard Lheureux Consultant IBS TECHNOLOGY AND SERVICES Leuvense Steenweg, 643 1930 Zaventem - Belgium Phone: +32-(0)2-723.91.11 Direct: +32-(0)2-723.91.05 Fax: +32-(0)2-723.92.99 http://www.ibsts.be Danny_Beland@pch.gc.ca Sent by: mailscanner-bounces@lists.mailscanner.info 07/05/2006 03:03 PM Please respond to MailScanner discussion To mailscanner@lists.mailscanner.info cc Subject Using MailScanner with a proxy Good morning, We use MailScanner behind a web proxy and unfortunately some scripts such as update_virus_scanners do not work. Is there a place where I could put the proxy name and port? Thank you, Danny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060705/0e205197/attachment.html From martinh at solid-state-logic.com Wed Jul 5 14:16:16 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 5 14:16:39 2006 Subject: Using MailScanner with a proxy In-Reply-To: Message-ID: <01b101c6a035$32b54850$3004010a@martinhlaptop> Danny This is really upto how the individual scanners do the updates... Personally something 'decent' like MS/*nix I'd bypass the proxy for or at least allow it through unhindered.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Danny_Beland@pch.gc.ca > Sent: 05 July 2006 14:04 > To: mailscanner@lists.mailscanner.info > Subject: Using MailScanner with a proxy > > > Good morning, > > We use MailScanner behind a web proxy and unfortunately some scripts such > as update_virus_scanners do not work. Is there a place where I could put > the proxy name and port? > > Thank you, > > > Danny > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dhawal at netmagicsolutions.com Wed Jul 5 14:34:38 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 5 14:34:52 2006 Subject: Using MailScanner with a proxy In-Reply-To: References: Message-ID: <44ABBFEE.4020009@netmagicsolutions.com> Danny_Beland@pch.gc.ca wrote: > Good morning, > > We use MailScanner behind a web proxy and unfortunately some scripts such > as update_virus_scanners do not work. Is there a place where I could put > the proxy name and port? Don't do this... you'll have a hard time updating scripts every time you upgrade mailscanner.. instead see the man page for wget / curl (which i think is used in most scripts) and setup a .wgetrc (or something similar for curl) for the user running the scripts. However there are some scripts 'clamav-autoupdate' for instance, which uses the freshclam command and has its own concept of a proxy, for such scripts you do not have an option but to modify them. mcafee-autoupdate on the other hand uses wget if available or falls back to curl and errors out if none are available. - dhawal > Thank you, > > > Danny From dhawal at netmagicsolutions.com Wed Jul 5 14:38:07 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 5 14:38:21 2006 Subject: [OT] Bayes & MySQL Woes In-Reply-To: <20060705121506.201b3d37@cyborg> References: <20060705102850.78924fce@cyborg> <20060705121506.201b3d37@cyborg> Message-ID: <44ABC0BF.7020604@netmagicsolutions.com> --[UxBoD]-- wrote: > Resolved. How did you resolve it? Was there a shortcoming in the wiki entry for sql_bayes?? If yes, can you correct it OR send me a mail with the corrected part? - dhawal > --[ UxBoD ]-- > // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 > // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 > From dhawal at netmagicsolutions.com Wed Jul 5 14:41:40 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 5 14:41:56 2006 Subject: tuning In-Reply-To: <014601c6a00e$c506c7a0$3004010a@martinhlaptop> References: <014601c6a00e$c506c7a0$3004010a@martinhlaptop> Message-ID: <44ABC194.1090200@netmagicsolutions.com> Martin Hepworth wrote: > Hi > > Well somethings obviously going very slow.... > > 1. First thing to check is DNS. Have you got a local caching name server on > your machine. > > 2. In /etc/mail/spamassassin/*.pre what plugins are enabled? > > 3. Are you running ALL the RBLS in spamassassin. I find this really slows > down the system esp if 1. isn't enabled. Turn the ones off you don't want by > giving them a zero score in /etc/mail/spamassassin/mailscanner.cf. > > > Load average on its own doesn't mean much (just means x processes actually > waiting for CPU/disk/network), but if your hold queue is building then yes > it's a problem.. Also consider using the SpamAssassin Cache settings in MS.conf and also setup a small 100MB TMPFS partition (to keep mailscanner's work dir and SA cache) But like Martin said.. have a decent caching nameserver installed on the box and check the perl Net::DNS module for correctness. - dhawal > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of glaucius junior >> Sent: 04 July 2006 22:29 >> To: MailScanner discussion >> Subject: tuning >> >> Hi everyone, I'm using MailScanner (4.54.6-1), Postfix (2.2.8), >> FreeBSD (5.4) and SpamAssassin (3.1.3), now everything is working >> fine, but when I set "Use SpamAssassin = yes", my FreeBSD goes to a >> load average very high (15/30) and my queue becomes very high (the >> folder hold), and if I turn off the spamassassin, every goes to heaven >> again. >> >> This is the volume for today : >> Processed: 38,269 2.6Gb >> Clean: 37,757 98.7% >> Viruses: 0 0.0% >> Top Virus: None >> Blocked files: 38 0.1% >> Others: 136 0.4% >> Spam: 177 0.5% >> High Scoring Spam: 161 0.4% >> MCP: 0 0.0% >> High Scoring MCP: 0 0.0% >> >> >> My hardware is >> >> HP DL140 >> Intel(R) Xeon(TM) CPU 3.06GHz >> 2G Ram Memory >> IDE 70G >> >> >> Maybe I need another machine to do load-balance of my MTA, or maybe I >> can do some tuning in SpamAssassin and MailScanner to get a bether >> performance. >> >> >> Best regards !!! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From chrisgreen at hotmail.com Wed Jul 5 15:46:12 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Wed Jul 5 15:46:16 2006 Subject: FOSS, Science, and Public activism In-Reply-To: <44AB1A9D.1060705@nkpanama.com> Message-ID: The appropriateness of using an on-line discussion list which is devoted to the reduction of spam to raise something that is dear to your heart is certainly misjudged. I consider myself fortunate that this list is subscribed to by people who wish to help others, remain objective and continue building a community that has grown through the selfless actions of Julian and many others too numerous to mention. Proclus, please be more considerate. This is not a forum in which you will find the sympathy you are seeking. With respect, please move on. >From: Alex Neuman van der Hans >Reply-To: MailScanner discussion >To: MailScanner discussion >Subject: Re: FOSS, Science, and Public activism >Date: Tue, 04 Jul 2006 20:49:17 -0500 >MIME-Version: 1.0 > >Well said. Best post so far. > >I'm archiving this thread next to "mailscanner causes swap" and "it's bad >to use MailScanner with postfix because Wietsev Enema said so!"... > >;-) > >Chris Sweeney wrote: >>Only your speech has no place here in this forum. This is a forum for >>supporting MailScanner and not your soap box. What you are saying is its >>ok to SPAM if it applies to some people. Well that makes it ok for >>everyone to SPAM here. Let the present of the US come here and talk about >>war, its ok then it applies to some people here. Let the bankers come >>here and post about banking problems today, that applies to most everyone >>here we all use banks, oh and lets not leave out the oil company's, they >>deserve a place here to post why they think they are not taking us to the >>cleaners on oil prices! Keep your posting's where they really belong >>because all you have done here is draw support away from what you wanted >>us to support. Take your "expression" and post it on the list you >>moderate and don't subject people trying to support a product to your >>whim. >> >>Good day sir and good riddance. >> >> >>proclus@gnu-darwin.org wrote: >>>On 4 Jul, Anders Andersson, IT wrote: >>> >>>>I second the opinion to keep the list clean from "SPAM" >>> >>>Clearly I am arguing that the label of spam should not be used to quell >>>expression. As a list moderator of several lists, I know what spam >>>is, and it is usually dealt with automatically, but that process must >>>not exclude legitimate speech, which could quell discussion in our >>>forums. I've seen that happen too, and it is a really a shame to see a >>>good forum go dark. >>> >>>Regards, >>>proclus >>>http://www.gnu-darwin.org/ >>> >>> >>> >> >>-- >>Thanks Chris >> >>Check me out! >>Finally setup a MySpace.com account http://www.osubucks.net >> >>csweeney@osubucks.org >> >>-- >>This message has been scanned for viruses and >>dangerous content by *MailScanner* , and is >>believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From edwardbruce at sbcglobal.net Wed Jul 5 15:54:47 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed Jul 5 15:54:50 2006 Subject: tuning In-Reply-To: <44ABC194.1090200@netmagicsolutions.com> References: <014601c6a00e$c506c7a0$3004010a@martinhlaptop> <44ABC194.1090200@netmagicsolutions.com> Message-ID: <44ABD2B7.6010602@sbcglobal.net> Dhawal Doshy wrote: > > But like Martin said.. have a decent caching nameserver installed on > the box and check the perl Net::DNS module for correctness. > I've been following this discussion and decided to install a caching nameserver, but the last part about checking for correctness, pray tell how does one do this? From martinh at solid-state-logic.com Wed Jul 5 16:03:46 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 5 16:03:56 2006 Subject: tuning In-Reply-To: <44ABD2B7.6010602@sbcglobal.net> Message-ID: <023a01c6a044$371aee90$3004010a@martinhlaptop> Ed When you spamassassin -D --lint make sure the debug for DNS lookups is OK... NB: the output for this is quite large so it may take a couple of minutes to find the DNS debug stuff!!! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ed Bruce > Sent: 05 July 2006 15:55 > To: MailScanner discussion > Subject: Re: tuning > > Dhawal Doshy wrote: > > > > But like Martin said.. have a decent caching nameserver installed on > > the box and check the perl Net::DNS module for correctness. > > > I've been following this discussion and decided to install a caching > nameserver, but the last part about checking for correctness, pray tell > how does one do this? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jaearick at colby.edu Wed Jul 5 16:18:25 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Jul 5 16:22:05 2006 Subject: DCC config and SA lint complaints In-Reply-To: References: Message-ID: Ugo, Hunh??? I *do* want to use DCC, so if I comment out the loadplugin Mail::SpamAssassin::Plugin::DCC lines in the pre files, then DCC won't get used. Jeff Earickson On Mon, 3 Jul 2006, Ugo Bellavance wrote: > Date: Mon, 03 Jul 2006 17:52:39 -0400 > From: Ugo Bellavance > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Re: DCC config and SA lint complaints > > Jeff A. Earickson wrote: >> Gang, >> >> I googled for this one, lots of people ask, no answer found... >> I have the following in my spam.assassin.prefs.conf file, because >> I install DCC in /opt/dcc: >> >> dcc_path /opt/dcc/bin/dccproc >> dcc_home /opt/dcc >> >> If these two lines are there, spamassassin --lint chokes: >> >> /opt/perl5/bin/spamassassin -p >> /opt/MailScanner/etc/spam.assassin.prefs.conf --lint >> [12758] warn: config: failed to parse line, skipping: dcc_path >> /opt/dcc/bin/dccproc >> [12758] warn: config: failed to parse line, skipping: dcc_home /opt/dcc >> [12758] warn: lint: 2 issues detected, please rerun with debug enabled >> for more information >> >> If the lines are not there, then DCC does not get used. >> I did a workaround by creating a symlink in /usr/bin for >> dccproc. The problem with this is that SA redirects its message >> output to dccproc instead of using the dccifd daemon (because SA >> can't find the dccifd socket if dcc_home is not specified). >> >> How do I use the two dcc specifiers for Mail::SpamAssassin::Plugin::DCC >> (see >> http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.1/lib/Mail/SpamAssassin/Plugin/DCC.pm) >> without having SA lint complain??? >> >> I ran into this when I installed Rules Du Jour today. Rules Du Jour >> won't work if SA doesn't pass the lint test. Aaaarrgh. > > Look at your .pre files. You probably didn't comment out the line that > enables dcc. > > > Regards, > >> >> Jeff Earickson >> Colby College > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dhawal at netmagicsolutions.com Wed Jul 5 16:39:27 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 5 16:39:36 2006 Subject: tuning In-Reply-To: <023a01c6a044$371aee90$3004010a@martinhlaptop> References: <023a01c6a044$371aee90$3004010a@martinhlaptop> Message-ID: <44ABDD2F.9060105@netmagicsolutions.com> Martin Hepworth wrote: > Ed > > When you spamassassin -D --lint make sure the debug for DNS lookups is OK... A non-cluttered method (thanks to Theo Van Dinter).. but it will skip other important details (if you are interested). spamassassin -x --lint -D dns - dhawal > NB: the output for this is quite large so it may take a couple of minutes to > find the DNS debug stuff!!! > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ed Bruce >> Sent: 05 July 2006 15:55 >> To: MailScanner discussion >> Subject: Re: tuning >> >> Dhawal Doshy wrote: >>> But like Martin said.. have a decent caching nameserver installed on >>> the box and check the perl Net::DNS module for correctness. >>> >> I've been following this discussion and decided to install a caching >> nameserver, but the last part about checking for correctness, pray tell >> how does one do this? >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > From dhawal at netmagicsolutions.com Wed Jul 5 16:44:33 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 5 16:44:42 2006 Subject: DCC config and SA lint complaints In-Reply-To: References: Message-ID: <44ABDE61.9060206@netmagicsolutions.com> Jeff A. Earickson wrote: > Gang, > > I googled for this one, lots of people ask, no answer found... > I have the following in my spam.assassin.prefs.conf file, because > I install DCC in /opt/dcc: > > dcc_path /opt/dcc/bin/dccproc > dcc_home /opt/dcc Is there a dccifd socket in dcc_home? if not set 'dcc_dccifd_path' explicitly. Since you are using 3.1.1, see 'man Mail::SpamAssassin::Plugin::DCC' - dhawal > If these two lines are there, spamassassin --lint chokes: > > /opt/perl5/bin/spamassassin -p > /opt/MailScanner/etc/spam.assassin.prefs.conf --lint > [12758] warn: config: failed to parse line, skipping: dcc_path > /opt/dcc/bin/dccproc > [12758] warn: config: failed to parse line, skipping: dcc_home /opt/dcc > [12758] warn: lint: 2 issues detected, please rerun with debug enabled > for more information > > If the lines are not there, then DCC does not get used. > I did a workaround by creating a symlink in /usr/bin for > dccproc. The problem with this is that SA redirects its message > output to dccproc instead of using the dccifd daemon (because SA > can't find the dccifd socket if dcc_home is not specified). > > How do I use the two dcc specifiers for Mail::SpamAssassin::Plugin::DCC > (see > http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.1/lib/Mail/SpamAssassin/Plugin/DCC.pm) > without having SA lint complain??? > > I ran into this when I installed Rules Du Jour today. Rules Du Jour > won't work if SA doesn't pass the lint test. Aaaarrgh. > > Jeff Earickson > Colby College From ssilva at sgvwater.com Wed Jul 5 16:50:29 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 5 16:53:21 2006 Subject: Mouse over activated video email In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D68026717CB@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D68026717CB@rsys005a.comm.ad.roke.co.uk> Message-ID: Plant, Dean spake the following on 7/5/2006 4:51 AM: > Martin Hepworth wrote: >> What version of outleek??? >> >> Outleek 2003 has html display turned off by default....which is a good >> idea.. >> >> Also any downloaded rubbish should be trapped by the virus on the PC >> anyway (hopefully)... >> > Outlook 2002 & 2003. > > I know virus scanners should pick up the malicious data but disarming > the mouse over would give us protection without having to rely on > updates. I am just not sure if this type of action within email is > anything to worry about. > > Thanks > > Dean. > > > > E-mail in and of itself is a worry. If it bothers you AND your users, you might be able to look for some common ground and catch it with a spamassassin rule, or play with some of the disarm options and see what happens. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dhawal at netmagicsolutions.com Wed Jul 5 16:55:02 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 5 16:55:13 2006 Subject: DCC config and SA lint complaints In-Reply-To: <44ABDE61.9060206@netmagicsolutions.com> References: <44ABDE61.9060206@netmagicsolutions.com> Message-ID: <44ABE0D6.6020804@netmagicsolutions.com> Ignore my earlier mail.. you already appear to have read the man page. - dhawal Dhawal Doshy wrote: > Jeff A. Earickson wrote: >> Gang, >> >> I googled for this one, lots of people ask, no answer found... >> I have the following in my spam.assassin.prefs.conf file, because >> I install DCC in /opt/dcc: >> >> dcc_path /opt/dcc/bin/dccproc >> dcc_home /opt/dcc > > Is there a dccifd socket in dcc_home? if not set 'dcc_dccifd_path' > explicitly. > > Since you are using 3.1.1, see 'man Mail::SpamAssassin::Plugin::DCC' > > - dhawal > >> If these two lines are there, spamassassin --lint chokes: >> >> /opt/perl5/bin/spamassassin -p >> /opt/MailScanner/etc/spam.assassin.prefs.conf --lint >> [12758] warn: config: failed to parse line, skipping: dcc_path >> /opt/dcc/bin/dccproc >> [12758] warn: config: failed to parse line, skipping: dcc_home /opt/dcc >> [12758] warn: lint: 2 issues detected, please rerun with debug enabled >> for more information >> >> If the lines are not there, then DCC does not get used. >> I did a workaround by creating a symlink in /usr/bin for >> dccproc. The problem with this is that SA redirects its message >> output to dccproc instead of using the dccifd daemon (because SA >> can't find the dccifd socket if dcc_home is not specified). >> >> How do I use the two dcc specifiers for Mail::SpamAssassin::Plugin::DCC >> (see >> http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.1/lib/Mail/SpamAssassin/Plugin/DCC.pm) >> without having SA lint complain??? >> >> I ran into this when I installed Rules Du Jour today. Rules Du Jour >> won't work if SA doesn't pass the lint test. Aaaarrgh. >> >> Jeff Earickson >> Colby College > From ssilva at sgvwater.com Wed Jul 5 16:52:45 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 5 16:55:48 2006 Subject: Vispan whitelist format? In-Reply-To: <020601c6a021$9a2bbb40$88c5c657@arthur> References: <294B4B3243E76C4BA4FF7F54003B3BE1EFAE2E@exchangea.staff.uce.ac.uk> <020601c6a021$9a2bbb40$88c5c657@arthur> Message-ID: Michele Neylon :: Blacknight Solutions spake the following on 7/5/2006 3:56 AM: > David While <> said on 05 July 2006 11:38: > >> No it doesn't. I assume you mean give the config option the name of a >> file that contains a list of entries to whitelist? > > Basically - yes > > I have a very long list of SMTP servers that I need to whitelist. > > We're seeing a lot of "nasty" activity from some Ips, so we need to be able > to tarpit Ips / hostnames while maintaining a whitelist > > Michele You would need to write some code to add those to the access file and regenerate the access.db. Or look at some of the options of making your own RBL and to it with lookups. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From edwardbruce at sbcglobal.net Wed Jul 5 17:10:46 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed Jul 5 17:10:50 2006 Subject: MailScanner stopped scanning Message-ID: <44ABE486.20700@sbcglobal.net> I've been reading various threads. Made a couple of changes, not really paying attention, and noticed that at some point email is no longer being scanned. So not really sure what I did to muck up my setup. I basically did three things: 1. Installed caching-nameserver and started named daemon. 2. commented out dcc load module for spamassassin (I currently have undone this change) 3. Used CPAN to upgrade a couple of modules I'm running under Redhat AS 3, MS 4.54.6, Postfix and the queue is getting larger and larger but nothing is getting scanned??? I've checked the /var/spool/maillog and there are no errors. There are no errors in the /var/log/messages. Any ideas of where I can look to figure out why messages are no longer getting scanned? MailScanner -v Running on Linux mail1.hpmich.com 2.4.21-27.0.4.ELsmp #1 SMP Sat Apr 16 18:43:06 EDT 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux ES release 3 (Taroon Update 5) This is Perl version 5.008000 (5.8.0) This is MailScanner version 4.54.6 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.04 Fcntl 2.71 File::Basename 2.05 File::Copy 2.01 FileHandle 1.05 File::Path 0.13 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.05 POSIX 1.75 Socket 0.16 Sys::Syslog 1.87 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.12 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001003 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.25 Net::IP 0.58 Net::DNS 0.33 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.62 Test::Harness 0.62 Test::Simple 1.89 Text::Balanced 1.35 URI From alex at nkpanama.com Wed Jul 5 16:47:51 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 5 17:13:52 2006 Subject: tuning In-Reply-To: <44ABC194.1090200@netmagicsolutions.com> References: <014601c6a00e$c506c7a0$3004010a@martinhlaptop> <44ABC194.1090200@netmagicsolutions.com> Message-ID: <44ABDF27.9040202@nkpanama.com> Dhawal Doshy wrote: > Also consider using the SpamAssassin Cache settings in MS.conf and > also setup a small 100MB TMPFS partition (to keep mailscanner's work > dir and SA cache) > How does one modify the size of a tmpfs partition? I thought it just took whatever RAM was available. From alex at nkpanama.com Wed Jul 5 16:31:38 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 5 17:13:54 2006 Subject: Problem with signature In-Reply-To: <13c021a90607042216o1614fe05s921751e6704383a6@mail.gmail.com> References: <13c021a90607040339o3618f44ct478d72e8f695dcfb@mail.gmail.com> <008601c69f57$e166a710$3004010a@martinhlaptop> <13c021a90607042216o1614fe05s921751e6704383a6@mail.gmail.com> Message-ID: <44ABDB5A.8050903@nkpanama.com> ... then use "and"s for the logic. Pravin Rane wrote: > > What if I have multiple servers for the same domain scattered > geographically and each server have 2 NICs. one private and one public > and Each server communicate each other through public interface. > > As per your instructions if I write rule for private interface then > the mails coming from public interface will contain a signature though > there To: address have my domain name. > > > > On 7/4/06, *Martin Hepworth*

> wrote: > > Pravin > > If you have local subnet on the LAN it's best to use that.... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > bounces@lists.mailscanner.info > ] On Behalf Of Pravin Rane > > Sent: 04 July 2006 11:40 > > To: MailScanner discussion > > Subject: Problem with signature > > > > I have problem in attaching signature line. > > > > I dont want signature to be added to mails coming to my domain > > My singnature rule file contents are as below > > > -------------------------------------------------------------------------- > > - > > To: /[\@\.]domain\.ac\.in$/ no > > FromOrTo: default yes > > > -------------------------------------------------------------------------- > > ------- > > > > Now the problem is when I send mail which contain > To=mydomain and CC=some > > external domain the signature is not getting added for both internal > > external mail. But if I send mail to only an external domain > then the > > things are working properlly > > > > -- > > Regards > > > > Pravin > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Regards > > Pravin From drew at themarshalls.co.uk Wed Jul 5 17:21:42 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jul 5 17:21:53 2006 Subject: MailScanner stopped scanning In-Reply-To: <44ABE486.20700@sbcglobal.net> References: <44ABE486.20700@sbcglobal.net> Message-ID: <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> On Wed, July 5, 2006 17:10, Ed Bruce wrote: > I've been reading various threads. Made a couple of changes, not really > paying attention, and noticed that at some point email is no longer > being scanned. So not really sure what I did to muck up my setup. I > basically did three things: > > 1. Installed caching-nameserver and started named daemon. > 2. commented out dcc load module for spamassassin (I currently have > undone this change) > 3. Used CPAN to upgrade a couple of modules Me thinks this could be the culprit. Have you restarted MailScanner, just in case? If this doesn't work, try again this time in debug mode. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From edwardbruce at sbcglobal.net Wed Jul 5 17:30:50 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed Jul 5 17:30:54 2006 Subject: MailScanner stopped scanning In-Reply-To: <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> References: <44ABE486.20700@sbcglobal.net> <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> Message-ID: <44ABE93A.1040502@sbcglobal.net> Drew Marshall wrote: > On Wed, July 5, 2006 17:10, Ed Bruce wrote: > >> I've been reading various threads. Made a couple of changes, not really >> paying attention, and noticed that at some point email is no longer >> being scanned. So not really sure what I did to muck up my setup. I >> basically did three things: >> >> 1. Installed caching-nameserver and started named daemon. >> 2. commented out dcc load module for spamassassin (I currently have >> undone this change) >> 3. Used CPAN to upgrade a couple of modules >> > > Me thinks this could be the culprit. Have you restarted MailScanner, just > in case? If this doesn't work, try again this time in debug mode. > > Drew > > > I get this error in debug: [root@mail1 root]# MailScanner -debug In Debugging mode, not forking... no connection to syslog available - _PATH_LOG not available in syslog.h at /usr/lib/MailScanner/MailScanner/Log.pm line 152 [root@mail1 root]# From drew at themarshalls.co.uk Wed Jul 5 17:41:22 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jul 5 17:41:41 2006 Subject: MailScanner stopped scanning In-Reply-To: <44ABE93A.1040502@sbcglobal.net> References: <44ABE486.20700@sbcglobal.net> <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> <44ABE93A.1040502@sbcglobal.net> Message-ID: <40283.194.70.180.170.1152117682.squirrel@webmail.r-bit.net> On Wed, July 5, 2006 17:30, Ed Bruce wrote: > Drew Marshall wrote: >> On Wed, July 5, 2006 17:10, Ed Bruce wrote: >> >>> I've been reading various threads. Made a couple of changes, not really >>> paying attention, and noticed that at some point email is no longer >>> being scanned. So not really sure what I did to muck up my setup. I >>> basically did three things: >>> >>> 1. Installed caching-nameserver and started named daemon. >>> 2. commented out dcc load module for spamassassin (I currently have >>> undone this change) >>> 3. Used CPAN to upgrade a couple of modules >>> >> >> Me thinks this could be the culprit. Have you restarted MailScanner, >> just >> in case? If this doesn't work, try again this time in debug mode. >> >> Drew >> >> >> > I get this error in debug: > > [root@mail1 root]# MailScanner -debug > In Debugging mode, not forking... > no connection to syslog available > - _PATH_LOG not available in syslog.h at > /usr/lib/MailScanner/MailScanner/Log.pm line 152 > [root@mail1 root]# Which modules did you upgrade and more the point, which others were forced as linked/ dependencies? I think there has been a similar thread recently about this (Like in the last day or so). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dhawal at netmagicsolutions.com Wed Jul 5 17:41:59 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 5 17:42:12 2006 Subject: tuning In-Reply-To: <44ABDF27.9040202@nkpanama.com> References: <014601c6a00e$c506c7a0$3004010a@martinhlaptop> <44ABC194.1090200@netmagicsolutions.com> <44ABDF27.9040202@nkpanama.com> Message-ID: <44ABEBD7.5070706@netmagicsolutions.com> Alex Neuman van der Hans wrote: > > Dhawal Doshy wrote: >> Also consider using the SpamAssassin Cache settings in MS.conf and >> also setup a small 100MB TMPFS partition (to keep mailscanner's work >> dir and SA cache) >> > How does one modify the size of a tmpfs partition? I thought it just > took whatever RAM was available. On my centos 4.x box # echo "none /var/spool/MailScanner/incoming tmpfs mode=700,size=300M,uid=postfix,gid=postfix 0 0" >> /etc/fstab # mount -a # df -h /var/spool/MailScanner/incoming/ Filesystem Size Used Avail Use% Mounted on /dev/shm 300M 14M 287M 5% /var/spool/MailScanner/incoming This ought to be there on the wiki someplace.. btw the usage (including SpamAssassin.cache.db) never goes beyond 30-40MB on a server processing 100000+ mails. - dhawal From andoni.auzmendi at robertwalters.com Wed Jul 5 17:44:40 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Wed Jul 5 17:44:55 2006 Subject: tuning Message-ID: <5450254EC7E7B54193C8AEFD904AA36303B147@PAT.internal.robertwalters.com> By default tmpfs allocates half of the physical ram. That value can be changed specifying size=size when mounting. For example on a machine with 2GB of ram by default it would use 1GB. If we wanted to make it 512MB mount it as follows: # mount -t tmpfs -o size=512m /dev/shm /tmp_shm You can on Red Hat variants change /etc/fstab to mount /tmp on ram easily. change none /dev/shm /tmpfs defaults 0 0 to None /tmp /tmpfs size=512m 0 0 Andoni -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: 05 July 2006 16:48 To: MailScanner discussion Subject: Re: tuning Dhawal Doshy wrote: > Also consider using the SpamAssassin Cache settings in MS.conf and > also setup a small 100MB TMPFS partition (to keep mailscanner's work > dir and SA cache) > How does one modify the size of a tmpfs partition? I thought it just took whatever RAM was available. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From edwardbruce at sbcglobal.net Wed Jul 5 17:50:12 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed Jul 5 17:50:15 2006 Subject: MailScanner stopped scanning In-Reply-To: <40283.194.70.180.170.1152117682.squirrel@webmail.r-bit.net> References: <44ABE486.20700@sbcglobal.net> <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> <44ABE93A.1040502@sbcglobal.net> <40283.194.70.180.170.1152117682.squirrel@webmail.r-bit.net> Message-ID: <44ABEDC4.7000905@sbcglobal.net> Drew Marshall wrote: > On Wed, July 5, 2006 17:30, Ed Bruce wrote: > >> Drew Marshall wrote: >> >>> On Wed, July 5, 2006 17:10, Ed Bruce wrote: >>> >>> >>>> I've been reading various threads. Made a couple of changes, not really >>>> paying attention, and noticed that at some point email is no longer >>>> being scanned. So not really sure what I did to muck up my setup. I >>>> basically did three things: >>>> >>>> 1. Installed caching-nameserver and started named daemon. >>>> 2. commented out dcc load module for spamassassin (I currently have >>>> undone this change) >>>> 3. Used CPAN to upgrade a couple of modules >>>> >>>> >>> Me thinks this could be the culprit. Have you restarted MailScanner, >>> just >>> in case? If this doesn't work, try again this time in debug mode. >>> >>> Drew >>> >>> >>> >>> >> I get this error in debug: >> >> [root@mail1 root]# MailScanner -debug >> In Debugging mode, not forking... >> no connection to syslog available >> - _PATH_LOG not available in syslog.h at >> /usr/lib/MailScanner/MailScanner/Log.pm line 152 >> [root@mail1 root]# >> > > Which modules did you upgrade and more the point, which others were forced > as linked/ dependencies? I think there has been a similar thread recently > about this (Like in the last day or so). > > Drew > > > If I recall it was IO, IO::File, IO::Pipe, Sys::Syslog, and Test::Harness. I didn't note the forced dependencies. Don't know what possessed me to upgrade them, get bored sometimes. Is there a list of modules and the versions they should be for MS to work. Are there known unsupported versions. Lastly can I go back to a supported version??? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060705/75896e79/attachment.html From dhawal at netmagicsolutions.com Wed Jul 5 17:52:45 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 5 17:52:53 2006 Subject: MailScanner stopped scanning In-Reply-To: <44ABE93A.1040502@sbcglobal.net> References: <44ABE486.20700@sbcglobal.net> <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> <44ABE93A.1040502@sbcglobal.net> Message-ID: <44ABEE5D.3070203@netmagicsolutions.com> Ed Bruce wrote: > Drew Marshall wrote: >> On Wed, July 5, 2006 17:10, Ed Bruce wrote: >> >>> I've been reading various threads. Made a couple of changes, not really >>> paying attention, and noticed that at some point email is no longer >>> being scanned. So not really sure what I did to muck up my setup. I >>> basically did three things: >>> >>> 1. Installed caching-nameserver and started named daemon. >>> 2. commented out dcc load module for spamassassin (I currently have >>> undone this change) >>> 3. Used CPAN to upgrade a couple of modules >>> >> Me thinks this could be the culprit. Have you restarted MailScanner, just >> in case? If this doesn't work, try again this time in debug mode. >> >> Drew >> >> >> > I get this error in debug: > > [root@mail1 root]# MailScanner -debug > In Debugging mode, not forking... > no connection to syslog available > - _PATH_LOG not available in syslog.h at > /usr/lib/MailScanner/MailScanner/Log.pm line 152 > [root@mail1 root]# Have you changed syslog.h for any reason? find / -name syslog.h rpm -qf `the file(s)` rpm -V "the Output of rpm -qf" For instance: "rpm -qf /usr/include/sys/syslog.h" gives me 'glibc-headers-2.3.4-2.19' "rpm -V glibc-headers" gives me nothing, verifying that the rpm is fine. Another suggestion in a similar thread was to downgrade sys::syslog to 0.15 (download, untar, perl Makefile.pl, make, make test, make install) - dhawal From michele at blacknight.ie Wed Jul 5 17:54:03 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Wed Jul 5 17:54:08 2006 Subject: Vispan whitelist format? In-Reply-To: Message-ID: <046101c6a053$a03119e0$88c5c657@arthur> Scott Silva <> said on 05 July 2006 16:53: > You would need to write some code to add those to the access file and > regenerate the access.db. Or look at some of the options of making > your own RBL and to it with lookups. I'm trying to reduce the load from dictionary / DDOS attacks..... Hmmm > Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From edwardbruce at sbcglobal.net Wed Jul 5 17:56:36 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed Jul 5 17:56:39 2006 Subject: MailScanner stopped scanning In-Reply-To: <40283.194.70.180.170.1152117682.squirrel@webmail.r-bit.net> References: <44ABE486.20700@sbcglobal.net> <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> <44ABE93A.1040502@sbcglobal.net> <40283.194.70.180.170.1152117682.squirrel@webmail.r-bit.net> Message-ID: <44ABEF44.1090900@sbcglobal.net> Thanks found the other thread and downgraded my sys::syslog. From edwardbruce at sbcglobal.net Wed Jul 5 18:26:13 2006 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Wed Jul 5 18:26:16 2006 Subject: MailScanner stopped scanning In-Reply-To: <44ABEE5D.3070203@netmagicsolutions.com> References: <44ABE486.20700@sbcglobal.net> <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> <44ABE93A.1040502@sbcglobal.net> <44ABEE5D.3070203@netmagicsolutions.com> Message-ID: <44ABF635.2090707@sbcglobal.net> Dhawal Doshy wrote: > > Another suggestion in a similar thread was to downgrade sys::syslog to > 0.15 (download, untar, perl Makefile.pl, make, make test, make install) This was the problem. At least I now have an argument that email is not as important as my boss believes. External email was down for 3 hours and not one phone call to the help desk. I'm betting productivity increased during that time :) From ssilva at sgvwater.com Wed Jul 5 18:30:53 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 5 18:33:00 2006 Subject: Vispan whitelist format? In-Reply-To: <046101c6a053$a03119e0$88c5c657@arthur> References: <046101c6a053$a03119e0$88c5c657@arthur> Message-ID: Michele Neylon :: Blacknight Solutions spake the following on 7/5/2006 9:54 AM: > Scott Silva <> said on 05 July 2006 16:53: > > >> You would need to write some code to add those to the access file and >> regenerate the access.db. Or look at some of the options of making >> your own RBL and to it with lookups. > > I'm trying to reduce the load from dictionary / DDOS attacks..... > > Hmmm It shouldn't be too difficult to insert your custom into the access file and run makemap. But I seem to remember some performance problems with some MTA's and large access files. Sendmail seemed to be a big offender, and maybe Exim ( again, my over 40 year old brain cells are having a hiccup, soo please no flames!). It has been a long time, and maybe those problems are resolved. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Jul 5 18:37:03 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 5 18:37:32 2006 Subject: MailScanner stopped scanning In-Reply-To: <44ABF635.2090707@sbcglobal.net> References: <44ABE486.20700@sbcglobal.net> <40219.194.70.180.170.1152116502.squirrel@webmail.r-bit.net> <44ABE93A.1040502@sbcglobal.net> <44ABEE5D.3070203@netmagicsolutions.com> <44ABF635.2090707@sbcglobal.net> Message-ID: Ed Bruce spake the following on 7/5/2006 10:26 AM: > Dhawal Doshy wrote: >> Another suggestion in a similar thread was to downgrade sys::syslog to >> 0.15 (download, untar, perl Makefile.pl, make, make test, make install) > This was the problem. At least I now have an argument that email is not > as important as my boss believes. External email was down for 3 hours > and not one phone call to the help desk. I'm betting productivity > increased during that time :) Here, if email is down for 30 minutes, I get calls from Executive secretaries and V.P.'s even if I am at home on sick days..... I doubt that I am the only one! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glauciusjunior at gmail.com Wed Jul 5 19:07:51 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Wed Jul 5 19:08:00 2006 Subject: phishing ! In-Reply-To: <625385e30607042212u7ad850f1g446d877f697294ad@mail.gmail.com> References: <2360d6370607040902r52aed7f5m6eadf77cf141a432@mail.gmail.com> <625385e30607042212u7ad850f1g446d877f697294ad@mail.gmail.com> Message-ID: <2360d6370607051107h4f546bd3x475f265d52e93fbe@mail.gmail.com> I'm using store, tanks, best regards !! On 7/5/06, shuttlebox wrote: > On 7/4/06, glaucius junior wrote: > > My MailScanner logs it : > > > > Content Checks: Detected and have disarmed script tags in HTML message in > > > > OK, great > > > > But MailScanner delivers it to postfix, how can I say to MailScanner > > block this ?? > > You have: > > Allow Script Tags = disarm > > and you want: > > Allow Script Tags = no > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jorge.arenas at csags.com.mx Thu Jul 6 00:08:34 2006 From: jorge.arenas at csags.com.mx (Jorge A. Arenas Quezada) Date: Thu Jul 6 00:08:39 2006 Subject: redirect files in filename.rules.conf Message-ID: Skipped content of type multipart/related-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3750 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060705/4545c2c6/smime.bin From evan at espphotography.com Thu Jul 6 00:32:23 2006 From: evan at espphotography.com (Evan Platt) Date: Thu Jul 6 00:32:28 2006 Subject: Mailscanner and darwin? Message-ID: <4127.216.200.134.242.1152142343.squirrel@www.espphotography.com> Just installed MailScanner 4.55-7.1 today on a OS/X (Darwin) Box. Install went smooth, however my mail log is getting hammered with this about every 10 seconds: Jul 5 16:31:31 www MailScanner[4506]: MailScanner E-Mail Virus Scanner version 4.55.7 starting...\n Jul 5 16:31:32 www MailScanner[4506]: Read 746 hostnames from the phishing whitelist\n Jul 5 16:31:33 www MailScanner[4506]: Using SpamAssassin results cache\n Jul 5 16:31:33 www MailScanner[4506]: Connected to SpamAssassin cache database\n Jul 5 16:31:33 www MailScanner[4506]: Enabling SpamAssassin auto-whitelist functionality...\n Jul 5 16:31:38 www MailScanner[4506]: Your "Incoming Work Directory" should be specified as an absolute path, not including any links. But I will work okay anyway.\n Jul 5 16:31:38 www MailScanner[4506]: Using locktype = posix\n Jul 5 16:31:38 www MailScanner[4506]: 1\n Jul 5 16:31:38 www MailScanner[4506]: 2\n Jul 5 16:31:38 www MailScanner[4506]: 3\n Jul 5 16:31:38 www MailScanner[4506]: 4\n Jul 5 16:31:38 www MailScanner[4506]: 5\n Jul 5 16:31:38 www MailScanner[4506]: Don't know how to do fcntl locking on 'darwin'\n Jul 5 16:31:38 www MailScanner[4506]: Please contact mailscanner authors.5\n Jul 5 16:31:38 www MailScanner[4506]: 4\n Jul 5 16:31:38 www MailScanner[4506]: 3\n Jul 5 16:31:38 www MailScanner[4506]: 2\n Jul 5 16:31:38 www MailScanner[4506]: 1\n I looked through the documantation and the MailScanner.conf and didn't see one, how to disable the fcntl error, and second, how to stop it from logging the same entries to the log about every 30 seconds. Any pointers appreciated. Thanks. Evan From martinh at solid-state-logic.com Thu Jul 6 09:11:23 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 6 09:11:42 2006 Subject: Mailscanner and darwin? In-Reply-To: <4127.216.200.134.242.1152142343.squirrel@www.espphotography.com> Message-ID: <007701c6a0d3$c5ae35b0$3004010a@martinhlaptop> Evan You'll probably have to force the "Lock Type" in MailScanner.conf to be either posix of flock depending on your MTA. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Evan Platt > Sent: 06 July 2006 00:32 > To: mailscanner@lists.mailscanner.info > Subject: Mailscanner and darwin? > > Just installed MailScanner 4.55-7.1 today on a OS/X (Darwin) Box. Install > went smooth, however my mail log is getting hammered with this about every > 10 seconds: > > > > Jul 5 16:31:31 www MailScanner[4506]: MailScanner E-Mail Virus Scanner > version 4.55.7 starting...\n > Jul 5 16:31:32 www MailScanner[4506]: Read 746 hostnames from the > phishing whitelist\n > Jul 5 16:31:33 www MailScanner[4506]: Using SpamAssassin results cache\n > Jul 5 16:31:33 www MailScanner[4506]: Connected to SpamAssassin cache > database\n > Jul 5 16:31:33 www MailScanner[4506]: Enabling SpamAssassin > auto-whitelist functionality...\n > Jul 5 16:31:38 www MailScanner[4506]: Your "Incoming Work Directory" > should be specified as an absolute path, not including any links. But I > will work okay anyway.\n > Jul 5 16:31:38 www MailScanner[4506]: Using locktype = posix\n > Jul 5 16:31:38 www MailScanner[4506]: 1\n > Jul 5 16:31:38 www MailScanner[4506]: 2\n > Jul 5 16:31:38 www MailScanner[4506]: 3\n > Jul 5 16:31:38 www MailScanner[4506]: 4\n > Jul 5 16:31:38 www MailScanner[4506]: 5\n > Jul 5 16:31:38 www MailScanner[4506]: Don't know how to do fcntl locking > on 'darwin'\n > Jul 5 16:31:38 www MailScanner[4506]: Please contact mailscanner > authors.5\n > Jul 5 16:31:38 www MailScanner[4506]: 4\n > Jul 5 16:31:38 www MailScanner[4506]: 3\n > Jul 5 16:31:38 www MailScanner[4506]: 2\n > Jul 5 16:31:38 www MailScanner[4506]: 1\n > > > I looked through the documantation and the MailScanner.conf and didn't see > one, how to disable the fcntl error, and second, how to stop it from > logging the same entries to the log about every 30 seconds. > > Any pointers appreciated. > > Thanks. > > Evan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Thu Jul 6 09:12:49 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 6 09:13:00 2006 Subject: MailScanner stopped scanning In-Reply-To: <44ABE486.20700@sbcglobal.net> Message-ID: <007801c6a0d3$f874ddf0$3004010a@martinhlaptop> Hmm looks like Syslog 0.16 does something different. I'll drop Julian an email about this habe he should be able to address it when he gets from his holidays.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ed Bruce > Sent: 05 July 2006 17:11 > To: MailScanner discussion > Subject: MailScanner stopped scanning > > I've been reading various threads. Made a couple of changes, not really > paying attention, and noticed that at some point email is no longer > being scanned. So not really sure what I did to muck up my setup. I > basically did three things: > > 1. Installed caching-nameserver and started named daemon. > 2. commented out dcc load module for spamassassin (I currently have > undone this change) > 3. Used CPAN to upgrade a couple of modules > > I'm running under Redhat AS 3, MS 4.54.6, Postfix and the queue is > getting larger and larger but nothing is getting scanned??? I've checked > the /var/spool/maillog and there are no errors. There are no errors in > the /var/log/messages. Any ideas of where I can look to figure out why > messages are no longer getting scanned? > > MailScanner -v > Running on > Linux mail1.hpmich.com 2.4.21-27.0.4.ELsmp #1 SMP Sat Apr 16 18:43:06 > EDT 2005 i686 i686 i386 GNU/Linux > This is Red Hat Enterprise Linux ES release 3 (Taroon Update 5) > This is Perl version 5.008000 (5.8.0) > > This is MailScanner version 4.54.6 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.01 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.04 Fcntl > 2.71 File::Basename > 2.05 File::Copy > 2.01 FileHandle > 1.05 File::Path > 0.13 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.54 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 1.74 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.05 POSIX > 1.75 Socket > 0.16 Sys::Syslog > 1.87 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.814 DB_File > 1.12 DBD::SQLite > 1.50 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.001003 Mail::SpamAssassin > 1.999001 Mail::SPF::Query > 0.20 Net::CIDR::Lite > 1.25 Net::IP > 0.58 Net::DNS > 0.33 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.62 Test::Harness > 0.62 Test::Simple > 1.89 Text::Balanced > 1.35 URI > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at mango.zw Thu Jul 6 09:46:03 2006 From: mailscanner at mango.zw (Jim Holland) Date: Thu Jul 6 09:54:08 2006 Subject: Splitting a multiple recipient message into individual messages In-Reply-To: <07f101c681a3$d5e75dc0$2901010a@office.fsl> Message-ID: Hi On Sat, 27 May 2006, Stephen Swaney wrote: > I finally found a few minutes so this has been added to the Wiki: > > http://wiki.mailscanner.info/doku.php?id=maq:index#sendmail_8.13_anti-spam_/ > _denial_of_service_protection_features > > I've also added: > > "How Split a Multiple Recipient Message in Single Messages" under: > > http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions > > I've added the sendmail instructions. If anyone wants to add the Exim method > to split messages to multiple recipients into individual messages please > feel free :) Thanks for these notes. I see the comment that this may increase the load significantly on the server as it will have to process more messages. I would also imagine that it would have a significant impact on bandwidth as well, as each recipient's copy of a message would be delivered separately. That is of much more significance for ourselves than the CPU load as we are handling traffic for 2500 people on a 64k leased line. On the other hand we handle large mailing lists that could involve sending outgoing mail to over 2000 people, and these lists would collapse if we were to send each message individually. What we need therefore is a way of splitting incoming messages (where the bandwidth issue would not arise but where we need to be able to apply rulesets individually) but not outgoing (where we need to conserve bandwidth and where rulesets generally don't apply). Do you know how to modify the sendmail local ruleset accordingly? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From drew at themarshalls.co.uk Thu Jul 6 10:39:36 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Jul 6 10:39:52 2006 Subject: Splitting a multiple recipient message into individual messages In-Reply-To: References: <07f101c681a3$d5e75dc0$2901010a@office.fsl> Message-ID: <41377.194.70.180.170.1152178776.squirrel@webmail.r-bit.net> On Thu, July 6, 2006 09:46, Jim Holland wrote: > Hi > > On Sat, 27 May 2006, Stephen Swaney wrote: > >> I finally found a few minutes so this has been added to the Wiki: >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#sendmail_8.13_anti-spam_/ >> _denial_of_service_protection_features >> >> I've also added: >> >> "How Split a Multiple Recipient Message in Single Messages" under: >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions >> >> I've added the sendmail instructions. If anyone wants to add the Exim >> method >> to split messages to multiple recipients into individual messages please >> feel free :) > > Thanks for these notes. I see the comment that this may increase the load > significantly on the server as it will have to process more messages. I > would also imagine that it would have a significant impact on bandwidth as > well, as each recipient's copy of a message would be delivered separately. > That is of much more significance for ourselves than the CPU load as we > are handling traffic for 2500 people on a 64k leased line. On the other > hand we handle large mailing lists that could involve sending outgoing > mail to over 2000 people, and these lists would collapse if we were to > send each message individually. What we need therefore is a way of > splitting incoming messages (where the bandwidth issue would not arise > but where we need to be able to apply rulesets individually) but not > outgoing (where we need to conserve bandwidth and where rulesets generally > don't apply). Do you know how to modify the sendmail local ruleset > accordingly? I am not a Sendmail expert or user I wouldn't think this is achievable as Sendmail won't know what was the original message once it is split as all the split messages will look like new individual queue files. However, all shouldn't be lost as sendmail should [be capable of] make one SMTP connection and send as much mail as permitted (By the receiving and sending MTAs) in one connection so saving the bandwidth of individual SMTP sessions. Obviously this doesn't replace the sending of one message with multple recipients but it would help. Perhaps there is another angle where by Sendmail only splits messages of a certain size? Most Spam is not large so you only really need to scan say under 750Kb (Or may be even less) and you could split these with different rulesets but it also depends on what you apply rulesets to Spam, virus scanning, attachments etc as to whether this idea would work. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From shuttlebox at gmail.com Thu Jul 6 11:29:23 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jul 6 11:29:26 2006 Subject: Splitting a multiple recipient message into individual messages In-Reply-To: References: <07f101c681a3$d5e75dc0$2901010a@office.fsl> Message-ID: <625385e30607060329u4fc1d6aldd7436c2876d1515@mail.gmail.com> On 7/6/06, Jim Holland wrote: > What we need therefore is a way of > splitting incoming messages (where the bandwidth issue would not arise > but where we need to be able to apply rulesets individually) but not > outgoing (where we need to conserve bandwidth and where rulesets generally > don't apply). Do you know how to modify the sendmail local ruleset > accordingly? You could always use another Sendmail relay for outgoing mail. Maybe even run it as another instance on the same host. -- /peter From arturs at netvision.net.il Thu Jul 6 14:28:44 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jul 6 13:31:06 2006 Subject: No MS in maillog Message-ID: <00ee01c6a100$1ae62480$3701a8c0@lapxp> Hi all, I wonder: in previous versions of MS I have always seen it in maillog. But with 4.55.7, I don't see it at all. Is it right? Although, it is in headers: --- X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on ns1.cpt.co.il X-Virus-Status: Clean X-CPTeam-MailScanner-Information: Please contact the C.P.Team for more information X-CPTeam-MailScanner: Found to be clean X-CPTeam-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=2.71, required 5, AWL 0.28, HTML_FONT_BIG 0.26, HTML_MESSAGE 0.00, MIME_BASE64_TEXT 1.52, SARE_SUB_ENC_WIN1255 0.65) X-CPTeam-MailScanner-SpamScore: 2 X-CPTeam-MailScanner-From: office@schuco.co.il X-Spam-Status: No X-UIDL: 4bW"!@d-"!Ci-!!;1D"! --- Best, -- Arthur Sherman +972-52-4878851 CPTeam From martinh at solid-state-logic.com Thu Jul 6 13:48:36 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 6 13:48:45 2006 Subject: No MS in maillog In-Reply-To: <00ee01c6a100$1ae62480$3701a8c0@lapxp> References: <00ee01c6a100$1ae62480$3701a8c0@lapxp> Message-ID: <44AD06A4.8060500@solid-state-logic.com> Arthur Sherman wrote: > Hi all, > > I wonder: in previous versions of MS I have always seen it in maillog. > But with 4.55.7, I don't see it at all. > Is it right? > > Although, it is in headers: > --- > > X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on > ns1.cpt.co.il > X-Virus-Status: Clean > X-CPTeam-MailScanner-Information: Please contact the C.P.Team for more > information > X-CPTeam-MailScanner: Found to be clean > X-CPTeam-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=2.71, required 5, AWL 0.28, HTML_FONT_BIG 0.26, > HTML_MESSAGE 0.00, MIME_BASE64_TEXT 1.52, SARE_SUB_ENC_WIN1255 0.65) > X-CPTeam-MailScanner-SpamScore: 2 > X-CPTeam-MailScanner-From: office@schuco.co.il > X-Spam-Status: No > X-UIDL: 4bW"!@d-"!Ci-!!;1D"! > --- > > > Best, > > -- > Arthur Sherman > > +972-52-4878851 > CPTeam > Arthur see.. http://www.mailscanner.info/ChangeLog specifically near the top... 4 Now use syslog "notice" priority instead of "info" when issuing messages that are nearly warnings. This helps you drastically reduce the amount of syslog output by just logging priorities greater than or equal to "notice". -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Denis.Beauchemin at USherbrooke.ca Thu Jul 6 13:55:45 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jul 6 13:56:10 2006 Subject: redirect files in filename.rules.conf In-Reply-To: References: Message-ID: <44AD0851.70507@USherbrooke.ca> Jorge A. Arenas Quezada a ?crit : > > Hi: > > I just start to work with MailScanner (great software) > > And I need some help > > Right now I?m filtering some extensions in the filename.rules.conf and > I want to know if I can redirect to some mailbox all the mails with > certain filename extension > > For example I like to redirect all the mails with .pps files to my > mailbox > > I have some days reading and I believe that the software can do it, > but I need more experience and time and my boss want an answer of this > ASAP > > Any help or point in the right direction will be appreciated > > Thanks in advance > I don't think you can do this... you can forward spam/non-spam or all messages to someone, but not emails with specific attachments. You maybe could create a SpamAssassin rule that matches the pps file name and assign it a big score. Then set the high scoring rule to that score and forward the email to you. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060706/d2d6ec08/smime.bin From andres.mujica at seaq.com.co Thu Jul 6 14:02:08 2006 From: andres.mujica at seaq.com.co (Andres Mujica - SEAQ) Date: Thu Jul 6 14:10:07 2006 Subject: no connection to syslog available References: <010001c697e8$51208390$3701a8c0@lapxp> <837A1707-76F1-4978-8F3B-5E81150E923F@ecs.soton.ac.uk> Message-ID: Julian Field ecs.soton.ac.uk> writes: > > Sys::Syslog::syslog($level, $_) if $_ ne ""; > > --- > > > > Syslog.h has : > > --- > > define _PATH_LOG "/tmp/syslog" > > --- > This should show you what you have installed: > MailScanner -v > It should be in the first section, ie compulsory modules. It's called > Sys::Syslog. > > And make sure your syslogd is running > i? m having this exact issue, i've checked and found sys:syslog installed, so i made this and at least goes on without the message, but i wan to know if what i did would work or i must downgrade my perl or something like that, thanks for your comments according to: http://wiki.bestpractical.com/index.cgi?action=revisions&page_name=NoConnectionToSyslog&revision_id=-1 and http://shock.hates-software.com/2003/10/14/40577a20.html i've modified Log.pm so instead of using unix sockets it goes through tcp/ip (i think) diff Log.pm Log.pm-orig 71,72c71 < #Sys::Syslog::setlogsock('unix'); < Sys::Syslog::setlogsock('inet'); --- > Sys::Syslog::setlogsock('unix'); now i'm getting some annoying error MailScanner -debug In Debugging mode, not forking... Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 781 format error: can't find EOCD signature at /usr/sbin/MailScanner line 781 format error: can't find EOCD signature at /usr/sbin/MailScanner line 781 format error: can't find EOCD signature at /usr/sbin/MailScanner line 781 format error: can't find EOCD signature at /usr/sbin/MailScanner line 781 please tell me if this pseudo patch is fine or its a horrible hacl?k. thanks Andres SEAQ From gmatt at nerc.ac.uk Thu Jul 6 15:07:40 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jul 6 15:07:50 2006 Subject: no connection to syslog available In-Reply-To: References: <010001c697e8$51208390$3701a8c0@lapxp> <837A1707-76F1-4978-8F3B-5E81150E923F@ecs.soton.ac.uk> Message-ID: <44AD192C.3030001@nerc.ac.uk> Andres Mujica - SEAQ wrote: > now i'm getting some annoying error > MailScanner -debug > In Debugging mode, not forking... > Ignore errors about failing to find EOCD signature ^^^^^^^^^^^ here's your hint. > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 781 > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 781 > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 781 > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 781 > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 781 this has got nothing to do with the patch you mention and is pretty normal. > > > please tell me if this pseudo patch is fine or its a horrible hacl?k. > > > thanks > > Andres > SEAQ > > > > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From rgreen at trayerproducts.com Thu Jul 6 15:18:14 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Jul 6 15:19:08 2006 Subject: Another call for improvements In-Reply-To: <447DFDAF.5020405@nkpanama.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> <447DE844.2000803@nkpanama.com> <447DF336.2030106@ecs.soton.ac.uk> <447DF7B8.6040500@nkpanama.com> <447DFAB3.8060306@ecs.soton.ac.uk> <447DFDAF.5020405@nkpanama.com> Message-ID: <44AD1BA6.2020500@trayerproducts.com> Alex Neuman van der Hans wrote: > Julian Field wrote: >> >> >> Alex Neuman van der Hans wrote: >>> Julian Field wrote: >>>>>> >>>>> Hold on... so spam isn't archived by the "archive mail" function? >>>>> I thought it was by design that "archive mail" went before >>>>> everything else, and so spam gets archived with it. Is it >>>>> different now? >>>> It gets archived into a "spam" subdirectory. Look. >>>> >>> >>> Ok, so to recap, if I have, for example: >>> >>> Archive Mail = %rules-dir%/archive.rules >>> >>> archive.rules: >>> >>> FromOrTo: default no >>> From: alex@nkpanama.com /home/backup/mail/outgoing/alex >>> To: alex@nkpanama.com /home/backup/mail/incoming/alex >>> >>> Spam Actions = attachment deliver header "X-Spam-Status: yes" >>> High Scoring Spam Actions = delete # no need to set header >>> "X-Spam-Status: yes" >>> Non Spam Actions = deliver header "X-Spam-Status: no" >>> >>> Where would the spam go? To the quarantine in a spam folder? >> Should do, yes. >> Hello. I know this thread is over a month old but I'm still in need of clarification. I've setup the Archive Mail parameter to point to an archive rules file that archives mail from or to local users to a mbx style file for each user. If I open up my archive file for my account spam is indeed in that file. It appears that the archiving is done before any spam filtering is done. In Julian's replies he states that "It gets archived into a "spam" subdirectory..." If this is the case, why is their spam in the archive files that would have definitely been filtered? Does the order of parameters in the MailScanner.conf file play into this? Do I perhaps have the archive mail parameter in an incorrect place? Thanks for any help. Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Thu Jul 6 16:04:47 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jul 6 16:04:52 2006 Subject: Another call for improvements In-Reply-To: <44AD1BA6.2020500@trayerproducts.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <447D8530.8040105@trayerproducts.com> <447DD3D3.90002@ecs.soton.ac.uk> <447DE844.2000803@nkpanama.com> <447DF336.2030106@ecs.soton.ac.uk> <447DF7B8.6040500@nkpanama.com> <447DFAB3.8060306@ecs.soton.ac.uk> <447DFDAF.5020405@nkpanama.com> <44AD1BA6.2020500@trayerproducts.com> Message-ID: <625385e30607060804v6bc83f7epfb16d8b41f45e8a9@mail.gmail.com> On 7/6/06, Rodney Green wrote: > Hello. I know this thread is over a month old but I'm still in need of > clarification. I've setup the Archive Mail parameter to point to an > archive rules file that archives mail from or to local users to a mbx > style file for each user. If I open up my archive file for my account > spam is indeed in that file. It appears that the archiving is done > before any spam filtering is done. In Julian's replies he states that > "It gets archived into a "spam" subdirectory..." If this is the case, > why is their spam in the archive files that would have definitely been > filtered? Does the order of parameters in the MailScanner.conf file play > into this? Do I perhaps have the archive mail parameter in an incorrect > place? Julian is talking about the quarantine which is separate from the archive. Both are mainly used to debug things so they should contain all mail in its original form, otherwise it would be useless when trying to solve a problem. -- /peter From ka at pacific.net Thu Jul 6 16:23:37 2006 From: ka at pacific.net (Ken A) Date: Thu Jul 6 16:23:09 2006 Subject: Splitting a multiple recipient message into individual messages In-Reply-To: References: Message-ID: <44AD2AF9.4020109@pacific.net> Jim Holland wrote: > Hi > > On Sat, 27 May 2006, Stephen Swaney wrote: > >> I finally found a few minutes so this has been added to the Wiki: >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#sendmail_8.13_anti-spam_/ >> _denial_of_service_protection_features >> >> I've also added: >> >> "How Split a Multiple Recipient Message in Single Messages" under: >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#misc._questions >> >> I've added the sendmail instructions. If anyone wants to add the Exim method >> to split messages to multiple recipients into individual messages please >> feel free :) > > Thanks for these notes. I see the comment that this may increase the load > significantly on the server as it will have to process more messages. I > would also imagine that it would have a significant impact on bandwidth as > well, as each recipient's copy of a message would be delivered separately. > That is of much more significance for ourselves than the CPU load as we > are handling traffic for 2500 people on a 64k leased line. On the other > hand we handle large mailing lists that could involve sending outgoing > mail to over 2000 people, and these lists would collapse if we were to > send each message individually. What we need therefore is a way of > splitting incoming messages (where the bandwidth issue would not arise > but where we need to be able to apply rulesets individually) but not > outgoing (where we need to conserve bandwidth and where rulesets generally > don't apply). Do you know how to modify the sendmail local ruleset > accordingly? > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > You should be able to do this with sendmail's queue groups functionality using the access.db by creating another queue group in your incoming instance of sendmail that _doesn't_ split incoming mail. See http://www.sendmail.org/~ca/email/doc8.12/cf/m4/features.html Ken Pacific.Net From rgreen at trayerproducts.com Thu Jul 6 16:57:07 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Jul 6 16:57:50 2006 Subject: OT: spam filter Message-ID: <44AD32D3.5060209@trayerproducts.com> Does anyone know of a filter script that will scan an mbox file for spam using spamassassin's rules and output any mail not found to be spam to another file? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Brad at beckenhauer.com Thu Jul 6 20:04:38 2006 From: Brad at beckenhauer.com (Brad Beckenhauer) Date: Thu Jul 6 20:04:58 2006 Subject: Overloading Rulesets & CustomFunctions Message-ID: <58382.208.35.133.11.1152212678.squirrel@mail.beckenhauer.com> Hello, Is there a way to use the overloading technique with the CustomFunction? Example: Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules &SQLWhitelist First MailScanner checks the spam.whitelist.rules then it checks the &SQLWhitelist. thanks Brad From dhawal at netmagicsolutions.com Thu Jul 6 20:25:15 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jul 6 20:25:25 2006 Subject: Overloading Rulesets & CustomFunctions In-Reply-To: <58382.208.35.133.11.1152212678.squirrel@mail.beckenhauer.com> References: <58382.208.35.133.11.1152212678.squirrel@mail.beckenhauer.com> Message-ID: <44AD639B.50600@netmagicsolutions.com> Brad Beckenhauer wrote: > Hello, > > Is there a way to use the overloading technique with the CustomFunction? Not currently, you cannot combine rulesets/values with a Custom Function. Though if you search the archives, there is a way to use more that one Custom Function for the same 'Option'. - dhawal > Example: > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules &SQLWhitelist > > First MailScanner checks the spam.whitelist.rules then it checks the > &SQLWhitelist. > > thanks > Brad From arturs at netvision.net.il Thu Jul 6 21:23:51 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jul 6 20:29:03 2006 Subject: No MS in maillog In-Reply-To: <44AD06A4.8060500@solid-state-logic.com> Message-ID: <010201c6a13a$187f5150$3701a8c0@lapxp> > see.. > http://www.mailscanner.info/ChangeLog > > specifically near the top... > > 4 Now use syslog "notice" priority instead of "info" when issuing > messages that are nearly warnings. This helps you drastically > reduce the > amount of syslog output by just logging priorities greater > than or equal > to "notice". > > -- > Martin Hepworth All right. Thank you, Martin. Best, -- Arthur Sherman +972-52-4878851 CPTeam From arturs at netvision.net.il Thu Jul 6 21:25:34 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jul 6 20:29:06 2006 Subject: DCC config and SA lint complaints In-Reply-To: Message-ID: <010301c6a13a$55d586f0$3701a8c0@lapxp> > Ugo, > > Hunh??? I *do* want to use DCC, so if I comment out the > loadplugin Mail::SpamAssassin::Plugin::DCC lines in the pre > files, then DCC won't get used. > > Jeff Earickson > > On Mon, 3 Jul 2006, Ugo Bellavance wrote: > > > Date: Mon, 03 Jul 2006 17:52:39 -0400 > > From: Ugo Bellavance > > Reply-To: MailScanner discussion > > > To: mailscanner@lists.mailscanner.info > > Subject: Re: DCC config and SA lint complaints > > > > Jeff A. Earickson wrote: > >> Gang, > >> > >> I googled for this one, lots of people ask, no answer found... > >> I have the following in my spam.assassin.prefs.conf file, because > >> I install DCC in /opt/dcc: > >> > >> dcc_path /opt/dcc/bin/dccproc > >> dcc_home /opt/dcc > >> > >> If these two lines are there, spamassassin --lint chokes: > >> > >> /opt/perl5/bin/spamassassin -p > >> /opt/MailScanner/etc/spam.assassin.prefs.conf --lint > >> [12758] warn: config: failed to parse line, skipping: dcc_path > >> /opt/dcc/bin/dccproc > >> [12758] warn: config: failed to parse line, skipping: > dcc_home /opt/dcc > >> [12758] warn: lint: 2 issues detected, please rerun with > debug enabled > >> for more information > >> > >> If the lines are not there, then DCC does not get used. > >> I did a workaround by creating a symlink in /usr/bin for > >> dccproc. The problem with this is that SA redirects its message > >> output to dccproc instead of using the dccifd daemon (because SA > >> can't find the dccifd socket if dcc_home is not specified). > >> > >> How do I use the two dcc specifiers for > Mail::SpamAssassin::Plugin::DCC > >> (see > >> > http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.1/lib/ Mail/SpamAssassin/Plugin/DCC.pm) >> without having SA lint complain??? >> >> I ran into this when I installed Rules Du Jour today. Rules Du Jour >> won't work if SA doesn't pass the lint test. Aaaarrgh. > > Look at your .pre files. You probably didn't comment out the line that > enables dcc. > > > Regards, > >> >> Jeff Earickson >> Colby College It should be in MailScanner.conf, I believe: #use_dcc As for the path... Funny, I had it in the different order and it worked with no problem (pls mention diff. path!) dcc_home /var/dcc dcc_path /var/dcc/bin/dccproc Best, -- Arthur Sherman +972-52-4878851 CPTeam From Brad at beckenhauer.com Thu Jul 6 21:37:44 2006 From: Brad at beckenhauer.com (Brad Beckenhauer) Date: Thu Jul 6 21:38:03 2006 Subject: Overloading Rulesets & CustomFunctions In-Reply-To: <44AD639B.50600@netmagicsolutions.com> References: <58382.208.35.133.11.1152212678.squirrel@mail.beckenhauer.com> <44AD639B.50600@netmagicsolutions.com> Message-ID: <59995.208.35.133.11.1152218264.squirrel@mail.beckenhauer.com> On Thu, July 6, 2006 2:25 pm, Dhawal Doshy wrote: > Brad Beckenhauer wrote: > >> Hello, >> >> >> Is there a way to use the overloading technique with the >> CustomFunction? >> > > Not currently, you cannot combine rulesets/values with a Custom > Function. Though if you search the archives, there is a way to use more > that one Custom Function for the same 'Option'. > > - dhawal I was hoping that I could overload the white/blacklist so that it would work in conjunction with Mailwatch (Feature request?). > > >> Example: >> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules &SQLWhitelist >> >> >> First MailScanner checks the spam.whitelist.rules then it checks the >> &SQLWhitelist. >> >> >> thanks Brad >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > From james at grayonline.id.au Thu Jul 6 21:15:23 2006 From: james at grayonline.id.au (James Gray) Date: Thu Jul 6 23:17:51 2006 Subject: OT: spam filter In-Reply-To: <44AD32D3.5060209@trayerproducts.com> References: <44AD32D3.5060209@trayerproducts.com> Message-ID: <44AD6F5B.8030501@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rodney Green wrote: > Does anyone know of a filter script that will scan an mbox file for spam > using spamassassin's rules and output any mail not found to be spam to > another file? Off the top of my head it seems to suggest a combination of "formail" and "procmail". Parse the mbox with formail to break it up into individual messages, then pump them though spamassassin and depending on what spamassassin finds, either dump to another mbox or delete (using procmail). There are probably other ways, but it's 6:15am and I haven't had my coffee yet :P HTH, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFErW9bwBHpdJO7b9ERAszxAKCVeNQdiFyJURq99exSahhxOjKavwCffQzl hgOuXEbAqqMB6mtNFGWULGw= =XEq6 -----END PGP SIGNATURE----- From ssilva at sgvwater.com Thu Jul 6 23:28:29 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 6 23:28:46 2006 Subject: Overloading Rulesets & CustomFunctions In-Reply-To: <59995.208.35.133.11.1152218264.squirrel@mail.beckenhauer.com> References: <58382.208.35.133.11.1152212678.squirrel@mail.beckenhauer.com> <44AD639B.50600@netmagicsolutions.com> <59995.208.35.133.11.1152218264.squirrel@mail.beckenhauer.com> Message-ID: Brad Beckenhauer spake the following on 7/6/2006 1:37 PM: > On Thu, July 6, 2006 2:25 pm, Dhawal Doshy wrote: >> Brad Beckenhauer wrote: >> >>> Hello, >>> >>> >>> Is there a way to use the overloading technique with the >>> CustomFunction? >>> >> Not currently, you cannot combine rulesets/values with a Custom >> Function. Though if you search the archives, there is a way to use more >> that one Custom Function for the same 'Option'. >> >> - dhawal > > I was hoping that I could overload the white/blacklist so that it would > work in conjunction with Mailwatch (Feature request?). > >> >>> Example: >>> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules &SQLWhitelist >>> >>> >>> First MailScanner checks the spam.whitelist.rules then it checks the >>> &SQLWhitelist. >>> >>> >>> thanks Brad >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> Support MailScanner development - buy the book off the website! >> >> > > They are two different ways to do the same thing. Do you need something in MailScanners whitelist that isn't in the Mailwatch version? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Thu Jul 6 23:35:36 2006 From: res at ausics.net (Res) Date: Thu Jul 6 23:35:45 2006 Subject: MailScanner stopped scanning In-Reply-To: <007801c6a0d3$f874ddf0$3004010a@martinhlaptop> References: <007801c6a0d3$f874ddf0$3004010a@martinhlaptop> Message-ID: On Thu, 6 Jul 2006, Martin Hepworth wrote: > Hmm looks like Syslog 0.16 does something different. I'll drop Julian an > email about this habe he should be able to address it when he gets from his > holidays.. > yeah like ensureing it doest die just because it cant use syslog so looks like i DID have a valid argument for that, and maybe if i was taken seriously, then this sys::syslog change wouild not have stopped many peoples mail from being processed. res flame away, thats what many of you are good for :) From mike at vesol.com Thu Jul 6 23:38:46 2006 From: mike at vesol.com (Mike Kercher) Date: Thu Jul 6 23:39:06 2006 Subject: OT: spam filter In-Reply-To: <44AD6F5B.8030501@grayonline.id.au> Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > > Off the top of my head it seems to suggest a combination of "formail" > and "procmail". Parse the mbox with formail to break it up > into individual messages, then pump them though spamassassin > and depending on what spamassassin finds, either dump to > another mbox or delete (using procmail). There are probably > other ways, but it's 6:15am and I haven't had my coffee yet :P > 6:15am?!?! You should still be in bed!!! From chris at spandata.com.au Fri Jul 7 01:20:06 2006 From: chris at spandata.com.au (Chris Aitken) Date: Fri Jul 7 01:20:36 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Message-ID: Hi All, I am running: Fedora Core 4 MailScanner 4.54.6-1 (latest) Sendmail 8.13.4 When I start mailscanner sendmail doesn't seem to start properly and Mailscanner does not process any mail... Sendmail still seems to deliver the mail though I first thought it may be a permission issue on /var/spool/mqueue.in or /var/spool/MailScanner but no combinations there seem to work This is my output when I start mailscanner: [root@gate ~]# service MailScanner start && tail -f /var/log/maillog Starting MailScanner daemons: : incoming sendmail [FAILED] Invalid MTA in /etc/sysconfig/MailScanner : outgoing sendmail [FAILED] Invalid MTA in /etc/sysconfig/MailScanner MailScanner: [ OK ] Jul 7 10:11:14 gate MailScanner[32316]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:11:14 gate MailScanner[32316]: Read 755 hostnames from the phishing whitelist Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function SQLBlacklist Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Blacklist Jul 7 10:11:14 gate MailScanner[32316]: Read 4 blacklist entries Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function MailWatchLogging Jul 7 10:11:14 gate MailScanner[32316]: Started SQL Logging child Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function SQLWhitelist Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Whitelist Jul 7 10:11:14 gate MailScanner[32316]: Read 52 whitelist entries Jul 7 10:11:15 gate MailScanner[32316]: Using SpamAssassin results cache Jul 7 10:11:15 gate MailScanner[32316]: Connected to SpamAssassin cache database Jul 7 10:11:15 gate MailScanner[32316]: Enabling SpamAssassin auto-whitelist functionality... Jul 7 10:11:17 gate MailScanner[32316]: Using locktype = posix Jul 7 10:11:17 gate MailScanner[32316]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jul 7 10:11:25 gate MailScanner[32330]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:11:25 gate MailScanner[32330]: Read 755 hostnames from the phishing whitelist Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function SQLBlacklist Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Blacklist Jul 7 10:11:25 gate MailScanner[32330]: Read 4 blacklist entries Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function MailWatchLogging Jul 7 10:11:25 gate MailScanner[32330]: Started SQL Logging child Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function SQLWhitelist Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Whitelist Jul 7 10:11:25 gate MailScanner[32330]: Read 52 whitelist entries Jul 7 10:11:26 gate MailScanner[32330]: Using SpamAssassin results cache Jul 7 10:11:26 gate MailScanner[32330]: Connected to SpamAssassin cache database Jul 7 10:11:26 gate MailScanner[32330]: Enabling SpamAssassin auto-whitelist functionality... However if I statically set the MTA in the /etc/sysconfig/MailScanner file I get the following errors: [root@gate ~]# service MailScanner start && tail -f /var/log/maillog Starting MailScanner daemons: /): No such file or directory51 4.0.0 can not chdir(/var/spool/mqueue.in [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] Jul 7 10:14:34 gate sendmail[32598]: alias database /etc/aliases rebuilt by root Jul 7 10:14:34 gate sendmail[32598]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not chdir(/var/spool/mqueue.in\r/): No such file or directory Jul 7 10:14:34 gate sm-msp-queue[32609]: starting daemon (8.13.4): queueing@00:15:00 Jul 7 10:14:34 gate sendmail[32613]: starting daemon (8.13.4): queueing@00:15:00 Jul 7 10:14:36 gate MailScanner[32632]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:14:36 gate MailScanner[32632]: Read 755 hostnames from the phishing whitelist Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init function SQLBlacklist Jul 7 10:14:36 gate MailScanner[32632]: Starting up SQL Blacklist Jul 7 10:14:36 gate MailScanner[32632]: Read 4 blacklist entries Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init function MailWatchLogging Jul 7 10:14:37 gate MailScanner[32632]: Started SQL Logging child Jul 7 10:14:37 gate MailScanner[32632]: Config: calling custom init function SQLWhitelist Jul 7 10:14:37 gate MailScanner[32632]: Starting up SQL Whitelist Jul 7 10:14:37 gate MailScanner[32632]: Read 52 whitelist entries Jul 7 10:14:37 gate MailScanner[32632]: Using SpamAssassin results cache Jul 7 10:14:37 gate MailScanner[32632]: Connected to SpamAssassin cache database Jul 7 10:14:37 gate MailScanner[32632]: Enabling SpamAssassin auto-whitelist functionality... Jul 7 10:14:38 gate MailScanner[32640]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:14:38 gate MailScanner[32640]: Read 755 hostnames from the phishing whitelist Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init function SQLBlacklist Jul 7 10:14:38 gate MailScanner[32640]: Starting up SQL Blacklist Jul 7 10:14:38 gate MailScanner[32640]: Read 4 blacklist entries Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init function MailWatchLogging Jul 7 10:14:39 gate MailScanner[32640]: Started SQL Logging child Jul 7 10:14:39 gate MailScanner[32640]: Config: calling custom init function SQLWhitelist Jul 7 10:14:39 gate MailScanner[32640]: Starting up SQL Whitelist Jul 7 10:14:39 gate MailScanner[32640]: Read 52 whitelist entries Jul 7 10:14:39 gate MailScanner[32640]: Using SpamAssassin results cache Jul 7 10:14:39 gate MailScanner[32640]: Connected to SpamAssassin cache database Jul 7 10:14:39 gate MailScanner[32640]: Enabling SpamAssassin auto-whitelist functionality... Please help.. Thanks Chris Aitken chris@spandata.com.au SPAN DATA Australia -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060707/06eb59b1/attachment.html From mike at vesol.com Fri Jul 7 01:25:08 2006 From: mike at vesol.com (Mike Kercher) Date: Fri Jul 7 01:25:24 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... In-Reply-To: Message-ID: Did you turn the sendmail service off? Is it possible you have a typo in your config? This line is the reason I ask: Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not chdir(/var/spool/mqueue.in\r/): No such file or directory Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Aitken Sent: Thursday, July 06, 2006 7:20 PM To: mailscanner@lists.mailscanner.info Subject: Mailscanner keeps starting and mail delivers,but Mailscanner not processing mail... Hi All, I am running: Fedora Core 4 MailScanner 4.54.6-1 (latest) Sendmail 8.13.4 When I start mailscanner sendmail doesn't seem to start properly and Mailscanner does not process any mail... Sendmail still seems to deliver the mail though I first thought it may be a permission issue on /var/spool/mqueue.in or /var/spool/MailScanner but no combinations there seem to work This is my output when I start mailscanner: [root@gate ~]# service MailScanner start && tail -f /var/log/maillog Starting MailScanner daemons: : incoming sendmail [FAILED] Invalid MTA in /etc/sysconfig/MailScanner : outgoing sendmail [FAILED] Invalid MTA in /etc/sysconfig/MailScanner MailScanner: [ OK ] Jul 7 10:11:14 gate MailScanner[32316]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:11:14 gate MailScanner[32316]: Read 755 hostnames from the phishing whitelist Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function SQLBlacklist Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Blacklist Jul 7 10:11:14 gate MailScanner[32316]: Read 4 blacklist entries Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function MailWatchLogging Jul 7 10:11:14 gate MailScanner[32316]: Started SQL Logging child Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function SQLWhitelist Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Whitelist Jul 7 10:11:14 gate MailScanner[32316]: Read 52 whitelist entries Jul 7 10:11:15 gate MailScanner[32316]: Using SpamAssassin results cache Jul 7 10:11:15 gate MailScanner[32316]: Connected to SpamAssassin cache database Jul 7 10:11:15 gate MailScanner[32316]: Enabling SpamAssassin auto-whitelist functionality... Jul 7 10:11:17 gate MailScanner[32316]: Using locktype = posix Jul 7 10:11:17 gate MailScanner[32316]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jul 7 10:11:25 gate MailScanner[32330]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:11:25 gate MailScanner[32330]: Read 755 hostnames from the phishing whitelist Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function SQLBlacklist Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Blacklist Jul 7 10:11:25 gate MailScanner[32330]: Read 4 blacklist entries Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function MailWatchLogging Jul 7 10:11:25 gate MailScanner[32330]: Started SQL Logging child Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function SQLWhitelist Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Whitelist Jul 7 10:11:25 gate MailScanner[32330]: Read 52 whitelist entries Jul 7 10:11:26 gate MailScanner[32330]: Using SpamAssassin results cache Jul 7 10:11:26 gate MailScanner[32330]: Connected to SpamAssassin cache database Jul 7 10:11:26 gate MailScanner[32330]: Enabling SpamAssassin auto-whitelist functionality... However if I statically set the MTA in the /etc/sysconfig/MailScanner file I get the following errors: [root@gate ~]# service MailScanner start && tail -f /var/log/maillog Starting MailScanner daemons: /): No such file or directory51 4.0.0 can not chdir(/var/spool/mqueue.in [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] Jul 7 10:14:34 gate sendmail[32598]: alias database /etc/aliases rebuilt by root Jul 7 10:14:34 gate sendmail[32598]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not chdir(/var/spool/mqueue.in\r/): No such file or directory Jul 7 10:14:34 gate sm-msp-queue[32609]: starting daemon (8.13.4): queueing@00:15:00 Jul 7 10:14:34 gate sendmail[32613]: starting daemon (8.13.4): queueing@00:15:00 Jul 7 10:14:36 gate MailScanner[32632]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:14:36 gate MailScanner[32632]: Read 755 hostnames from the phishing whitelist Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init function SQLBlacklist Jul 7 10:14:36 gate MailScanner[32632]: Starting up SQL Blacklist Jul 7 10:14:36 gate MailScanner[32632]: Read 4 blacklist entries Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init function MailWatchLogging Jul 7 10:14:37 gate MailScanner[32632]: Started SQL Logging child Jul 7 10:14:37 gate MailScanner[32632]: Config: calling custom init function SQLWhitelist Jul 7 10:14:37 gate MailScanner[32632]: Starting up SQL Whitelist Jul 7 10:14:37 gate MailScanner[32632]: Read 52 whitelist entries Jul 7 10:14:37 gate MailScanner[32632]: Using SpamAssassin results cache Jul 7 10:14:37 gate MailScanner[32632]: Connected to SpamAssassin cache database Jul 7 10:14:37 gate MailScanner[32632]: Enabling SpamAssassin auto-whitelist functionality... Jul 7 10:14:38 gate MailScanner[32640]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:14:38 gate MailScanner[32640]: Read 755 hostnames from the phishing whitelist Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init function SQLBlacklist Jul 7 10:14:38 gate MailScanner[32640]: Starting up SQL Blacklist Jul 7 10:14:38 gate MailScanner[32640]: Read 4 blacklist entries Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init function MailWatchLogging Jul 7 10:14:39 gate MailScanner[32640]: Started SQL Logging child Jul 7 10:14:39 gate MailScanner[32640]: Config: calling custom init function SQLWhitelist Jul 7 10:14:39 gate MailScanner[32640]: Starting up SQL Whitelist Jul 7 10:14:39 gate MailScanner[32640]: Read 52 whitelist entries Jul 7 10:14:39 gate MailScanner[32640]: Using SpamAssassin results cache Jul 7 10:14:39 gate MailScanner[32640]: Connected to SpamAssassin cache database Jul 7 10:14:39 gate MailScanner[32640]: Enabling SpamAssassin auto-whitelist functionality... Please help.. Thanks Chris Aitken chris@spandata.com.au SPAN DATA Australia From chris at spandata.com.au Fri Jul 7 02:35:10 2006 From: chris at spandata.com.au (Chris Aitken) Date: Fri Jul 7 02:35:44 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Message-ID: Hi Mike, Yes I turned sendmail off.... The strange thing was is that it was all working ok until I rebooted the box yesterday.... Had been running fine since installation about 4 weeks ago. I have looked around for that possible config typo. But can't seem to find it anywhere, any ideas? Thanks Chris -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Kercher Sent: Friday, 7 July 2006 10:25 AM To: MailScanner discussion Subject: RE: Mailscanner keeps starting and mail delivers,but Mailscanner not processing mail... Did you turn the sendmail service off? Is it possible you have a typo in your config? This line is the reason I ask: Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not chdir(/var/spool/mqueue.in\r/): No such file or directory Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Aitken Sent: Thursday, July 06, 2006 7:20 PM To: mailscanner@lists.mailscanner.info Subject: Mailscanner keeps starting and mail delivers,but Mailscanner not processing mail... Hi All, I am running: Fedora Core 4 MailScanner 4.54.6-1 (latest) Sendmail 8.13.4 When I start mailscanner sendmail doesn't seem to start properly and Mailscanner does not process any mail... Sendmail still seems to deliver the mail though I first thought it may be a permission issue on /var/spool/mqueue.in or /var/spool/MailScanner but no combinations there seem to work This is my output when I start mailscanner: [root@gate ~]# service MailScanner start && tail -f /var/log/maillog Starting MailScanner daemons: : incoming sendmail [FAILED] Invalid MTA in /etc/sysconfig/MailScanner : outgoing sendmail [FAILED] Invalid MTA in /etc/sysconfig/MailScanner MailScanner: [ OK ] Jul 7 10:11:14 gate MailScanner[32316]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:11:14 gate MailScanner[32316]: Read 755 hostnames from the phishing whitelist Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function SQLBlacklist Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Blacklist Jul 7 10:11:14 gate MailScanner[32316]: Read 4 blacklist entries Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function MailWatchLogging Jul 7 10:11:14 gate MailScanner[32316]: Started SQL Logging child Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init function SQLWhitelist Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Whitelist Jul 7 10:11:14 gate MailScanner[32316]: Read 52 whitelist entries Jul 7 10:11:15 gate MailScanner[32316]: Using SpamAssassin results cache Jul 7 10:11:15 gate MailScanner[32316]: Connected to SpamAssassin cache database Jul 7 10:11:15 gate MailScanner[32316]: Enabling SpamAssassin auto-whitelist functionality... Jul 7 10:11:17 gate MailScanner[32316]: Using locktype = posix Jul 7 10:11:17 gate MailScanner[32316]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jul 7 10:11:25 gate MailScanner[32330]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:11:25 gate MailScanner[32330]: Read 755 hostnames from the phishing whitelist Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function SQLBlacklist Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Blacklist Jul 7 10:11:25 gate MailScanner[32330]: Read 4 blacklist entries Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function MailWatchLogging Jul 7 10:11:25 gate MailScanner[32330]: Started SQL Logging child Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init function SQLWhitelist Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Whitelist Jul 7 10:11:25 gate MailScanner[32330]: Read 52 whitelist entries Jul 7 10:11:26 gate MailScanner[32330]: Using SpamAssassin results cache Jul 7 10:11:26 gate MailScanner[32330]: Connected to SpamAssassin cache database Jul 7 10:11:26 gate MailScanner[32330]: Enabling SpamAssassin auto-whitelist functionality... However if I statically set the MTA in the /etc/sysconfig/MailScanner file I get the following errors: [root@gate ~]# service MailScanner start && tail -f /var/log/maillog Starting MailScanner daemons: /): No such file or directory51 4.0.0 can not chdir(/var/spool/mqueue.in [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] Jul 7 10:14:34 gate sendmail[32598]: alias database /etc/aliases rebuilt by root Jul 7 10:14:34 gate sendmail[32598]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not chdir(/var/spool/mqueue.in\r/): No such file or directory Jul 7 10:14:34 gate sm-msp-queue[32609]: starting daemon (8.13.4): queueing@00:15:00 Jul 7 10:14:34 gate sendmail[32613]: starting daemon (8.13.4): queueing@00:15:00 Jul 7 10:14:36 gate MailScanner[32632]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:14:36 gate MailScanner[32632]: Read 755 hostnames from the phishing whitelist Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init function SQLBlacklist Jul 7 10:14:36 gate MailScanner[32632]: Starting up SQL Blacklist Jul 7 10:14:36 gate MailScanner[32632]: Read 4 blacklist entries Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init function MailWatchLogging Jul 7 10:14:37 gate MailScanner[32632]: Started SQL Logging child Jul 7 10:14:37 gate MailScanner[32632]: Config: calling custom init function SQLWhitelist Jul 7 10:14:37 gate MailScanner[32632]: Starting up SQL Whitelist Jul 7 10:14:37 gate MailScanner[32632]: Read 52 whitelist entries Jul 7 10:14:37 gate MailScanner[32632]: Using SpamAssassin results cache Jul 7 10:14:37 gate MailScanner[32632]: Connected to SpamAssassin cache database Jul 7 10:14:37 gate MailScanner[32632]: Enabling SpamAssassin auto-whitelist functionality... Jul 7 10:14:38 gate MailScanner[32640]: MailScanner E-Mail Virus Scanner version 4.55.4 starting... Jul 7 10:14:38 gate MailScanner[32640]: Read 755 hostnames from the phishing whitelist Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init function SQLBlacklist Jul 7 10:14:38 gate MailScanner[32640]: Starting up SQL Blacklist Jul 7 10:14:38 gate MailScanner[32640]: Read 4 blacklist entries Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init function MailWatchLogging Jul 7 10:14:39 gate MailScanner[32640]: Started SQL Logging child Jul 7 10:14:39 gate MailScanner[32640]: Config: calling custom init function SQLWhitelist Jul 7 10:14:39 gate MailScanner[32640]: Starting up SQL Whitelist Jul 7 10:14:39 gate MailScanner[32640]: Read 52 whitelist entries Jul 7 10:14:39 gate MailScanner[32640]: Using SpamAssassin results cache Jul 7 10:14:39 gate MailScanner[32640]: Connected to SpamAssassin cache database Jul 7 10:14:39 gate MailScanner[32640]: Enabling SpamAssassin auto-whitelist functionality... Please help.. Thanks Chris Aitken chris@spandata.com.au SPAN DATA Australia -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mike at vesol.com Fri Jul 7 03:52:20 2006 From: mike at vesol.com (Mike Kercher) Date: Fri Jul 7 03:52:40 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... In-Reply-To: Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > Hi Mike, > > Yes I turned sendmail off.... The strange thing was is that > it was all working ok until I rebooted the box yesterday.... > Had been running fine since installation about 4 weeks ago. > > I have looked around for that possible config typo. But can't > seem to find it anywhere, any ideas? > Thanks > Chris > Any possible typos in your sendmail.mc ? Mike From chris at spandata.com.au Fri Jul 7 05:16:24 2006 From: chris at spandata.com.au (Chris Aitken) Date: Fri Jul 7 05:16:56 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Message-ID: Not from what I can see... I have attached the file. Could the fact that Mailscanner says invalid MTA when it tries to detect have anything to do with it? Chris Aitken chris@spandata.com.au SPAN DATA -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Kercher Sent: Friday, 7 July 2006 12:52 PM To: MailScanner discussion Subject: RE: Mailscanner keeps starting and mail delivers,but Mailscanner not processing mail... mailscanner-bounces@lists.mailscanner.info <> scribbled on : > Hi Mike, > > Yes I turned sendmail off.... The strange thing was is that > it was all working ok until I rebooted the box yesterday.... > Had been running fine since installation about 4 weeks ago. > > I have looked around for that possible config typo. But can't > seem to find it anywhere, any ideas? > Thanks > Chris > Any possible typos in your sendmail.mc ? Mike -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: sendmail.mc Type: application/octet-stream Size: 7071 bytes Desc: sendmail.mc Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060707/4b2a8e56/sendmail.obj From derek at adcatanzaro.com Fri Jul 7 05:36:31 2006 From: derek at adcatanzaro.com (derek) Date: Fri Jul 7 05:42:07 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... In-Reply-To: References: Message-ID: <44ADE4CF.6050603@adcatanzaro.com> Chris Aitken wrote: > Not from what I can see... I have attached the file. > > Could the fact that Mailscanner says invalid MTA when it tries to detect > have anything to do with it? > > Chris Aitken > chris@spandata.com.au > SPAN DATA > > Try commenting out the following line in your sendmail.mc DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at spandata.com.au Fri Jul 7 06:48:06 2006 From: chris at spandata.com.au (Chris Aitken) Date: Fri Jul 7 06:48:43 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Message-ID: Hi Derek, I commented out that line and there has been no change to the problem unfortunately. I have noticed that my hair is thinning faster than yesterday though! Thanks Chris Aitken chris@spandata.com.au SPAN DATA -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of derek Sent: Friday, 7 July 2006 2:37 PM To: MailScanner discussion Subject: Re: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Chris Aitken wrote: > Not from what I can see... I have attached the file. > > Could the fact that Mailscanner says invalid MTA when it tries to detect > have anything to do with it? > > Chris Aitken > chris@spandata.com.au > SPAN DATA > > Try commenting out the following line in your sendmail.mc DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From derek at adcatanzaro.com Fri Jul 7 07:00:10 2006 From: derek at adcatanzaro.com (Derek Catanzaro) Date: Fri Jul 7 07:00:33 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... In-Reply-To: References: Message-ID: <44ADF86A.1030001@adcatanzaro.com> Chris Aitken wrote: > Hi Derek, > > I commented out that line and there has been no change to the problem > unfortunately. > > I have noticed that my hair is thinning faster than yesterday though! > > Thanks > > Chris Aitken > chris@spandata.com.au > SPAN DATA > Just to verify, did you run "m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf" after you commented the line and restart MS? Also check your "MTA =" line in your MailScanner.conf and make sure it has sendmail listed. Can you telnet to port 25? Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at spandata.com.au Fri Jul 7 07:24:26 2006 From: chris at spandata.com.au (Chris Aitken) Date: Fri Jul 7 07:24:54 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Message-ID: Hi Derek, I had passed the line: "m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf" My MTA is set in MailScanner.conf as MTA=sendmail When I telnet on 25 I get the following: 220 gate.spangroup.com.au ESMTP Sendmail 8.13.4/8.13.4; Fri, 7 Jul 2006 16:20:56 +1000 Chris -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Derek Catanzaro Sent: Friday, 7 July 2006 4:00 PM To: MailScanner discussion Subject: Re: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Chris Aitken wrote: > Hi Derek, > > I commented out that line and there has been no change to the problem > unfortunately. > > I have noticed that my hair is thinning faster than yesterday though! > > Thanks > > Chris Aitken > chris@spandata.com.au > SPAN DATA > Just to verify, did you run "m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf" after you commented the line and restart MS? Also check your "MTA =" line in your MailScanner.conf and make sure it has sendmail listed. Can you telnet to port 25? Thanks, Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From blane at dialmediagroup.com Fri Jul 7 08:55:25 2006 From: blane at dialmediagroup.com (Blane Bramble) Date: Fri Jul 7 08:55:28 2006 Subject: MailScanner headers in quarantined messages (MailScanner and Exim) Message-ID: <44AE136D.5060104@dialmediagroup.com> Hi, I'm just setting up a test machine with MailScanner on - and so far it's going pretty well. However I have a question about how the quarantine process works - I have it set up to create quarantine files in queue format so they can be easily released, but when I examine messages that have been quarantined they have no additional MailScanner headers. Is this the expected behaviour - and if so, is there any way to change it the headers will be added so I can see why the message was quarantined? From martinh at solid-state-logic.com Fri Jul 7 10:00:18 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jul 7 10:00:30 2006 Subject: MailScanner headers in quarantined messages (MailScanner and Exim) In-Reply-To: <44AE136D.5060104@dialmediagroup.com> References: <44AE136D.5060104@dialmediagroup.com> Message-ID: <44AE22A2.40105@solid-state-logic.com> Blane Bramble wrote: > Hi, I'm just setting up a test machine with MailScanner on - and so far > it's going pretty well. However I have a question about how the > quarantine process works - I have it set up to create quarantine files > in queue format so they can be easily released, but when I examine > messages that have been quarantined they have no additional MailScanner > headers. Is this the expected behaviour - and if so, is there any way to > change it the headers will be added so I can see why the message was > quarantined? Blane yes - the messages stored in quarantine are as near to as the came into the system as is possible. This is deliberate so you can get at the 'raw' information before any potential 'breaking' occurred. May I suggest you look at reporting packages like MailWatch for Mailscanner which will give you a html interface to see why the message wasn't delivered... -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From brad at beckenhauer.com Fri Jul 7 10:06:07 2006 From: brad at beckenhauer.com (Brad Beckenhauer) Date: Fri Jul 7 10:09:39 2006 Subject: Overloading Rulesets & CustomFunctions References: UID68439-1101139125 Message-ID: <20060707T040607Z_A9B700000000@beckenhauer.com> >>> Scott Silva 7/6/2006 5:28:29 PM >>> Brad Beckenhauer spake the following on 7/6/2006 1:37 PM: > On Thu, July 6, 2006 2:25 pm, Dhawal Doshy wrote: >> Brad Beckenhauer wrote: >> >>> Hello, >>> >>> >>> Is there a way to use the overloading technique with the >>> CustomFunction? >>> >> Not currently, you cannot combine rulesets/values with a Custom >> Function. Though if you search the archives, there is a way to use more >> that one Custom Function for the same 'Option'. >> >> - dhawal > > I was hoping that I could overload the white/blacklist so that it would > work in conjunction with Mailwatch (Feature request?). > >> >>> Example: >>> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules &SQLWhitelist >>> >>> >>> First MailScanner checks the spam.whitelist.rules then it checks the >>> &SQLWhitelist. >>> >>> >>> thanks Brad >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> Support MailScanner development - buy the book off the website! >> >> > > They are two different ways to do the same thing. Do you need something in MailScanners whitelist that isn't in the Mailwatch version? Well, this is now going to go OT, my newly installed Mailwatch does not allow users to release email, change their passwords or spam scores. While I'm in the process of debugging (any suggestions), I though it would be great if I could just overload the "Is Definitely Not Spam" and "Is Definitely Spam" since I already had rulesets created. This is more of a Mailwatch question: I need a whitelist that allows all email from a network (ie. 192.168.2.0/24) to anyone at my domain. Will Mailwatch allow this type of rule? thanks! Brad -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- Skipped content of type multipart/related From blane at dialmediagroup.com Fri Jul 7 10:59:42 2006 From: blane at dialmediagroup.com (Blane Bramble) Date: Fri Jul 7 10:59:46 2006 Subject: MailScanner headers in quarantined messages (MailScanner and Exim) In-Reply-To: <44AE22A2.40105@solid-state-logic.com> References: <44AE136D.5060104@dialmediagroup.com> <44AE22A2.40105@solid-state-logic.com> Message-ID: <44AE308E.2080706@dialmediagroup.com> Martin Hepworth wrote: > Blane Bramble wrote: >> Hi, I'm just setting up a test machine with MailScanner on - and so far >> it's going pretty well. However I have a question about how the >> quarantine process works - I have it set up to create quarantine files >> in queue format so they can be easily released, but when I examine >> messages that have been quarantined they have no additional MailScanner >> headers. Is this the expected behaviour - and if so, is there any way to >> change it the headers will be added so I can see why the message was >> quarantined? > Blane > > yes - the messages stored in quarantine are as near to as the came into > the system as is possible. This is deliberate so you can get at the > 'raw' information before any potential 'breaking' occurred. > > > May I suggest you look at reporting packages like MailWatch for > Mailscanner which will give you a html interface to see why the message > wasn't delivered... > Thought that was probably the case - looking into MailWatch at the moment. It would be nice if there was an option to maybe store the additional header information in the quarantine directory somewhere though. From ram at netcore.co.in Fri Jul 7 13:03:57 2006 From: ram at netcore.co.in (Ramprasad) Date: Fri Jul 7 13:02:58 2006 Subject: performance impact of growing rules files Message-ID: <1152273837.12695.11.camel@darkstar.netcore.co.in> Hi, We scan mails for quiet a large number of domains ( around 1.5k domains). The scanning happens on multiple identically configured MS +postfix+SA linux boxes behind load balancers For every domain that is added there will be entries in spamcheck.rules spamaction.rules etc. Besides the domains will have their own whitelists and blacklists which go into whitelist/blacklist rules files. Already these have more than 10000 lines each I am not sure how this architecture will scale. Additional hardware is not a problem , but the solution must scale Assume I have 10x more domains and traffic next year .. will there be a performance hit because Mailscanner has to read such huge rules files. What will be a 100% scalable architecture Thanks Ram From amoore at dekalbmemorial.com Fri Jul 7 14:01:20 2006 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Fri Jul 7 14:01:25 2006 Subject: DCC config and SA lint complaints In-Reply-To: Message-ID: <60D398EB2DB948409CA1F50D8AF12257013CF7F2@exch1.dekalbmemorial.local> Arthur Sherman wrote: > It should be in MailScanner.conf, I believe: > #use_dcc > > As for the path... > Funny, I had it in the different order and it worked with no problem > (pls mention diff. path!) > > dcc_home /var/dcc > dcc_path /var/dcc/bin/dccproc > You might want to look into running dccifd instead of using dccproc. >From the dccifd manpage: "Dccifd is a daemon intended to connect spam filters such as SpamAssasin and mail transfer agents (MTAs) other than sendmail to DCC servers. The MTA or filter dccifd which in turn reports related checksums to the near- est DCC server. DCCIFD then adds an X-DCC SMTP header line to the mes- sage. The MTA is told to reject the message if it is unsolicited bulk." I switched to using this method with SpamAssassin a couple of years ago. It greatly reduced the load I was seeing from all of the forks to call dccproc. I have set the following items in the SpamAssassin config file. use_dcc 1 dcc_home /var/dcc dcc_path /var/dcc dcc_timeout 15 Depending on your setup you might also need to set dcc_dccifd_path. dcc_dccifd_path STRING This option tells SpamAssassin specifically where to find the dccifd socket. If dcc_dccifd_path is not specified, it will default to looking in dcc_home If a dccifd socket is found, it will use it instead of dccproc. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com From steve.swaney at fsl.com Fri Jul 7 15:00:35 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Jul 7 14:59:44 2006 Subject: DCC config and SA lint complaints In-Reply-To: <60D398EB2DB948409CA1F50D8AF12257013CF7F2@exch1.dekalbmemorial.local> Message-ID: <0d7101c6a1cd$b8877310$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Aaron K. Moore > Sent: Friday, July 07, 2006 9:01 AM > To: MailScanner discussion > Subject: RE: DCC config and SA lint complaints > > Arthur Sherman wrote: > > It should be in MailScanner.conf, I believe: > > #use_dcc > > > > As for the path... > > Funny, I had it in the different order and it worked with no problem > > (pls mention diff. path!) > > > > dcc_home /var/dcc > > dcc_path /var/dcc/bin/dccproc > > > > You might want to look into running dccifd instead of using dccproc. > > >From the dccifd manpage: > > "Dccifd is a daemon intended to connect spam filters such as SpamAssasin > and mail transfer agents (MTAs) other than sendmail to DCC servers. The > MTA or filter dccifd which in turn reports related checksums to the > near- > est DCC server. DCCIFD then adds an X-DCC SMTP header line to the mes- > sage. The MTA is told to reject the message if it is unsolicited bulk." > > I switched to using this method with SpamAssassin a couple of years ago. > It greatly reduced the load I was seeing from all of the forks to call > dccproc. > > I have set the following items in the SpamAssassin config file. > use_dcc 1 > dcc_home /var/dcc > dcc_path /var/dcc > dcc_timeout 15 > > Depending on your setup you might also need to set dcc_dccifd_path. > > dcc_dccifd_path STRING > > This option tells SpamAssassin specifically where to find the dccifd > socket. If dcc_dccifd_path is not specified, it will default to looking > in dcc_home If a dccifd socket is found, it will use it instead of > dccproc. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > E-mail: amoore@dekalbmemorial.com To install / configure DCCIFD, please see this article in the Wiki: http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassi n:plugins:dcc:dccifd_install&s=dccifd Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From Denis.Beauchemin at USherbrooke.ca Fri Jul 7 15:03:32 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jul 7 15:03:47 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... In-Reply-To: References: Message-ID: <44AE69B4.5010100@USherbrooke.ca> Chris, Could you have modified MailScanner.conf or /etc/sysconfig/MailScanner on a Windows machine and then sent it back on your Fedora box? If so, convert the file back to *NIX format with dos2unix. Your file may have DOS line ends which may confuse MS... Denis Chris Aitken a ?crit : > > Hi All, > > I am running: > > Fedora Core 4 > > MailScanner 4.54.6-1 (latest) > > Sendmail 8.13.4 > > > When I start mailscanner sendmail doesn?t seem to start properly and > Mailscanner does not process any mail? > > Sendmail still seems to deliver the mail though > > I first thought it may be a permission issue on /var/spool/mqueue.in > or /var/spool/MailScanner but no combinations there seem to work > > This is my output when I start mailscanner: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > : incoming sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > : outgoing sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > MailScanner: [ OK ] > > Jul 7 10:11:14 gate MailScanner[32316]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:14 gate MailScanner[32316]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Blacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 4 blacklist entries > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:14 gate MailScanner[32316]: Started SQL Logging child > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 52 whitelist entries > > Jul 7 10:11:15 gate MailScanner[32316]: Using SpamAssassin results cache > > Jul 7 10:11:15 gate MailScanner[32316]: Connected to SpamAssassin > cache database > > Jul 7 10:11:15 gate MailScanner[32316]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:11:17 gate MailScanner[32316]: Using locktype = posix > > Jul 7 10:11:17 gate MailScanner[32316]: Creating hardcoded > struct_flock subroutine for linux (Linux-type) > > Jul 7 10:11:25 gate MailScanner[32330]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:25 gate MailScanner[32330]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Blacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 4 blacklist entries > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:25 gate MailScanner[32330]: Started SQL Logging child > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 52 whitelist entries > > Jul 7 10:11:26 gate MailScanner[32330]: Using SpamAssassin results cache > > Jul 7 10:11:26 gate MailScanner[32330]: Connected to SpamAssassin > cache database > > Jul 7 10:11:26 gate MailScanner[32330]: Enabling SpamAssassin > auto-whitelist functionality... > > **** > > *However if** I** statically set the MTA in the* > /etc/sysconfig/MailScanner file I get the following errors: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > /): No such file or directory51 4.0.0 can not chdir(/var/spool/mqueue.in > > [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: [ OK ] > > Jul 7 10:14:34 gate sendmail[32598]: alias database /etc/aliases > rebuilt by root > > Jul 7 10:14:34 gate sendmail[32598]: /etc/aliases: 76 aliases, longest > 10 bytes, 765 bytes total > > Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not > chdir(/var/spool/mqueue.in\r/): No such file or directory > > Jul 7 10:14:34 gate sm-msp-queue[32609]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:34 gate sendmail[32613]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:36 gate MailScanner[32632]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:36 gate MailScanner[32632]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Starting up SQL Blacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Read 4 blacklist entries > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:37 gate MailScanner[32632]: Started SQL Logging child > > Jul 7 10:14:37 gate MailScanner[32632]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Starting up SQL Whitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Read 52 whitelist entries > > Jul 7 10:14:37 gate MailScanner[32632]: Using SpamAssassin results cache > > Jul 7 10:14:37 gate MailScanner[32632]: Connected to SpamAssassin > cache database > > Jul 7 10:14:37 gate MailScanner[32632]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:14:38 gate MailScanner[32640]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:38 gate MailScanner[32640]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Starting up SQL Blacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Read 4 blacklist entries > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:39 gate MailScanner[32640]: Started SQL Logging child > > Jul 7 10:14:39 gate MailScanner[32640]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Starting up SQL Whitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Read 52 whitelist entries > > Jul 7 10:14:39 gate MailScanner[32640]: Using SpamAssassin results cache > > Jul 7 10:14:39 gate MailScanner[32640]: Connected to SpamAssassin > cache database > > Jul 7 10:14:39 gate MailScanner[32640]: Enabling SpamAssassin > auto-whitelist functionality... > > Please help.. > > Thanks > > *Chris Aitken* > > *chris@spandata.com.au* > *SPAN DATA* > *Australia*** > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060707/8081c64a/smime.bin From rgreen at trayerproducts.com Fri Jul 7 15:25:54 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Jul 7 15:26:29 2006 Subject: OT: spam filter In-Reply-To: <44AD6F5B.8030501@grayonline.id.au> References: <44AD32D3.5060209@trayerproducts.com> <44AD6F5B.8030501@grayonline.id.au> Message-ID: <44AE6EF2.9030603@trayerproducts.com> James Gray wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Rodney Green wrote: > >> Does anyone know of a filter script that will scan an mbox file for spam >> using spamassassin's rules and output any mail not found to be spam to >> another file? >> > > > Off the top of my head it seems to suggest a combination of "formail" > and "procmail". Parse the mbox with formail to break it up into > individual messages, then pump them though spamassassin and depending on > what spamassassin finds, either dump to another mbox or delete (using > procmail). There are probably other ways, but it's 6:15am and I haven't > had my coffee yet :P > > Thanks James. What would be a good way to pump the messages through spamassassin? I'm not sure how to do that. As for procmail, I have never used it. I'll read up on it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Fri Jul 7 15:32:13 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jul 7 15:32:27 2006 Subject: DCC config and SA lint complaints In-Reply-To: <0d7101c6a1cd$b8877310$287ba8c0@office.fsl> References: <0d7101c6a1cd$b8877310$287ba8c0@office.fsl> Message-ID: <44AE706D.5070600@USherbrooke.ca> Stephen Swaney a ?crit : >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Aaron K. Moore >> Sent: Friday, July 07, 2006 9:01 AM >> To: MailScanner discussion >> Subject: RE: DCC config and SA lint complaints >> >> Arthur Sherman wrote: >> >>> It should be in MailScanner.conf, I believe: >>> #use_dcc >>> >>> As for the path... >>> Funny, I had it in the different order and it worked with no problem >>> (pls mention diff. path!) >>> >>> dcc_home /var/dcc >>> dcc_path /var/dcc/bin/dccproc >>> >>> >> You might want to look into running dccifd instead of using dccproc. >> >> >From the dccifd manpage: >> >> "Dccifd is a daemon intended to connect spam filters such as SpamAssasin >> and mail transfer agents (MTAs) other than sendmail to DCC servers. The >> MTA or filter dccifd which in turn reports related checksums to the >> near- >> est DCC server. DCCIFD then adds an X-DCC SMTP header line to the mes- >> sage. The MTA is told to reject the message if it is unsolicited bulk." >> >> I switched to using this method with SpamAssassin a couple of years ago. >> It greatly reduced the load I was seeing from all of the forks to call >> dccproc. >> >> I have set the following items in the SpamAssassin config file. >> use_dcc 1 >> dcc_home /var/dcc >> dcc_path /var/dcc >> dcc_timeout 15 >> >> Depending on your setup you might also need to set dcc_dccifd_path. >> >> dcc_dccifd_path STRING >> >> This option tells SpamAssassin specifically where to find the dccifd >> socket. If dcc_dccifd_path is not specified, it will default to looking >> in dcc_home If a dccifd socket is found, it will use it instead of >> dccproc. >> >> -- >> Aaron Kent Moore >> Information Technology Services >> DeKalb Memorial Hospital, Inc. >> Auburn, IN >> E-mail: amoore@dekalbmemorial.com >> > > > To install / configure DCCIFD, please see this article in the Wiki: > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassi > n:plugins:dcc:dccifd_install&s=dccifd > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > I installed a new machine yesterday and dcc would not work unless I forced it in IPV4: cdcc host # 07/07/06 09:39:20 EDT /var/dcc/map # Re-resolve names after 10:27:12 # 12 total, 0 working servers IPv6 on dcc1.dcc-servers.net,- RTT+0 ms anon # ::ffff:208.201.249.233,- # not answering # 2001:4f8:3:ba:2e0:81ff:fe61:1f65,- # not answering # 2001:888:20ee::6277,- # not answering ... After "cdcc ipv6 off": # 07/07/06 10:30:33 EDT /var/dcc/map # Re-resolve names after 11:43:35 # 299.30 ms threshold, 210.15 ms average 12 total, 10 working servers IPv6 off dcc1.dcc-servers.net,- RTT+0 ms anon # *142.27.70.214,- CollegeOfNewCaledonia ID 1189 # 100% of 32 requests ok 193.98+0 ms RTT 102 ms queue wait # 194.109.153.82,- NIET ID 1080 # 100% of 2 requests ok 207.92+0 ms RTT 65 ms queue wait # 208.201.249.233,- sonic.net ID 1117 # 100% of 2 requests ok 201.91+0 ms RTT 102 ms queue wait ... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060707/91c112a6/smime.bin From ka at pacific.net Fri Jul 7 16:35:07 2006 From: ka at pacific.net (Ken A) Date: Fri Jul 7 16:34:39 2006 Subject: performance impact of growing rules files In-Reply-To: <1152273837.12695.11.camel@darkstar.netcore.co.in> References: <1152273837.12695.11.camel@darkstar.netcore.co.in> Message-ID: <44AE7F2B.5060708@pacific.net> Ramprasad wrote: > Hi, > We scan mails for quiet a large number of domains ( around 1.5k > domains). The scanning happens on multiple identically configured MS > +postfix+SA linux boxes behind load balancers > > For every domain that is added there will be entries in > spamcheck.rules spamaction.rules etc. Besides the domains will have > their own whitelists and blacklists which go into whitelist/blacklist > rules files. Already these have more than 10000 lines each > > I am not sure how this architecture will scale. Additional hardware is > not a problem , but the solution must scale > > Assume I have 10x more domains and traffic next year .. will there be a > performance hit because Mailscanner has to read such huge rules files. > What will be a 100% scalable architecture You certainly don't want a million rules stuffed into RAM every time MailScanner starts up! If the largest number of rules you want MailScanner to work with is 10,000 rules, then figure out how many rules your average domain has, and divide up your MS boxes into groups based on that. Then set the MX for domains [a-c] to MX1, domains [d-f] to MX2 and so on... Then have your load balancers handle which group of boxes those MX's map requests to. This way you don't have an excessive number of rules on any one group of MS boxes. Ken Pacific.Net > Thanks > Ram > > > > From mailscanner at mango.zw Fri Jul 7 17:09:46 2006 From: mailscanner at mango.zw (Jim Holland) Date: Fri Jul 7 17:18:42 2006 Subject: MailScanner headers in quarantined messages (MailScanner and Exim) In-Reply-To: <44AE136D.5060104@dialmediagroup.com> Message-ID: On Fri, 7 Jul 2006, Blane Bramble wrote: > Hi, I'm just setting up a test machine with MailScanner on - and so far > it's going pretty well. However I have a question about how the > quarantine process works - I have it set up to create quarantine files > in queue format so they can be easily released, but when I examine > messages that have been quarantined they have no additional MailScanner > headers. Is this the expected behaviour - and if so, is there any way to > change it the headers will be added so I can see why the message was > quarantined? To find out why the message was quarantined, just grep the mail log for the queue id of the quarantined message. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From drew at themarshalls.co.uk Fri Jul 7 17:59:28 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jul 7 17:59:41 2006 Subject: performance impact of growing rules files In-Reply-To: <44AE7F2B.5060708@pacific.net> References: <1152273837.12695.11.camel@darkstar.netcore.co.in> <44AE7F2B.5060708@pacific.net> Message-ID: <45646.194.70.180.170.1152291568.squirrel@webmail.r-bit.net> On Fri, July 7, 2006 16:35, Ken A wrote: > > > Ramprasad wrote: >> Hi, >> We scan mails for quiet a large number of domains ( around 1.5k >> domains). The scanning happens on multiple identically configured MS >> +postfix+SA linux boxes behind load balancers >> >> For every domain that is added there will be entries in >> spamcheck.rules spamaction.rules etc. Besides the domains will have >> their own whitelists and blacklists which go into whitelist/blacklist >> rules files. Already these have more than 10000 lines each >> >> I am not sure how this architecture will scale. Additional hardware is >> not a problem , but the solution must scale >> >> Assume I have 10x more domains and traffic next year .. will there be a >> performance hit because Mailscanner has to read such huge rules files. >> What will be a 100% scalable architecture > > You certainly don't want a million rules stuffed into RAM every time > MailScanner starts up! If the largest number of rules you want > MailScanner to work with is 10,000 rules, then figure out how many rules > your average domain has, and divide up your MS boxes into groups based > on that. Then set the MX for domains [a-c] to MX1, domains [d-f] to MX2 > and so on... Then have your load balancers handle which group of boxes > those MX's map requests to. This way you don't have an excessive number > of rules on any one group of MS boxes. I think (Although couldn't guarantee it) there is a more efficient rules loading method using custom functions. It was discussed previously (I think) so a search of the list might give you the details. Other wise I think Julian would be the best person to confirm this and he is on holiday at the moment. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From jaearick at colby.edu Fri Jul 7 18:37:42 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Jul 7 18:40:23 2006 Subject: DCC config and SA lint complaints In-Reply-To: <60D398EB2DB948409CA1F50D8AF12257013CF7F2@exch1.dekalbmemorial.local> References: <60D398EB2DB948409CA1F50D8AF12257013CF7F2@exch1.dekalbmemorial.local> Message-ID: I finally hacked around this issue by having two copies of spam.assassin.prefs.conf in /opt/MailScanner/etc, one for regular MailScanner/SA work (with the entries in it so DCC uses dccifd and the socket, not dccproc), and one copy without the DCC entries, for use in the Rules_du_jour lint action: SA_LINT="/opt/perl5/bin/spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf.nodcc --lint" This keeps the Rules_du_Jour wrapper script from failing because the lint on the normal perfs file fails. Sheesh. Jeff Earickson Colby College On Fri, 7 Jul 2006, Aaron K. Moore wrote: > Date: Fri, 7 Jul 2006 09:01:20 -0400 > From: Aaron K. Moore > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: DCC config and SA lint complaints > > Arthur Sherman wrote: >> It should be in MailScanner.conf, I believe: >> #use_dcc >> >> As for the path... >> Funny, I had it in the different order and it worked with no problem >> (pls mention diff. path!) >> >> dcc_home /var/dcc >> dcc_path /var/dcc/bin/dccproc >> > > You might want to look into running dccifd instead of using dccproc. > >> From the dccifd manpage: > > "Dccifd is a daemon intended to connect spam filters such as SpamAssasin > and mail transfer agents (MTAs) other than sendmail to DCC servers. The > MTA or filter dccifd which in turn reports related checksums to the > near- > est DCC server. DCCIFD then adds an X-DCC SMTP header line to the mes- > sage. The MTA is told to reject the message if it is unsolicited bulk." > > I switched to using this method with SpamAssassin a couple of years ago. > It greatly reduced the load I was seeing from all of the forks to call > dccproc. > > I have set the following items in the SpamAssassin config file. > use_dcc 1 > dcc_home /var/dcc > dcc_path /var/dcc > dcc_timeout 15 > > Depending on your setup you might also need to set dcc_dccifd_path. > > dcc_dccifd_path STRING > > This option tells SpamAssassin specifically where to find the dccifd > socket. If dcc_dccifd_path is not specified, it will default to looking > in dcc_home If a dccifd socket is found, it will use it instead of > dccproc. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > E-mail: amoore@dekalbmemorial.com > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Fri Jul 7 19:20:12 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jul 7 19:20:42 2006 Subject: Overloading Rulesets & CustomFunctions In-Reply-To: <20060707T040607Z_A9B700000000@beckenhauer.com> References: <20060707T040607Z_A9B700000000@beckenhauer.com> Message-ID: Brad Beckenhauer spake the following on 7/7/2006 2:06 AM: > > >>>> Scott Silva 7/6/2006 5:28:29 PM >>> > Brad Beckenhauer spake the following on 7/6/2006 1:37 PM: >> On Thu, July 6, 2006 2:25 pm, Dhawal Doshy wrote: >>> Brad Beckenhauer wrote: >>> >>>> Hello, >>>> >>>> >>>> Is there a way to use the overloading technique with the >>>> CustomFunction? >>>> >>> Not currently, you cannot combine rulesets/values with a Custom >>> Function. Though if you search the archives, there is a way to use more >>> that one Custom Function for the same 'Option'. >>> >>> - dhawal >> >> I was hoping that I could overload the white/blacklist so that it would >> work in conjunction with Mailwatch (Feature request?). >> >>> >>>> Example: >>>> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules &SQLWhitelist >>>> >>>> >>>> First MailScanner checks the spam.whitelist.rules then it checks the >>>> &SQLWhitelist. >>>> >>>> >>>> thanks Brad >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> > They are two different ways to do the same thing. Do you need something in > MailScanners whitelist that isn't in the Mailwatch version? > Well, this is now going to go OT, my newly installed Mailwatch does not > allow users to release email, change their passwords or spam scores. > While I'm in the process of debugging (any suggestions), I though it > would be great if I could just overload the "Is Definitely Not Spam" and > "Is Definitely Spam" since I already had rulesets created. > > This is more of a Mailwatch question: I need a whitelist that allows all > email from a network (ie. 192.168.2.0/24) to anyone at my domain. Will > Mailwatch allow this type of rule? > > thanks! > Brad There is a patch for the SQLBlackWhitelist that allows this. If you can't find it, I can e-mail you a copy, already patched, off list. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Fri Jul 7 23:42:29 2006 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jul 7 23:55:03 2006 Subject: OT: spam filter In-Reply-To: <44AD6F5B.8030501@grayonline.id.au> References: <44AD32D3.5060209@trayerproducts.com> <44AD6F5B.8030501@grayonline.id.au> Message-ID: <44AEE355.2030601@nkpanama.com> Can a bunch of messages in a directory be turned into an mbox file? I've god a folder (looks like cyrus maildir) that I need to turn into an mbox file. Any suggestions? > Off the top of my head it seems to suggest a combination of "formail" > and "procmail". Parse the mbox with formail to break it up into > individual messages, then pump them though spamassassin and depending on > what spamassassin finds, either dump to another mbox or delete (using > procmail). There are probably other ways, but it's 6:15am and I haven't > had my coffee yet :P > From csweeney at osubucks.org Sat Jul 8 00:52:18 2006 From: csweeney at osubucks.org (Christopher Sweeney) Date: Sat Jul 8 00:55:08 2006 Subject: Spam Filter Survey [A little off topic] Message-ID: <44AEF3B2.5010105@osubucks.org> Hey Junkfax.org is conducting a spam filter software survey as they are moving to fight spam. Here is the link to take it, I think we all need a write in vote for MailScanner I did! After you take it there is an interesting video they shot at a trade show asking Anti-Spam filter companies about their software and how well they stand behind their claims. Very interesting. I thought everyone might be interested to check it out. --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0627-3, 07/07/2006 Tested on: 7/7/2006 7:52:22 PM avast! - copyright (c) 1988-2006 ALWIL Software. http://www.avast.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From csweeney at osubucks.org Sat Jul 8 00:54:43 2006 From: csweeney at osubucks.org (Christopher Sweeney) Date: Sat Jul 8 00:57:33 2006 Subject: Spam Filter Survey [A little off topic] In-Reply-To: <44AEF3B2.5010105@osubucks.org> References: <44AEF3B2.5010105@osubucks.org> Message-ID: <44AEF443.40407@osubucks.org> Christopher Sweeney wrote: > Hey Junkfax.org is conducting a spam filter software survey as they > are moving to fight spam. Here is the link to take it, I think we all > need a write in vote for MailScanner I did! After you take it there > is an interesting video they shot at a trade show asking Anti-Spam > filter companies about their software and how well they stand behind > their claims. Very interesting. I thought everyone might be > interested to check it out. > Ooops forgot to attach the link sorry! http://www.junkfax.org/fax/spam/SpamFilterUserSurvey.htm --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0627-3, 07/07/2006 Tested on: 7/7/2006 7:54:47 PM avast! - copyright (c) 1988-2006 ALWIL Software. http://www.avast.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at spandata.com.au Sat Jul 8 02:58:07 2006 From: chris at spandata.com.au (Chris Aitken) Date: Sat Jul 8 06:11:00 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... References: <44AE69B4.5010100@USherbrooke.ca> Message-ID: Hi Denis, Thanks for that, it seemed to resolve the errors. However Mailscanner still seems to keep restarting and is not processing mail. Could there be another files that is still in DOS format? Chris ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Denis Beauchemin Sent: Sat 8/07/2006 12:03 AM To: MailScanner discussion Subject: Re: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Chris, Could you have modified MailScanner.conf or /etc/sysconfig/MailScanner on a Windows machine and then sent it back on your Fedora box? If so, convert the file back to *NIX format with dos2unix. Your file may have DOS line ends which may confuse MS... Denis Chris Aitken a ?crit : > > Hi All, > > I am running: > > Fedora Core 4 > > MailScanner 4.54.6-1 (latest) > > Sendmail 8.13.4 > > > When I start mailscanner sendmail doesn't seem to start properly and > Mailscanner does not process any mail... > > Sendmail still seems to deliver the mail though > > I first thought it may be a permission issue on /var/spool/mqueue.in > or /var/spool/MailScanner but no combinations there seem to work > > This is my output when I start mailscanner: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > : incoming sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > : outgoing sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > MailScanner: [ OK ] > > Jul 7 10:11:14 gate MailScanner[32316]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:14 gate MailScanner[32316]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Blacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 4 blacklist entries > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:14 gate MailScanner[32316]: Started SQL Logging child > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 52 whitelist entries > > Jul 7 10:11:15 gate MailScanner[32316]: Using SpamAssassin results cache > > Jul 7 10:11:15 gate MailScanner[32316]: Connected to SpamAssassin > cache database > > Jul 7 10:11:15 gate MailScanner[32316]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:11:17 gate MailScanner[32316]: Using locktype = posix > > Jul 7 10:11:17 gate MailScanner[32316]: Creating hardcoded > struct_flock subroutine for linux (Linux-type) > > Jul 7 10:11:25 gate MailScanner[32330]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:25 gate MailScanner[32330]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Blacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 4 blacklist entries > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:25 gate MailScanner[32330]: Started SQL Logging child > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 52 whitelist entries > > Jul 7 10:11:26 gate MailScanner[32330]: Using SpamAssassin results cache > > Jul 7 10:11:26 gate MailScanner[32330]: Connected to SpamAssassin > cache database > > Jul 7 10:11:26 gate MailScanner[32330]: Enabling SpamAssassin > auto-whitelist functionality... > > **** > > *However if** I** statically set the MTA in the* > /etc/sysconfig/MailScanner file I get the following errors: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > /): No such file or directory51 4.0.0 can not chdir(/var/spool/mqueue.in > > [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: [ OK ] > > Jul 7 10:14:34 gate sendmail[32598]: alias database /etc/aliases > rebuilt by root > > Jul 7 10:14:34 gate sendmail[32598]: /etc/aliases: 76 aliases, longest > 10 bytes, 765 bytes total > > Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not > chdir(/var/spool/mqueue.in\r/): No such file or directory > > Jul 7 10:14:34 gate sm-msp-queue[32609]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:34 gate sendmail[32613]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:36 gate MailScanner[32632]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:36 gate MailScanner[32632]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Starting up SQL Blacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Read 4 blacklist entries > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:37 gate MailScanner[32632]: Started SQL Logging child > > Jul 7 10:14:37 gate MailScanner[32632]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Starting up SQL Whitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Read 52 whitelist entries > > Jul 7 10:14:37 gate MailScanner[32632]: Using SpamAssassin results cache > > Jul 7 10:14:37 gate MailScanner[32632]: Connected to SpamAssassin > cache database > > Jul 7 10:14:37 gate MailScanner[32632]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:14:38 gate MailScanner[32640]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:38 gate MailScanner[32640]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Starting up SQL Blacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Read 4 blacklist entries > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:39 gate MailScanner[32640]: Started SQL Logging child > > Jul 7 10:14:39 gate MailScanner[32640]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Starting up SQL Whitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Read 52 whitelist entries > > Jul 7 10:14:39 gate MailScanner[32640]: Using SpamAssassin results cache > > Jul 7 10:14:39 gate MailScanner[32640]: Connected to SpamAssassin > cache database > > Jul 7 10:14:39 gate MailScanner[32640]: Enabling SpamAssassin > auto-whitelist functionality... > > Please help.. > > Thanks > > *Chris Aitken* > > *chris@spandata.com.au* > *SPAN DATA* > *Australia*** > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -- This message has been scanned for viruses and dangerous content by Span Data, and is believed to be clean. -------------- next part -------------- Hi Denis, Thanks for that, it seemed to resolve the errors. However Mailscanner still seems to keep restarting and is not processing mail. Could there be another files that is still in DOS format? Chris ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Denis Beauchemin Sent: Sat 8/07/2006 12:03 AM To: MailScanner discussion Subject: Re: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Chris, Could you have modified MailScanner.conf or /etc/sysconfig/MailScanner on a Windows machine and then sent it back on your Fedora box? If so, convert the file back to *NIX format with dos2unix. Your file may have DOS line ends which may confuse MS... Denis Chris Aitken a ?crit : > > Hi All, > > I am running: > > Fedora Core 4 > > MailScanner 4.54.6-1 (latest) > > Sendmail 8.13.4 > > > When I start mailscanner sendmail doesn't seem to start properly and > Mailscanner does not process any mail... > > Sendmail still seems to deliver the mail though > > I first thought it may be a permission issue on /var/spool/mqueue.in > or /var/spool/MailScanner but no combinations there seem to work > > This is my output when I start mailscanner: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > : incoming sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > : outgoing sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > MailScanner: [ OK ] > > Jul 7 10:11:14 gate MailScanner[32316]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:14 gate MailScanner[32316]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Blacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 4 blacklist entries > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:14 gate MailScanner[32316]: Started SQL Logging child > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 52 whitelist entries > > Jul 7 10:11:15 gate MailScanner[32316]: Using SpamAssassin results cache > > Jul 7 10:11:15 gate MailScanner[32316]: Connected to SpamAssassin > cache database > > Jul 7 10:11:15 gate MailScanner[32316]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:11:17 gate MailScanner[32316]: Using locktype = posix > > Jul 7 10:11:17 gate MailScanner[32316]: Creating hardcoded > struct_flock subroutine for linux (Linux-type) > > Jul 7 10:11:25 gate MailScanner[32330]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:25 gate MailScanner[32330]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Blacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 4 blacklist entries > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:25 gate MailScanner[32330]: Started SQL Logging child > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 52 whitelist entries > > Jul 7 10:11:26 gate MailScanner[32330]: Using SpamAssassin results cache > > Jul 7 10:11:26 gate MailScanner[32330]: Connected to SpamAssassin > cache database > > Jul 7 10:11:26 gate MailScanner[32330]: Enabling SpamAssassin > auto-whitelist functionality... > > **** > > *However if** I** statically set the MTA in the* > /etc/sysconfig/MailScanner file I get the following errors: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > /): No such file or directory51 4.0.0 can not chdir(/var/spool/mqueue.in > > [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: [ OK ] > > Jul 7 10:14:34 gate sendmail[32598]: alias database /etc/aliases > rebuilt by root > > Jul 7 10:14:34 gate sendmail[32598]: /etc/aliases: 76 aliases, longest > 10 bytes, 765 bytes total > > Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not > chdir(/var/spool/mqueue.in\r/): No such file or directory > > Jul 7 10:14:34 gate sm-msp-queue[32609]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:34 gate sendmail[32613]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:36 gate MailScanner[32632]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:36 gate MailScanner[32632]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Starting up SQL Blacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Read 4 blacklist entries > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:37 gate MailScanner[32632]: Started SQL Logging child > > Jul 7 10:14:37 gate MailScanner[32632]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Starting up SQL Whitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Read 52 whitelist entries > > Jul 7 10:14:37 gate MailScanner[32632]: Using SpamAssassin results cache > > Jul 7 10:14:37 gate MailScanner[32632]: Connected to SpamAssassin > cache database > > Jul 7 10:14:37 gate MailScanner[32632]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:14:38 gate MailScanner[32640]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:38 gate MailScanner[32640]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Starting up SQL Blacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Read 4 blacklist entries > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:39 gate MailScanner[32640]: Started SQL Logging child > > Jul 7 10:14:39 gate MailScanner[32640]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Starting up SQL Whitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Read 52 whitelist entries > > Jul 7 10:14:39 gate MailScanner[32640]: Using SpamAssassin results cache > > Jul 7 10:14:39 gate MailScanner[32640]: Connected to SpamAssassin > cache database > > Jul 7 10:14:39 gate MailScanner[32640]: Enabling SpamAssassin > auto-whitelist functionality... > > Please help.. > > Thanks > > *Chris Aitken* > > *chris@spandata.com.au* > *SPAN DATA* > *Australia*** > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -- This message has been scanned for viruses and dangerous content by Span Data, and is believed to be clean. From chris at spandata.com.au Sat Jul 8 06:45:25 2006 From: chris at spandata.com.au (Chris Aitken) Date: Sat Jul 8 06:47:45 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... References: <44AE69B4.5010100@USherbrooke.ca> Message-ID: Hi Denis, All fixed. I just needed to make sure sendmail fully shutdown, before I started Mailscanner again. I also needed to make sure the line : DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl was commented out in my sendmail.mc. Which is strange because im sure previously that line was active and it was working. Thanks to all! Chris ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Chris Aitken Sent: Sat 8/07/2006 11:58 AM To: MailScanner discussion Subject: RE: Mailscanner keeps starting and mail delivers,but Mailscanner not processing mail... Hi Denis, Thanks for that, it seemed to resolve the errors. However Mailscanner still seems to keep restarting and is not processing mail. Could there be another files that is still in DOS format? Chris ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Denis Beauchemin Sent: Sat 8/07/2006 12:03 AM To: MailScanner discussion Subject: Re: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Chris, Could you have modified MailScanner.conf or /etc/sysconfig/MailScanner on a Windows machine and then sent it back on your Fedora box? If so, convert the file back to *NIX format with dos2unix. Your file may have DOS line ends which may confuse MS... Denis Chris Aitken a ?crit : > > Hi All, > > I am running: > > Fedora Core 4 > > MailScanner 4.54.6-1 (latest) > > Sendmail 8.13.4 > > > When I start mailscanner sendmail doesn't seem to start properly and > Mailscanner does not process any mail... > > Sendmail still seems to deliver the mail though > > I first thought it may be a permission issue on /var/spool/mqueue.in > or /var/spool/MailScanner but no combinations there seem to work > > This is my output when I start mailscanner: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > : incoming sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > : outgoing sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > MailScanner: [ OK ] > > Jul 7 10:11:14 gate MailScanner[32316]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:14 gate MailScanner[32316]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Blacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 4 blacklist entries > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:14 gate MailScanner[32316]: Started SQL Logging child > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 52 whitelist entries > > Jul 7 10:11:15 gate MailScanner[32316]: Using SpamAssassin results cache > > Jul 7 10:11:15 gate MailScanner[32316]: Connected to SpamAssassin > cache database > > Jul 7 10:11:15 gate MailScanner[32316]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:11:17 gate MailScanner[32316]: Using locktype = posix > > Jul 7 10:11:17 gate MailScanner[32316]: Creating hardcoded > struct_flock subroutine for linux (Linux-type) > > Jul 7 10:11:25 gate MailScanner[32330]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:25 gate MailScanner[32330]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Blacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 4 blacklist entries > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:25 gate MailScanner[32330]: Started SQL Logging child > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 52 whitelist entries > > Jul 7 10:11:26 gate MailScanner[32330]: Using SpamAssassin results cache > > Jul 7 10:11:26 gate MailScanner[32330]: Connected to SpamAssassin > cache database > > Jul 7 10:11:26 gate MailScanner[32330]: Enabling SpamAssassin > auto-whitelist functionality... > > **** > > *However if** I** statically set the MTA in the* > /etc/sysconfig/MailScanner file I get the following errors: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > /): No such file or directory51 4.0.0 can not chdir(/var/spool/mqueue.in > > [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: [ OK ] > > Jul 7 10:14:34 gate sendmail[32598]: alias database /etc/aliases > rebuilt by root > > Jul 7 10:14:34 gate sendmail[32598]: /etc/aliases: 76 aliases, longest > 10 bytes, 765 bytes total > > Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not > chdir(/var/spool/mqueue.in\r/): No such file or directory > > Jul 7 10:14:34 gate sm-msp-queue[32609]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:34 gate sendmail[32613]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:36 gate MailScanner[32632]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:36 gate MailScanner[32632]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Starting up SQL Blacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Read 4 blacklist entries > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:37 gate MailScanner[32632]: Started SQL Logging child > > Jul 7 10:14:37 gate MailScanner[32632]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Starting up SQL Whitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Read 52 whitelist entries > > Jul 7 10:14:37 gate MailScanner[32632]: Using SpamAssassin results cache > > Jul 7 10:14:37 gate MailScanner[32632]: Connected to SpamAssassin > cache database > > Jul 7 10:14:37 gate MailScanner[32632]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:14:38 gate MailScanner[32640]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:38 gate MailScanner[32640]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Starting up SQL Blacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Read 4 blacklist entries > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:39 gate MailScanner[32640]: Started SQL Logging child > > Jul 7 10:14:39 gate MailScanner[32640]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Starting up SQL Whitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Read 52 whitelist entries > > Jul 7 10:14:39 gate MailScanner[32640]: Using SpamAssassin results cache > > Jul 7 10:14:39 gate MailScanner[32640]: Connected to SpamAssassin > cache database > > Jul 7 10:14:39 gate MailScanner[32640]: Enabling SpamAssassin > auto-whitelist functionality... > > Please help.. > > Thanks > > *Chris Aitken* > > *chris@spandata.com.au* > *SPAN DATA* > *Australia*** > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -- This message has been scanned for viruses and dangerous content by Span Data, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Span Data, and is believed to be clean. -------------- next part -------------- Hi Denis, All fixed. I just needed to make sure sendmail fully shutdown, before I started Mailscanner again. I also needed to make sure the line : DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl was commented out in my sendmail.mc. Which is strange because im sure previously that line was active and it was working. Thanks to all! Chris ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Chris Aitken Sent: Sat 8/07/2006 11:58 AM To: MailScanner discussion Subject: RE: Mailscanner keeps starting and mail delivers,but Mailscanner not processing mail... Hi Denis, Thanks for that, it seemed to resolve the errors. However Mailscanner still seems to keep restarting and is not processing mail. Could there be another files that is still in DOS format? Chris ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Denis Beauchemin Sent: Sat 8/07/2006 12:03 AM To: MailScanner discussion Subject: Re: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Chris, Could you have modified MailScanner.conf or /etc/sysconfig/MailScanner on a Windows machine and then sent it back on your Fedora box? If so, convert the file back to *NIX format with dos2unix. Your file may have DOS line ends which may confuse MS... Denis Chris Aitken a ?crit : > > Hi All, > > I am running: > > Fedora Core 4 > > MailScanner 4.54.6-1 (latest) > > Sendmail 8.13.4 > > > When I start mailscanner sendmail doesn't seem to start properly and > Mailscanner does not process any mail... > > Sendmail still seems to deliver the mail though > > I first thought it may be a permission issue on /var/spool/mqueue.in > or /var/spool/MailScanner but no combinations there seem to work > > This is my output when I start mailscanner: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > : incoming sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > : outgoing sendmail [FAILED] > > Invalid MTA in /etc/sysconfig/MailScanner > > MailScanner: [ OK ] > > Jul 7 10:11:14 gate MailScanner[32316]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:14 gate MailScanner[32316]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Blacklist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 4 blacklist entries > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:14 gate MailScanner[32316]: Started SQL Logging child > > Jul 7 10:11:14 gate MailScanner[32316]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Starting up SQL Whitelist > > Jul 7 10:11:14 gate MailScanner[32316]: Read 52 whitelist entries > > Jul 7 10:11:15 gate MailScanner[32316]: Using SpamAssassin results cache > > Jul 7 10:11:15 gate MailScanner[32316]: Connected to SpamAssassin > cache database > > Jul 7 10:11:15 gate MailScanner[32316]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:11:17 gate MailScanner[32316]: Using locktype = posix > > Jul 7 10:11:17 gate MailScanner[32316]: Creating hardcoded > struct_flock subroutine for linux (Linux-type) > > Jul 7 10:11:25 gate MailScanner[32330]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:11:25 gate MailScanner[32330]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Blacklist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 4 blacklist entries > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:11:25 gate MailScanner[32330]: Started SQL Logging child > > Jul 7 10:11:25 gate MailScanner[32330]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Starting up SQL Whitelist > > Jul 7 10:11:25 gate MailScanner[32330]: Read 52 whitelist entries > > Jul 7 10:11:26 gate MailScanner[32330]: Using SpamAssassin results cache > > Jul 7 10:11:26 gate MailScanner[32330]: Connected to SpamAssassin > cache database > > Jul 7 10:11:26 gate MailScanner[32330]: Enabling SpamAssassin > auto-whitelist functionality... > > **** > > *However if** I** statically set the MTA in the* > /etc/sysconfig/MailScanner file I get the following errors: > > [root@gate ~]# service MailScanner start && tail -f /var/log/maillog > > Starting MailScanner daemons: > > /): No such file or directory51 4.0.0 can not chdir(/var/spool/mqueue.in > > [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: [ OK ] > > Jul 7 10:14:34 gate sendmail[32598]: alias database /etc/aliases > rebuilt by root > > Jul 7 10:14:34 gate sendmail[32598]: /etc/aliases: 76 aliases, longest > 10 bytes, 765 bytes total > > Jul 7 10:14:34 gate sendmail[32605]: NOQUEUE: SYSERR(root): can not > chdir(/var/spool/mqueue.in\r/): No such file or directory > > Jul 7 10:14:34 gate sm-msp-queue[32609]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:34 gate sendmail[32613]: starting daemon (8.13.4): > queueing@00:15:00 > > Jul 7 10:14:36 gate MailScanner[32632]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:36 gate MailScanner[32632]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Starting up SQL Blacklist > > Jul 7 10:14:36 gate MailScanner[32632]: Read 4 blacklist entries > > Jul 7 10:14:36 gate MailScanner[32632]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:37 gate MailScanner[32632]: Started SQL Logging child > > Jul 7 10:14:37 gate MailScanner[32632]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Starting up SQL Whitelist > > Jul 7 10:14:37 gate MailScanner[32632]: Read 52 whitelist entries > > Jul 7 10:14:37 gate MailScanner[32632]: Using SpamAssassin results cache > > Jul 7 10:14:37 gate MailScanner[32632]: Connected to SpamAssassin > cache database > > Jul 7 10:14:37 gate MailScanner[32632]: Enabling SpamAssassin > auto-whitelist functionality... > > Jul 7 10:14:38 gate MailScanner[32640]: MailScanner E-Mail Virus > Scanner version 4.55.4 starting... > > Jul 7 10:14:38 gate MailScanner[32640]: Read 755 hostnames from the > phishing whitelist > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function SQLBlacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Starting up SQL Blacklist > > Jul 7 10:14:38 gate MailScanner[32640]: Read 4 blacklist entries > > Jul 7 10:14:38 gate MailScanner[32640]: Config: calling custom init > function MailWatchLogging > > Jul 7 10:14:39 gate MailScanner[32640]: Started SQL Logging child > > Jul 7 10:14:39 gate MailScanner[32640]: Config: calling custom init > function SQLWhitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Starting up SQL Whitelist > > Jul 7 10:14:39 gate MailScanner[32640]: Read 52 whitelist entries > > Jul 7 10:14:39 gate MailScanner[32640]: Using SpamAssassin results cache > > Jul 7 10:14:39 gate MailScanner[32640]: Connected to SpamAssassin > cache database > > Jul 7 10:14:39 gate MailScanner[32640]: Enabling SpamAssassin > auto-whitelist functionality... > > Please help.. > > Thanks > > *Chris Aitken* > > *chris@spandata.com.au* > *SPAN DATA* > *Australia*** > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -- This message has been scanned for viruses and dangerous content by Span Data, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Span Data, and is believed to be clean. From sales11 at iscnetwork.com Sat Jul 8 09:22:12 2006 From: sales11 at iscnetwork.com (Industry Standard Computers) Date: Sat Jul 8 09:21:28 2006 Subject: All appears to work but MailScanner is NOT there Message-ID: <44AF6B34.7040807@iscnetwork.com> Thanks to all up front. I am fairly new at the world of Linux email servers. I had a working MS with Postfix & Clamav on CentOS 4 / Redhat EL 4 & SpamAssassin 3.0.4. I upgraded to the newest MS version today. Mail comes and goes but no "header" info associated with MS and no "clean message" footer on the emails. After fixing some minor issues in the logs... I have tons of these in /var/log/messages: Jul 8 03:24:09 butch root: MailScanner setting GID to postfix (89) Jul 8 03:24:09 butch root: MailScanner setting UID to postfix (89) Jul 8 03:24:10 butch MailScanner: succeeded Jul 8 03:24:48 butch MailScanner: MailScanner -15 succeeded Jul 8 03:24:48 butch MailScanner: succeeded I have tons of these in /var/log/maillog: Jul 8 03:27:44 butch MailScanner[11979]: MailScanner E-Mail Virus Scanner version 4.54.6 starting... Jul 8 03:27:44 butch MailScanner[11979]: Read 719 hostnames from the phishing whitelist Jul 8 03:27:45 butch MailScanner[11979]: Using SpamAssassin results cache Jul 8 03:27:45 butch MailScanner[11979]: Connected to SpamAssassin cache database Jul 8 03:27:45 butch MailScanner[11979]: Enabling SpamAssassin auto-whitelist functionality... Jul 8 03:27:47 butch MailScanner[11979]: ClamAV scanner using unrar command /usr/bin/unrar Jul 8 03:27:47 butch MailScanner[11979]: Using locktype = flock ======== /etc/MailScanner/MailScanner.conf ===== %org-name% = xxx %org-long-name% = xxxxxxxxxx %web-site% = www.xxxxxxxxxxxxxxx %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run As User = postfix Run As Group = postfix Queue Scan Interval = 30 Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = postfix Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = no TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 2 Find Archives By Content = yes Virus Scanning = yes Virus Scanners = clamav Virus Scanner Timeout = 300 Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = no Allowed Sophos Error Messages = Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = no Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = no Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Virus?} Filename Modify Subject = yes Filename Subject Text = {Filename?} Content Modify Subject = yes Content Subject Text = {Dangerous Content?} Disarmed Modify Subject = yes Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = yes Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = ISO-8859-1 Archive Mail = Send Notices = yes Notices Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = MailScanner Notices To = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = # ORDB-RBL SBL+XBL # You can un-comment this to enable them Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Use SpamAssassin = yes Max SpamAssassin Size = 30k Required SpamAssassin Score = 6 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes SpamAssassin Timeout = 75 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = # /var/lib SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.54.6 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions Lock Type = Minimum Code Status = supported ===================== /etc/postfix/main.cf =============== # MailScanner Addition: header_checks = regexp:/etc/postfix/header_checks etc. From ram at netcore.co.in Sat Jul 8 10:48:06 2006 From: ram at netcore.co.in (Ramprasad) Date: Sat Jul 8 10:47:03 2006 Subject: performance impact of growing rules files In-Reply-To: <44AE7F2B.5060708@pacific.net> References: <1152273837.12695.11.camel@darkstar.netcore.co.in> <44AE7F2B.5060708@pacific.net> Message-ID: <1152352086.5221.32.camel@darkstar.netcore.co.in> On Fri, 2006-07-07 at 08:35 -0700, Ken A wrote: > > Ramprasad wrote: > > Hi, > > We scan mails for quiet a large number of domains ( around 1.5k > > domains). The scanning happens on multiple identically configured MS > > +postfix+SA linux boxes behind load balancers > > > > For every domain that is added there will be entries in > > spamcheck.rules spamaction.rules etc. Besides the domains will have > > their own whitelists and blacklists which go into whitelist/blacklist > > rules files. Already these have more than 10000 lines each > > > > I am not sure how this architecture will scale. Additional hardware is > > not a problem , but the solution must scale > > > > Assume I have 10x more domains and traffic next year .. will there be a > > performance hit because Mailscanner has to read such huge rules files. > > What will be a 100% scalable architecture > > You certainly don't want a million rules stuffed into RAM every time > MailScanner starts up! If the largest number of rules you want > MailScanner to work with is 10,000 rules, then figure out how many rules > your average domain has, and divide up your MS boxes into groups based > on that. Then set the MX for domains [a-c] to MX1, domains [d-f] to MX2 > and so on... Then have your load balancers handle which group of boxes > those MX's map requests to. This way you don't have an excessive number > of rules on any one group of MS boxes. I tend to agree. But I would love for a way out without scattering the MXes. One problem is that would create an enormous maintenance overhead. Today we have 10 identical MS boxes and maintained comfortably by a team of 2. When we have differently configured machines , they will require more attention Thanks Ram From sales11 at iscnetwork.com Sat Jul 8 18:12:28 2006 From: sales11 at iscnetwork.com (Industry Standard Computers) Date: Sat Jul 8 18:11:43 2006 Subject: All appears to work but MailScanner is NOT there -- fixed In-Reply-To: <44AF6B34.7040807@iscnetwork.com> References: <44AF6B34.7040807@iscnetwork.com> Message-ID: <44AFE77C.4030809@iscnetwork.com> I found a good backup and restored it. Sorry for the post. butch From mikej at rogers.com Sun Jul 9 21:10:01 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Jul 9 21:09:56 2006 Subject: clamav & libunrar Message-ID: <44B16299.6040704@rogers.com> When compiling clamav, should we compile it with the optional libunrar library? Will compiling without it mean that MS will be unable to virus scan inside rar files? From sales11 at iscnetwork.com Sun Jul 9 21:35:08 2006 From: sales11 at iscnetwork.com (Industry Standard Computers) Date: Sun Jul 9 21:34:23 2006 Subject: clamav & libunrar In-Reply-To: <44B16299.6040704@rogers.com> References: <44B16299.6040704@rogers.com> Message-ID: <44B1687C.9030305@iscnetwork.com> I can't remember exactly but I believe there is a perl script available. Maybe an RPM from DAG or Cspan. I know my Clamav is directly from RPM and I get in the log files Clam will do rar files. Sorry couldn't remember more. Butch Mike Jakubik wrote: > When compiling clamav, should we compile it with the optional libunrar > library? Will compiling without it mean that MS will be unable to > virus scan inside rar files? > > -- Owner of Industry Standard Computers http://www.ISCnetwork.com Phone: (740) 695-1520 Web Master for the Christian Library On-Line http://www.ChristianLibrary.org Industry Standard Computers specializes in: New & used computers, upgrading, service, support, Micro$oft & Linux networking, Internet Filtering, all at the lowest labor rate in the area, $25 shop, $35 other. How safe is your network? Free test at our web site http://www.iscnetwork.com/filtering/howsafe1.htm This message is copyrighted 2006, by ISC. If you wish to quote or copy any part of it, you must first submit your written signed request to us. From r.berber at computer.org Sun Jul 9 22:57:14 2006 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sun Jul 9 23:05:17 2006 Subject: clamav & libunrar In-Reply-To: <44B16299.6040704@rogers.com> References: <44B16299.6040704@rogers.com> Message-ID: Mike Jakubik wrote: > When compiling clamav, should we compile it with the optional libunrar > library? Will compiling without it mean that MS will be unable to virus > scan inside rar files? Clamav will scan rar version 2 archives, for rar version 3 you need the external unrar command and to configure that option in your MailScanner.conf (i.e. Unrar Command = /usr/local/bin/unrar). -- Ren? Berber From paul at pbrown.com Mon Jul 10 03:04:21 2006 From: paul at pbrown.com (Paul A Brown) Date: Mon Jul 10 03:02:24 2006 Subject: Problem with Debian, Postfix and mailscanner Message-ID: <017801c6a3c5$28b938f0$a2c0c0c0@Paul> Hi guys I recently installed the latest stable release of Mailscanner. I am running Sarge debian and postfix The setup seems to work well except for one oddity. I have to restart mailscanner before mail will be processed from the 'hold' queue Any ideas? Thanks Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060710/83939f73/attachment.html From mark at presling.com Mon Jul 10 08:46:00 2006 From: mark at presling.com (Mark Presling) Date: Mon Jul 10 08:46:34 2006 Subject: Problem with Debian, Postfix and mailscanner In-Reply-To: <017801c6a3c5$28b938f0$a2c0c0c0@Paul> References: <017801c6a3c5$28b938f0$a2c0c0c0@Paul> Message-ID: <44B205B8.3050403@presling.com> Ahhhh, so it wasn't just me! I saw the same thing on my test box (Debian Sarge + Postfix). It would process one batch and then do nothing. It is working now, but unfortunately I don't know how or why. Sorry, no help but just confirming that there may be a problem there. Cheers, Mark Paul A Brown wrote: > Hi guys > > I recently installed the latest stable release of Mailscanner. I am > running Sarge debian and postfix > > The setup seems to work well except for one oddity. > > I have to restart mailscanner before mail will be processed from the > 'hold' queue > > Any ideas? > > Thanks > > Paul > > -- > This message has been scanned for viruses and dangerous > content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: mark.vcf Type: text/x-vcard Size: 143 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060710/0ea3acce/mark.vcf From martinh at solid-state-logic.com Mon Jul 10 09:06:38 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jul 10 09:06:44 2006 Subject: OT: spam filter In-Reply-To: <44AEE355.2030601@nkpanama.com> References: <44AD32D3.5060209@trayerproducts.com> <44AD6F5B.8030501@grayonline.id.au> <44AEE355.2030601@nkpanama.com> Message-ID: <44B20A8E.9000206@solid-state-logic.com> Alex Neuman wrote: > Can a bunch of messages in a directory be turned into an mbox file? I've > god a folder (looks like cyrus maildir) that I need to turn into an mbox > file. > > Any suggestions? >> Off the top of my head it seems to suggest a combination of "formail" >> and "procmail". Parse the mbox with formail to break it up into >> individual messages, then pump them though spamassassin and depending on >> what spamassassin finds, either dump to another mbox or delete (using >> procmail). There are probably other ways, but it's 6:15am and I haven't >> had my coffee yet :P >> > Alex 'cat' all the emails together and that's your mbox file...assuming all the emails are in plain text in the first place.. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glauciusjunior at gmail.com Mon Jul 10 13:41:17 2006 From: glauciusjunior at gmail.com (glaucius junior) Date: Mon Jul 10 13:41:20 2006 Subject: spamassassin socket Message-ID: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> Hi list I'm writing to know if I can configure MailScanner to use SpamAssassin via socket, because I would like to run a SpamAssassin daemon in another linux box. best regards From martinh at solid-state-logic.com Mon Jul 10 13:49:18 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jul 10 13:49:26 2006 Subject: spamassassin socket In-Reply-To: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> References: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> Message-ID: <44B24CCE.7080805@solid-state-logic.com> glaucius junior wrote: > Hi list > > I'm writing to know if I can configure MailScanner to use SpamAssassin > via socket, because I would like to run a SpamAssassin daemon in > another linux box. > > best regards mailScanner doesn't use spamc/spamd, it uses the perl API to call SA on the local box.. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From dave.list at pixelhammer.com Mon Jul 10 14:24:57 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Jul 10 14:25:18 2006 Subject: spamassassin socket In-Reply-To: <44B24CCE.7080805@solid-state-logic.com> References: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> <44B24CCE.7080805@solid-state-logic.com> Message-ID: <44B25529.4070304@pixelhammer.com> Martin Hepworth wrote: > glaucius junior wrote: >> Hi list >> >> I'm writing to know if I can configure MailScanner to use SpamAssassin >> via socket, because I would like to run a SpamAssassin daemon in >> another linux box. >> >> best regards > mailScanner doesn't use spamc/spamd, it uses the perl API to call SA on > the local box.. > And having used both I might add that MS using the API seems much faster to us. Fast enough in fact make us switch from doing spamc calls on the mail toasters to using SA on our MS servers. Note that spamc and spamd speed cannot be blamed on network issues as we use a 1gb private backend for the spamc connection. Just my 2 cents. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From vodak at pewp.net Mon Jul 10 15:39:31 2006 From: vodak at pewp.net (Vodak) Date: Mon Jul 10 15:39:45 2006 Subject: spamassassin socket References: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> Message-ID: <013401c6a42e$a8063db0$3a02a8c0@wks02> Why run just Spamassassin on a different box? Since you're allready planning on using two boxes.. just put MailScanner on it's own Linuxbox and have all your mail relay though that. // Donald R. Kasper From raymond at prolocation.net Mon Jul 10 16:11:36 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Jul 10 16:11:35 2006 Subject: spamassassin socket In-Reply-To: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> References: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> Message-ID: Hi! > I'm writing to know if I can configure MailScanner to use SpamAssassin > via socket, because I would like to run a SpamAssassin daemon in > another linux box. MailScanner doesnt use a deamon for SA. Bye, Raymond. From peter at peterpolz.com Mon Jul 10 17:23:46 2006 From: peter at peterpolz.com (peter polz) Date: Mon Jul 10 17:23:49 2006 Subject: Mailscanner installed on macosx 10.4.7 intel Message-ID: *This message was transferred with a trial version of CommuniGate(tm) Pro* Hello! Has anyone installed mailscanner on macosx 10.4.7 intel Regards peter From ugob at camo-route.com Mon Jul 10 17:25:59 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jul 10 17:26:41 2006 Subject: performance impact of growing rules files In-Reply-To: <45646.194.70.180.170.1152291568.squirrel@webmail.r-bit.net> References: <1152273837.12695.11.camel@darkstar.netcore.co.in> <44AE7F2B.5060708@pacific.net> <45646.194.70.180.170.1152291568.squirrel@webmail.r-bit.net> Message-ID: Drew Marshall wrote: > On Fri, July 7, 2006 16:35, Ken A wrote: >> >> Ramprasad wrote: >>> Hi, >>> We scan mails for quiet a large number of domains ( around 1.5k >>> domains). The scanning happens on multiple identically configured MS >>> +postfix+SA linux boxes behind load balancers >>> >>> For every domain that is added there will be entries in >>> spamcheck.rules spamaction.rules etc. Besides the domains will have >>> their own whitelists and blacklists which go into whitelist/blacklist >>> rules files. Already these have more than 10000 lines each >>> >>> I am not sure how this architecture will scale. Additional hardware is >>> not a problem , but the solution must scale >>> >>> Assume I have 10x more domains and traffic next year .. will there be a >>> performance hit because Mailscanner has to read such huge rules files. >>> What will be a 100% scalable architecture >> You certainly don't want a million rules stuffed into RAM every time >> MailScanner starts up! If the largest number of rules you want >> MailScanner to work with is 10,000 rules, then figure out how many rules >> your average domain has, and divide up your MS boxes into groups based >> on that. Then set the MX for domains [a-c] to MX1, domains [d-f] to MX2 >> and so on... Then have your load balancers handle which group of boxes >> those MX's map requests to. This way you don't have an excessive number >> of rules on any one group of MS boxes. > > I think (Although couldn't guarantee it) there is a more efficient rules > loading method using custom functions. It was discussed previously (I > think) so a search of the list might give you the details. Other wise I > think Julian would be the best person to confirm this and he is on holiday > at the moment. > > Drew > > Yes, Julian could do something for you using Custom Functions... From mailscanner at yeticomputers.com Mon Jul 10 18:00:22 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Jul 10 18:00:32 2006 Subject: Spam Filter Survey [A little off topic] In-Reply-To: <44AEF3B2.5010105@osubucks.org> References: <44AEF3B2.5010105@osubucks.org> Message-ID: <44B287A6.7040803@yeticomputers.com> Annoying videos, weren't they? Or is it just me? I find it irritating when someone tries to force a precise answer to a question that doesn't have one. "What's the minimum percentage of spam your product will stop?" What a ridiculous question. It made it seem to me that the interviewer had *no* idea how spam filters work or how spammers try to get around them. Maybe I'm just grumpy. Rick Christopher Sweeney wrote: > Hey Junkfax.org is conducting a spam filter software survey as they > are moving to fight spam. Here is the link to take it, I think we all > need a write in vote for MailScanner I did! After you take it there > is an interesting video they shot at a trade show asking Anti-Spam > filter companies about their software and how well they stand behind > their claims. Very interesting. I thought everyone might be > interested to check it out. > > > --- > avast! Antivirus: Outbound message clean. > Virus Database (VPS): 0627-3, 07/07/2006 > Tested on: 7/7/2006 7:52:22 PM > avast! - copyright (c) 1988-2006 ALWIL Software. > http://www.avast.com > > > > From ugob at camo-route.com Mon Jul 10 18:42:29 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jul 10 18:42:59 2006 Subject: DCC config and SA lint complaints In-Reply-To: References: Message-ID: Jeff A. Earickson wrote: > Ugo, > > Hunh??? I *do* want to use DCC, so if I comment out the > loadplugin Mail::SpamAssassin::Plugin::DCC lines in the pre > files, then DCC won't get used. Sorry, I meant uncomment. > > Jeff Earickson > > On Mon, 3 Jul 2006, Ugo Bellavance wrote: > >> Date: Mon, 03 Jul 2006 17:52:39 -0400 >> From: Ugo Bellavance >> Reply-To: MailScanner discussion >> To: mailscanner@lists.mailscanner.info >> Subject: Re: DCC config and SA lint complaints >> >> Jeff A. Earickson wrote: >>> Gang, >>> >>> I googled for this one, lots of people ask, no answer found... >>> I have the following in my spam.assassin.prefs.conf file, because >>> I install DCC in /opt/dcc: >>> >>> dcc_path /opt/dcc/bin/dccproc >>> dcc_home /opt/dcc >>> >>> If these two lines are there, spamassassin --lint chokes: >>> >>> /opt/perl5/bin/spamassassin -p >>> /opt/MailScanner/etc/spam.assassin.prefs.conf --lint >>> [12758] warn: config: failed to parse line, skipping: dcc_path >>> /opt/dcc/bin/dccproc >>> [12758] warn: config: failed to parse line, skipping: dcc_home /opt/dcc >>> [12758] warn: lint: 2 issues detected, please rerun with debug enabled >>> for more information >>> >>> If the lines are not there, then DCC does not get used. >>> I did a workaround by creating a symlink in /usr/bin for >>> dccproc. The problem with this is that SA redirects its message >>> output to dccproc instead of using the dccifd daemon (because SA >>> can't find the dccifd socket if dcc_home is not specified). >>> >>> How do I use the two dcc specifiers for Mail::SpamAssassin::Plugin::DCC >>> (see >>> http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.1/lib/Mail/SpamAssassin/Plugin/DCC.pm) >>> >>> without having SA lint complain??? >>> >>> I ran into this when I installed Rules Du Jour today. Rules Du Jour >>> won't work if SA doesn't pass the lint test. Aaaarrgh. >> >> Look at your .pre files. You probably didn't comment out the line that >> enables dcc. >> >> >> Regards, >> >>> >>> Jeff Earickson >>> Colby College >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From alex at nkpanama.com Mon Jul 10 18:55:27 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Jul 10 18:55:43 2006 Subject: OT: spam filter In-Reply-To: <44B20A8E.9000206@solid-state-logic.com> References: <44AD32D3.5060209@trayerproducts.com> <44AD6F5B.8030501@grayonline.id.au> <44AEE355.2030601@nkpanama.com> <44B20A8E.9000206@solid-state-logic.com> Message-ID: <44B2948F.4010504@nkpanama.com> I'll give it a shot... thanks! Martin Hepworth wrote: > Alex Neuman wrote: >> Can a bunch of messages in a directory be turned into an mbox file? >> I've god a folder (looks like cyrus maildir) that I need to turn into >> an mbox file. >> >> Any suggestions? >>> Off the top of my head it seems to suggest a combination of "formail" >>> and "procmail". Parse the mbox with formail to break it up into >>> individual messages, then pump them though spamassassin and >>> depending on >>> what spamassassin finds, either dump to another mbox or delete (using >>> procmail). There are probably other ways, but it's 6:15am and I >>> haven't >>> had my coffee yet :P >>> >> > Alex > > 'cat' all the emails together and that's your mbox file...assuming all > the emails are in plain text in the first place.. > From ssilva at sgvwater.com Mon Jul 10 21:05:31 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 10 21:05:58 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... In-Reply-To: References: <44AE69B4.5010100@USherbrooke.ca> Message-ID: Chris Aitken spake the following on 7/7/2006 10:45 PM: > Hi Denis, > > All fixed. I just needed to make sure sendmail fully shutdown, before I started Mailscanner again. I also needed to make sure the line : > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > > was commented out in my sendmail.mc. Which is strange because im sure previously that line was active and it was working. > You might have had a sendmail rpm upgraded through yum that replaced it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From vodak at pewp.net Mon Jul 10 23:23:40 2006 From: vodak at pewp.net (Vodak) Date: Mon Jul 10 23:23:20 2006 Subject: spamassassin socket References: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> Message-ID: <008001c6a46f$7f3c4820$3a02a8c0@wks02> I screwed up. I meant mailscanner. not spamassiassin ----- Original Message ----- From: "Raymond Dijkxhoorn" To: "MailScanner discussion" Sent: Monday, July 10, 2006 11:11 AM Subject: Re: spamassassin socket > Hi! > >> I'm writing to know if I can configure MailScanner to use SpamAssassin >> via socket, because I would like to run a SpamAssassin daemon in >> another linux box. > > MailScanner doesnt use a deamon for SA. > > Bye, > Raymond. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.394 / Virus Database: 268.9.10/383 - Release Date: 7/7/2006 > > From ka at pacific.net Mon Jul 10 23:46:58 2006 From: ka at pacific.net (Ken A) Date: Mon Jul 10 23:47:01 2006 Subject: spamassassin socket In-Reply-To: <008001c6a46f$7f3c4820$3a02a8c0@wks02> References: <2360d6370607100541m556d13dfs7be580c634c3cf25@mail.gmail.com> <008001c6a46f$7f3c4820$3a02a8c0@wks02> Message-ID: <44B2D8E2.60908@pacific.net> Why a socket? That would be very inefficient. Just change your MX, run MailScanner as a gateway/relay. Ken A. Pacific.Net Vodak wrote: > I screwed up. I meant mailscanner. not spamassiassin > > ----- Original Message ----- From: "Raymond Dijkxhoorn" > > To: "MailScanner discussion" > Sent: Monday, July 10, 2006 11:11 AM > Subject: Re: spamassassin socket > > >> Hi! >> >>> I'm writing to know if I can configure MailScanner to use SpamAssassin >>> via socket, because I would like to run a SpamAssassin daemon in >>> another linux box. >> >> MailScanner doesnt use a deamon for SA. >> >> Bye, >> Raymond. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.1.394 / Virus Database: 268.9.10/383 - Release Date: 7/7/2006 >> >> From sales11 at iscnetwork.com Tue Jul 11 00:00:39 2006 From: sales11 at iscnetwork.com (Industry Standard Computers) Date: Mon Jul 10 23:59:52 2006 Subject: Restricted incoming users ruleset Message-ID: <44B2DC17.6030506@iscnetwork.com> Everyone: I didn't know if this is a postfix or MS question or if someone has a ruleset fix for this I might have. On one of my email servers I have "restricted users" who have no rights to INCOMING email. So anyone sending in email to those accounts gets a bounce message like the following: Transcript of session follows. Out: 220 mail.somewhere.com ESMTP Postfix In: EHLO iscnetwork.com Out: 250-mail.somewhere.com Out: 250-PIPELINING Out: 250-SIZE 10240000 Out: 250-VRFY Out: 250-ETRN Out: 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5 Out: 250-AUTH=DIGEST-MD5 PLAIN LOGIN CRAM-MD5 Out: 250 8BITMIME In: MAIL FROM: SIZE=1317 Out: 250 Ok In: RCPT TO: Out: 451 Server configuration error In: QUIT Out: 221 Bye Any nice way to say "Sorry joe@somewhere.com cannot receive incoming email." "Please send email to generic@somewhere.com." Thanks, Butch From sjakie07 at chello.nl Tue Jul 11 00:09:23 2006 From: sjakie07 at chello.nl (Sjakie) Date: Tue Jul 11 00:09:33 2006 Subject: Norman Sandbox and MailScanner Message-ID: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> I use MailScanner with Norman Virus Control. Norman has it's Sandbox feature which is able to find virussen not in the definition files. see: http://sandbox.norman.no/ When i send the eicar test file, MailScanner will detect a virus. When i send a real virus (Trojan.Brepibot.V) not detected by Norman (because for this test i use older definition files), but which is detected by Norman Sandbox (as W32/Malware), MailScanner does not detect any virus. Any ideas? Thanks Norman logfiles: ======== Norman Log with Eicar ===== NVCC Command Line Scanner 5.70.01 NSE revision 5.90.21 nvcbin.def revision 5.90 of 2006/06/16 (65535 variants) nvcmacro.def revision 5.90 of 2006/06/09 (15237 variants) Total number of variants: 80772 Command line: "-c -sb:1 -s -u . " * Could not unpack archive /var/spool/MailScanner/incoming/2809/./k5GCNblP002862.header: . *** Possible virus found *** *** /var/spool/MailScanner/incoming/2809/./k5GCNblP002862/eicar.com -> Virus EICAR_Test_file_not_a_virus! () *** /var/spool/MailScanner/incoming/2809/./k5GCNblP002862/eicar_com.zip : eicar.com -> Virus EICAR_Test_file_not_a_virus! () The scanning started: 2006/06/16 12:23:39 ended: 2006/06/16 12:23:39 Logged on as : root on hostname : test Scanning results: Total number of files found..............................: 6 Number of files scanned..................................: 6 Number of files/directories skipped due to exclude list..: 0 Number of files that could not be opened.................: 0 Number of archive files unpacked.........................: 1 Number of archive files not unpacked.....................: 1 Number of infections.....................................: 2 Copyright (c) 1993-2004 Norman ASA. ======== Norman Log with Trojan.Brepibot.V (sandbox) ===== NVCC Command Line Scanner 5.70.01 NSE revision 5.90.21 nvcbin.def revision 5.90 of 2006/06/16 (65535 variants) nvcmacro.def revision 5.90 of 2006/06/09 (15237 variants) Total number of variants: 80772 Command line: "-c -sb:1 -s -u . " * Could not unpack archive /var/spool/MailScanner/incoming/2809/./k5GCKjiv002811.header: . *** Possible virus found *** *** /var/spool/MailScanner/incoming/2809/./k5GCKjiv002811/Photo and Article.exe -> Virus W32/Malware ( [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Decompressing PEC2. * File length: 12800 bytes. [ Changes to filesystem ] * Creates file C:\WINDOWS\SYSTEM32\svchon32.exe. * Creates file C:\WINDOWS\TEMP\175.bat. * Creates file C:\WINDOWS\TEMP\240.bat. [ Changes to registry ] * Creates value "ProtocolModuleCmd"="svchon32.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run". * Creates value "ProtocolModuleCmd"="svchon32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". [ Network services ] * Connects to "24.3.168.130" on port 8080 (TCP). * Connects to IRC Server. * IRC: Uses nickname [0000-X2]cuybcycf. * IRC: Uses username hotumwwao. * IRC: Joins channel #65. * IRC: Sets the channel mode for channel #65 to +stnk. * IRC: Talks in channel #65. * Connects to "67.164.54.64" on port 8080 (TCP). [ Process/window information ] * Enumerates running processes. * Attemps to open C:\WINDOWS\TEMP\\175.bat NULL. * Attemps to open C:\WINDOWS\SYSTEM32\svchon32.exe NULL. * Attemps to open C:\WINDOWS\TEMP\\240.bat NULL. * Enumerates running processes several parses.... * Creates a mutex svchon32.exe. * Will automatically restart after boot (I'll be back...). ) *** /var/spool/MailScanner/incoming/2809/./k5GCKjiv002811/article.zip : Photo and Article.exe -> Virus W32/Malware ( [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Decompressing PEC2. * File length: 12800 bytes. [ Changes to filesystem ] * Creates file C:\WINDOWS\SYSTEM32\svchon32.exe. * Creates file C:\WINDOWS\TEMP\175.bat. * Creates file C:\WINDOWS\TEMP\240.bat. [ Changes to registry ] * Creates value "ProtocolModuleCmd"="svchon32.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run". * Creates value "ProtocolModuleCmd"="svchon32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". [ Network services ] * Connects to "24.3.168.130" on port 8080 (TCP). * Connects to IRC Server. * IRC: Uses nickname [0000-X2]cuybcycf. * IRC: Uses username hotumwwao. * IRC: Joins channel #65. * IRC: Sets the channel mode for channel #65 to +stnk. * IRC: Talks in channel #65. * Connects to "67.164.54.64" on port 8080 (TCP). [ Process/window information ] * Enumerates running processes. * Attemps to open C:\WINDOWS\TEMP\\175.bat NULL. * Attemps to open C:\WINDOWS\SYSTEM32\svchon32.exe NULL. * Attemps to open C:\WINDOWS\TEMP\\240.bat NULL. * Enumerates running processes several parses.... * Creates a mutex svchon32.exe. * Will automatically restart after boot (I'll be back...). ) The scanning started: 2006/06/16 12:20:48 ended: 2006/06/16 12:20:55 Logged on as : root on hostname : test Scanning results: Total number of files found..............................: 6 Number of files scanned..................................: 6 Number of files/directories skipped due to exclude list..: 0 Number of files that could not be opened.................: 0 Number of archive files unpacked.........................: 1 Number of archive files not unpacked.....................: 1 Number of infections.....................................: 2 Copyright (c) 1993-2004 Norman ASA. =============================================== From james at grayonline.id.au Mon Jul 10 22:51:18 2006 From: james at grayonline.id.au (James Gray) Date: Tue Jul 11 00:13:55 2006 Subject: Mailscanner installed on macosx 10.4.7 intel In-Reply-To: References: Message-ID: <44B2CBD6.20805@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 peter polz wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hello! > > Has anyone installed mailscanner on macosx 10.4.7 intel > > Regards > peter Yes. It's currently running on my MacMini (CoreDuo) with 10.4.7 and will be responsible for delivering this message in fact :) Postfix is the MTA (from fink) and courier-imap/pop3 (from source) handles final delivery to the users. No major dramas installing MailScanner apart from a few Perl modules that I had to force install (no testing). All the Perl stuff was done via CPAN (and webmin). Getting the whole thing set up with virtual users etc took a fair amount of googling and fiddling, but all up I'm very happy with the result. Just make sure you feed the Mac PLENTY of RAM! Mine's got 2GB and it screams along - with 512MB it was slower than a snail stuck in molasses! One last thing - grab the latest beta version of MailScanner. There's no issues with it on OSX 10.4.7. Julian patched a few files in the beta version that I'm not sure are in the current "stable" MailScanner. Without those patches, you'll send your Mac to it's knees because the start up scripts will keep spawning children and never stop. Feel free to post an specific questions and I'll do my best to answer them :) Cheers, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEssvWwBHpdJO7b9ERAodTAJ4qcQXmUBEWFUiw7q4EmZAyVQDYKwCfWt4A /Rr720QfgjPEk6OUgptWJkA= =oAgt -----END PGP SIGNATURE----- From mkettler at evi-inc.com Tue Jul 11 00:13:50 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Jul 11 00:14:06 2006 Subject: Restricted incoming users ruleset In-Reply-To: <44B2DC17.6030506@iscnetwork.com> References: <44B2DC17.6030506@iscnetwork.com> Message-ID: <44B2DF2E.6060906@evi-inc.com> Industry Standard Computers wrote: > Everyone: > I didn't know if this is a postfix or MS question or if someone has a > ruleset fix for this I might have. > > On one of my email servers I have "restricted users" who have no rights > to INCOMING email. So anyone sending in email to those accounts gets a > bounce message like the following: Actually, that's not a bounce you site below.. that's a reject. Technically bounces happen after the message has been accepted. In general, what you want to do is a MTA thing, in your case postfix. MailScanner acts only after the message has been completely received and accepted by your MTA, so it could not do what you're doing here. MailScanner could generate a post-delivery bounce message, but that's a Bad Idea. (You can get blacklisted by SpamCop for this kind of crud, so I'd advise against doing it intentionally.) Unfortunately, I'm not a postfix expert, so I don't know how to configure it to do this. > > Transcript of session follows. > > Out: 220 mail.somewhere.com ESMTP Postfix > In: EHLO iscnetwork.com > Out: 250-mail.somewhere.com > Out: 250-PIPELINING > Out: 250-SIZE 10240000 > Out: 250-VRFY > Out: 250-ETRN > Out: 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5 > Out: 250-AUTH=DIGEST-MD5 PLAIN LOGIN CRAM-MD5 > Out: 250 8BITMIME > In: MAIL FROM: SIZE=1317 > Out: 250 Ok > In: RCPT TO: > Out: 451 Server configuration error > In: QUIT > Out: 221 Bye From martin.lyberg at gmail.com Tue Jul 11 10:14:57 2006 From: martin.lyberg at gmail.com (Martin) Date: Tue Jul 11 10:15:24 2006 Subject: Problem with Debian, Postfix and mailscanner In-Reply-To: <017801c6a3c5$28b938f0$a2c0c0c0@Paul> References: <017801c6a3c5$28b938f0$a2c0c0c0@Paul> Message-ID: Paul A Brown wrote: > Hi guys > > I recently installed the latest stable release of Mailscanner. I am > running Sarge debian and postfix > > The setup seems to work well except for one oddity. > > I have to restart mailscanner before mail will be processed from the > 'hold' queue > > Any ideas? Paul, I'm not sure what's wrong with your setup, but i followed this guide to set it up on debian: http://www.piratefish.org/piratefish_introduction.htm I've installed it two machines following the guide above, no problems at all. Follow the steps and see if something have been missed (permissions etc.) / Martin From chrisgreen at hotmail.com Tue Jul 11 12:04:45 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Tue Jul 11 12:04:50 2006 Subject: Problem with Debian, Postfix and mailscanner In-Reply-To: Message-ID: Martin wrote: > >Paul A Brown wrote: > >>Hi guys >> I recently installed the latest stable release of Mailscanner. I am >>running Sarge debian and postfix >> The setup seems to work well except for one oddity. >> I have to restart mailscanner before mail will be processed from the >>'hold' queue >> Any ideas? > >Paul, > >I'm not sure what's wrong with your setup, but i followed this guide to set >it up on debian: > >http://www.piratefish.org/piratefish_introduction.htm > >I've installed it two machines following the guide above, no problems at >all. Follow the steps and see if something have been missed (permissions >etc.) > >/ Martin > Me too, but that configuration chews up emails on a periodic basis - maybe one email in every 5,000 received. Julian gave me some advice which you can find if you search the archives for "Body text garbled" on the archives around June 4th/5th this year. HTH Chris From glenn.steen at gmail.com Tue Jul 11 13:28:07 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jul 11 13:28:10 2006 Subject: Problem with Debian, Postfix and mailscanner In-Reply-To: References:

Message-ID: <223f97700607110528r4782b4d6ic5c1eaf9100cc234@mail.gmail.com> On 11/07/06, Chris Green wrote: > Martin wrote: > > > >Paul A Brown wrote: > > > >>Hi guys > >> I recently installed the latest stable release of Mailscanner. I am > >>running Sarge debian and postfix > >> The setup seems to work well except for one oddity. > >> I have to restart mailscanner before mail will be processed from the > >>'hold' queue > >> Any ideas? > > > >Paul, > > > >I'm not sure what's wrong with your setup, but i followed this guide to set > >it up on debian: > > > >http://www.piratefish.org/piratefish_introduction.htm > > > >I've installed it two machines following the guide above, no problems at > >all. Follow the steps and see if something have been missed (permissions > >etc.) > > > >/ Martin > > > Me too, but that configuration chews up emails on a periodic basis - maybe > one email in every 5,000 received. Julian gave me some advice which you can > find if you search the archives for "Body text garbled" on the archives > around June 4th/5th this year. > > HTH > > > Chris > Definitely don't use anything that builds on the old and _very_ deprecated dual PF setup for interracting with MS. The HOLD thing is the only really safe one. As to why there could be .... probplems... Is there anything _other_ than queue files in the hold queue? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at themarshalls.co.uk Tue Jul 11 14:09:09 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue Jul 11 14:09:22 2006 Subject: Restricted incoming users ruleset In-Reply-To: <44B2DC17.6030506@iscnetwork.com> References: <44B2DC17.6030506@iscnetwork.com> Message-ID: <49827.194.70.180.170.1152623349.squirrel@webmail.r-bit.net> On Tue, July 11, 2006 00:00, Industry Standard Computers wrote: > Everyone: > I didn't know if this is a postfix or MS question or if someone has a > ruleset fix for this I might have. > > On one of my email servers I have "restricted users" who have no rights > to INCOMING email. So anyone sending in email to those accounts gets a > bounce message like the following: > > Transcript of session follows. > > Out: 220 mail.somewhere.com ESMTP Postfix > In: EHLO iscnetwork.com > Out: 250-mail.somewhere.com > Out: 250-PIPELINING > Out: 250-SIZE 10240000 > Out: 250-VRFY > Out: 250-ETRN > Out: 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5 > Out: 250-AUTH=DIGEST-MD5 PLAIN LOGIN CRAM-MD5 > Out: 250 8BITMIME > In: MAIL FROM: SIZE=1317 > Out: 250 Ok > In: RCPT TO: > Out: 451 Server configuration error > In: QUIT > Out: 221 Bye > > Any nice way to say "Sorry joe@somewhere.com cannot receive incoming > email." "Please send email to generic@somewhere.com." Yes and it's actually nice and simple (Being a simple person myself, I like simple :-) ) Just edit your transport file and add: joe@example.com REJECT:Sory this user cannot receive incoming mail. Please re-send to generic@somewhere.com and then postmap transport and reload Postfix for it to become effective now. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From alex at nkpanama.com Tue Jul 11 15:45:01 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Jul 11 15:45:26 2006 Subject: Norman Sandbox and MailScanner In-Reply-To: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> Message-ID: <44B3B96D.5030509@nkpanama.com> Sjakie wrote: > I use MailScanner with Norman Virus Control. > Norman has it's Sandbox feature which is able to find virussen not in > the definition files. > see: http://sandbox.norman.no/ > > When i send the eicar test file, MailScanner will detect a virus. > > When i send a real virus (Trojan.Brepibot.V) not detected by Norman > (because for this test i use older definition files), > but which is detected by Norman Sandbox (as W32/Malware), > MailScanner does not detect any virus. MailScanner uses whatever antivirus engine you're using. If it isn't properly configured or updated, it won't detect it. Depending on the filename, filetype, and MailScanner's "dangerous content" settings, it might be blocked (or not), so it all depends on your setup. So again, MailScanner doesn't "detect" viruses *per se*, it just reports what the scanners say and acts upon it according to your wishes. From peter at peterpolz.com Tue Jul 11 15:57:40 2006 From: peter at peterpolz.com (peter polz) Date: Tue Jul 11 15:57:44 2006 Subject: Mailscanner installed on macosx 10.4.7 intel In-Reply-To: <44B2CBD6.20805@grayonline.id.au> Message-ID: *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi! You have installed the FreeBSD version on the MacMini? To you have a small docu for install on macmini intel? Regards Peter >> Hello! >> >> Has anyone installed mailscanner on macosx 10.4.7 intel >> >> Regards >> peter > > Yes. It's currently running on my MacMini (CoreDuo) with 10.4.7 and > will be responsible for delivering this message in fact :) Postfix is > the MTA (from fink) and courier-imap/pop3 (from source) handles final > delivery to the users. No major dramas installing MailScanner apart > from a few Perl modules that I had to force install (no testing). All > the Perl stuff was done via CPAN (and webmin). > > Getting the whole thing set up with virtual users etc took a fair amount > of googling and fiddling, but all up I'm very happy with the result. > Just make sure you feed the Mac PLENTY of RAM! Mine's got 2GB and it > screams along - with 512MB it was slower than a snail stuck in molasses! > > One last thing - grab the latest beta version of MailScanner. There's > no issues with it on OSX 10.4.7. Julian patched a few files in the beta > version that I'm not sure are in the current "stable" MailScanner. > Without those patches, you'll send your Mac to it's knees because the > start up scripts will keep spawning children and never stop. > > Feel free to post an specific questions and I'll do my best to answer > them :) > > Cheers, > > James > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEssvWwBHpdJO7b9ERAodTAJ4qcQXmUBEWFUiw7q4EmZAyVQDYKwCfWt4A > /Rr720QfgjPEk6OUgptWJkA= > =oAgt > -----END PGP SIGNATURE----- From sjakie07 at chello.nl Tue Jul 11 18:17:25 2006 From: sjakie07 at chello.nl (Sjakie) Date: Tue Jul 11 18:17:37 2006 Subject: Norman Sandbox and MailScanner References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> <44B3B96D.5030509@nkpanama.com> Message-ID: <002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> When i use Norman from the prompt to scan the same file it does detect a virus (although with it's sandbox feature). I think something goes wrong in the interface between MailScanner and Norman. The interface works fine when Norman detects a virus the normal way (checking for code through it's definition files). But when it detects a virus with it's sandbox feature the interface goes wrong. When i look at the log file of Norman it did detect a virus, but it did not interface correct with MailScanner . From Denis.Beauchemin at USherbrooke.ca Tue Jul 11 19:04:43 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jul 11 19:05:09 2006 Subject: Norman Sandbox and MailScanner In-Reply-To: <002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> <44B3B96D.5030509@nkpanama.com> <002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> Message-ID: <44B3E83B.8050609@USherbrooke.ca> Sjakie a ?crit : > When i use Norman from the prompt to scan the same file it does detect > a virus (although with it's sandbox feature). > > I think something goes wrong in the interface between MailScanner and > Norman. > The interface works fine when Norman detects a virus the normal way > (checking for code through it's definition files). > But when it detects a virus with it's sandbox feature the interface > goes wrong. > > When i look at the log file of Norman it did detect a virus, but it > did not interface correct with MailScanner . > > Maybe you need to modify how MS calls Norman AV... Look into /usr/lib/MailScanner/norman-wrapper (or wherever /etc/MailScanner/virus.scanners.conf points to for your AV). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060711/4b7289d1/smime.bin From sidramdane at yahoo.fr Tue Jul 11 19:28:26 2006 From: sidramdane at yahoo.fr (Sid Ramdane) Date: Tue Jul 11 19:28:27 2006 Subject: MailScanner[7194]: ERROR: Unable to create temporary directory Message-ID: <20060711182826.18509.qmail@web26013.mail.ukl.yahoo.com> Hi, I am using MS on Fedora Core 5 with spamd, pyzor and razor. The MTA is postfix and I am seeing errors, which I believe are caused by permission; however I do not know where to start. I have followed guidelines here: http://www.clarkconnect.com/wiki/index.php?title=Howtos_-_Anti-Virus_and_Anti-Spam_Filtering_with_MailScanner Also I am seeing when postfix restart errors: Jul 11 18:10:17 cansado postfix/postsuper[6336]: warning: bogus file name: hold/razor-agent.log Jul 11 18:10:34 cansado postfix/postsuper[6407]: warning: bogus file name: hold/razor-agent.log Jul 11 19:18:28 cansado MailScanner[7194]: New Batch: Scanning 1 messages, 733 bytes Jul 11 19:18:31 cansado MailScanner[7194]: Virus and Content Scanning: Starting Jul 11 19:18:34 cansado MailScanner[7194]: ERROR: Unable to create temporary directory Jul 11 19:18:36 cansado MailScanner[7194]: Requeue: 060471110555.06AC0 to E07A011104B1 However mail is correctly delivered. Can u please help me? Many thanks in advance! Kind regards -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060711/793a775d/attachment.html From sjakie07 at chello.nl Tue Jul 11 19:36:44 2006 From: sjakie07 at chello.nl (Sjakie) Date: Tue Jul 11 19:36:55 2006 Subject: Norman Sandbox and MailScanner References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> <44B3B96D.5030509@nkpanama.com><002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> <44B3E83B.8050609@USherbrooke.ca> Message-ID: <000501c6a518$f563e2c0$cb1aa8c0@PCTHIJS> Denis wrote: > Maybe you need to modify how MS calls Norman AV... Look into > /usr/lib/MailScanner/norman-wrapper (or wherever > /etc/MailScanner/virus.scanners.conf points to for your AV). /etc/MailScanner/virus.scanners.conf points to /usr/lib/MailScanner/norman-wrapper ======[ /usr/lib/MailScanner/norman-wrapper ]======== PackageDir=$1 shift prog=nvcc if [ "x$1" = "x-IsItInstalled" ]; then [ -x ${PackageDir}/$prog ] && exit 0 exit 1 fi exec ${PackageDir}/$prog "$@" ================================================== But as far as i can see the way Norman is called is ok, also because the logfile of Norman tells me it detected a virus. I also looked at the file /usr/lib/MailScanner/MailScanner/SweepViruses.pm and i think that in this script the output of Norman is analyzed (sub ProcessNormanOutput). But i don't really understand perl so can anyone tell me if this is right? From sales11 at iscnetwork.com Tue Jul 11 21:42:41 2006 From: sales11 at iscnetwork.com (Industry Standard Computers) Date: Tue Jul 11 21:41:56 2006 Subject: Restricted incoming users ruleset In-Reply-To: <49827.194.70.180.170.1152623349.squirrel@webmail.r-bit.net> References: <44B2DC17.6030506@iscnetwork.com> <49827.194.70.180.170.1152623349.squirrel@webmail.r-bit.net> Message-ID: <44B40D41.3000903@iscnetwork.com> > Just edit your transport file and add: > > joe@example.com REJECT:Sory this user cannot receive incoming mail. > Please re-send to generic@somewhere.com > > and then postmap transport and reload Postfix for it to become effective now. > > Drew, I know I need to add a line to main.cf to hash the database, but how? Sorry I am a cut & paste programmer. Just not my "cup of tea." Thanks. Butch From drew at themarshalls.co.uk Wed Jul 12 00:10:34 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jul 12 00:10:44 2006 Subject: Restricted incoming users ruleset In-Reply-To: <44B40D41.3000903@iscnetwork.com> References: <44B2DC17.6030506@iscnetwork.com> <49827.194.70.180.170.1152623349.squirrel@webmail.r-bit.net> <44B40D41.3000903@iscnetwork.com> Message-ID: <48B55389-18DA-4124-A741-F5A2944CDE22@themarshalls.co.uk> On 11 Jul 2006, at 21:42, Industry Standard Computers wrote: > >> Just edit your transport file and add: >> >> joe@example.com REJECT:Sory this user cannot receive incoming >> mail. >> Please re-send to generic@somewhere.com >> >> and then postmap transport and reload Postfix for it to become >> effective now. >> >> > Drew, > I know I need to add a line to main.cf to hash the database, but how? > Just make sure you have a line transport_maps = hash:/etc/postfix/ transport or similar in main.cf The exact path and file name may differ depending where you keep your /postfix config directory and what your particular package might have called the transport map file. Once this is in place, you can follow my previous. > Sorry I am a cut & paste programmer. Just not my "cup of tea." No worries. Have to start somewhere Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From drew at themarshalls.co.uk Wed Jul 12 00:23:15 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jul 12 00:23:24 2006 Subject: MailScanner[7194]: ERROR: Unable to create temporary directory In-Reply-To: <20060711182826.18509.qmail@web26013.mail.ukl.yahoo.com> References: <20060711182826.18509.qmail@web26013.mail.ukl.yahoo.com> Message-ID: <4DC00124-1074-4F1F-A52B-81CA754E5783@themarshalls.co.uk> On 11 Jul 2006, at 19:28, Sid Ramdane wrote: > Hi, > > I am using MS on Fedora Core 5 with spamd, pyzor and razor. > The MTA is postfix and I am seeing errors, which I believe are > caused by permission; however I do not know where to start. > > I have followed guidelines here: http://www.clarkconnect.com/wiki/ > index.php?title=Howtos_-_Anti-Virus_and_Anti- > Spam_Filtering_with_MailScanner > > Also I am seeing when postfix restart errors: > > Jul 11 18:10:17 cansado postfix/postsuper[6336]: warning: bogus > file name: hold/razor-agent.log > Jul 11 18:10:34 cansado postfix/postsuper[6407]: warning: bogus > file name: hold/razor-agent.log This is becuase the home directory for the user that is running SpamAssassin (Postfix) is being used to store the log file. Stop Postfix and delete it. Stop MailScanner and add razor_config /var/ spool/MailScanner/spamassassin/razor/ to spam.assassin.prefs.conf Make sure these directories exist and can be written by the postfix user. Make sure that you run razor-admin -create -conf=/var/spool/ MailScanner/spamassassin/razor (In my example. Pick where ever suits you. Make sure you change the value in spam.assassin.pref.conf) and make sure a line 'logfile = razor-agent.log' and a line 'razorhome = / var/spool/MailScanner/spamassassin/razor' are in place. You can now restart MailScanner and Postfix and all should now be happy. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060712/c56f2c02/attachment.html From mikej at rogers.com Wed Jul 12 03:16:29 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 12 03:16:32 2006 Subject: [Fwd: Postfix 2.3 stable release available] Message-ID: <44B45B7D.20404@rogers.com> Just an FYI for postfix users. Bonus points for the first one to try and see if it works with MS :) -------- Original Message -------- Subject: Postfix 2.3 stable release available Date: Tue, 11 Jul 2006 21:16:18 -0400 (EDT) From: wietse@porcupine.org (Wietse Venema) Reply-To: Postfix users To: Postfix announce CC: Postfix users A few months later than usual, Postfix stable release 2.3 is now available. The release was postponed until Postfix was complete enough for today's email environment. Hopefully I can now spend more time doing new projects. You can find the Postfix 2.3.0 source code via the mirror sites listed at http://www.postfix.org/. If it's not there today, then it should show up in the course of the next 24 hours. 435112 Jul 11 17:24 postfix-2.3.0.HISTORY 35125 Jul 11 16:40 postfix-2.3.0.RELEASE_NOTES 2770830 Jul 11 17:25 postfix-2.3.0.tar.gz 280 Jul 11 17:25 postfix-2.3.0.tar.gz.sig What follows is a very much compressed summary of what has changed. See the RELEASE_NOTES file for compatibility issues that may affect your site. The HISTORY file gives a blow-by-blow account of what happened over the past 1+ year. Wietse - DSN (delivery status notification) support as described in RFC 3461 .. RFC 3464. This gives email senders control over notification of successful, delayed, and failed delivery. DSN involves extra parameters to the SMTP "MAIL FROM" and "RCPT TO" commands, as well as extra Postfix sendmail command line options for mail submission. See DSN_README for details, including how to limit the amount of information that you are willing to disclose. - Major updates to the TLS (SMTP encryption and authentication) support. Postfix 2.3 introduces a configuration user interface that is based on the concept of TLS security levels (none, may, encrypt, verify, secure) and that can more effectively deal with DNS spoofing. The old configuration user interface, with multiple boolean parameters to enable or enforce TLS, is still supported but will be removed after a few releases. See TLS_README for details. - Milter (mail filter) application support, compatible with Sendmail version 8.13.6 and earlier. This allows you to run a large number of plug-ins to reject unwanted mail, and to sign mail with for example domain keys. All Milter functions are implemented except the one that replaces the message body (this will be added later). All this and more is described in MILTER_README. - Enhanced status codes (RFC 3463). For example, status code 5.1.1 means "recipient unknown". Mail clients can translate these status codes into text in the user's own language, and greatly improve the user experience. Enhanced status codes can be specified in Postfix access tables, in header/body_checks content filter rules, in "rbl" reply templates, and so on. - Configurable bounce messages with support for non-ASCII character sets. Details are in the bounce(5) manual page. - Plug-in support for SASL authentication in the Postfix SMTP server and client. With this, Postfix can support multiple SASL implementations without conflicting source code patches. Postfix 2.3 has Dovecot SASL support built into the SMTP server. As before, support for Cyrus SASL is available as add-on feature for the Postfix SMTP server and client. See SASL_README for more information. - Support for sender-dependent ISP accounts, in the form of sender-dependent relayhost lookup and sender-dependent SASL username/password lookup. - The Postfix SMTP client now implements both the SMTP and LMTP protocols. This means that a lot of features have become available for LMTP mail delivery, including the shared TCP connection cache. - After TLS handshake failure, the SMTP client will now reconnect to the same server to try plaintext delivery (if TLS policy permits). Earlier Postfix versions would skip the server and defer delivery if no alternate MX host was available. - All delay logging now has sub-second resolution. Besides the total delay, Postfix logs separate delays for different stages of delivery (time in queue, time in queue manager, time to set up connection, and time to deliver). This gives better insight into the nature of performance bottle necks. - Smarter utilization of cached SMTP connections. When one destination has multiple inbound SMTP servers, the Postfix SMTP client will now send less mail via the slower ones, and more mail via the faster ones. - Support for empty MX records. Older Postfix versions treat this as a malformed response and defer mail delivery. From admin at thenamegame.com Wed Jul 12 05:02:26 2006 From: admin at thenamegame.com (Michael S.) Date: Wed Jul 12 05:00:14 2006 Subject: How do i completely turn off RBL checks? Message-ID: <200607120400.k6C40Cgm031391@bkserver.blacknight.ie> I'v never understood the syntax in spam.assassin.prefs.conf. What is the proper syntax? Is it; # skip_rbl_checks 1 skip_rbl_checks 1 # skip_rbl_checks 0 or skip_rbl_checks 0 Also I want to remove RBL checks in mailscanner.conf The lookups for RBLS is still happening and SA is scoring spamcop etc. I have the following in MailScanner.conf Spam List = # ORDB-RBL SBL+XBL # You can un-comment this to enable them # This is the list of spam domain blacklists which you are using # (such as the "rfc-ignorant" domains). See the "Spam List Definitions" # file for more information about what you can put here. # This can also be the filename of a ruleset. Spam Domain List = # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as spam and so the "Spam # Actions" will happen, unless the message reaches the levels for "High # Scoring Spam". By default this is set to 1 to mimic the previous # behaviour, which means that appearing in any "Spam Lists" will cause # the message to be treated as spam. # This can also be the filename of a ruleset. Spam Lists To Be Spam = 5 # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as "High Scoring Spam" and so # the "High Scoring Spam Actions" will happen. You probably want to set # this to 2 if you are actually using this feature. 5 is high enough that # it will never happen unless you use lots of "Spam Lists". # This can also be the filename of a ruleset. Spam Lists To Reach High Score = 8 Is this correct? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060712/d6dd0801/attachment.html From r.berber at computer.org Wed Jul 12 05:40:52 2006 From: r.berber at computer.org (=?windows-1252?Q?Ren=E9_Berber?=) Date: Wed Jul 12 05:41:14 2006 Subject: How do i completely turn off RBL checks? In-Reply-To: <200607120400.k6C40Cgm031391@bkserver.blacknight.ie> References: <200607120400.k6C40Cgm031391@bkserver.blacknight.ie> Message-ID: Michael S. wrote: > I?v never understood the syntax in spam.assassin.prefs.conf. > > What is the proper syntax? Is it; > > # skip_rbl_checks 1 > skip_rbl_checks 1 > # skip_rbl_checks 0 or > skip_rbl_checks 0 The second one, "skip_rbl_checks 1" > Also I want to remove RBL checks in mailscanner.conf > > The lookups for RBLS is still happening and SA is scoring spamcop etc. > > I have the following in MailScanner.conf > > Spam List = # ORDB-RBL SBL+XBL # You can un-comment this to enable them Correct. [snip] -- Ren? Berber From james at grayonline.id.au Wed Jul 12 08:09:03 2006 From: james at grayonline.id.au (James Gray) Date: Wed Jul 12 08:09:26 2006 Subject: Mailscanner installed on macosx 10.4.7 intel In-Reply-To: References: Message-ID: <44B4A00F.8050201@grayonline.id.au> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060712/dc981688/signature.bin From james at grayonline.id.au Wed Jul 12 08:33:12 2006 From: james at grayonline.id.au (James Gray) Date: Wed Jul 12 08:33:37 2006 Subject: Norman Sandbox and MailScanner In-Reply-To: <000501c6a518$f563e2c0$cb1aa8c0@PCTHIJS> References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> <44B3B96D.5030509@nkpanama.com><002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> <44B3E83B.8050609@USherbrooke.ca> <000501c6a518$f563e2c0$cb1aa8c0@PCTHIJS> Message-ID: <44B4A5B8.9060702@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sjakie wrote: > Denis wrote: >> Maybe you need to modify how MS calls Norman AV... Look into >> /usr/lib/MailScanner/norman-wrapper (or wherever >> /etc/MailScanner/virus.scanners.conf points to for your AV). > > /etc/MailScanner/virus.scanners.conf points to > /usr/lib/MailScanner/norman-wrapper > > ======[ /usr/lib/MailScanner/norman-wrapper ]======== > PackageDir=$1 > shift > prog=nvcc > > if [ "x$1" = "x-IsItInstalled" ]; then > [ -x ${PackageDir}/$prog ] && exit 0 > exit 1 > fi > > exec ${PackageDir}/$prog "$@" > ================================================== > > But as far as i can see the way Norman is called is ok, > also because the logfile of Norman tells me it detected a virus. > > I also looked at the file /usr/lib/MailScanner/MailScanner/SweepViruses.pm > and i think that in this script the output of Norman is analyzed (sub > ProcessNormanOutput). > > But i don't really understand perl so can anyone tell me if this is right? I think the problem is in the sandbox output not matching the output when virus is detected from the definitions. Besides the fact MailScanner doesn't call Norman with any options, so if you've hacked the wrapper to include options, you're on your own. As for the SweepVirus.pm stuff, it's not too hard to get your head around once you've played with a bit of regex :) The key part is this: return 0 unless $line =~ /^[^']+'([^']+)' -> '([^']+)'\s*$/; my ($filename, $virus) = ($1, $2); Which looks for lines that match Norman's output when a virus is detected (there's the examples Julian used at the beginning of the function). If a line is found that matches, basically whatever is between the last pair of single quotes on the left of the " -> " as the file name. Similarly whatever is between the first pair of single quotes on the right hand side of the " -> " is deemed to be the virus name[1]. So a line from Norman like: blah blah '/path/to/infected/file' -> 'BiteMe/W32 Trojan' foo foo foo Would read /path/to/infected/file and pump it into $filename and similar story with the virus name. Make sense? If Norman's sandbox thing generates output that differs from this format, then show us command line output (not the log file, or any ugly debugging info - just the bare minimum Norman needs to run this sandbox thingy) and either Julian, or someone on the list might be able to write a patch for you :) Cheers, James [1] REGEX Guru's - YES! I know that's not the whole story (there's a few extra qualifiers in there)...this is just a BRIEF explanation. So please don't nit-pick :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtKW4wBHpdJO7b9ERAupEAKCL7xhnlZm01xp5atfpEd6eZjUkxgCdFt10 IQHN8yJXaq2Rvzsgvfw6ZiE= =kkHg -----END PGP SIGNATURE----- From james at grayonline.id.au Wed Jul 12 08:36:31 2006 From: james at grayonline.id.au (James Gray) Date: Wed Jul 12 08:36:55 2006 Subject: Mailscanner installed on macosx 10.4.7 intel In-Reply-To: <44B4A00F.8050201@grayonline.id.au> References: <44B4A00F.8050201@grayonline.id.au> Message-ID: <44B4A67F.2070305@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James Gray wrote: > I've attached the two scripts in a tar file which you > simply need to unpack from the root directory ie; Dammit! That was supposed to go to the OP. Sorry for spamming the list with my scripts! I guess if anyone's curious about Apple-flavoured *nix, you can look at those scripts and get a taste :P - -- James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtKZ/wBHpdJO7b9ERAvG2AJ9b4Qk4mk+oFhM6MlyoDZOOTuCebACggZwc UNlAeGi9TjWeW6Kdqk6zNhM= =yQWt -----END PGP SIGNATURE----- From drew at themarshalls.co.uk Wed Jul 12 09:29:52 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jul 12 09:30:02 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <44B45B7D.20404@rogers.com> References: <44B45B7D.20404@rogers.com> Message-ID: <50944.194.70.180.170.1152692992.squirrel@webmail.r-bit.net> On Wed, July 12, 2006 03:16, Mike Jakubik wrote: > Just an FYI for postfix users. Bonus points for the first one to try and > see if it works with MS :) I am running 2.3RC4 with no problems and I cannot believe there has been much changed since the release candidate. Can't see there will be any issues. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ljosnet at gmail.com Wed Jul 12 11:46:15 2006 From: ljosnet at gmail.com (emm1) Date: Wed Jul 12 11:46:20 2006 Subject: Clamav updates Message-ID: <910ee2ac0607120346v3a105068p1693e44460c7ff00@mail.gmail.com> Does anyone know if Petr Kristof has stopped updating his clamav packages? I was looking for the newest clamav on his site and I only see 0.88.2-1 dated April 30. http://crash.fce.vutbr.cz/crash-hat/5/clamav/ w/R From Peter.Bates at lshtm.ac.uk Wed Jul 12 11:57:04 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Wed Jul 12 11:57:21 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <50944.194.70.180.170.1152692992.squirrel@webmail.r-bit.net> References: <44B45B7D.20404@rogers.com> <50944.194.70.180.170.1152692992.squirrel@webmail.r-bit.net> Message-ID: <44B4E3900200007600005E81@193.63.251.15> > drew@themarshalls.co.uk 12/07/06 09:29:52 >>> >On Wed, July 12, 2006 03:16, Mike Jakubik wrote: > Just an FYI for postfix users. Bonus points for the first one to try >and see if it works with MS :) >I am running 2.3RC4 with no problems and I cannot believe there has >been much changed since the release candidate. As an aside, it's interesting Wietse has chosen to implement Milter compatability, which considerably widens the options for having certain functionality (e.g. AV scanning) at a level before MailScanner might be reached. Most intriguing... ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From sjakie07 at chello.nl Wed Jul 12 12:05:07 2006 From: sjakie07 at chello.nl (Sjakie) Date: Wed Jul 12 12:05:17 2006 Subject: Norman Sandbox and MailScanner References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> <44B3B96D.5030509@nkpanama.com><002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> <44B3E83B.8050609@USherbrooke.ca><000501c6a518$f563e2c0$cb1aa8c0@PCTHIJS> <44B4A5B8.9060702@grayonline.id.au> Message-ID: <002101c6a5a3$08e670d0$cb1aa8c0@PCTHIJS> James wrote: > I think the problem is in the sandbox output not matching the output > when virus is detected from the definitions. Besides the fact > MailScanner doesn't call Norman with any options, so if you've hacked > the wrapper to include options, you're on your own. > > As for the SweepVirus.pm stuff, it's not too hard to get your head > around once you've played with a bit of regex :) The key part is this: > > return 0 unless $line =~ /^[^']+'([^']+)' -> '([^']+)'\s*$/; > my ($filename, $virus) = ($1, $2); > > Which looks for lines that match Norman's output when a virus is > detected (there's the examples Julian used at the beginning of the > function). If a line is found that matches, basically whatever is > between the last pair of single quotes on the left of the " -> " as the > file name. Similarly whatever is between the first pair of single quotes > on the right hand side of the " -> " is deemed to be the virus name[1]. > So a line from Norman like: > > blah blah '/path/to/infected/file' -> 'BiteMe/W32 Trojan' foo foo foo > > Would read /path/to/infected/file and pump it into $filename and similar > story with the virus name. > > Make sense? If Norman's sandbox thing generates output that differs > from this format, then show us command line output (not the log file, or > any ugly debugging info - just the bare minimum Norman needs to run this > sandbox thingy) and either Julian, or someone on the list might be able > to write a patch for you :) I did not hack the wrapper, it's the default Norman wrapper. When i look at the Norman logs, is seems that someway MailScanner calls Norman with these parameters: "nvcc -c -sb:1 -s -u ." which should be ok. (when i start Norman without any parameter from the prompt: "nvcc .", then in the Norman logs only these parameters: "." are logged) I'm totally new to regex but it makes a little more sense now, Thanks! Here's the Norman output (scanned a directory with the command: "nvcc -c -sb:1 -s -u .") 3 times, once with Eicar (detected from the definitions) once with dummy.exe (testfile to trigger Sandbox) and once with both Eicar and dummy.exe. The output with sandbox is a little different (basename/more then 1 line..) as you can see... so maybe this can be fixed!? I think it would be a great improvement... Thanks up front!!! ---[virus is detected from the definitions]----------------------------------------------------------------------------------------- NORMAN Norman Virus Control Version 5.70.01 Jun 15 2004 10:37:11 Copyright (c) 1993-2003 Norman ASA NSE revision 5.90.23 nvcbin.def revision 5.90 of 2006/07/11 (65535 variants) nvcmacro.def revision 5.90 of 2006/07/03 (19936 variants) Total number of variants: 85471 Logging to '/opt/norman/logs/nvc00003.log' Possible virus in '/root/SCANDIR/./eicar_com.zip : eicar.com' -> 'EICAR_Test_file_not_a_virus!' 1 possible infections found. 1 archives unpacked, 2 files found. 2 files, 2 kbytes scanned. Total scanning time: 0 min. 00 secs. 2 kbytes per second. ---[virus is detected with sandbox]----------------------------------------------------------------------------------------- NORMAN Norman Virus Control Version 5.70.01 Jun 15 2004 10:37:11 Copyright (c) 1993-2003 Norman ASA NSE revision 5.90.23 nvcbin.def revision 5.90 of 2006/07/11 (65535 variants) nvcmacro.def revision 5.90 of 2006/07/03 (19936 variants) Total number of variants: 85471 Logging to '/opt/norman/logs/nvc00001.log' Possible virus in './dummy.exe' -> 'Sandbox: W32/Malware; [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 4096 bytes. ' 1 possible infections found. 0 archives unpacked, 1 files found. 1 files, 5 kbytes scanned. Total scanning time: 0 min. 01 secs. 5 kbytes per second. ---[both Eicar and dummy.exe]----------------------------------------------------------------------------------------- NORMAN Norman Virus Control Version 5.70.01 Jun 15 2004 10:37:11 Copyright (c) 1993-2003 Norman ASA NSE revision 5.90.23 nvcbin.def revision 5.90 of 2006/07/11 (65535 variants) nvcmacro.def revision 5.90 of 2006/07/03 (19936 variants) Total number of variants: 85471 Logging to '/opt/norman/logs/nvc00002.log' Possible virus in './dummy.exe' -> 'Sandbox: W32/Malware; [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 4096 bytes. ' Possible virus in '/root/SCANDIR/./eicar_com.zip : eicar.com' -> 'EICAR_Test_file_not_a_virus!' 2 possible infections found. 1 archives unpacked, 3 files found. 3 files, 7 kbytes scanned. Total scanning time: 0 min. 00 secs. 7 kbytes per second. ---------------------------------------------------------------------------------------------------------------------------------- From sjakie07 at chello.nl Wed Jul 12 12:11:49 2006 From: sjakie07 at chello.nl (Sjakie) Date: Wed Jul 12 12:11:58 2006 Subject: Norman Sandbox and MailScanner References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> <44B3B96D.5030509@nkpanama.com><002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> <44B3E83B.8050609@USherbrooke.ca><000501c6a518$f563e2c0$cb1aa8c0@PCTHIJS> <44B4A5B8.9060702@grayonline.id.au> Message-ID: <001001c6a5a3$f8ab5c70$cb1aa8c0@PCTHIJS> This is one line in the Norman output: ----- Possible virus in '/root/SCANDIR/./eicar_com.zip : eicar.com' -> 'EICAR_Test_file_not_a_virus!' total 5 lines in the Norman output (sandbox): ----- Possible virus in './dummy.exe' -> 'Sandbox: W32/Malware; [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 4096 bytes. ' From drew at themarshalls.co.uk Wed Jul 12 12:42:41 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jul 12 12:42:56 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <44B4E3900200007600005E81@193.63.251.15> References: <44B45B7D.20404@rogers.com> <50944.194.70.180.170.1152692992.squirrel@webmail.r-bit.net> <44B4E3900200007600005E81@193.63.251.15> Message-ID: <51329.194.70.180.170.1152704561.squirrel@webmail.r-bit.net> On Wed, July 12, 2006 11:57, Peter Bates wrote: > >> drew@themarshalls.co.uk 12/07/06 09:29:52 >>> >>On Wed, July 12, 2006 03:16, Mike Jakubik wrote: >> Just an FYI for postfix users. Bonus points for the first one to try > >>and see if it works with MS :) > >>I am running 2.3RC4 with no problems and I cannot believe there has >>been much changed since the release candidate. > > As an aside, it's interesting Wietse has chosen to implement Milter > compatability, which considerably widens the options for having certain > functionality (e.g. AV scanning) at a level before MailScanner might be > reached. > > Most intriguing... Quite. Perhaps this was done to continue the 'Sendmailish feel' that has always been claimed. Does now mean I must go and find out what can be done with a milter. Never bothered before... Is there a central list of available milters I wonder? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From james at grayonline.id.au Wed Jul 12 12:59:59 2006 From: james at grayonline.id.au (James Gray) Date: Wed Jul 12 13:00:21 2006 Subject: Norman Sandbox and MailScanner In-Reply-To: <001001c6a5a3$f8ab5c70$cb1aa8c0@PCTHIJS> References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> <44B3B96D.5030509@nkpanama.com><002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> <44B3E83B.8050609@USherbrooke.ca><000501c6a518$f563e2c0$cb1aa8c0@PCTHIJS> <44B4A5B8.9060702@grayonline.id.au> <001001c6a5a3$f8ab5c70$cb1aa8c0@PCTHIJS> Message-ID: <44B4E43F.70606@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sjakie wrote: > > This is one line in the Norman output: > > ----- Possible virus in '/root/SCANDIR/./eicar_com.zip : eicar.com' -> > 'EICAR_Test_file_not_a_virus!' > > > > > total 5 lines in the Norman output (sandbox): > > ----- Possible virus in './dummy.exe' -> 'Sandbox: W32/Malware; [ > General information ] > * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - > REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. > * File length: 4096 bytes. > > ' Yep the problem is the sandbox output is multiple lines, AND the last line BEGINS with a single quote (see below). So using Julian's original REGEX, it will definitely NOT work. REGEX, unless you seriously get funky, deals with single lines in the pattern space, so multi-line output is a royal pain. Also, Julian's REGEX has this: /^[^']+'([^']+)' -> '([^']+)'\s*$/ Specifically, it is DESIGNED to ignore[1] lines the begin with one, or more, single quotes. See the problem? The sandbox output spans multiple lines until it reaches the terminator (a single quote), BUT the single quote is the first character on the line. No cigar :( It's too late and I'm too tired to think about how a single REGEX pattern could be written to match BOTH Norman's outputs. So I'll leave that as an exercise for someone who doesn't a have deadline tomorrow morning, a dead database tonight and 11 hours until the world ends :P Cheers, James [1] "Ignore" as in "NOT match". [^'] = means don't match a single quote -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtOQ/wBHpdJO7b9ERAjhWAKDZi+g5mXfkHhJYk7I9XJwf4lyNZQCg21mH Roibcx4o2f61qsNhgrnqSxA= =okiK -----END PGP SIGNATURE----- From james at grayonline.id.au Wed Jul 12 13:12:19 2006 From: james at grayonline.id.au (James Gray) Date: Wed Jul 12 13:12:42 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <51329.194.70.180.170.1152704561.squirrel@webmail.r-bit.net> References: <44B45B7D.20404@rogers.com> <50944.194.70.180.170.1152692992.squirrel@webmail.r-bit.net> <44B4E3900200007600005E81@193.63.251.15> <51329.194.70.180.170.1152704561.squirrel@webmail.r-bit.net> Message-ID: <44B4E723.10203@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drew Marshall wrote: > On Wed, July 12, 2006 11:57, Peter Bates wrote: >>> drew@themarshalls.co.uk 12/07/06 09:29:52 >>> >>> On Wed, July 12, 2006 03:16, Mike Jakubik wrote: >>> Just an FYI for postfix users. Bonus points for the first one to try >>> and see if it works with MS :) >>> I am running 2.3RC4 with no problems and I cannot believe there has >>> been much changed since the release candidate. >> As an aside, it's interesting Wietse has chosen to implement Milter >> compatability, which considerably widens the options for having certain >> functionality (e.g. AV scanning) at a level before MailScanner might be >> reached. >> >> Most intriguing... > > Quite. Perhaps this was done to continue the 'Sendmailish feel' that has > always been claimed. Does now mean I must go and find out what can be done > with a milter. Never bothered before... Is there a central list of > available milters I wonder? > > Drew http://www.milter.org/ is a good place to watch what's happening in the world of milters. - -- James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtOcjwBHpdJO7b9ERApy0AJ9zmrx5+DTrmoqqD7azRcoo32K1vwCgrahy wOGKN2p7JhVWT9xsiOQIh8c= =zmEl -----END PGP SIGNATURE----- From dhawal at netmagicsolutions.com Wed Jul 12 13:32:53 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jul 12 13:33:05 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <51329.194.70.180.170.1152704561.squirrel@webmail.r-bit.net> References: <44B45B7D.20404@rogers.com> <50944.194.70.180.170.1152692992.squirrel@webmail.r-bit.net> <44B4E3900200007600005E81@193.63.251.15> <51329.194.70.180.170.1152704561.squirrel@webmail.r-bit.net> Message-ID: <44B4EBF5.3060407@netmagicsolutions.com> Drew Marshall wrote: > On Wed, July 12, 2006 11:57, Peter Bates wrote: >>> drew@themarshalls.co.uk 12/07/06 09:29:52 >>> >>> On Wed, July 12, 2006 03:16, Mike Jakubik wrote: >>> Just an FYI for postfix users. Bonus points for the first one to try >>> and see if it works with MS :) >>> I am running 2.3RC4 with no problems and I cannot believe there has >>> been much changed since the release candidate. >> As an aside, it's interesting Wietse has chosen to implement Milter >> compatability, which considerably widens the options for having certain >> functionality (e.g. AV scanning) at a level before MailScanner might be >> reached. >> >> Most intriguing... > > Quite. Perhaps this was done to continue the 'Sendmailish feel' that has > always been claimed. Does now mean I must go and find out what can be done > with a milter. Never bothered before... Is there a central list of > available milters I wonder? > > Drew From the release notes.. All Milter functions are implemented except replacing the message body, which will be added later. Most milters would work as advertised.. whereas some like mimedefang will not work until later versions.. - dhawal From steve.swaney at fsl.com Wed Jul 12 13:38:53 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Jul 12 13:38:02 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <44B4E723.10203@grayonline.id.au> Message-ID: <062701c6a5b0$2264b410$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of James Gray > Sent: Wednesday, July 12, 2006 8:12 AM > To: MailScanner discussion > Subject: Re: [Fwd: Postfix 2.3 stable release available] > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Drew Marshall wrote: > > On Wed, July 12, 2006 11:57, Peter Bates wrote: > >>> drew@themarshalls.co.uk 12/07/06 09:29:52 >>> > >>> On Wed, July 12, 2006 03:16, Mike Jakubik wrote: > >>> Just an FYI for postfix users. Bonus points for the first one to try > >>> and see if it works with MS :) > >>> I am running 2.3RC4 with no problems and I cannot believe there has > >>> been much changed since the release candidate. > >> As an aside, it's interesting Wietse has chosen to implement Milter > >> compatability, which considerably widens the options for having certain > >> functionality (e.g. AV scanning) at a level before MailScanner might be > >> reached. > >> > >> Most intriguing... > > > > Quite. Perhaps this was done to continue the 'Sendmailish feel' that has > > always been claimed. Does now mean I must go and find out what can be > done > > with a milter. Never bothered before... Is there a central list of > > available milters I wonder? > > > > Drew > > http://www.milter.org/ is a good place to watch what's happening in the > world of milters. > > - -- James And the nice collection of milters at www.snertsoft.com. Most are free. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From peter at peterpolz.com Wed Jul 12 13:43:39 2006 From: peter at peterpolz.com (peter polz) Date: Wed Jul 12 13:43:49 2006 Subject: Mailscanner installed on macosx 10.4.7 intel In-Reply-To: <44B4A00F.8050201@grayonline.id.au> Message-ID: *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi! Thank you very much, did i need also the spamassassin+clamav bundle for mailscanner? Did i need any developer tools for installing mailscanner or only start the install.sh? What is to do wih install.rpm-fns.sh or with install.tar-fns.sh? Regards Peter > peter polz wrote: >> Hi! >> >> You have installed the FreeBSD version on the MacMini? > > Erm - the tar ball, yes. This one: > http://www.mailscanner.info/files/4/tar/MailScanner-install-4.55.7-1.tar.gz > >> To you have a small docu for install on macmini intel? > > Not yet. I was planning on writing one up on the Wiki, but after going > through the process, there's really nothing particularly "Mac specific" > beyond the standard tar ball install process, so I didn't really see the > point. The real tricky stuff is with the MTA (Macs use Postfix by > default) - but even then if you're not wanting to do virtual-user and > such, the default Postfix from Apple is fine (with the mods required for > MailScanner). > > The only problems I had were with regard to some Perl modules, which > simply needed to be installed without testing (some non-consequential > tests failed preventing installation). That was done via CPAN. If you > run Julian's install script in the tar ball version, you should be fine. > Same deal with his spamassassin+clamav bundle. He's really done a lot > of work to make the process quite painless. > > I think I was one of the first to install MailScanner on an Intel Mac > and I worked pretty closely with Julian to iron out a few little > wrinkles but nothing particularly important. Apart from the launchd > scripts to make sure MailScanner started at boot each time, it was > really simple. > > After you've done the MailScanner install and made sure it's all ok, you > need to add the launchd scripts. I've attached the two scripts in a tar > file which you simply need to unpack from the root directory ie; > cd / ; sudo tar -zxvf /path/to/launchd-scripts.tar.gz > > Verify the permissions (this is IMPORTANT!!): > drwxr-xr-x root wheel /Library/StartupItems/MailScanner > -rwxr-xr-x root wheel MailScanner > -rw-r--r-- root wheel StartupParameters.plist > > (the last two are IN the /Library/StartupItems/MailScanner directory) > > Then add MailScanner to the hostconfig file: > sudo echo "MAILSCANNER=-YES-" >> /etc/hostconfig > > Voila! You're done. > > HTH, > > James From sanjaykumar.pradhan at inmail.tranquilmoney.com Wed Jul 12 14:19:37 2006 From: sanjaykumar.pradhan at inmail.tranquilmoney.com (sanjaykumar.pradhan@inmail.tranquilmoney.com) Date: Wed Jul 12 14:22:47 2006 Subject: Mail scanner/spamassin/Clamav In-Reply-To: <910ee2ac0607120346v3a105068p1693e44460c7ff00@mail.gmail.com> References: <910ee2ac0607120346v3a105068p1693e44460c7ff00@mail.gmail.com> Message-ID: Hi, I am caughtup with a serious issue/error The problem is One of my mail user not getting attachments perticularly from another mail id ( both are in same domain ). This happen suddenly. Is this a problem with mailscanner/clamav/spamassasin ? I have the below setup Whitebox linux sendmail 8.12.10 MailScanner-4.54.6-1 Mail-SpamAssassin-3.1.2 clamav-0.88.2 The scenerio is A sending mails ( with attachment ) to B & C. Where B is unable to get the attachment where C is receiving the attachment. the mail goes with different messege ids. you can view the maillog attached below. [root@log] > cat maillog | grep k6CCQUV0028537 -- Jul 12 17:56:53 inmail sendmail[28537]: k6CCQUV0028537: from=, size=110820, class=0, nrcpts=1, msgid=<003101c6a5ae$d29265a0$1064a8c0@domainin>, proto=ESMTP, daemon=MTA-2, relay=.co.in Jul 12 17:56:57 l sendmail[28610]: k6CCQUV0028537: to=, ctladdr= (619/12), delay=00:00:04, xdelay=00:00:01, mailer=local, pri=230820, dsn=2.0.0, stat=Sent [root@log] > cat maillog | grep k6CCQUV1028537 -- Jul 12 17:56:53 l sendmail[28537]: k6CCQUV1028537: from=, size=114769, class=0, nrcpts=1, msgid=<003701c6a5ae$d2e826c0$1064a8c0@domain>, proto=ESMTP, daemon=MTA-2, relay=co.in Jul 12 17:56:57 inmail sendmail[28610]: k6CCQUV1028537: to=, ctladdr= (619/12), delay=00:00:04, xdelay=00:00:00, mailer=local, pri=234769, dsn=2.0.0, stat=Sent Can somebody face the same problem and any solution for this ? Thanx in advance. -Sanjay. CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. From maicon at raidbr.com.br Wed Jul 12 14:26:52 2006 From: maicon at raidbr.com.br (Maicon Triches) Date: Wed Jul 12 14:27:03 2006 Subject: mailwatch + postgresql Message-ID: <1152710812.6390.2.camel@localhost> have mailwatch write support in postgresql? tanks; Maicon From sjakie07 at chello.nl Wed Jul 12 14:40:09 2006 From: sjakie07 at chello.nl (Sjakie) Date: Wed Jul 12 14:40:19 2006 Subject: Norman Sandbox and MailScanner References: <001f01c6a475$e1ffbb80$cb1aa8c0@PCTHIJS> <44B3B96D.5030509@nkpanama.com><002801c6a50d$e0c6f150$cb1aa8c0@PCTHIJS> <44B3E83B.8050609@USherbrooke.ca><000501c6a518$f563e2c0$cb1aa8c0@PCTHIJS> <44B4A5B8.9060702@grayonline.id.au><001001c6a5a3$f8ab5c70$cb1aa8c0@PCTHIJS> <44B4E43F.70606@grayonline.id.au> Message-ID: <000601c6a5b8$b1340620$cb1aa8c0@PCTHIJS> James wrote: > Yep the problem is the sandbox output is multiple lines, AND the last > line BEGINS with a single quote (see below). So using Julian's original > REGEX, it will definitely NOT work. REGEX, unless you seriously get > funky, deals with single lines in the pattern space, so multi-line > output is a royal pain. > > Also, Julian's REGEX has this: > > /^[^']+'([^']+)' -> '([^']+)'\s*$/ > > Specifically, it is DESIGNED to ignore[1] lines the begin with one, or > more, single quotes. See the problem? The sandbox output spans > multiple lines until it reaches the terminator (a single quote), BUT the > single quote is the first character on the line. No cigar :( > > It's too late and I'm too tired to think about how a single REGEX > pattern could be written to match BOTH Norman's outputs. So I'll leave > that as an exercise for someone who doesn't a have deadline tomorrow > morning, a dead database tonight and 11 hours until the world ends :P Thanks for your help! If it's really difficult to write a single REGEX pattern to match BOTH Norman's outputs, then maybe as a workaround it would be possible to add a new virusscanner i.e. "normansandbox" in MailScanner? It might not be the best solution and it maybe slower (Virus Scanners = norman normansandbox clamav) but i can live with that. I could even disable sandbox scanning in the default "norman" virusscanner of MailScanner (options -sb:0) so that this one will be a little bit faster. Is this possible and what would the REGEX for "normansandbox" look like? Sjakie From Denis.Beauchemin at USherbrooke.ca Wed Jul 12 15:18:44 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jul 12 15:19:26 2006 Subject: Mail scanner/spamassin/Clamav In-Reply-To: References: <910ee2ac0607120346v3a105068p1693e44460c7ff00@mail.gmail.com> Message-ID: <44B504C4.4070206@USherbrooke.ca> sanjaykumar.pradhan@inmail.tranquilmoney.com a ?crit : > > Hi, > > I am caughtup with a serious issue/error > > The problem is > > One of my mail user not getting attachments perticularly from another > mail id ( both are in same domain ). This happen suddenly. > > Is this a problem with mailscanner/clamav/spamassasin ? > > I have the below setup > > Whitebox linux > sendmail 8.12.10 > MailScanner-4.54.6-1 > Mail-SpamAssassin-3.1.2 > clamav-0.88.2 > > The scenerio is A sending mails ( with attachment ) to B & C. Where B > is unable to get the attachment where C is receiving the attachment. > the mail goes with different messege ids. you can view the maillog > attached below. > > > > [root@log] > cat maillog | grep k6CCQUV0028537 -- > > Jul 12 17:56:53 inmail sendmail[28537]: k6CCQUV0028537: from=, > size=110820, class=0, nrcpts=1, > msgid=<003101c6a5ae$d29265a0$1064a8c0@domainin>, proto=ESMTP, > daemon=MTA-2, relay=.co.in > > Jul 12 17:56:57 l sendmail[28610]: k6CCQUV0028537: to=, ctladdr= > (619/12), delay=00:00:04, xdelay=00:00:01, mailer=local, pri=230820, > dsn=2.0.0, stat=Sent > > [root@log] > cat maillog | grep k6CCQUV1028537 -- > > Jul 12 17:56:53 l sendmail[28537]: k6CCQUV1028537: from=, > size=114769, class=0, nrcpts=1, > msgid=<003701c6a5ae$d2e826c0$1064a8c0@domain>, proto=ESMTP, > daemon=MTA-2, relay=co.in > > Jul 12 17:56:57 inmail sendmail[28610]: k6CCQUV1028537: to=, > ctladdr= (619/12), delay=00:00:04, xdelay=00:00:00, mailer=local, > pri=234769, dsn=2.0.0, stat=Sent > > > Can somebody face the same problem and any solution for this ? > > Thanx in advance. > > -Sanjay. Sanjay, There is nothing in your maillog that can point out the problem. Both messages were delivered (stat=Sent) but were not the same size. I'm assuming A was not writing to B and C at the same time because both messages had nrcpts=1 (Number of ReCiPienTS = 1). A must have sent 2 different messages to B and C. Is your MailScanner logging? It would help to see what it did with the message since sendmail did its job. BTW you can type less by using "grep k6CCQUV0028537 maillog" instead of "cat maillog | grep ...". Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060712/0d0ad7ba/smime.bin From daniel.maher at ubisoft.com Wed Jul 12 15:33:58 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Wed Jul 12 15:34:01 2006 Subject: Clamav updates Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CF69@UBIMAIL1.ubisoft.org> You might like to check the official (?) ClamAV page instead: http://www.clamav.net/stable.php#pagestart Latest is 0.88.3 released 01 July 2006. Links to a sourceforge download page. _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of emm1 Sent: July 12, 2006 6:46 AM To: MailScanner discussion Subject: Clamav updates Does anyone know if Petr Kristof has stopped updating his clamav packages? I was looking for the newest clamav on his site and I only see 0.88.2-1 dated April 30. http://crash.fce.vutbr.cz/crash-hat/5/clamav/ w/R -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ugob at camo-route.com Wed Jul 12 16:12:05 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Jul 12 16:13:18 2006 Subject: mailwatch + postgresql In-Reply-To: <1152710812.6390.2.camel@localhost> References: <1152710812.6390.2.camel@localhost> Message-ID: Maicon Triches wrote: > have mailwatch write support in postgresql? due for 2.0 > > > tanks; > > Maicon > From Kevin_Miller at ci.juneau.ak.us Wed Jul 12 16:13:16 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Jul 12 16:13:26 2006 Subject: How do i completely turn off RBL checks? In-Reply-To: <200607120400.k6C40Cgm031391@bkserver.blacknight.ie> Message-ID: It can be confusing. In a nutshell, 0=false, and 1=true so skip_rbl_checks 1 really means skip_rbl_checks true Be nice if one could substitute the word with the number. Maybe we can? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael S. Sent: Tuesday, July 11, 2006 8:02 PM To: mailscanner@lists.mailscanner.info Subject: How do i completely turn off RBL checks? I'v never understood the syntax in spam.assassin.prefs.conf. What is the proper syntax? Is it; # skip_rbl_checks 1 skip_rbl_checks 1 # skip_rbl_checks 0 or skip_rbl_checks 0 Also I want to remove RBL checks in mailscanner.conf The lookups for RBLS is still happening and SA is scoring spamcop etc. I have the following in MailScanner.conf Spam List = # ORDB-RBL SBL+XBL # You can un-comment this to enable them # This is the list of spam domain blacklists which you are using # (such as the "rfc-ignorant" domains). See the "Spam List Definitions" # file for more information about what you can put here. # This can also be the filename of a ruleset. Spam Domain List = # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as spam and so the "Spam # Actions" will happen, unless the message reaches the levels for "High # Scoring Spam". By default this is set to 1 to mimic the previous # behaviour, which means that appearing in any "Spam Lists" will cause # the message to be treated as spam. # This can also be the filename of a ruleset. Spam Lists To Be Spam = 5 # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as "High Scoring Spam" and so # the "High Scoring Spam Actions" will happen. You probably want to set # this to 2 if you are actually using this feature. 5 is high enough that # it will never happen unless you use lots of "Spam Lists". # This can also be the filename of a ruleset. Spam Lists To Reach High Score = 8 Is this correct? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060712/5ad4e6f2/attachment.html From ugob at camo-route.com Wed Jul 12 16:13:31 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Wed Jul 12 16:15:45 2006 Subject: Nice reload of config with sendmail Message-ID: Hi, What is the less disturbing way to reload the MS/Sendmail config on a server? send a HUP to all sendmail process, then do a '/etc/init.d/MailScanner reload'? Thanks, Ugo From mikej at rogers.com Wed Jul 12 16:25:05 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 12 16:25:02 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <44B4E3900200007600005E81@193.63.251.15> References: <44B45B7D.20404@rogers.com> <50944.194.70.180.170.1152692992.squirrel@webmail.r-bit.net> <44B4E3900200007600005E81@193.63.251.15> Message-ID: <44B51451.4020607@rogers.com> Peter Bates wrote: > As an aside, it's interesting Wietse has chosen to implement Milter > compatability, which considerably widens the options for having certain > functionality (e.g. AV scanning) at a level before MailScanner might be > reached. > > Most intriguing... > Yeah, but bypassing MS will eliminate logging and other things that MS does, so its not a very good idea. However implementing MS as a milter could be interesting. From Phil.Udel at salemcorp.com Wed Jul 12 16:32:43 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Wed Jul 12 16:33:08 2006 Subject: Problem with DBD::SQLite during upgrade Message-ID: <200607121536.k6CFaRVR002046@cat.salemcarriers.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Phil Udel.vcf Type: text/x-vcard Size: 445 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060712/ae042f41/PhilUdel.vcf From james at grayonline.id.au Wed Jul 12 17:05:01 2006 From: james at grayonline.id.au (James Gray) Date: Wed Jul 12 17:05:23 2006 Subject: Mailscanner installed on macosx 10.4.7 intel In-Reply-To: References: Message-ID: <44B51DAD.7040900@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 peter polz wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hi! > > Thank you very much, did i need also the spamassassin+clamav bundle for > mailscanner? Only if you want virus scanning and spamassassin filtering (both are highly recommended!). > Did i need any developer tools for installing mailscanner or only start the > install.sh? You'll need to install Xcode (or gcc/g++ from Fink) in order to compile clamav (and a few bits from spamassassin IIRC). Personally, I already had Xcode installed and it compiled everything without a problem. > What is to do wih install.rpm-fns.sh or with install.tar-fns.sh? They are called from install.sh around line 178: # # Read the installation-specific stuff and do any extra checks # . ./install.${DISTTYPE}-fns.sh ...where ${DISTTYPE} is defined earlier as either "rpm" or "tar". To install, you simply unpack the tar ball, change into the directory it created, and run "./install.sh" as root. Follow the prompts and at the end you'll only need to edit a few files in /opt/MailScanner :) Cheers, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtR2twBHpdJO7b9ERAkDXAKDWY1v640wOtU7nX6vL96r4gmRtaACdHoDs F8hYdIBcYIekzT8PO8xlyNc= =9SQO -----END PGP SIGNATURE----- From deja3-user at bitrealm.com Wed Jul 12 17:05:15 2006 From: deja3-user at bitrealm.com (Deja3) Date: Wed Jul 12 17:05:32 2006 Subject: Using MailScanner to allow/block out of office replies Message-ID: <20060712090515.l04e210sgwgkogk0@mail.bitrealm.com> Since Exchange can't allow/disallow out of office replies to the internet on a user-by-user basis (not due until Exchange 2007), can MailScanner be used to do this? I have: Internet - linux(mailscanner) - Exchange Exchange relays through mailscanner. Messages all contain "Out of Office AutoReply:" in the subject line. I'd like to have a whitelist of internal exchange users (user1@somedomian.com, user2@somedomain.com) in that file who would be allowed to relay through mailscanner, but then user3@somedomain.com would not be allowed since they aren't in the whitelist file. I still need for replies FROM the internet side that contain "Out of Office AutoReply:" to be allowed back to the Exchange box, of course. So maybe the whitelist file would look like: From: user1@somedomain.com yes From: user2@somedomain.com yes From: *@somedomain.com no FromOrTo: default yes And could something be put in MailScanner.conf to detect the Subject: Out of Office AutoReply: *" part that would use this whitelist if a match on subject was detected? Any way to do that with the current version (4.54) of mailscanner? From james at grayonline.id.au Wed Jul 12 17:09:39 2006 From: james at grayonline.id.au (James Gray) Date: Wed Jul 12 17:09:57 2006 Subject: Nice reload of config with sendmail In-Reply-To: References: Message-ID: <44B51EC3.5070008@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ugo Bellavance wrote: > Hi, > > What is the less disturbing way to reload the MS/Sendmail config on a > server? > > send a HUP to all sendmail process, then do a '/etc/init.d/MailScanner > reload'? > > Thanks, > > Ugo "init 6" usually does the trick ;) Personally, I just HUP the MS parent[1] (which kills all the kids before spawning a new brood of rug-rats) and "killall -HUP sendmail". I put all that in a bash script and dumped it in /root/bin/mail-reload.sh Cant reach that network ATM otherwise I'd send you a copy. Cheers, James [1] egrep + sed is your friend with this one. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtR7DwBHpdJO7b9ERAq5UAJ9Dq+AVNZP0H09zidQfbuewwYDbUACeNdfi CnRhtXNPlybDe2JBbLxEPhI= =WNyV -----END PGP SIGNATURE----- From arturs at netvision.net.il Wed Jul 12 18:14:55 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jul 12 17:18:13 2006 Subject: Nice reload of config with sendmail In-Reply-To: <44B51EC3.5070008@grayonline.id.au> Message-ID: <01ba01c6a5d6$b2cecec0$3701a8c0@lapxp> > Ugo Bellavance wrote: > > Hi, > > > > What is the less disturbing way to reload the > MS/Sendmail config on a > > server? > > > > send a HUP to all sendmail process, then do a > '/etc/init.d/MailScanner > > reload'? > > > > Thanks, > > > > Ugo > > "init 6" usually does the trick ;) > > Personally, I just HUP the MS parent[1] (which kills all the > kids before > spawning a new brood of rug-rats) and "killall -HUP sendmail". I put > all that in a bash script and dumped it in /root/bin/mail-reload.sh > > Cant reach that network ATM otherwise I'd send you a copy. > > Cheers, > > James Could you post it here? I would like to see it. thanks Best, -- Arthur Sherman +972-52-4878851 CPTeam From sales11 at iscnetwork.com Wed Jul 12 17:35:28 2006 From: sales11 at iscnetwork.com (Industry Standard Computers) Date: Wed Jul 12 17:35:43 2006 Subject: Restricted incoming users ruleset In-Reply-To: <48B55389-18DA-4124-A741-F5A2944CDE22@themarshalls.co.uk> References: <44B2DC17.6030506@iscnetwork.com> <49827.194.70.180.170.1152623349.squirrel@webmail.r-bit.net> <44B40D41.3000903@iscnetwork.com> <48B55389-18DA-4124-A741-F5A2944CDE22@themarshalls.co.uk> Message-ID: <44B524D0.1080604@iscnetwork.com> The transport didn't work and that syntax was what I had used. My problem is right out of the Postfix ReadMe's: (except I changed the name of the database to make more sense.) --------------------------------------------- # Stop incoming mail to all users in the "restricted_incoming_user.db" smtpd_restriction_classes = restrictive, permissive restrictive = reject_unknown_sender_domain, reject_unknown_client_hostname permissive = permit smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/restricted_incoming_users ... --------------------------------------------- Postfix needs to do more documentation written in understandable English for the non-postfix expert. This is the main reason I came to MS in the first place to help secure my email server and the install was a nightmare on a "firewall" linux. Thanks for you help. butch From drew at themarshalls.co.uk Wed Jul 12 17:59:32 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jul 12 17:59:50 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <44B51451.4020607@rogers.com> References: <44B45B7D.20404@rogers.com> <50944.194.70.180.170.1152692992.squirrel@webmail.r-bit.net> <44B4E3900200007600005E81@193.63.251.15> <44B51451.4020607@rogers.com> Message-ID: <52676.194.70.180.170.1152723572.squirrel@webmail.r-bit.net> On Wed, July 12, 2006 16:25, Mike Jakubik wrote: > > Yeah, but bypassing MS will eliminate logging and other things that MS > does, so its not a very good idea. However implementing MS as a milter > could be interesting. Agreed but you lose the queuing aspects so it becomes a pre-queue filter and therefore resource reliant and puts the box at risk from 'message spikes'. You also lose the benefits of batch message handling so you get AMAVIS style product. We really want a post queue milter :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From lshaw at emitinc.com Wed Jul 12 20:00:29 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed Jul 12 20:00:48 2006 Subject: Nice reload of config with sendmail In-Reply-To: <01ba01c6a5d6$b2cecec0$3701a8c0@lapxp> References: <01ba01c6a5d6$b2cecec0$3701a8c0@lapxp> Message-ID: On Wed, 12 Jul 2006, Arthur Sherman wrote: >>> What is the less disturbing way to reload the MS/Sendmail config on a >>> server? James wrote: >> Personally, I just HUP the MS parent[1] (which kills all the >> kids before >> spawning a new brood of rug-rats) and "killall -HUP sendmail". I put >> all that in a bash script and dumped it in /root/bin/mail-reload.sh > Could you post it here? > I would like to see it. I find the easiest way to go in search of pids like this is to use the formatting capabilities that "ps" has on many versions of Unix, combined with awk. For example, on Linux: ps -e -o pid,ppid,comm | awk '$3 == "MailScanner" && $2 == 1 { print $1 }' That prints pid, parent pid, and command only as output from "ps". Then awk checks for processes whose name is "MailScanner" and whose parent is "1" (the init process). That should be the master MailScanner process. From there, it's just a matter of killing that one pid: kill `ps -e -o pid,ppid,comm | awk '$3 == "MailScanner" && $2 == 1 { print $1 }'` Or the more elaborate and verbose version: ps -e -o pid,ppid,comm | awk '$3 == "MailScanner" && $2 == 1 { print $1 }' | while read pid do echo "Killing this process:" ps -f -p "$pid" kill "$pid" done Or the more elaborate and verbose and paranoid version: ps -e -o pid,ppid,comm | awk '$3 == "MailScanner" && $2 == 1 { print $1 }' | while read pid do echo "Kill this process?" ps -f -p "$pid" # gotta redirect stdin here, else it will come from pipe read response < /dev/tty case "$response" in y|Y) echo "killing $pid" kill "$pid" ;; *) echo "leaving $pid alone" ;; esac done Of course, your script will want a delay in there to be sure that MailScanner really has exited. If you want to do the really obnoxious thing, you could always do this: #! /bin/sh get_mailscanner_pid () { ps -e -o pid,ppid,comm | awk '$3 == "MailScanner" && $2 == 1 { print $1 }' } stop_ms () { p=$1 echo "Killing $p." kill "$p" echo echo "Waiting for $p to exit..." while ps -p "$p" do sleep 3 done echo "$p has exited." } start_ms () { echo "Restarting." /opt/MailScanner/bin/check_mailscanner } ms_pid=`get_mailscanner_pid` stop_ms "$ms_pid" start_ms "$ms_pid" By the way, I've always used just "kill" and not "kill -HUP" with MailScanner and this seems to work fine -- it changes its argv[0] string to indicate it's gracefully exiting (killing children -- bwahahaha), so I'm not sure if SIGHUP matters or not. - Logan From izghitu at gmail.com Wed Jul 12 20:36:42 2006 From: izghitu at gmail.com (o omida parasita) Date: Wed Jul 12 20:36:46 2006 Subject: Problem with MailScanner and exim Message-ID: <948a6d890607121236r26a92a72lab2b5e310ef3f34c@mail.gmail.com> Hello, I have cPanel with exim 4.52 I removed ClamAV and Spamassassin from Cpanel I installed MailScanner, SpamAssassin, ClamAV, razor, nail, etc I configured MailScanner using the official documentation from MailScanner.info. The first 2 days everything worked like a charm. But now, and it is odd that absolutely no changes were made, the mail is not delivered, nore sent. When I revert everything to the initial state and install everything from the begining I receive the same error. If MailScanner is stopped and exim is running with -bd -q60m it works. I get this in /var/log/exim_mainlog: 2006-07-13 03:09:13 1G0iD2-00086O-TM <= izghitu@amassociates.com.au H=(localhost) [87.248.167.177] P=esmtpa A=fixed_plain:izghitu+amassociates.com.au S=705 id=64756130.20060712200908@amassociates.com.au 2006-07-13 03:09:13 1G0iD2-00086O-TM == izghitu@gmail.com R=defer_router defer (-1): All deliveries are deferred 2006-07-13 03:09:13 1G0iD2-00086O-TM ** izghitu@gmail.com: retry timeout exceeded 2006-07-13 03:09:13 1G0iD3-00086Q-Gw <= <> R=1G0iD2-00086O-TM U=mailnull P=local S=1595 2006-07-13 03:09:13 1G0iD3-00086Q-Gw == izghitu@amassociates.com.au R=defer_router defer (-1): All deliveries are deferred 2006-07-13 03:09:13 1G0iD3-00086Q-Gw ** izghitu@amassociates.com.au: retry timeout exceeded 2006-07-13 03:09:13 1G0iD3-00086Q-Gw izghitu@amassociates.com.au: error ignored 2006-07-13 03:09:13 1G0iD2-00086O-TM Completed 2006-07-13 03:09:13 1G0iD3-00086Q-Gw Completed Please help Thank you From matt at coders.co.uk Wed Jul 12 22:12:18 2006 From: matt at coders.co.uk (Matt Hampton) Date: Wed Jul 12 22:12:08 2006 Subject: ReadNotify.com Message-ID: <44B565B2.1000902@coders.co.uk> Has anyone else come across ReadNotify? One of my users received an email sent through the system today and it was caught as a web bug by MailScanner. Haven't been able to analyse one yet as I don't archive his data. matt From steve at netwaynetworks.com.au Thu Jul 13 00:21:39 2006 From: steve at netwaynetworks.com.au (Steven Evans) Date: Thu Jul 13 00:21:55 2006 Subject: Querie about whitelist - FromAndTo rule In-Reply-To: <44B565B2.1000902@coders.co.uk> Message-ID: <2B6E44C17D91EE49A0555A46332ED625016472FC@overlord.netwaynetworks.com.au> Hey guys Having alittle trouble with spam at the moment. Mailscanner is sofar the best product I've seen on the market - good work Julian! But I'm having alittle trouble with the white list function with SpamAssassin. I have a lot of spasm getting through that are to and from users but are really spam. Ie to and from user@company.com. Its quite an annoying problem because I havnt read anything in the list sofar where someone else has had the same problem. I've gone as far as having 2 rules like this: FromAndTo: user@company.com no From: user@company.com yes Would the second rule cancel out the first rule? Is there a feature in Mail scanner that can just drop or even mark emails that are to and from the same person as spam? Or am I missing something? Cheers, Steve From peter at peterpolz.com Thu Jul 13 07:01:34 2006 From: peter at peterpolz.com (peter polz) Date: Thu Jul 13 07:01:39 2006 Subject: Mailscanner installed on macosx 10.4.7 intel In-Reply-To: <44B51DAD.7040900@grayonline.id.au> Message-ID: *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi! To install spamassassin+clamav on mac mini intel is also easy over shell? Regards peter > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > peter polz wrote: >> *This message was transferred with a trial version of CommuniGate(tm) Pro* >> Hi! >> >> Thank you very much, did i need also the spamassassin+clamav bundle for >> mailscanner? > > Only if you want virus scanning and spamassassin filtering (both are > highly recommended!). > >> Did i need any developer tools for installing mailscanner or only start the >> install.sh? > > You'll need to install Xcode (or gcc/g++ from Fink) in order to compile > clamav (and a few bits from spamassassin IIRC). Personally, I already > had Xcode installed and it compiled everything without a problem. > >> What is to do wih install.rpm-fns.sh or with install.tar-fns.sh? > > They are called from install.sh around line 178: > > # > # Read the installation-specific stuff and do any extra checks > # > . ./install.${DISTTYPE}-fns.sh > > ...where ${DISTTYPE} is defined earlier as either "rpm" or "tar". To > install, you simply unpack the tar ball, change into the directory it > created, and run "./install.sh" as root. Follow the prompts and at the > end you'll only need to edit a few files in /opt/MailScanner :) > > Cheers, > > James > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEtR2twBHpdJO7b9ERAkDXAKDWY1v640wOtU7nX6vL96r4gmRtaACdHoDs > F8hYdIBcYIekzT8PO8xlyNc= > =9SQO > -----END PGP SIGNATURE----- From sanjaykumar.pradhan at inmail.tranquilmoney.com Thu Jul 13 07:51:53 2006 From: sanjaykumar.pradhan at inmail.tranquilmoney.com (sanjaykumar.pradhan@inmail.tranquilmoney.com) Date: Thu Jul 13 07:55:06 2006 Subject: Mail scanner/spamassin/Clamav In-Reply-To: <44B504C4.4070206@USherbrooke.ca> References: <910ee2ac0607120346v3a105068p1693e44460c7ff00@mail.gmail.com> <44B504C4.4070206@USherbrooke.ca> Message-ID: Thanx Denis, Actually A sending mail TO B and CCed to C. One thing confusing me is eventhough A sending one mail, sendmail deliverying with 2 diff message ids with diff sizes. And also user B getting all mails with attachments from other users. So I am not suspecting mail client tolls. User A using MS outlook and userB using Outlook express. Any other clue ? Thanx again. -Sanjay. On Wed, 12 Jul 2006, Denis Beauchemin wrote: > sanjaykumar.pradhan@inmail.tranquilmoney.com a �crit : >> >> Hi, >> >> I am caughtup with a serious issue/error >> >> The problem is >> >> One of my mail user not getting attachments perticularly from another mail >> id ( both are in same domain ). This happen suddenly. >> >> Is this a problem with mailscanner/clamav/spamassasin ? >> >> I have the below setup >> >> Whitebox linux >> sendmail 8.12.10 >> MailScanner-4.54.6-1 >> Mail-SpamAssassin-3.1.2 >> clamav-0.88.2 >> >> The scenerio is A sending mails ( with attachment ) to B & C. Where B is >> unable to get the attachment where C is receiving the attachment. the mail >> goes with different messege ids. you can view the maillog attached below. >> >> >> >> [root@log] > cat maillog | grep k6CCQUV0028537 -- >> >> Jul 12 17:56:53 inmail sendmail[28537]: k6CCQUV0028537: from=, >> size=110820, class=0, nrcpts=1, >> msgid=<003101c6a5ae$d29265a0$1064a8c0@domainin>, proto=ESMTP, daemon=MTA-2, >> relay=.co.in >> >> Jul 12 17:56:57 l sendmail[28610]: k6CCQUV0028537: to=, ctladdr= >> (619/12), delay=00:00:04, xdelay=00:00:01, mailer=local, pri=230820, >> dsn=2.0.0, stat=Sent >> >> [root@log] > cat maillog | grep k6CCQUV1028537 -- >> >> Jul 12 17:56:53 l sendmail[28537]: k6CCQUV1028537: from=, size=114769, >> class=0, nrcpts=1, msgid=<003701c6a5ae$d2e826c0$1064a8c0@domain>, >> proto=ESMTP, daemon=MTA-2, relay=co.in >> >> Jul 12 17:56:57 inmail sendmail[28610]: k6CCQUV1028537: to=, ctladdr= >> (619/12), delay=00:00:04, xdelay=00:00:00, mailer=local, pri=234769, >> dsn=2.0.0, stat=Sent >> >> >> Can somebody face the same problem and any solution for this ? >> >> Thanx in advance. >> >> -Sanjay. > > Sanjay, > > There is nothing in your maillog that can point out the problem. Both > messages were delivered (stat=Sent) but were not the same size. I'm assuming > A was not writing to B and C at the same time because both messages had > nrcpts=1 (Number of ReCiPienTS = 1). A must have sent 2 different messages to > B and C. > > Is your MailScanner logging? It would help to see what it did with the > message since sendmail did its job. > > BTW you can type less by using "grep k6CCQUV0028537 maillog" instead of "cat > maillog | grep ...". > > Denis > > -- > _ > �v� Denis Beauchemin, analyste > /(_)\ Universit� de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. From martinh at solid-state-logic.com Thu Jul 13 09:01:51 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 13 09:02:06 2006 Subject: Problem with MailScanner and exim In-Reply-To: <948a6d890607121236r26a92a72lab2b5e310ef3f34c@mail.gmail.com> References: <948a6d890607121236r26a92a72lab2b5e310ef3f34c@mail.gmail.com> Message-ID: <44B5FDEF.8010605@solid-state-logic.com> o omida parasita wrote: > Hello, > > I have cPanel with exim 4.52 > > I removed ClamAV and Spamassassin from Cpanel > > I installed MailScanner, SpamAssassin, ClamAV, razor, nail, etc > > I configured MailScanner using the official documentation from > MailScanner.info. > > The first 2 days everything worked like a charm. > > But now, and it is odd that absolutely no changes were made, the mail > is not delivered, nore sent. When I revert everything to the initial > state and install everything from the begining I receive the same > error. If MailScanner is stopped and exim is running with -bd -q60m it > works. > > I get this in /var/log/exim_mainlog: > > 2006-07-13 03:09:13 1G0iD2-00086O-TM <= izghitu@amassociates.com.au > H=(localhost) [87.248.167.177] P=esmtpa > A=fixed_plain:izghitu+amassociates.com.au S=705 > id=64756130.20060712200908@amassociates.com.au > 2006-07-13 03:09:13 1G0iD2-00086O-TM == izghitu@gmail.com > R=defer_router defer (-1): All deliveries are deferred > 2006-07-13 03:09:13 1G0iD2-00086O-TM ** izghitu@gmail.com: retry > timeout exceeded > 2006-07-13 03:09:13 1G0iD3-00086Q-Gw <= <> R=1G0iD2-00086O-TM > U=mailnull P=local S=1595 > 2006-07-13 03:09:13 1G0iD3-00086Q-Gw == izghitu@amassociates.com.au > R=defer_router defer (-1): All deliveries are deferred > 2006-07-13 03:09:13 1G0iD3-00086Q-Gw ** izghitu@amassociates.com.au: > retry timeout exceeded > 2006-07-13 03:09:13 1G0iD3-00086Q-Gw izghitu@amassociates.com.au: error > ignored > 2006-07-13 03:09:13 1G0iD2-00086O-TM Completed > 2006-07-13 03:09:13 1G0iD3-00086Q-Gw Completed > > Please help > Thank you Hi already replied via the exim list - check the 2nd (outbound) exim instance is running. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From chris at spandata.com.au Thu Jul 13 09:31:11 2006 From: chris at spandata.com.au (Chris Aitken) Date: Thu Jul 13 09:31:50 2006 Subject: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Message-ID: Quite possible, thanks again! Chris Aitken -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Tuesday, 11 July 2006 6:06 AM To: mailscanner@lists.mailscanner.info Subject: Re: Mailscanner keeps starting and mail delivers, but Mailscanner not processing mail... Chris Aitken spake the following on 7/7/2006 10:45 PM: > Hi Denis, > > All fixed. I just needed to make sure sendmail fully shutdown, before I started Mailscanner again. I also needed to make sure the line : > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > > was commented out in my sendmail.mc. Which is strange because im sure previously that line was active and it was working. > You might have had a sendmail rpm upgraded through yum that replaced it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Span Data, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Span Data, and is believed to be clean. From roger at rudnick.com.br Thu Jul 13 12:05:54 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Jul 13 12:06:27 2006 Subject: Clamav 0.88.3 References: <448D6615.9010304@coders.co.uk> Message-ID: <008001c6a66c$4f7ed9f0$0600a8c0@roger> Hello, Julian When will you upgrade your install-Clam-SA.rpm to the newest clamav version? Regards Roger Jochem From martinh at solid-state-logic.com Thu Jul 13 12:22:54 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 13 12:23:03 2006 Subject: Clamav 0.88.3 In-Reply-To: <008001c6a66c$4f7ed9f0$0600a8c0@roger> References: <448D6615.9010304@coders.co.uk> <008001c6a66c$4f7ed9f0$0600a8c0@roger> Message-ID: <44B62D0E.80403@solid-state-logic.com> Roger Jochem wrote: > Hello, Julian > > When will you upgrade your install-Clam-SA.rpm to the newest clamav > version? > > Regards > > Roger Jochem Roger he's on holiday till Saturday...No doubt he'll get around to it at the weekend....... -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From roger at rudnick.com.br Thu Jul 13 12:29:02 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Thu Jul 13 12:29:12 2006 Subject: Clamav 0.88.3 References: <448D6615.9010304@coders.co.uk> <008001c6a66c$4f7ed9f0$0600a8c0@roger> <44B62D0E.80403@solid-state-logic.com> Message-ID: <00ae01c6a66f$8afa7bd0$0600a8c0@roger> Ok! Thanks for the information... Regards Roger Jochem ----- Original Message ----- From: "Martin Hepworth" To: "MailScanner discussion" Sent: Thursday, July 13, 2006 8:22 AM Subject: Re: Clamav 0.88.3 > Roger Jochem wrote: >> Hello, Julian >> >> When will you upgrade your install-Clam-SA.rpm to the newest clamav >> version? >> >> Regards >> >> Roger Jochem > Roger > > he's on holiday till Saturday...No doubt he'll get around to it at the > weekend....... > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From drew at themarshalls.co.uk Thu Jul 13 13:12:16 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Jul 13 13:12:48 2006 Subject: Restricted incoming users ruleset In-Reply-To: <44B524D0.1080604@iscnetwork.com> References: <44B2DC17.6030506@iscnetwork.com> <49827.194.70.180.170.1152623349.squirrel@webmail.r-bit.net> <44B40D41.3000903@iscnetwork.com> <48B55389-18DA-4124-A741-F5A2944CDE22@themarshalls.co.uk> <44B524D0.1080604@iscnetwork.com> Message-ID: <53653.194.70.180.170.1152792736.squirrel@webmail.r-bit.net> On Wed, July 12, 2006 17:35, Industry Standard Computers wrote: > The transport didn't work and that syntax was what I had used. My > problem is right out of the Postfix ReadMe's: (except I changed the > name of the database to make more sense.) > > --------------------------------------------- > # Stop incoming mail to all users in the "restricted_incoming_user.db" > > smtpd_restriction_classes = restrictive, permissive > restrictive = reject_unknown_sender_domain, reject_unknown_client_hostname > permissive = permit > > smtpd_recipient_restrictions = check_recipient_access > hash:/etc/postfix/restricted_incoming_users ... > > --------------------------------------------- I assume you have postmapped the restricted_incoming_user file? What do you have in the file? Do you have any logs that show one of these banned users? Do they show any errors? > Postfix needs to do more documentation written in understandable English > for the non-postfix expert. I don't think the docs at www.postfix.org/postconf.5.html was that bad but I suppost that's from some one who understands a bit of waht Postfix is about... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From root at doctor.nl2k.ab.ca Thu Jul 13 13:50:37 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Thu Jul 13 13:51:27 2006 Subject: Clamav 0.88.3 In-Reply-To: <008001c6a66c$4f7ed9f0$0600a8c0@roger> References: <448D6615.9010304@coders.co.uk> <008001c6a66c$4f7ed9f0$0600a8c0@roger> Message-ID: <20060713125037.GA28208@doctor.nl2k.ab.ca> On Thu, Jul 13, 2006 at 08:05:54AM -0300, Roger Jochem wrote: > Hello, Julian > > When will you upgrade your install-Clam-SA.rpm to the newest clamav version? > As soon as he is back from vacation? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at thehostmasters.com Thu Jul 13 13:52:32 2006 From: rob at thehostmasters.com (Rob Morin) Date: Thu Jul 13 13:52:39 2006 Subject: How to remove checks for DSL? Message-ID: <44B64210.7020509@thehostmasters.com> The DSL scores are causing me some issues. I have a mailing list on the end of a DSL line, and every time i send something to it, i get marked as spam for being on a dsl line.... how can i simply not care about dsl checks? My clients do not like this.... plus i have some client that have exchange servers behind a dsl line and they get the same issues... But i need to do it in my local .cf so when rules du jour updates i do not loose my settings.... Thanks for any help and have a super day! Thanks... -- Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 From martinh at solid-state-logic.com Thu Jul 13 14:09:27 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 13 14:09:44 2006 Subject: How to remove checks for DSL? In-Reply-To: <44B64210.7020509@thehostmasters.com> References: <44B64210.7020509@thehostmasters.com> Message-ID: <44B64607.8060605@solid-state-logic.com> Rob Morin wrote: > The DSL scores are causing me some issues. I have a mailing list on the > end of a DSL line, and every time i send something to it, i get marked > as spam for being on a dsl line.... how can i simply not care about dsl > checks? My clients do not like this.... plus i have some client that > have exchange servers behind a dsl line and they get the same issues... > > But i need to do it in my local .cf so when rules du jour updates i do > not loose my settings.... > > Thanks for any help and have a super day! > > Thanks... > remove the check by give that RBL a zero score in spam.assassin.prefs.conf. I turn most of the RBL's off and end up with this lot in my file.. # don't do all the RBL's just orb and spamhause XBL - above #score __RCVD_IN_SBL_XBL 0.0 score RCVD_IN_SBL 0.0 score RCVD_IN_XBL 0.0 score __RCVD_IN_NJABL 0.0 score RCVD_IN_NJABL_DUL 0.0 score RCVD_IN_NJABL_MULTI 0.0 score RCVD_IN_NJABL_PROXY 0.0 score RCVD_IN_NJABL_RELAY 0.0 score RCVD_IN_NJABL_SPAM 0.0 score RCVD_IN_NJABL_CGI 0.0 #score __RCVD_IN_SORBS 0.0 score RCVD_IN_SORBS_HTTP 0.0 score RCVD_IN_SORBS_MISC 0.0 score RCVD_IN_SORBS_SMTP 0.0 score RCVD_IN_SORBS_SOCKS 0.0 score RCVD_IN_SORBS_WEB 0.0 score RCVD_IN_SORBS_BLOCK 0.0 score RCVD_IN_SORBS_ZOMBIE 0.0 score RCVD_IN_SORBS_DUL 0.0 score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0 score RCVD_IN_DSBL 0.0 score DNS_FROM_AHBL_RHSBL 0.0 #score HABEAS_INFRINGER 0.0 #score HABEAS_USER 0.0 score RCVD_IN_BSP_TRUSTED 0.0 score RCVD_IN_BSP_OTHER 0.0 #score __SENDERBASE 0.0 #score SB_NEW_BULK 0.0 #score SB_NSP_VOLUME_SPIKE 0.0 #core RCVD_IN_RSL 0.0 score RCVD_IN_MAPS_RBL 0.0 score RCVD_IN_MAPS_DUL 0.0 score RCVD_IN_MAPS_RSS 0.0 score RCVD_IN_MAPS_NML 0.0 the ones ending un DUL are the 'Dail-UP' checks. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rpotter at rpcs.net Thu Jul 13 15:04:43 2006 From: rpotter at rpcs.net (Richard Potter) Date: Thu Jul 13 15:04:49 2006 Subject: DCC config and MailScanner lint complaints on RHEL3 Message-ID: <20060713140442.GA13519@rpcs.net> I'm having problems on two RHEL3 servers, one is official RedHat, the other is a Centos box. SA lints OK, showing DCC and pyzor found, but they are not working. MailScanner --lint pukes on pyzor_path and dcc_path, as mentioned by Jeff in a previous thread. How can I troubleshoot this? What I find interesting, is that the very same MailScanner and SA setups are working fine on two RHEL4 servers. Could it be a perl issue on RHEL3 ? Cheers! -- Richard Potter From ssilva at sgvwater.com Thu Jul 13 18:04:10 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 13 18:04:52 2006 Subject: Mail scanner/spamassin/Clamav In-Reply-To: References: <910ee2ac0607120346v3a105068p1693e44460c7ff00@mail.gmail.com> <44B504C4.4070206@USherbrooke.ca> Message-ID: sanjaykumar.pradhan@inmail.tranquilmoney.com spake the following on 7/12/2006 11:51 PM: > > Thanx Denis, > > Actually A sending mail TO B and CCed to C. > > One thing confusing me is eventhough A sending one mail, sendmail > deliverying with 2 diff message ids with diff sizes. > > And also user B getting all mails with attachments from other users. So > I am not suspecting mail client tolls. > > User A using MS outlook and userB using Outlook express. > > Any other clue ? > Is user C also using outlook? If so, maybe user A is sending his mail set to rich text, which makes an attachment structure that outlook express doesn't understand or open. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From arturs at netvision.net.il Thu Jul 13 19:37:51 2006 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Jul 13 18:40:28 2006 Subject: How to remove checks for DSL? In-Reply-To: <44B64607.8060605@solid-state-logic.com> Message-ID: <005501c6a6ab$74f21b40$3701a8c0@lapxp> > Rob Morin wrote: > > The DSL scores are causing me some issues. I have a mailing > list on the > > end of a DSL line, and every time i send something to it, i > get marked > > as spam for being on a dsl line.... how can i simply not > care about dsl > > checks? My clients do not like this.... plus i have some > client that > > have exchange servers behind a dsl line and they get the > same issues... > > > > But i need to do it in my local .cf so when rules du jour > updates i do > > not loose my settings.... > > > > Thanks for any help and have a super day! > > > > Thanks... > > > remove the check by give that RBL a zero score in > spam.assassin.prefs.conf. > I turn most of the RBL's off and end up with this lot in my file.. > > # don't do all the RBL's just orb and spamhause XBL - above > #score __RCVD_IN_SBL_XBL 0.0 > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > #score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > > > the ones ending un DUL are the 'Dail-UP' checks. > > > -- > Martin Hepworth Hi Martin, Was machen sie bitte? ;) So what scores you do actually use? Also, I have seen this page: http://www.spamhaus.org/zen Which says "Caution: zen.spamhaus.org replaces sbl-xbl.spamhaus.org" So this means I (and everyone) have to replace sbl-xbl to zen, doesn't this? What file stores BL definitions? i.e. SBL-XBL = sbl-xbl.spamhaus.org Best, -- Arthur Sherman +972-52-4878851 CPTeam From Phil.Udel at salemcorp.com Thu Jul 13 18:49:50 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Thu Jul 13 18:50:03 2006 Subject: Can anyone recommend at utility. Message-ID: <200607131753.k6DHreYe003074@cat.salemcarriers.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Phil Udel.vcf Type: text/x-vcard Size: 445 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060713/33342258/PhilUdel.vcf From Phil.Udel at salemcorp.com Thu Jul 13 18:56:23 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Thu Jul 13 18:56:37 2006 Subject: Looking for a Utility.... Message-ID: <200607131800.k6DI0CYe003719@cat.salemcarriers.com> Management would like to send an Email for mail that scores between the Low and High Spam Score with A message that would say something like. Sorry. You message was blocked by our Spam filter. If you email was not Spam please go to this site. www.spam.domain.com Now I can make the message ez enough but I am looking for a utility to do the web site part. Maybe something like this site http://www.av-mx.com/contact/?flag=X4&ip=0.0.0.0 Phillip Udel Senior Systems Administrator Admin@SalemCorp.com (800) 877-2536 Ext 212 Rules To Live By: 1) On the keyboard of life, always keep one finger on the escape key. 2) There are absolutely no absolutes. 3) Artificial Intelligence is no match for natural stupidity 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not Truth From mkettler at evi-inc.com Thu Jul 13 18:56:24 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jul 13 18:56:49 2006 Subject: Can anyone recommend at utility. In-Reply-To: <200607131753.k6DHreYe003074@cat.salemcarriers.com> References: <200607131753.k6DHreYe003074@cat.salemcarriers.com> Message-ID: <44B68948.2020504@evi-inc.com> Phillip Udel wrote: > Management would like to send an Email for mail that scores between the > Low and High Spam Score with > > A message that would say something like? > > > > Sorry. You message was blocked by our Spam filter. > > If you email was not Spam please go to this site. > > www.spam.domain.com Please don't. This is an incredibly bad idea in the general case. Be aware that if you do this, and wind up sending messages back to innocent third parties who had their addresses forged, you can get blacklisted by spamcop for it. From ka at pacific.net Thu Jul 13 19:11:01 2006 From: ka at pacific.net (Ken A) Date: Thu Jul 13 19:10:48 2006 Subject: Can anyone recommend at utility. In-Reply-To: <200607131753.k6DHreYe003074@cat.salemcarriers.com> References: <200607131753.k6DHreYe003074@cat.salemcarriers.com> Message-ID: <44B68CB5.3010704@pacific.net> Phillip Udel wrote: > Management would like to send an Email for mail that scores between the Low > and High Spam Score with > > A message that would say something like. > > > > Sorry. You message was blocked by our Spam filter. > > If you email was not Spam please go to this site. > > www.spam.domain.com > > Here's the tool: Open your email client and type: 'Dear management: That's a dumb idea because we'd just be bouncing spam, most of the time, which is not a polite thing to do, since From: addresses are forged on spam.' Better to quarantine it, or tag and deliver it. Ken Pacific.Net > > > Now I can make the message ez enough but I am looking for a utility to do > the web site part. > > Maybe something like this site http://www.av-mx.com/contact/?flag=X4 > &ip=0.0.0.0 > > > > > > > > > > > > > > Phillip Udel > > Senior Systems Administrator > > Admin@SalemCorp.com > > (800) 877-2536 Ext 212 > > Rules To Live By: > > 1) On the keyboard of life, always keep one finger on the escape key. > > 2) There are absolutely no absolutes. > > 3) Artificial Intelligence is no match for natural stupidity > > 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not > Truth > > > > > From michele at blacknight.ie Thu Jul 13 19:28:42 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jul 13 19:28:45 2006 Subject: Looking for a Utility.... In-Reply-To: <200607131800.k6DI0CYe003719@cat.salemcarriers.com> References: <200607131800.k6DI0CYe003719@cat.salemcarriers.com> Message-ID: <44B690DA.6080807@blacknight.ie> Phillip Udel wrote: > Management would like to send an Email for mail that scores between the Low > and High Spam Score with > You may need to tell management that if they implement this your mail servers will be blacklisted by just about everybody -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From Phil.Udel at salemcorp.com Thu Jul 13 19:30:13 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Thu Jul 13 19:30:42 2006 Subject: Looking for a Utility.... In-Reply-To: <200607131800.k6DI0CYe003719@cat.salemcarriers.com> Message-ID: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> Ya. I agree that this is not the best idea. But as an example. We sell Trucks in our spare time. Well, one customer tried to answer the add but was blocked. Lol. She was blocked because she was emailing from the Ukraine and I have almost all Ukraine IP blocked. It would be nice to have a web page that either I or my Users could send them to be unblocked. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phillip Udel Sent: Thursday, July 13, 2006 12:56 PM To: mailscanner@lists.mailscanner.info Subject: Looking for a Utility.... Management would like to send an Email for mail that scores between the Low and High Spam Score with A message that would say something like. Sorry. You message was blocked by our Spam filter. If you email was not Spam please go to this site. www.spam.domain.com Now I can make the message ez enough but I am looking for a utility to do the web site part. Maybe something like this site http://www.av-mx.com/contact/?flag=X4&ip=0.0.0.0 Phillip Udel Senior Systems Administrator Admin@SalemCorp.com (800) 877-2536 Ext 212 Rules To Live By: 1) On the keyboard of life, always keep one finger on the escape key. 2) There are absolutely no absolutes. 3) Artificial Intelligence is no match for natural stupidity 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not Truth -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rob at thehostmasters.com Thu Jul 13 19:34:38 2006 From: rob at thehostmasters.com (Rob Morin) Date: Thu Jul 13 19:34:50 2006 Subject: How to remove checks for DSL? In-Reply-To: <44B64607.8060605@solid-state-logic.com> References: <44B64210.7020509@thehostmasters.com> <44B64607.8060605@solid-state-logic.com> Message-ID: <44B6923E.3050601@thehostmasters.com> But i do not want to block all RBL stuff, just the check for DSL, so if i do.. score RCVD_IN_SBL 0.0 score RCVD_IN_XBL 0.0 Will i give anything found there a score of 0.0 ? grepping for dsl in the SA rules gives me these rule filenames that check for dsl? 70_sare_header.cf:#counts SARE_HELO_EQ_DSL_3 3s/0h of 6924 corpus (1403s/5521h ft) 07/27/05 88_FVGT_headers.cf:header HELO_EQ_DSL X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^ ]+(?!(?:[a-z]dsl|dsl[a-z]))[-.]?dsl[-.]?/ 88_FVGT_headers.cf:score HELO_EQ_DSL 1.129 here is the headers of the email X-Peter-Dido-ca-MailScanner-SpamCheck: spam, SpamAssassin (score=4.328, required 4, HOST_EQ_DSL 0.49, HOST_EQ_DSL_DDDD 0.55, HOST_EQ_D_D_D_D 0.67, HOST_EQ_D_D_D_DB 0.89, HOST_MISMATCH_COM 0.31, NO_REAL_NAME 0.55, URI_SCHEME_MIXED_CASE 0.87) Thanks... Rob Morin Dido InterNet Inc. Montreal, Canada Http://www.dido.ca 514-990-4444 Martin Hepworth wrote: > Rob Morin wrote: >> The DSL scores are causing me some issues. I have a mailing list on >> the end of a DSL line, and every time i send something to it, i get >> marked as spam for being on a dsl line.... how can i simply not care >> about dsl checks? My clients do not like this.... plus i have some >> client that have exchange servers behind a dsl line and they get the >> same issues... >> >> But i need to do it in my local .cf so when rules du jour updates i >> do not loose my settings.... >> >> Thanks for any help and have a super day! >> >> Thanks... >> > remove the check by give that RBL a zero score in > spam.assassin.prefs.conf. > I turn most of the RBL's off and end up with this lot in my file.. > > # don't do all the RBL's just orb and spamhause XBL - above > #score __RCVD_IN_SBL_XBL 0.0 > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > score __RCVD_IN_NJABL 0.0 > score RCVD_IN_NJABL_DUL 0.0 > score RCVD_IN_NJABL_MULTI 0.0 > score RCVD_IN_NJABL_PROXY 0.0 > score RCVD_IN_NJABL_RELAY 0.0 > score RCVD_IN_NJABL_SPAM 0.0 > score RCVD_IN_NJABL_CGI 0.0 > #score __RCVD_IN_SORBS 0.0 > score RCVD_IN_SORBS_HTTP 0.0 > score RCVD_IN_SORBS_MISC 0.0 > score RCVD_IN_SORBS_SMTP 0.0 > score RCVD_IN_SORBS_SOCKS 0.0 > score RCVD_IN_SORBS_WEB 0.0 > score RCVD_IN_SORBS_BLOCK 0.0 > score RCVD_IN_SORBS_ZOMBIE 0.0 > score RCVD_IN_SORBS_DUL 0.0 > score __RFC_IGNORANT_ENVFROM 0.0 > score DNS_FROM_RFC_DSN 0.0 > score DNS_FROM_RFC_POST 0.0 > score DNS_FROM_RFC_ABUSE 0.0 > score DNS_FROM_RFC_WHOIS 0.0 > score DNS_FROM_RFC_BOGUSMX 0.0 > score RCVD_IN_DSBL 0.0 > score DNS_FROM_AHBL_RHSBL 0.0 > #score HABEAS_INFRINGER 0.0 > #score HABEAS_USER 0.0 > score RCVD_IN_BSP_TRUSTED 0.0 > score RCVD_IN_BSP_OTHER 0.0 > #score __SENDERBASE 0.0 > #score SB_NEW_BULK 0.0 > #score SB_NSP_VOLUME_SPIKE 0.0 > #core RCVD_IN_RSL 0.0 > score RCVD_IN_MAPS_RBL 0.0 > score RCVD_IN_MAPS_DUL 0.0 > score RCVD_IN_MAPS_RSS 0.0 > score RCVD_IN_MAPS_NML 0.0 > > > the ones ending un DUL are the 'Dail-UP' checks. > > From mailscanner at berger.nl Thu Jul 13 19:48:41 2006 From: mailscanner at berger.nl (mailscanner@berger.nl) Date: Thu Jul 13 19:48:55 2006 Subject: phishing not found Message-ID: <1152816521.48635@bsd4.nedport.net> Hi, I got a phishing email today from update@ebay.com with this link: http://updates.name/signin.ebay.com/ws23/eBayISAPI.htm?Sign1n&co_partner1d=2&pUser1d=&site1d=0&pageT1pe=&p41=&i1=&bsh0wgif=&Us1ngSSL=&pp=&pa42=&err4msg=&ru4name=&r4uparams=&ru4product=&s1d=&favor1tenav=&conf1rm=&ebxPageT1pe=&ex1stingEmail=&isCheck0ut=&migrateV1sitor= Mailscanner did not see the phishing fraud. Probably the slashes avoided the system. Can I change this myself or is this in mailscanner? Thanks, Roger From mkettler at evi-inc.com Thu Jul 13 19:48:57 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jul 13 19:49:07 2006 Subject: Looking for a Utility.... In-Reply-To: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> References: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> Message-ID: <44B69599.7020008@evi-inc.com> Phillip Udel wrote: > Ya. I agree that this is not the best idea. But as an example. > We sell Trucks in our spare time. Well, one customer tried to answer the > add but was blocked. Lol. She was blocked because she was emailing from > the Ukraine and I have almost all Ukraine IP blocked. > It would be nice to have a web page that either I or my Users could send > them to be unblocked. Ahh TMDA type "catch and release" systems... trying to make your spam into SEP (Someone Else's Problem). I always take the approach that if I get a TMDA or similar "is this nonspam?" request: If I actually sent mail, I refuse to release it. If I did not actually send the mail, I do release it. Which is of course the exact opposite of what the sender hoped I would do, but why would they trust me to make such judgments in the first place? In this kind of system what you're fundamentally doing is trying to use someone else as your spam filter. In the case of nonspam, you're making legitimate users jump through hoops. They have to "filter" their mail into the nonspam folder for you. How many users are going to consider you important enough to be worth the extra effort? In the case of spam, you're spamming a innocent third party with your request , possibly irritating them, and then trusting them to 'do the right thing' and not release the message. (I do consider these notices spam, like it or not, and I adjust my impressions of the sending site accordingly. I don't do business with spammers. Ever.) Do yourself a favor. Rather than trying to foist your problems on everyone else, fix your spam filter to not block them in the first place. From mkettler at evi-inc.com Thu Jul 13 19:49:37 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jul 13 19:49:45 2006 Subject: How to remove checks for DSL? In-Reply-To: <44B6923E.3050601@thehostmasters.com> References: <44B64210.7020509@thehostmasters.com> <44B64607.8060605@solid-state-logic.com> <44B6923E.3050601@thehostmasters.com> Message-ID: <44B695C1.6010309@evi-inc.com> Rob Morin wrote: > But i do not want to block all RBL stuff, just the check for DSL, so if > i do.. > > score RCVD_IN_SBL 0.0 > score RCVD_IN_XBL 0.0 > > Will i give anything found there a score of 0.0 ? In general, it will completely disable the check. From r.berber at computer.org Thu Jul 13 19:49:38 2006 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Thu Jul 13 19:50:57 2006 Subject: How does SA auto white-list works? Message-ID: Hi, I'm using the SA auto white-list feature with MailScanner 4.54.6, and there's something confusing in the result I'm seeing: a score is added if the address is white listed. Shouldn't it be subtracted? Example: Content analysis details: (7.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.5 SUBJECT_ENCODED_TWICE Subject: MIME encoded twice 2.2 FROM_ENDS_IN_NUMS From: ends in many numbers 1.3 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence 2.6 AWL AWL: From: address is in the auto white-list As you can see, the total score includes 2.6 points from being white-listed. Sounds wrong to me, I'll check if this is a bug in SA 3.1.3, any comments are welcomed. -- Ren? Berber From michele at blacknight.ie Thu Jul 13 20:02:58 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Thu Jul 13 20:03:00 2006 Subject: Looking for a Utility.... In-Reply-To: <44B69599.7020008@evi-inc.com> References: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> <44B69599.7020008@evi-inc.com> Message-ID: <44B698E2.2020201@blacknight.ie> Matt Kettler wrote: > > Do yourself a favor. Rather than trying to foist your problems on everyone else, > fix your spam filter to not block them in the first place. > Exactly -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From mkettler at evi-inc.com Thu Jul 13 20:09:34 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jul 13 20:09:49 2006 Subject: How does SA auto white-list works? In-Reply-To: References: Message-ID: <44B69A6E.7080203@evi-inc.com> Ren? Berber wrote: > Hi, > > I'm using the SA auto white-list feature with MailScanner 4.54.6, and there's > something confusing in the result I'm seeing: a score is added if the address is > white listed. Shouldn't it be subtracted? > Despite it's name, the AWL is NOT a whitelist. It's called that for lack of any better name that isn't huge. The AWL is really a "History-based average score tracking system with automatic whitelist and blacklist behaviors resulting from factoring past performance into current scores". But HBASTSAWBBRFPPICS is a rather long acronym. Please read: http://wiki.apache.org/spamassassin/AutoWhitelist and http://wiki.apache.org/spamassassin/AwlWrongWay From r.berber at computer.org Thu Jul 13 20:27:02 2006 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Thu Jul 13 20:27:50 2006 Subject: How does SA auto white-list works? In-Reply-To: <44B69A6E.7080203@evi-inc.com> References: <44B69A6E.7080203@evi-inc.com> Message-ID: Matt Kettler wrote: > Ren? Berber wrote: >> Hi, >> >> I'm using the SA auto white-list feature with MailScanner 4.54.6, and there's >> something confusing in the result I'm seeing: a score is added if the address is >> white listed. Shouldn't it be subtracted? >> > > Despite it's name, the AWL is NOT a whitelist. It's called that for lack of any > better name that isn't huge. > > The AWL is really a "History-based average score tracking system with automatic > whitelist and blacklist behaviors resulting from factoring past performance into > current scores". But HBASTSAWBBRFPPICS is a rather long acronym. > > Please read: > > http://wiki.apache.org/spamassassin/AutoWhitelist > > and > > http://wiki.apache.org/spamassassin/AwlWrongWay Thanks! That makes things a lot clearer. -- Ren? Berber From ssilva at sgvwater.com Thu Jul 13 21:51:05 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 13 21:51:31 2006 Subject: How does SA auto white-list works? In-Reply-To: <44B69A6E.7080203@evi-inc.com> References: <44B69A6E.7080203@evi-inc.com> Message-ID: Matt Kettler spake the following on 7/13/2006 12:09 PM: > Ren? Berber wrote: >> Hi, >> >> I'm using the SA auto white-list feature with MailScanner 4.54.6, and there's >> something confusing in the result I'm seeing: a score is added if the address is >> white listed. Shouldn't it be subtracted? >> > > Despite it's name, the AWL is NOT a whitelist. It's called that for lack of any > better name that isn't huge. > > The AWL is really a "History-based average score tracking system with automatic > whitelist and blacklist behaviors resulting from factoring past performance into > current scores". But HBASTSAWBBRFPPICS is a rather long acronym. > > Please read: > > http://wiki.apache.org/spamassassin/AutoWhitelist > > and > > http://wiki.apache.org/spamassassin/AwlWrongWay Isn't that what bayes is supposed to be? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dhawal at netmagicsolutions.com Thu Jul 13 22:02:00 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jul 13 22:08:40 2006 Subject: How does SA auto white-list works? In-Reply-To: References: <44B69A6E.7080203@evi-inc.com> Message-ID: <20060714023200.3at8f4da4gs844oc@mail.netmagicsolutions.com> Quoting Scott Silva : > Matt Kettler spake the following on 7/13/2006 12:09 PM: >> Ren? Berber wrote: >>> Hi, >>> >>> I'm using the SA auto white-list feature with MailScanner 4.54.6, >>> and there's >>> something confusing in the result I'm seeing: a score is added if >>> the address is >>> white listed. Shouldn't it be subtracted? >>> >> >> Despite it's name, the AWL is NOT a whitelist. It's called that for >> lack of any >> better name that isn't huge. >> >> The AWL is really a "History-based average score tracking system >> with automatic >> whitelist and blacklist behaviors resulting from factoring past >> performance into >> current scores". But HBASTSAWBBRFPPICS is a rather long acronym. >> >> Please read: >> >> http://wiki.apache.org/spamassassin/AutoWhitelist >> >> and >> >> http://wiki.apache.org/spamassassin/AwlWrongWay > Isn't that what bayes is supposed to be? Bayes will tokenize the entire message.. whereas awl only maintains a count of the 'from email-address' / 'IP-address pair' and averages the score. - dhawal From mkettler at evi-inc.com Thu Jul 13 22:20:33 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jul 13 22:20:44 2006 Subject: How does SA auto white-list works? In-Reply-To: References: <44B69A6E.7080203@evi-inc.com> Message-ID: <44B6B921.6060207@evi-inc.com> Scott Silva wrote: > Matt Kettler spake the following on 7/13/2006 12:09 PM: >> Ren? Berber wrote: >>> Hi, >>> >>> I'm using the SA auto white-list feature with MailScanner 4.54.6, and there's >>> something confusing in the result I'm seeing: a score is added if the address is >>> white listed. Shouldn't it be subtracted? >>> >> Despite it's name, the AWL is NOT a whitelist. It's called that for lack of any >> better name that isn't huge. >> >> The AWL is really a "History-based average score tracking system with automatic >> whitelist and blacklist behaviors resulting from factoring past performance into >> current scores". But HBASTSAWBBRFPPICS is a rather long acronym. >> >> Please read: >> >> http://wiki.apache.org/spamassassin/AutoWhitelist >> >> and >> >> http://wiki.apache.org/spamassassin/AwlWrongWay > Isn't that what bayes is supposed to be? No. The AWL is strictly the sender's email address and IP. It also defaults to taking no action at all if it's never seen mail from that sender before. Bayes is *COMPLETELY* different. Bayes largely works by analyzing words out of the body text, making them into "tokens" and keeping a database of how often each appears in spam and non-spam. Since bayes is word-based, you wind up with a massive amount of inter-relationship between messages which are only vaguely similar, even if they come from different senders and are discussing different subjects. For example, the learning from this message will impact: discussion of apache (because of the link) anything mentioning blacklist or whitelist anything discussing performance etc. Bayes does also tokenize sender addresses, and other header bits, but it's largely dominated by body-text-word based tokens. From lshaw at emitinc.com Thu Jul 13 22:46:30 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Thu Jul 13 22:46:53 2006 Subject: Looking for a Utility.... In-Reply-To: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> References: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> Message-ID: On Thu, 13 Jul 2006, Phillip Udel wrote: > Ya. I agree that this is not the best idea. But as an example. > We sell Trucks in our spare time. Well, one customer tried to answer the > add but was blocked. Lol. She was blocked because she was emailing from > the Ukraine and I have almost all Ukraine IP blocked. > It would be nice to have a web page that either I or my Users could send > them to be unblocked. It would be nice, but it presupposes that you have valid contact information for the sender of the questionable e-mail, which you do not. If you could assume the contact information was valid, that would imply that you already know the message is not spam[1]. But you don't already know that; if you did, you wouldn't be proposing this idea because it would be unnecessary. - Logan [1] because the vast majority of forged e-mail addresses occur in spam From lshaw at emitinc.com Thu Jul 13 22:52:46 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Thu Jul 13 22:52:57 2006 Subject: How does SA auto white-list works? In-Reply-To: <44B69A6E.7080203@evi-inc.com> References: <44B69A6E.7080203@evi-inc.com> Message-ID: On Thu, 13 Jul 2006, Matt Kettler wrote: > Despite it's name, the AWL is NOT a whitelist. It's called that for lack of any > better name that isn't huge. > > The AWL is really a "History-based average score tracking system with automatic > whitelist and blacklist behaviors resulting from factoring past performance into > current scores". But HBASTSAWBBRFPPICS is a rather long acronym. How about "Address Past History Tracker" (APHT)? Or "Past History Address Tracker" (PHAT)? - Logan From mkettler at evi-inc.com Thu Jul 13 23:05:35 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jul 13 23:05:50 2006 Subject: How does SA auto white-list works? In-Reply-To: References: <44B69A6E.7080203@evi-inc.com> Message-ID: <44B6C3AF.8080309@evi-inc.com> Logan Shaw wrote: > On Thu, 13 Jul 2006, Matt Kettler wrote: >> Despite it's name, the AWL is NOT a whitelist. It's called that for >> lack of any >> better name that isn't huge. >> >> The AWL is really a "History-based average score tracking system with >> automatic >> whitelist and blacklist behaviors resulting from factoring past >> performance into >> current scores". But HBASTSAWBBRFPPICS is a rather long acronym. > > How about "Address Past History Tracker" (APHT)? Or "Past > History Address Tracker" (PHAT)? Before this goes a whole lot further, this was actually the subject of a rather lengthy thread over on the SpamAssassin list about a year ago. See "AWL whaaat" on: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200505.mbox/thread?1 And also comments under this bug: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=2534 From alex at nkpanama.com Fri Jul 14 00:05:57 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Jul 14 00:09:39 2006 Subject: Looking for a Utility.... In-Reply-To: References: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> Message-ID: <44B6D1D5.8090006@nkpanama.com> The best you can hope for is to put a disclaimer in your "reject at the MTA level" response, if you're doing it at the MTA level. For example: 1.2.3 571 - Your message was rejected because it comes from a netblock we don't like. For more info go to http://philudell.com/blablah.html Logan Shaw wrote: > On Thu, 13 Jul 2006, Phillip Udel wrote: >> Ya. I agree that this is not the best idea. But as an example. >> We sell Trucks in our spare time. Well, one customer tried to >> answer the >> add but was blocked. Lol. She was blocked because she was emailing >> from >> the Ukraine and I have almost all Ukraine IP blocked. >> It would be nice to have a web page that either I or my Users could send >> them to be unblocked. > > It would be nice, but it presupposes that you have valid > contact information for the sender of the questionable e-mail, > which you do not. > > If you could assume the contact information was valid, that > would imply that you already know the message is not spam[1]. > But you don't already know that; if you did, you wouldn't be > proposing this idea because it would be unnecessary. > > - Logan > > [1] because the vast majority of forged e-mail addresses > occur in spam From res at ausics.net Fri Jul 14 00:18:51 2006 From: res at ausics.net (Res) Date: Fri Jul 14 00:18:58 2006 Subject: phishing not found In-Reply-To: <1152816521.48635@bsd4.nedport.net> References: <1152816521.48635@bsd4.nedport.net> Message-ID: All of ebay should be whitelisted, since they always come as a.ebay.com they never match :) and it annoys the hell out of users with every ebay marked as phishing. however blah.name/signin.blah should never work as / is an illegal char in DNS On Thu, 13 Jul 2006, mailscanner@berger.nl wrote: > Hi, > > I got a phishing email today from update@ebay.com with this link: > http://updates.name/signin.ebay.com/ws23/eBayISAPI.htm?Sign1n&co_partner1d=2&pUser1d=&site1d=0&pageT1pe=&p41=&i1=&bsh0wgif=&Us1ngSSL=&pp=&pa42=&err4msg=&ru4name=&r4uparams=&ru4product=&s1d=&favor1tenav=&conf1rm=&ebxPageT1pe=&ex1stingEmail=&isCheck0ut=&migrateV1sitor= > > Mailscanner did not see the phishing fraud. Probably the slashes avoided the system. > Can I change this myself or is this in mailscanner? > > Thanks, > > Roger > -- Cheers Res From james at grayonline.id.au Thu Jul 13 22:26:40 2006 From: james at grayonline.id.au (James Gray) Date: Fri Jul 14 00:22:46 2006 Subject: Mailscanner installed on macosx 10.4.7 intel In-Reply-To: References: Message-ID: <44B6BA90.4060804@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 peter polz wrote: > To install spamassassin+clamav on mac mini intel is also easy over shell? > > Regards > peter Hi Peter, Yes - dead easy. Just run the install script after unpacking the tar ball. I someone wanted to sponsor me with a copy of OSX Server I'd really like to help Julian out by writing a "System Pref" module (simple sort of "start at boot" thing) and some ".dmg" files so the MailScanner install process is as painless and Mac friendly as possible. Last I looked OSX Server is about AUD$700 - which is a bit beyond my budget at the moment. Any takers??? ;) Cheers, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEtrqQwBHpdJO7b9ERAlLfAJ4qHEDgMxnk3aoRKsg1t25J8Zm41QCbBp4G tCXOyUzZcW8i9gGVRY46KrU= =fNAV -----END PGP SIGNATURE----- From rowan at rownetco.com Fri Jul 14 01:20:21 2006 From: rowan at rownetco.com (John Rowan) Date: Fri Jul 14 01:25:25 2006 Subject: Archiving Message-ID: <44B6E345.70308@rownetco.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: rowan.vcf Type: text/x-vcard Size: 235 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060713/1a7f39ee/rowan.vcf From crichardson at cantella.com Fri Jul 14 02:10:15 2006 From: crichardson at cantella.com (Chris Richardson) Date: Fri Jul 14 02:02:47 2006 Subject: Archiving In-Reply-To: <44B6E345.70308@rownetco.com> References: <44B6E345.70308@rownetco.com> Message-ID: <44B6EEF7.1040707@cantella.com> you should insert the messages into a sql database as it would be even easyer but i would image if you put to: owner@co.com no from owner@co.com no it would exclude those John Rowan wrote: > Having reviewed the Mail Scanner message thread archives from January > - July 2006 I have been able to configure my client's system to place > a copy of all inbound / outbound email into the mailarchive user > account. I use the archive.rule stating FromOrTo: default > mailarchive@theirdomain.com > Now that that works "management" has stated that they want their email > excluded from the archiving rule. Management by the way are the > owners of this private company so they do as they please. If you are > going to advise me to tell them what they are doing is wrong, please > don't bother. They are not receptive to being "advised" how to run > their company. > > So with that said, how do I configure the rule to archive everyone > excluding specific email addresses? > > > The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this material from any computer. In accordance with industry regulations, all messages are retained and are subject to monitoring. This message has been scanned for viruses and dangerous content and is believed to be clean. Securities offered through Cantella & Co., Inc., Member NASD/SIPC. Home Office: 2 Oliver Street, 11th Floor, Boston, MA 02109 Telephone: (617)521-8630 From linux_spartacus at yahoo.com Fri Jul 14 02:29:51 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Fri Jul 14 02:29:58 2006 Subject: how to upgrade clamav? Message-ID: <20060714012951.68456.qmail@web35614.mail.mud.yahoo.com> hi guys, how can i upgrade my clamav without affecting my mail server. im using centos4.2 mailscanner, spamassassin and clamav. i recently found some logs when i issued freshclam, saying i have to upgrade it. tnx. --------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1?/min. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060713/870077ee/attachment.html From jrudd at ucsc.edu Fri Jul 14 02:43:51 2006 From: jrudd at ucsc.edu (John Rudd) Date: Fri Jul 14 02:44:05 2006 Subject: how to upgrade clamav? In-Reply-To: <20060714012951.68456.qmail@web35614.mail.mud.yahoo.com> References: <20060714012951.68456.qmail@web35614.mail.mud.yahoo.com> Message-ID: <73166fd725f08441e0a3229c464ebf82@ucsc.edu> On Jul 13, 2006, at 18:29, spart cus wrote: > hi guys, > how can i upgrade my clamav without affecting my mail server. im using > centos4.2 mailscanner, spamassassin and clamav. i recently found some > logs when i issued freshclam, saying i have to upgrade it. > If you're building/installing from source: 1) In a new directory, build and compile ("make" but don't "make install") the new clamav. Run any tests using the copy that is built in this directory, so make sure it works. 2) disable your cron job for "check_mailscanner" 3) stop mailscanner WITHOUT stopping sendmail/your-mta-of-choice. Ex: kill `cat /opt/mailscanner/var/*` 4) if you're using clamd, stop clamd (though, clamd is actually a bad idea with mailscanner, better to use the perl module or clamscan) 5) install the new clamav ("make install") 6) if you're using clamd, start clamd 7) start mailscanner (again, without re-starting sendmail/your-mta-of-choice) Ex: just run check_mailscanner 8) re-enable the cron job for check_mailscanner Steps 2-7 should go by in less than a minute or two, which shouldn't cause you too much backlog of unscanned messages. Because you haven't stopped sendmail, you wont have interrupted your service. You'll just have a brief backlog of unscanned messages which shouldn't take too long to recover from. If you do have a high mail volume, then pick a relatively low-activity time for doing this (midnight? 1am? 5am?). Actually, if you're using clamscan, you may not even have to stop mailscanner. On one pass of scanning, it'll use your old clamscan binary, and on the next pass it'll use the new one (with you having run "make install" in between). This is similar in principle to how the major-sophos update happens. But, it would be safest to stop mailscanner right before you do the "make install". From root at doctor.nl2k.ab.ca Fri Jul 14 03:14:49 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Jul 14 03:15:05 2006 Subject: how to upgrade clamav? In-Reply-To: <20060714012951.68456.qmail@web35614.mail.mud.yahoo.com> References: <20060714012951.68456.qmail@web35614.mail.mud.yahoo.com> Message-ID: <20060714021449.GA801@doctor.nl2k.ab.ca> On Thu, Jul 13, 2006 at 06:29:51PM -0700, spart cus wrote: > hi guys, > how can i upgrade my clamav without affecting my mail server. im using centos4.2 mailscanner, spamassassin and clamav. i recently found some logs when i issued freshclam, saying i have to upgrade it. > Do you compile straight from code or rpm? > tnx. > > > --------------------------------- > Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1?/min. > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From febrianto at sioenasia.com Fri Jul 14 03:30:40 2006 From: febrianto at sioenasia.com (Budi Febrianto) Date: Fri Jul 14 03:26:42 2006 Subject: how to upgrade clamav? In-Reply-To: <20060714021449.GA801@doctor.nl2k.ab.ca> Message-ID: mailscanner-bounces@lists.mailscanner.info wrote on 07/14/2006 09:14:49 AM: > On Thu, Jul 13, 2006 at 06:29:51PM -0700, spart cus wrote: > > hi guys, > > how can i upgrade my clamav without affecting my mail server. im > using centos4.2 mailscanner, spamassassin and clamav. i recently > found some logs when i issued freshclam, saying i have to upgrade it. > > > > Do you compile straight from code or rpm? > > > tnx. > > > > I'm not an expert, but I ussually do (form the source) ./configure;make;make install always works for me... never have any problem... yet :) From root at doctor.nl2k.ab.ca Fri Jul 14 03:31:06 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Jul 14 03:31:43 2006 Subject: how to upgrade clamav? In-Reply-To: References: <20060714021449.GA801@doctor.nl2k.ab.ca> Message-ID: <20060714023106.GA4195@doctor.nl2k.ab.ca> On Fri, Jul 14, 2006 at 09:30:40AM +0700, Budi Febrianto wrote: > > > mailscanner-bounces@lists.mailscanner.info wrote on 07/14/2006 09:14:49 AM: > > > On Thu, Jul 13, 2006 at 06:29:51PM -0700, spart cus wrote: > > > hi guys, > > > how can i upgrade my clamav without affecting my mail server. im > > using centos4.2 mailscanner, spamassassin and clamav. i recently > > found some logs when i issued freshclam, saying i have to upgrade it. > > > > > > > Do you compile straight from code or rpm? > > > > > tnx. > > > > > > > I'm not an expert, but I ussually do (form the source) > ./configure;make;make install > always works for me... never have any problem... yet :) > Compile straight from code. Same method will work. Just remember to tell your server about the update. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jrudd at ucsc.edu Fri Jul 14 04:05:25 2006 From: jrudd at ucsc.edu (John Rudd) Date: Fri Jul 14 04:06:02 2006 Subject: how to upgrade clamav? In-Reply-To: <20060714023106.GA4195@doctor.nl2k.ab.ca> References: <20060714021449.GA801@doctor.nl2k.ab.ca> <20060714023106.GA4195@doctor.nl2k.ab.ca> Message-ID: On Jul 13, 2006, at 7:31 PM, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Fri, Jul 14, 2006 at 09:30:40AM +0700, Budi Febrianto wrote: >> >> >> mailscanner-bounces@lists.mailscanner.info wrote on 07/14/2006 >> 09:14:49 AM: >> >>> On Thu, Jul 13, 2006 at 06:29:51PM -0700, spart cus wrote: >>>> hi guys, >>>> how can i upgrade my clamav without affecting my mail server. im >>> using centos4.2 mailscanner, spamassassin and clamav. i recently >>> found some logs when i issued freshclam, saying i have to upgrade it. >>>> >>> >>> Do you compile straight from code or rpm? >>> >>>> tnx. >>>> >>>> >> I'm not an expert, but I ussually do (form the source) >> ./configure;make;make install >> always works for me... never have any problem... yet :) >> > > Compile straight from code. > > Same method will work. > > Just remember to tell your server about the update. > I'm not sure, but I think if you're using the perl module, you have to restart mailscanner before it recognizes the new clamav library (though, that might happen "naturally" as the slave processes get turned over periodically). From sanjaykumar.pradhan at inmail.tranquilmoney.com Fri Jul 14 04:41:30 2006 From: sanjaykumar.pradhan at inmail.tranquilmoney.com (sanjaykumar.pradhan@inmail.tranquilmoney.com) Date: Fri Jul 14 04:45:13 2006 Subject: Mail scanner/spamassin/Clamav In-Reply-To: References: <910ee2ac0607120346v3a105068p1693e44460c7ff00@mail.gmail.com> <44B504C4.4070206@USherbrooke.ca> Message-ID: Thanx ssilva, Yes both B & C uses outlook express. But A uses MS outlook. I need to check this format issue also. -Sanjay. On Thu, 13 Jul 2006, Scott Silva wrote: > sanjaykumar.pradhan@inmail.tranquilmoney.com spake the following on 7/12/2006 > 11:51 PM: >> >> Thanx Denis, >> >> Actually A sending mail TO B and CCed to C. >> >> One thing confusing me is eventhough A sending one mail, sendmail >> deliverying with 2 diff message ids with diff sizes. >> >> And also user B getting all mails with attachments from other users. So >> I am not suspecting mail client tolls. >> >> User A using MS outlook and userB using Outlook express. >> >> Any other clue ? >> > Is user C also using outlook? > If so, maybe user A is sending his mail set to rich text, which makes an > attachment structure that outlook express doesn't understand or open. > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > CONFIDENTIALITY NOTICE: This e-mail and its attachments may contain PRIVILEGED and CONFIDENTIAL INFORMATION and/or PROTECTED PATIENT HEALTH INFORMATION intended solely for the use of Tranquilmoney Inc. it's clients and the recipient(s) named above. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution, printing, or copying of this e-mail message and/or any attachments is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and permanently delete this e-mail [shred the document] and any attachments. From sujithem at cdacb.ernet.in Fri Jul 14 06:35:40 2006 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Fri Jul 14 06:36:08 2006 Subject: MS not scanning some mails. Message-ID: <1152855340.2606.16.camel@suji> Hello Everyone, I have a peculiar problem. MailScanner is missing some of the spams. SpamAssassin Score:0.00 Spam Report: Score Matching Rule Description cached not out timed I have seen the same mail caught when it comes the very next time. I am having the latest stable versions of MS and all the other components as per mailscanner.info. OS is AS4. system uptime: 10:56:47 up 31 days, 21:11, 1 user, load average: 0.34, 0.26, 0.36 Thanks and Regards Sujith Emmanuel From sales11 at iscnetwork.com Fri Jul 14 06:43:05 2006 From: sales11 at iscnetwork.com (Industry Standard Computers) Date: Fri Jul 14 06:43:30 2006 Subject: Restricted incoming users ruleset In-Reply-To: <53653.194.70.180.170.1152792736.squirrel@webmail.r-bit.net> References: <44B2DC17.6030506@iscnetwork.com> <49827.194.70.180.170.1152623349.squirrel@webmail.r-bit.net> <44B40D41.3000903@iscnetwork.com> <48B55389-18DA-4124-A741-F5A2944CDE22@themarshalls.co.uk> <44B524D0.1080604@iscnetwork.com> <53653.194.70.180.170.1152792736.squirrel@webmail.r-bit.net> Message-ID: <44B72EE9.6000306@iscnetwork.com> Drew, Sorry it took a while to get a "who cares what blows up" box and a test domain. One single domain, 4 users. Thanks, Butch ------------------------------------------------------- I did a log rotate & a service MS restart and then sent an email to the restricted user "joejoe". ------------------------------------------------------- here is maillog log: Jul 14 01:25:05 butch MailScanner[19599]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... Jul 14 01:25:05 butch MailScanner[19599]: Read 746 hostnames from the phishing whitelist Jul 14 01:25:10 butch MailScanner[19599]: Using locktype = flock Jul 14 01:25:12 butch postfix/smtpd[19690]: connect from mail.cybrhost.net[67.99.202.39] Jul 14 01:25:12 butch postfix/smtpd[19690]: warning: unknown smtpd restriction: "restrictive" Jul 14 01:25:12 butch postfix/smtpd[19690]: NOQUEUE: reject: RCPT from mail.cybrhost.net[67.99.202.39]: 451 Server configuration error; from= to= proto=ESMTP helo= Jul 14 01:25:12 butch postfix/cleanup[19692]: 6BA606F07F2: message-id=<20060714052512.6BA606F07F2@butch.homelinux.com> Jul 14 01:25:12 butch postfix/smtpd[19690]: disconnect from mail.cybrhost.net[67.99.202.39] Jul 14 01:25:12 butch postfix/qmgr[19239]: 6BA606F07F2: from=, size=904, nrcpt=1 (queue active) Jul 14 01:25:12 butch postfix/cleanup[19692]: 744426F139A: message-id=<20060714052512.6BA606F07F2@butch.homelinux.com> Jul 14 01:25:12 butch postfix/qmgr[19239]: 744426F139A: from=, size=1049, nrcpt=1 (queue active) Jul 14 01:25:12 butch postfix/local[19693]: 6BA606F07F2: to=, orig_to=, relay=local, delay=0, status=sent (forwarded as 744426F139A) Jul 14 01:25:12 butch postfix/qmgr[19239]: 6BA606F07F2: removed # this line Root's .forward address. Jul 14 01:25:13 butch postfix/smtp[19694]: 744426F139A: to=, orig_to=, relay=gmail-smtp-in.l.google.com[64.233.185.114], delay=1, status=sent (250 2.0.0 OK 1152854708 12si2010465wrl) Jul 14 01:25:13 butch postfix/qmgr[19239]: 744426F139A: removed Jul 14 01:25:16 butch MailScanner[19758]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... Jul 14 01:25:16 butch MailScanner[19758]: Read 746 hostnames from the phishing whitelist Jul 14 01:25:21 butch MailScanner[19758]: Using locktype = flock Jul 14 01:25:27 butch MailScanner[19916]: MailScanner E-Mail Virus Scanner version 4.53.8 starting... Jul 14 01:25:28 butch MailScanner[19916]: Read 746 hostnames from the phishing whitelist Jul 14 01:25:32 butch MailScanner[19916]: Using locktype = flock -------------------------------------------------------- Here is main.cf: header_checks = regexp:/etc/postfix/header_checks queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = butch.homelinux.com mydomain = butch.homelinux.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 virtual_maps = hash:/etc/postfix/virtual alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.1.5/samples readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_local_domain = norealm.lan bounce_queue_lifetime = 6h local_recipient_maps = luser_relay = jane mailbox_size_limit = 512000000 message_size_limit = 10240000 smtpd_restriction_classes = restrictive, permissive restrictive = reject_unknown_sender_domain, reject_unknown_client_hostname permissive = permit smtpd_restriction_classes = local_only, local_plus local_only = reject_unauth_destination local_plus = check_recipient_access hash:/etc/postfix/local_plus reject_unauth_destination smtpd_delay_reject = yes smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/restricted_senders smtpd_recipient_restrictions = permit_mynetworks check_recipient_access hash:/etc/postfix/restricted_incoming_users reject_unauth_destination permit_sasl_authenticated ----------------------------------------------------- All the .db's are up to date and here is a directory listing of /etc/postfix: -rw-r--r-- 1 root root 14K May 28 2005 access -rw-r--r-- 1 root root 601 Dec 3 2005 aliases -rw-r--r-- 1 root root 12K Jul 8 03:26 aliases.db -rw-r--r-- 1 root root 2.2K Jun 25 14:52 butch.postfix -rw-r--r-- 1 root root 8.9K May 28 2005 canonical -rw-r--r-- 1 root root 15K Jul 8 10:46 header_checks -rw-r--r-- 1 root root 12K May 28 2005 LICENSE -rw-r--r-- 1 root root 35 Oct 23 2005 local_domains -rw-r--r-- 1 root root 12K Jul 14 01:20 local_domains.db -rw-r--r-- 1 root root 103 Jun 25 14:49 local_plus -rw-r--r-- 1 root root 12K Jul 14 01:20 local_plus.db -rw-r--r-- 1 root root 28K Jul 14 00:16 main.cf -rw-r--r-- 1 root root 998 May 28 2005 makedefs.out -rw-r--r-- 1 root root 7.0K Aug 13 2005 master.cf -rw-r--r-- 1 root root 16K May 28 2005 postfix-files -rwxr-xr-x 1 root root 5.7K May 28 2005 postfix-script -rwxr-xr-x 1 root root 22K May 28 2005 post-install -rw-r--r-- 1 root root 88 Oct 23 2005 recipient_access -rw-r--r-- 1 root root 12K Jul 14 01:21 recipient_access.db -rw-r--r-- 1 root root 6.3K May 28 2005 relocated -rw-r--r-- 1 root root 40 Jun 25 12:41 restricted_incoming_users -rw-r--r-- 1 root root 12K Jul 14 01:21 restricted_incoming_users.db -rw-r--r-- 1 root root 75 Jun 25 13:30 restricted_senders -rw-r--r-- 1 root root 12K Jul 14 01:21 restricted_senders.db -rw-r--r-- 1 root root 12K Jul 11 11:30 sasl_passwd.db -rw-r--r-- 1 root root 47 Jul 11 12:05 sasl_passwdXXXX -rw-r--r-- 1 root root 124 Jul 11 20:41 transport -rw-r--r-- 1 root root 12K Jul 14 01:20 transport.db -rw-r--r-- 1 root root 11K Jul 11 11:21 transport.original -rw-r--r-- 1 root root 38 Oct 23 2005 virtual -rw-r--r-- 1 root root 12K Oct 23 2005 virtual.db --------------------------------------------------------------------- person who send the email to joejoe gets this back a few times: Out: 220 butch.homelinux.com ESMTP Postfix In: EHLO cybrhost.net Out: 250-butch.homelinux.com Out: 250-PIPELINING Out: 250-SIZE 10240000 Out: 250-VRFY Out: 250-ETRN Out: 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5 Out: 250-AUTH=DIGEST-MD5 PLAIN LOGIN CRAM-MD5 Out: 250 8BITMIME In: MAIL FROM: SIZE=1320 Out: 250 Ok In: RCPT TO: Out: 451 Server configuration error In: QUIT Out: 221 Bye From mailscanner at berger.nl Fri Jul 14 07:11:13 2006 From: mailscanner at berger.nl (mailscanner@berger.nl) Date: Fri Jul 14 07:11:17 2006 Subject: phishing not found In-Reply-To: Message-ID: <1152857473.38064@bsd4.nedport.net> http://updates.name/signin.ebay.com is completely legal and it works. Just try the link and you find out that it works and looks very real. whitelisting all ebay is to easy and I think a lot off phishing is done using ebay. I think when a.ebay.com has a link to b.ebay.com is not a problem (they are both within the ebay.com domain). but update.ebay.com with a link to updates.name/blahblahblah seems to be phishing. My opinion is that links are save as long as they link within the same domain. BTW. What I forget to tell is that MailScanner did tag it with {Spam} thanks to the(Sare)rules and with {Disarmed} which seems to be working. But within the mail there is nothing changed and the links are just working. Greetings, Roger Res wrote .. > All of ebay should be whitelisted, since they always come > as a.ebay.com they never match :) > and it annoys the hell out of users with every ebay marked as phishing. > > however blah.name/signin.blah should never work as / is an illegal char > in DNS > > > On Thu, 13 Jul 2006, mailscanner@berger.nl wrote: > > > Hi, > > > > I got a phishing email today from update@ebay.com with this link: > > http://updates.name/signin.ebay.com/ws23/eBayISAPI.htm?Sign1n&co_partner1d=2&pUser1d=&site1d=0&pageT1pe=&p41=&i1=&bsh0wgif=&Us1ngSSL=&pp=&pa42=&err4msg=&ru4name=&r4uparams=&ru4product=&s1d=&favor1tenav=&conf1rm=&ebxPageT1pe=&ex1stingEmail=&isCheck0ut=&migrateV1sitor= > > > > Mailscanner did not see the phishing fraud. Probably the slashes avoided > the system. > > Can I change this myself or is this in mailscanner? > > > > Thanks, > > > > Roger > > > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Fri Jul 14 09:20:14 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jul 14 09:21:02 2006 Subject: Looking for a Utility.... In-Reply-To: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> References: <200607131834.k6DIY2Ye007409@cat.salemcarriers.com> Message-ID: <44B753BE.5040507@solid-state-logic.com> Blocking by ip-range is normally a bad thing - as you found out. I find blocking non-existance 'to' addresses reduces the load the best. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Phillip Udel wrote: > Ya. I agree that this is not the best idea. But as an example. > We sell Trucks in our spare time. Well, one customer tried to answer the > add but was blocked. Lol. She was blocked because she was emailing from > the Ukraine and I have almost all Ukraine IP blocked. > It would be nice to have a web page that either I or my Users could send > them to be unblocked. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phillip > Udel > Sent: Thursday, July 13, 2006 12:56 PM > To: mailscanner@lists.mailscanner.info > Subject: Looking for a Utility.... > > Management would like to send an Email for mail that scores between the Low > and High Spam Score with > > A message that would say something like. > > > Sorry. You message was blocked by our Spam filter. > If you email was not Spam please go to this site. > www.spam.domain.com > > > Now I can make the message ez enough but I am looking for a utility to do > the web site part. > > Maybe something like this site > http://www.av-mx.com/contact/?flag=X4&ip=0.0.0.0 > > > Phillip Udel > Senior Systems Administrator > Admin@SalemCorp.com > (800) 877-2536 Ext 212 > Rules To Live By: > 1) On the keyboard of life, always keep one finger on the escape key. > 2) There are absolutely no absolutes. > 3) Artificial Intelligence is no match for natural stupidity > 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not > Truth > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Fri Jul 14 09:26:19 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jul 14 09:26:51 2006 Subject: Archiving In-Reply-To: <44B6E345.70308@rownetco.com> References: <44B6E345.70308@rownetco.com> Message-ID: <44B7552B.3010307@solid-state-logic.com> Suggestions can help rather than advisors.... anyway first of all you'll have to split all the messages into individual messages - see the wiki for sendmail, exim postfix ways of doing this... then you can add a ruleset on the archive option to ignore these people - not sure what SOX or other laws would have implications mind you. BUT of course if the email was to mgr1@domain and worker1@domain then the email would still be archived under the worker1@domain setting.. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 John Rowan wrote: > Having reviewed the Mail Scanner message thread archives from January - > July 2006 I have been able to configure my client's system to place a > copy of all inbound / outbound email into the mailarchive user account. > I use the archive.rule stating FromOrTo: default > mailarchive@theirdomain.com > Now that that works "management" has stated that they want their email > excluded from the archiving rule. Management by the way are the owners > of this private company so they do as they please. If you are going to > advise me to tell them what they are doing is wrong, please don't > bother. They are not receptive to being "advised" how to run their > company. > > So with that said, how do I configure the rule to archive everyone > excluding specific email addresses? > > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Fri Jul 14 09:29:59 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jul 14 09:30:48 2006 Subject: MS not scanning some mails. In-Reply-To: <1152855340.2606.16.camel@suji> References: <1152855340.2606.16.camel@suji> Message-ID: <44B75607.3040104@solid-state-logic.com> Hi depends why SA is timing out, normally this is due to DNS issues, but could also be down to bayes either.. have you got a local caching nameserver on the MailScanner machine? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Sujith Emmanuel wrote: > Hello Everyone, > > I have a peculiar problem. MailScanner is missing some of the spams. > > SpamAssassin Score:0.00 > Spam Report: > Score > Matching Rule > Description > cached > not > > out > timed > > > I have seen the same mail caught when it comes the very next time. > > I am having the latest stable versions of MS and all the other > components as per mailscanner.info. > OS is AS4. > > system uptime: > 10:56:47 up 31 days, 21:11, 1 user, load average: 0.34, 0.26, 0.36 > > Thanks and Regards > Sujith Emmanuel > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From raymond at prolocation.net Fri Jul 14 10:18:03 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Fri Jul 14 10:18:07 2006 Subject: phishing not found In-Reply-To: <1152857473.38064@bsd4.nedport.net> References: <1152857473.38064@bsd4.nedport.net> Message-ID: Hi! > http://updates.name/signin.ebay.com is completely legal and it works. > Just try the link and you find out that it works and looks very real. Duh! Domain Name: UPDATES.NAME Sponsoring Registrar: Go Daddy Software, Inc. Domain Status: clientDeleteProhibited Domain Status: clientRenewProhibited Domain Status: clientTransferProhibited Domain Status: clientUpdateProhibited Registrant ID: 1999977CONTACT-NAME Registrant Organization: Registrant Name: Jerald Robinson Registrant Address: gerano, Registrant City: arica Registrant State/Province: arica Registrant Country: CHILE Registrant Postal Code: 11111 What you mean with completely legal and it works? This is forgery. I hope you didnt enter your paypal details there else you will find a empty paypal login soon :) Or did i misread your mail? Bye, Raymond. From MailScanner at ecs.soton.ac.uk Fri Jul 14 10:32:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 14 10:32:24 2006 Subject: phishing not found In-Reply-To: References: <1152816521.48635@bsd4.nedport.net> Message-ID: <05D27804-ADC5-48E8-93F0-F7BE3DF89549@ecs.soton.ac.uk> Good idea about ebay. Done. There is nothing wrong with you editing your own local phishing.safe.sites.conf file. Your additions will be kept in place across updates, of course. On Fri14 Jul 06, at 00:18, Res wrote: > All of ebay should be whitelisted, since they always come > as a.ebay.com they never match :) > and it annoys the hell out of users with every ebay marked as > phishing. > > however blah.name/signin.blah should never work as / is an illegal > char in DNS > > > On Thu, 13 Jul 2006, mailscanner@berger.nl wrote: > >> Hi, >> >> I got a phishing email today from update@ebay.com with this link: >> http://updates.name/signin.ebay.com/ws23/eBayISAPI.htm? >> Sign1n&co_partner1d=2&pUser1d=&site1d=0&pageT1pe=&p41=&i1=&bsh0wgif=& >> Us1ngSSL=&pp=&pa42=&err4msg=&ru4name=&r4uparams=&ru4product=&s1d=&fav >> or1tenav=&conf1rm=&ebxPageT1pe=&ex1stingEmail=&isCheck0ut=&migrateV1s >> itor= >> >> Mailscanner did not see the phishing fraud. Probably the slashes >> avoided the system. >> Can I change this myself or is this in mailscanner? >> >> Thanks, >> >> Roger >> > > -- > Cheers > Res > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Fri Jul 14 10:35:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 14 10:36:02 2006 Subject: Archiving In-Reply-To: <44B6E345.70308@rownetco.com> References: <44B6E345.70308@rownetco.com> Message-ID: <4DB5B684-2CDB-4293-9E4F-CD4FEE1627F8@ecs.soton.ac.uk> Just add lines like FromOrTo: boss1@theirdomain.com FromOrTo: boss2@theirdomain.com FromOrTo: default mailarchive@theirdomain.com On Fri14 Jul 06, at 01:20, John Rowan wrote: > Having reviewed the Mail Scanner message thread archives from > January - July 2006 I have been able to configure my client's > system to place a copy of all inbound / outbound email into the > mailarchive user account. I use the archive.rule stating FromOrTo: > default mailarchive@theirdomain.com > Now that that works "management" has stated that they want their > email excluded from the archiving rule. Management by the way are > the owners of this private company so they do as they please. If > you are going to advise me to tell them what they are doing is > wrong, please don't bother. They are not receptive to being > "advised" how to run their company. > > So with that said, how do I configure the rule to archive everyone > excluding specific email addresses? > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060714/eff38ffc/attachment.html From sujithem at cdacb.ernet.in Fri Jul 14 11:46:32 2006 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Fri Jul 14 11:46:54 2006 Subject: MS not scanning some mails. In-Reply-To: <44B75607.3040104@solid-state-logic.com> References: <1152855340.2606.16.camel@suji> <44B75607.3040104@solid-state-logic.com> Message-ID: <1d1e72700607140346jfdf4388rbcd7c01c071f1c16@mail.gmail.com> Hi there, I do hope the problem was due to DNS issues, but how do you check whether bayes is the culprit or not. I do not have a caching nameserver on the MS machine. Can you please send me a link on that. Thanks and Regards Sujith Emmanuel On 7/14/06, Martin Hepworth wrote: > > > Hi > > depends why SA is timing out, normally this is due to DNS issues, but > could also be down to bayes either.. > > have you got a local caching nameserver on the MailScanner machine? > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060714/b074c42e/attachment.html From mailscanner at berger.nl Fri Jul 14 11:55:19 2006 From: mailscanner at berger.nl (mailscanner@berger.nl) Date: Fri Jul 14 11:55:24 2006 Subject: phishing not found In-Reply-To: Message-ID: <1152874519.88623@bsd4.nedport.net> Sorry, I mean that it is a completely legal DNS entry. The website offcourse isn't. But it is nice to see that all username/passwds combinations are working :-) and they even ask you you pincode :-) Roger Raymond Dijkxhoorn wrote .. > Hi! > > > http://updates.name/signin.ebay.com is completely legal and it works. > > Just try the link and you find out that it works and looks very real. > > Duh! > > Domain Name: UPDATES.NAME > Sponsoring Registrar: Go Daddy Software, Inc. > Domain Status: clientDeleteProhibited > Domain Status: clientRenewProhibited > Domain Status: clientTransferProhibited > Domain Status: clientUpdateProhibited > Registrant ID: 1999977CONTACT-NAME > Registrant Organization: > Registrant Name: Jerald Robinson > Registrant Address: gerano, > Registrant City: arica > Registrant State/Province: arica > Registrant Country: CHILE > Registrant Postal Code: 11111 > > What you mean with completely legal and it works? > > This is forgery. I hope you didnt enter your paypal details there else > you > will find a empty paypal login soon :) > > Or did i misread your mail? > > Bye, > Raymond. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Fri Jul 14 11:55:20 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jul 14 11:55:30 2006 Subject: MS not scanning some mails. In-Reply-To: <1d1e72700607140346jfdf4388rbcd7c01c071f1c16@mail.gmail.com> References: <1152855340.2606.16.camel@suji> <44B75607.3040104@solid-state-logic.com> <1d1e72700607140346jfdf4388rbcd7c01c071f1c16@mail.gmail.com> Message-ID: <44B77818.4040502@solid-state-logic.com> Hi if you haven't got a local caching nameserver then thats the first thing to try... depends on what nameserver you want to use, but bind is the most popular and is very easy to setup this way... install bind edit the named.conf file so only has forwarder information for your uplink DNS server. start bind (named) edit the /etc/resolv.conf so it points to 127.0.0.1 rather than your uplink DNS server.. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Sujith Emmanuel wrote: > Hi there, > > I do hope the problem was due to DNS issues, but how do you check > whether bayes is the culprit or not. > > I do not have a caching nameserver on the MS machine. Can you > please send me a link on that. > > Thanks and Regards > Sujith Emmanuel > > On 7/14/06, *Martin Hepworth* > wrote: > > > Hi > > depends why SA is timing out, normally this is due to DNS issues, but > could also be down to bayes either.. > > have you got a local caching nameserver on the MailScanner machine? > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From sujithem at cdacb.ernet.in Fri Jul 14 12:23:05 2006 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Fri Jul 14 12:23:10 2006 Subject: MS not scanning some mails. In-Reply-To: <44B77818.4040502@solid-state-logic.com> References: <1152855340.2606.16.camel@suji> <44B75607.3040104@solid-state-logic.com> <1d1e72700607140346jfdf4388rbcd7c01c071f1c16@mail.gmail.com> <44B77818.4040502@solid-state-logic.com> Message-ID: <1d1e72700607140423o75d61168q921e15732aa0bb80@mail.gmail.com> Hello there, Thank you very much, will try this out and get back. Meanwhile, how do i check bayes for problems? Thanks and Regards Sujith Emmanuel On 7/14/06, Martin Hepworth wrote: > > Hi > > if you haven't got a local caching nameserver then thats the first thing > to try... > > depends on what nameserver you want to use, but bind is the most popular > and is very easy to setup this way... > > install bind > > edit the named.conf file so only has forwarder information for your > uplink DNS server. > > start bind (named) > > edit the /etc/resolv.conf so it points to 127.0.0.1 rather than your > uplink DNS server.. > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > Sujith Emmanuel wrote: > > Hi there, > > > > I do hope the problem was due to DNS issues, but how do you check > > whether bayes is the culprit or not. > > > > I do not have a caching nameserver on the MS machine. Can you > > please send me a link on that. > > > > Thanks and Regards > > Sujith Emmanuel > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060714/b7e22176/attachment.html From MailScanner at ecs.soton.ac.uk Fri Jul 14 14:16:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 14 14:17:01 2006 Subject: ClamAV+SA easy-install package Message-ID: I have just updated it to the latest ClamAV 0.88.3. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Denis.Beauchemin at USherbrooke.ca Fri Jul 14 14:25:30 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jul 14 14:25:57 2006 Subject: ClamAV+SA easy-install package In-Reply-To: References: Message-ID: <44B79B4A.8060901@USherbrooke.ca> Julian Field a ?crit : > I have just updated it to the latest ClamAV 0.88.3. > Thanks! Glad to see you're back... How was your vacation? Hope you had plenty of sun and chablis. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060714/789e57dc/smime.bin From res at ausics.net Fri Jul 14 15:38:35 2006 From: res at ausics.net (Res) Date: Fri Jul 14 15:39:00 2006 Subject: phishing not found In-Reply-To: <1152874519.88623@bsd4.nedport.net> References: <1152874519.88623@bsd4.nedport.net> Message-ID: On Fri, 14 Jul 2006, mailscanner@berger.nl wrote: > Sorry, > > I mean that it is a completely legal DNS entry. The website offcourse isn't. But it is nice to see that all username/passwds combinations are working :-) and they even ask you you pincode :-) Yes i see what you mean, i was refering to the slash, i have never seen a legitimate .name tld domain yet, and i have never seen a.name before AFAICR, i guiess i completely forgot about it existance :) > -- Cheers Res From res at ausics.net Fri Jul 14 15:40:21 2006 From: res at ausics.net (Res) Date: Fri Jul 14 15:40:25 2006 Subject: phishing not found In-Reply-To: <05D27804-ADC5-48E8-93F0-F7BE3DF89549@ecs.soton.ac.uk> References: <1152816521.48635@bsd4.nedport.net> <05D27804-ADC5-48E8-93F0-F7BE3DF89549@ecs.soton.ac.uk> Message-ID: On Fri, 14 Jul 2006, Julian Field wrote: Welcome back, hope your break was as good as mine is starting to be now :) > Good idea about ebay. Done. > There is nothing wrong with you editing your own local > phishing.safe.sites.conf file. Your additions will be kept in place across > updates, of course. Did that ages ago to shut a few habitual whingers up > On Fri14 Jul 06, at 00:18, Res wrote: > >> All of ebay should be whitelisted, since they always come >> as a.ebay.com they never match :) >> and it annoys the hell out of users with every ebay marked as phishing. -- Cheers Res From mailscanner-list at okla.com Fri Jul 14 16:32:13 2006 From: mailscanner-list at okla.com (Tracy Greggs) Date: Fri Jul 14 16:31:26 2006 Subject: OT Sendmail Question Message-ID: <005501c6a75a$b46bd9a0$6701a8c0@tgdesktop> I would like to be able to configure sendmail so that any incoming mail from any.user@mydomain.com that is addressed to any.user@mydomain.com (local delivery) would only be delivered if SMTP Authentication is successful, unless the sender ip is allowed to relay in my access.db Any suggestions would be greatly appreciated. As this post is OT, reply directly if you like. Sorry for the OT post, I have my fireproof suit on :) Tracy Greggs Oklahoma Network Consulting From drew at themarshalls.co.uk Fri Jul 14 17:19:56 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jul 14 17:20:07 2006 Subject: Restricted incoming users ruleset In-Reply-To: <44B72EE9.6000306@iscnetwork.com> References: <44B2DC17.6030506@iscnetwork.com> <49827.194.70.180.170.1152623349.squirrel@webmail.r-bit.net> <44B40D41.3000903@iscnetwork.com> <48B55389-18DA-4124-A741-F5A2944CDE22@themarshalls.co.uk> <44B524D0.1080604@iscnetwork.com> <53653.194.70.180.170.1152792736.squirrel@webmail.r-bit.net> <44B72EE9.6000306@iscnetwork.com> Message-ID: <57169.194.70.180.170.1152893996.squirrel@webmail.r-bit.net> On Fri, July 14, 2006 06:43, Industry Standard Computers wrote: > Drew, > Sorry it took a while to get a "who cares what blows up" box and a test > domain. One single domain, 4 users. > Thanks, > Butch > > ------------------------------------------------------- > I did a log rotate & a service MS restart and then sent an email to the > restricted user "joejoe". > ------------------------------------------------------- > here is maillog log: > > Jul 14 01:25:05 butch MailScanner[19599]: MailScanner E-Mail Virus > Scanner version 4.53.8 starting... > Jul 14 01:25:05 butch MailScanner[19599]: Read 746 hostnames from the > phishing whitelist > Jul 14 01:25:10 butch MailScanner[19599]: Using locktype = flock > Jul 14 01:25:12 butch postfix/smtpd[19690]: connect from > mail.cybrhost.net[67.99.202.39] > Jul 14 01:25:12 butch postfix/smtpd[19690]: warning: unknown smtpd > restriction: "restrictive" There's your problem > -------------------------------------------------------- > Here is main.cf: > >Snipped< > smtpd_restriction_classes = restrictive, permissive > restrictive = reject_unknown_sender_domain, reject_unknown_client_hostname > permissive = permit > > > smtpd_restriction_classes = local_only, local_plus > local_only = reject_unauth_destination > > local_plus = check_recipient_access hash:/etc/postfix/local_plus > reject_unauth_destination I think this should be tidied up like: smtpd_restriction_classes = restrictive, permissive, local_only, local_plus restrictive = reject_unknown_sender_domain, reject_unknown_client_hostname permissive = permit local_only = reject_unauth_destination local_plus = check_recipient_access hash:/etc/postfix/local_plus > smtpd_delay_reject = yes > smtpd_sender_restrictions = > check_sender_access hash:/etc/postfix/restricted_senders > > smtpd_recipient_restrictions = > permit_mynetworks > check_recipient_access hash:/etc/postfix/restricted_incoming_users > reject_unauth_destination > permit_sasl_authenticated OK so what is in your 2 'restricted_*' files? Sender should have something like: not.outgoinguser@example.com local_only ok.foroutgoing@example.com local_plus incoming should have: not.incoming@example.com REJECT: incoming.ok@example.com OK You probably don't need the table values for the incoming side if you order your recipient restrictions properly. Remember it's first match wins. > --------------------------------------------------------------------- > person who send the email to joejoe gets this back a few times: > > Out: 220 butch.homelinux.com ESMTP Postfix > In: EHLO cybrhost.net > Out: 250-butch.homelinux.com > Out: 250-PIPELINING > Out: 250-SIZE 10240000 > Out: 250-VRFY > Out: 250-ETRN > Out: 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5 > Out: 250-AUTH=DIGEST-MD5 PLAIN LOGIN CRAM-MD5 > Out: 250 8BITMIME > In: MAIL FROM: SIZE=1320 > Out: 250 Ok > In: RCPT TO: > Out: 451 Server configuration error This is due to the error in the logs. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From rgreen at trayerproducts.com Fri Jul 14 19:41:44 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Jul 14 19:42:58 2006 Subject: OT: postfix question Message-ID: <44B7E568.6040806@trayerproducts.com> Hello, Is there a way in postfix to have mail for a specific user delivered to that user's home directory while mail for other users is delivered to /var/spool/mail/username? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Fri Jul 14 20:17:41 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jul 14 20:17:52 2006 Subject: OT: postfix question In-Reply-To: <44B7E568.6040806@trayerproducts.com> References: <44B7E568.6040806@trayerproducts.com> Message-ID: <05636CA4-40B2-4C70-9BB2-9A6FDD15BF6A@themarshalls.co.uk> On 14 Jul 2006, at 19:41, Rodney Green wrote: > > Hello, > > Is there a way in postfix to have mail for a specific user > delivered to that user's home directory while mail for other users > is delivered to /var/spool/mail/username? Only if you are running the domain as a virtual domain. Then specify the mailbox locations in virtual-mailbox-maps with a path to the mailbox. See here http://www.postfix.org/postconf.5.html#virtual_mailbox_maps Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From lshaw at emitinc.com Fri Jul 14 21:47:50 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Fri Jul 14 21:48:04 2006 Subject: sa-update and restarting MailScanner? Message-ID: Hello, everyone. Is it necessary to restart MailScanner after I run sa-update (which updates SpamAssassin rules) in order for MailScanner to start using the updated rules? MailScanner is using the SpamAssassin Perl modules directly, so that makes me think so. On the other hand, I have Restart Every = 7200 in MailScanner.conf, so maybe that's sufficient. I'm not really sure what "Restart Every" actually restarts, i.e. whether it's just the children that process messages from the queue or the parent (master) as well. (Presumably, the master has a fairly small amount of fixed state and wouldn't need a restart periodically to keep its restart usage in check.) Note that I don't really mind if it takes 0 to 2 hours to pick up the new rules. - Logan From james at grayonline.id.au Sat Jul 15 00:13:27 2006 From: james at grayonline.id.au (James Gray) Date: Sat Jul 15 00:13:52 2006 Subject: Not Logging on OS X In-Reply-To: <821c5410606271504q7365a046j4e9bd2777ccc50ea@mail.gmail.com> References: <821c5410606271504q7365a046j4e9bd2777ccc50ea@mail.gmail.com> Message-ID: <44B82517.9010305@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brad Irwin wrote: > I am running MailScanner 4.54.6 on Mac OS X 10.4 with Postfix 2.2.10. > MailScanner is not logging to my /var/log/mail.log. When I turn debug > on I get the following error... > > ps: illegal option -- f usage: ps [-aACcehjlmMrSTuvwx] [-O|o fmt] [-p > pid] [-t tty] [-U user] ps [-L] Starting MailScanner... In Debugging > mode, not forking... no connection to syslog available - _PATH_LOG not > available in syslog.h at /opt/MailScanner/lib/MailScanner/Log.pm line > 143 > > My mailscanner.conf file has Syslog Facility = mail What version of MailScanner are you running? Does the "check_mailscanner" script have an entry for "Darwin" at the top somewhere? Like this: ... elif $UNAME | $FGREP "Darwin" >/dev/null ; then # ie Mac OSX pid=`$PS -axww | $EGREP '[ ]('$msbindir/$process')|'$process'[:]' | $AWK '{print $1}'` ... If not, it will default to attempting to use POSIX options for the "pid=" line (namely ps -ef) which isn't valid on OSX. OSX uses BSD-style syntax for "ps". Julian patched this in the *current* beta releases but I don't think it was back-ported to the stable version. Best bet is either add the "elif" block above to your check_mailscanner script, or just grab the latest beta. I'm running it on OSX 10.4.7 on an Intel MacMini and it's performing wonderfully :) HTH, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEuCUXwBHpdJO7b9ERAu13AJ9pyo+SHN7TzQjnShwKPYluxxV+bACeLlF6 3015j4ifo6H6eyJshlJYAqc= =NZvo -----END PGP SIGNATURE----- From nick.smith67 at googlemail.com Sat Jul 15 01:25:10 2006 From: nick.smith67 at googlemail.com (Nick Smith) Date: Sat Jul 15 01:25:15 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: <44B45B7D.20404@rogers.com> References: <44B45B7D.20404@rogers.com> Message-ID: On 7/12/06, Mike Jakubik wrote: > Just an FYI for postfix users. Bonus points for the first one to try and > see if it works with MS :) > > -------- Original Message -------- > Subject: Postfix 2.3 stable release available > Date: Tue, 11 Jul 2006 21:16:18 -0400 (EDT) > From: wietse@porcupine.org (Wietse Venema) > Reply-To: Postfix users > To: Postfix announce > CC: Postfix users > > > > A few months later than usual, Postfix stable release 2.3 is now > available. The release was postponed until Postfix was complete > enough for today's email environment. Hopefully I can now spend > more time doing new projects. > > You can find the Postfix 2.3.0 source code via the mirror sites > listed at http://www.postfix.org/. If it's not there today, then > it should show up in the course of the next 24 hours. > > 435112 Jul 11 17:24 postfix-2.3.0.HISTORY > 35125 Jul 11 16:40 postfix-2.3.0.RELEASE_NOTES > 2770830 Jul 11 17:25 postfix-2.3.0.tar.gz > 280 Jul 11 17:25 postfix-2.3.0.tar.gz.sig > > What follows is a very much compressed summary of what has changed. > See the RELEASE_NOTES file for compatibility issues that may affect > your site. The HISTORY file gives a blow-by-blow account of what > happened over the past 1+ year. > > Wietse > > - DSN (delivery status notification) support as described in RFC > 3461 .. RFC 3464. This gives email senders control over notification > of successful, delayed, and failed delivery. DSN involves extra > parameters to the SMTP "MAIL FROM" and "RCPT TO" commands, as well > as extra Postfix sendmail command line options for mail submission. > See DSN_README for details, including how to limit the amount of > information that you are willing to disclose. > > - Major updates to the TLS (SMTP encryption and authentication) > support. Postfix 2.3 introduces a configuration user interface > that is based on the concept of TLS security levels (none, may, > encrypt, verify, secure) and that can more effectively deal with > DNS spoofing. The old configuration user interface, with multiple > boolean parameters to enable or enforce TLS, is still supported but > will be removed after a few releases. See TLS_README for details. > > - Milter (mail filter) application support, compatible with Sendmail > version 8.13.6 and earlier. This allows you to run a large number > of plug-ins to reject unwanted mail, and to sign mail with for > example domain keys. All Milter functions are implemented except > the one that replaces the message body (this will be added later). > All this and more is described in MILTER_README. > > - Enhanced status codes (RFC 3463). For example, status code 5.1.1 > means "recipient unknown". Mail clients can translate these status > codes into text in the user's own language, and greatly improve the > user experience. Enhanced status codes can be specified in Postfix > access tables, in header/body_checks content filter rules, in "rbl" > reply templates, and so on. > > - Configurable bounce messages with support for non-ASCII character > sets. Details are in the bounce(5) manual page. > > - Plug-in support for SASL authentication in the Postfix SMTP server > and client. With this, Postfix can support multiple SASL implementations > without conflicting source code patches. Postfix 2.3 has Dovecot > SASL support built into the SMTP server. As before, support for > Cyrus SASL is available as add-on feature for the Postfix SMTP > server and client. See SASL_README for more information. > > - Support for sender-dependent ISP accounts, in the form of > sender-dependent relayhost lookup and sender-dependent SASL > username/password lookup. > > - The Postfix SMTP client now implements both the SMTP and LMTP > protocols. This means that a lot of features have become available > for LMTP mail delivery, including the shared TCP connection cache. > > - After TLS handshake failure, the SMTP client will now reconnect > to the same server to try plaintext delivery (if TLS policy permits). > Earlier Postfix versions would skip the server and defer delivery > if no alternate MX host was available. > > - All delay logging now has sub-second resolution. Besides the total > delay, Postfix logs separate delays for different stages of delivery > (time in queue, time in queue manager, time to set up connection, > and time to deliver). This gives better insight into the nature of > performance bottle necks. > > - Smarter utilization of cached SMTP connections. When one destination > has multiple inbound SMTP servers, the Postfix SMTP client will now > send less mail via the slower ones, and more mail via the faster ones. > > - Support for empty MX records. Older Postfix versions treat this > as a malformed response and defer mail delivery. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Well, in addition to the good stuff listed in the release announcement, there is the not-quite-so-good-and-potentially-very-alarming-stuff mentioned here: http://archives.neohapsis.com/archives/postfix/2006-06/0345.html IMPORTANT NOTICE. Once milter support is added to Postfix 2.3 production snapshots and later appears in the 2.3.0 production release, versions of MailScanner designed for ALL earlier versions of Postfix will ROUTINELY corrupt mail (not just sometimes as they do now). DO NOT use Mailscanner implementations for earlier Postfix releases with Postfix 2.3. It was always discouraged, now it is definitely outright broken. You have been warned. I really don't want to fan any flames, but at the same time I'd like to know exactly how worried to be about statements like this. Speaking personally, I have yet to see a single issue (up to 2.2.10) caused by MailScanner manipulating Postfix queue files (~350k messages per day), but that is not to say that problems have never been caused (eg as referred by the OP from the thread above) I'd very much like to look at milter-ahead or something similar to cut down accepting messages to unknown users. Is there any genuine reason to believe that MS 4.54.5 will cause mass destruction as implied here? Thanks Nick From drew at themarshalls.co.uk Sat Jul 15 09:57:11 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Jul 15 09:57:29 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: References: <44B45B7D.20404@rogers.com> Message-ID: <57635E3A-E3E4-4106-AB66-0F904B19B98E@themarshalls.co.uk> On 15 Jul 2006, at 01:25, Nick Smith wrote: >> > Well, in addition to the good stuff listed in the release > announcement, there is the > not-quite-so-good-and-potentially-very-alarming-stuff mentioned here: > > http://archives.neohapsis.com/archives/postfix/2006-06/0345.html > > IMPORTANT NOTICE. Once milter support is added to Postfix 2.3 > production > snapshots and later appears in the 2.3.0 production release, > versions of > MailScanner designed for ALL earlier versions of Postfix will > ROUTINELY > corrupt mail (not just sometimes as they do now). > > DO NOT use Mailscanner implementations for earlier Postfix releases > with > Postfix 2.3. It was always discouraged, now it is definitely outright > broken. You have been warned. > > I really don't want to fan any flames, but at the same time I'd like > to know exactly how worried to be about statements like this. Speaking > personally, I have yet to see a single issue (up to 2.2.10) caused by > MailScanner manipulating Postfix queue files (~350k messages per day), > but that is not to say that problems have never been caused (eg as > referred by the OP from the thread above) > > I'd very much like to look at milter-ahead or something similar to cut > down accepting messages to unknown users. Is there any genuine reason > to believe that MS 4.54.5 will cause mass destruction as implied here? OK first things first, you don't need milter ahead as this functionality is built in to Postfix natively http://www.postfix.org/ ADDRESS_VERIFICATION_README.html Secondly, I am running 2.3 rc3 and as of this moment I am see no problems with any corrupt mail but who knows what the future brings when Wietse brings in message altering milter support. All we can do it try it and see! I suspect that as MailScanner now uses the hold queue, which is a form of approved interface to Postfix (IMHO) it is unlikely to break but we shall see... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From alex at nkpanama.com Sat Jul 15 17:33:16 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Jul 15 17:33:57 2006 Subject: [Fwd: Postfix 2.3 stable release available] In-Reply-To: References: <44B45B7D.20404@rogers.com> Message-ID: <44B918CC.4050904@nkpanama.com> Nick Smith wrote: > I'd very much like to look at milter-ahead or something similar to cut > down accepting messages to unknown users. Is there any genuine reason > to believe that MS 4.54.5 will cause mass destruction as implied here? > > Thanks > > Nick No, but I've heard it causes swapping! ;-) From jefframsey at tubafor.com Sun Jul 16 04:00:27 2006 From: jefframsey at tubafor.com (Jeff Ramsey) Date: Sun Jul 16 04:00:46 2006 Subject: User Management Spam Score not working Message-ID: Hi All, First post to the list. I just got MailScanner and MailWatch up and running yesterday. I'm very impressed. Every issue that I ran into, was just a search away. Every issue except one... If I change the Spam Score or High Spam Score on the User Management page of the MailWatch, it does update the database record for that user, but MailScanner does not use this score. For instance, if I set the SPAM SCORE for my user account to 4 instead of my default 5, when I receive an email, it is evaluated with 5 being the required number of hits for the message to be labeled Spam. Prior to running MailWatch/MailScanner, I was using Spamassassin 3.0.3 with Sendmail and Spamass-milter, and I created a spamassassin MySQL database with a userprefs table that had a per user spam score column, and I had to set the spam score in the local.cf file to the following: user_scores_dsn DBI:mysql:spamassassin:localhost:3306 user_scores_sql_password password user_scores_sql_username username user_scores_sql_custom_query SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) ORDER BY username ASC Do I just need to set the same or similar variables in /etc/ MailScanner/spam.assassin.prefs.conf, or is there something in the Installation instructions that I overlooked? Thanks, Jeff Ramsey jefframsey@tubafor.com -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060715/87454250/PGP.bin From bbourdage at techpro.com Sun Jul 16 04:28:56 2006 From: bbourdage at techpro.com (Barry Bourdage) Date: Sun Jul 16 04:28:43 2006 Subject: User Management Spam Score not working Message-ID: <1BCA1677F917B44CBF448F7B68A35B0E2ED659@w2k3-tp.techpro.local> You must reload MailWatch, or wait for the timeout of the reload, typically 15 minutes or so. Barry -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff Ramsey Sent: Saturday, July 15, 2006 10:00 PM To: mailscanner@lists.mailscanner.info Subject: User Management Spam Score not working Hi All, First post to the list. I just got MailScanner and MailWatch up and running yesterday. I'm very impressed. Every issue that I ran into, was just a search away. Every issue except one... If I change the Spam Score or High Spam Score on the User Management page of the MailWatch, it does update the database record for that user, but MailScanner does not use this score. For instance, if I set the SPAM SCORE for my user account to 4 instead of my default 5, when I receive an email, it is evaluated with 5 being the required number of hits for the message to be labeled Spam. Prior to running MailWatch/MailScanner, I was using Spamassassin 3.0.3 with Sendmail and Spamass-milter, and I created a spamassassin MySQL database with a userprefs table that had a per user spam score column, and I had to set the spam score in the local.cf file to the following: user_scores_dsn DBI:mysql:spamassassin:localhost:3306 user_scores_sql_password password user_scores_sql_username username user_scores_sql_custom_query SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) ORDER BY username ASC Do I just need to set the same or similar variables in /etc/ MailScanner/spam.assassin.prefs.conf, or is there something in the Installation instructions that I overlooked? Thanks, Jeff Ramsey jefframsey@tubafor.com From MailScanner at ecs.soton.ac.uk Sun Jul 16 11:04:52 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 16 11:05:15 2006 Subject: ClamAV+SA easy-install package In-Reply-To: <44B79B4A.8060901@USherbrooke.ca> References: <44B79B4A.8060901@USherbrooke.ca> Message-ID: On Fri14 Jul 06, at 14:25, Denis Beauchemin wrote: > Julian Field a ?crit : >> I have just updated it to the latest ClamAV 0.88.3. >> > Thanks! > > Glad to see you're back... How was your vacation? Hope you had > plenty of sun and chablis. The holiday was great. Can you imagine 25 C (about 79F) and glorious sunshine in Bergen (look it up, it's a long way north). Only the last couple of days were really wet and cloudy, the rest of the time we had very good weather. Spectacular scenery every you look, mountains and fjords everywhere. Loads of gorgeous blondes every where too, very easy on the eyes :-) Had a lovely 12 days away from everything and everyone, just me and a couple of my mates who were doing all the driving for me. I bought myself a reindeer skin as well, to go with the sheepskin rug I have in my living room, it is going to be lovely to lie on in the winter nights. A great time was had by all! Jules. > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From root at doctor.nl2k.ab.ca Sun Jul 16 13:05:25 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Jul 16 13:05:37 2006 Subject: ClamAV+SA easy-install package In-Reply-To: References: <44B79B4A.8060901@USherbrooke.ca> Message-ID: <20060716120525.GA15512@doctor.nl2k.ab.ca> On Sun, Jul 16, 2006 at 11:04:52AM +0100, Julian Field wrote: > > On Fri14 Jul 06, at 14:25, Denis Beauchemin wrote: > > >Julian Field a ?crit : > >>I have just updated it to the latest ClamAV 0.88.3. > >> > >Thanks! > > > >Glad to see you're back... How was your vacation? Hope you had > >plenty of sun and chablis. > > The holiday was great. Can you imagine 25 C (about 79F) and glorious > sunshine in Bergen (look it up, it's a long way north). Only the last > couple of days were really wet and cloudy, the rest of the time we > had very good weather. Spectacular scenery every you look, mountains > and fjords everywhere. Loads of gorgeous blondes every where too, > very easy on the eyes :-) > > Had a lovely 12 days away from everything and everyone, just me and a > couple of my mates who were doing all the driving for me. I bought > myself a reindeer skin as well, to go with the sheepskin rug I have > in my living room, it is going to be lovely to lie on in the winter > nights. > > A great time was had by all! > > Jules. > Just a caution, Clamav 0.88.3 seems to be only capturing all the phishing these days. I have made mention of this to clamav. > > > >Denis > > > >-- > > _ > > ?v? Denis Beauchemin, analyste > >/(_)\ Universit? de Sherbrooke, S.T.I. > > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store ! > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jefframsey at tubafor.com Sun Jul 16 16:44:33 2006 From: jefframsey at tubafor.com (Jeff Ramsey) Date: Sun Jul 16 16:44:51 2006 Subject: User Management Spam Score not working In-Reply-To: <200607161100.k6GB0PnU031510@bkserver.blacknight.ie> References: <200607161100.k6GB0PnU031510@bkserver.blacknight.ie> Message-ID: <6BAA84EF-2414-41E4-9F94-31BDB65C9946@tubafor.com> I tried your suggestions, and I think I have something configured wrong. I restarted the MailScanner service, and the httpd service, and it's been close to three hours since, but all messages still have the default Spam Score threshold, and not using my User Management Spam Score. Also, I changed the 'Is Definitely Not Spam' line to reflect the filename.rules changes per the MailWatch FAQ, because when I release messages, the released messages are getting marked spam as well. This is not working either. My released messages are still getting marked SPAM. Thanks, -Jeff On Jul 16, 2006, at 4:00 AM, mailscanner- request@lists.mailscanner.info wrote: > > You must reload MailWatch, or wait for the timeout of the reload, > typically 15 minutes or so. > > Barry > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff > Ramsey > Sent: Saturday, July 15, 2006 10:00 PM > To: mailscanner@lists.mailscanner.info > Subject: User Management Spam Score not working > > Hi All, > > First post to the list. I just got MailScanner and MailWatch up > and running yesterday. I'm very impressed. Every issue that I ran > into, > was just a search away. Every issue except one... > > If I change the Spam Score or High Spam Score on the User > Management page of the MailWatch, it does update the database > record for > that user, but MailScanner does not use this score. For instance, if I > set the SPAM SCORE for my user account to 4 instead of my default 5, > when I receive an email, it is evaluated with 5 being the required > number of hits for the message to be labeled Spam. > > Prior to running MailWatch/MailScanner, I was using Spamassassin > 3.0.3 with Sendmail and Spamass-milter, and I created a spamassassin > MySQL database with a userprefs table that had a per user spam score > column, and I had to set the spam score in the local.cf file to the > following: > > user_scores_dsn DBI:mysql:spamassassin:localhost:3306 > user_scores_sql_password password > user_scores_sql_username username > user_scores_sql_custom_query SELECT preference, value FROM > _TABLE_ WHERE username = _USERNAME_ OR username = '$GLOBAL' OR > username > = CONCAT('%',_DOMAIN_) ORDER BY username ASC > > Do I just need to set the same or similar variables in /etc/ > MailScanner/spam.assassin.prefs.conf, or is there something in the > Installation instructions that I overlooked? > > Thanks, > > Jeff Ramsey > jefframsey@tubafor.com > > > > > ------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060716/29ad4cf6/PGP.bin From rpotter at rpcs.net Sun Jul 16 17:37:00 2006 From: rpotter at rpcs.net (Richard Potter) Date: Sun Jul 16 17:37:06 2006 Subject: DCC config and MailScanner lint complaints on RHEL3 In-Reply-To: <20060713140442.GA13519@rpcs.net> References: <20060713140442.GA13519@rpcs.net> Message-ID: <20060716163659.GA15668@rpcs.net> In reply to myself, a downgrade to spamassassin 3.0.6 fixed the problem. It seems there IS a problem with spamassassin 3.1.x and the perl shipped with RHEL3 (perl 5.0.8.0) Richard On Thu, Jul 13, 2006 at 10:04:43AM -0400, Richard Potter wrote: > I'm having problems on two RHEL3 servers, one is official RedHat, the > other is a Centos box. SA lints OK, showing DCC and pyzor found, but > they are not working. > > MailScanner --lint pukes on pyzor_path and dcc_path, as mentioned by > Jeff in a previous thread. > > How can I troubleshoot this? > > What I find interesting, is that the very same MailScanner and SA setups > are working fine on two RHEL4 servers. Could it be a perl issue on RHEL3 ? > > Cheers! > -- > Richard Potter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Cheers! -- Richard Potter From root at doctor.nl2k.ab.ca Sun Jul 16 20:45:20 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Jul 16 20:45:37 2006 Subject: DCC config and MailScanner lint complaints on RHEL3 In-Reply-To: <20060716163659.GA15668@rpcs.net> References: <20060713140442.GA13519@rpcs.net> <20060716163659.GA15668@rpcs.net> Message-ID: <20060716194520.GA9343@doctor.nl2k.ab.ca> On Sun, Jul 16, 2006 at 12:37:00PM -0400, Richard Potter wrote: > In reply to myself, a downgrade to spamassassin 3.0.6 fixed the problem. > It seems there IS a problem with spamassassin 3.1.x and the perl shipped > with RHEL3 (perl 5.0.8.0) > > Richard > Can you not upgrade to perl 5.8.8? > On Thu, Jul 13, 2006 at 10:04:43AM -0400, Richard Potter wrote: > > > I'm having problems on two RHEL3 servers, one is official RedHat, the > > other is a Centos box. SA lints OK, showing DCC and pyzor found, but > > they are not working. > > > > MailScanner --lint pukes on pyzor_path and dcc_path, as mentioned by > > Jeff in a previous thread. > > > > How can I troubleshoot this? > > > > What I find interesting, is that the very same MailScanner and SA setups > > are working fine on two RHEL4 servers. Could it be a perl issue on RHEL3 ? > > > > Cheers! > > -- > > Richard Potter > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > Cheers! > -- > Richard Potter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rpotter at rpcs.net Mon Jul 17 01:18:03 2006 From: rpotter at rpcs.net (Richard Potter) Date: Mon Jul 17 01:18:13 2006 Subject: DCC config and MailScanner lint complaints on RHEL3 In-Reply-To: <20060716194520.GA9343@doctor.nl2k.ab.ca> References: <20060713140442.GA13519@rpcs.net> <20060716163659.GA15668@rpcs.net> <20060716194520.GA9343@doctor.nl2k.ab.ca> Message-ID: <20060717001803.GA31251@rpcs.net> On the "Official" RHEL3 box no. Maybe on the Centos, but that seems less than desirable solution. I have not had the time to post this to the spamassassin list for their input, but a Google search did pull some bug reports. It would appear their are not any users on this list using RHEL3. Richard On Sun, Jul 16, 2006 at 01:45:20PM -0600, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Sun, Jul 16, 2006 at 12:37:00PM -0400, Richard Potter wrote: > > In reply to myself, a downgrade to spamassassin 3.0.6 fixed the problem. > > It seems there IS a problem with spamassassin 3.1.x and the perl shipped > > with RHEL3 (perl 5.0.8.0) > > > > Richard > > > > Can you not upgrade to perl 5.8.8? > > > On Thu, Jul 13, 2006 at 10:04:43AM -0400, Richard Potter wrote: > > > > > I'm having problems on two RHEL3 servers, one is official RedHat, the > > > other is a Centos box. SA lints OK, showing DCC and pyzor found, but > > > they are not working. > > > > > > MailScanner --lint pukes on pyzor_path and dcc_path, as mentioned by > > > Jeff in a previous thread. > > > > > > How can I troubleshoot this? > > > > > > What I find interesting, is that the very same MailScanner and SA setups > > > are working fine on two RHEL4 servers. Could it be a perl issue on RHEL3 ? > > > > > > Cheers! > > > -- > > > Richard Potter > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > -- > > > > Cheers! > > -- > > Richard Potter > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Cheers! -- Richard Potter From goetz.reinicke at filmakademie.de Mon Jul 17 07:15:55 2006 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke?=) Date: Mon Jul 17 07:16:04 2006 Subject: strange dropping of Word.doc-attachements - sendmail dovecot RHEL4 Message-ID: <44BB2B1B.2000508@filmakademie.de> Hi, we have a strange problem: two of our users informed me, that they aren't able to send word-.doc-files anymore while othe attachements work fine. The e-mail gets deliverd, but the attachement is dropped. This happens using the latest thunderbird 1.5.x and mac os x. The e-mail is also not saved in the send-drawer. If the users send the same e-mail to the same recepient using an other mailclient, there is no problem. Other users (like me) using the same systemsettings and software versions don't have the problem. The server is RHEL 4 (2.6.9-kernel), sendmail 8.13.1 and dovecot 0.99. We use Mailscanner and spamassassin too, but as only the two users do have the problem I'm looking for some help to track this problem down. Any ideas?? Thanks and best regards G?tz Reinicke -- G?tz Reinicke IT Koordinator Tel. +49 7141 969-420 Fax +49 7141 969 55-420 goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de From MSCHNEIDER at northweststate.edu Mon Jul 17 07:19:18 2006 From: MSCHNEIDER at northweststate.edu (Michael Schneider) Date: Mon Jul 17 07:19:59 2006 Subject: strange dropping of Word.doc-attachements - sendmail dovecot RHEL4 (Out of Office) Message-ID: I will be out of the office beginning Monday, July 17th through Friday, July 21st. I will be checking email occasionally during this time. If you need assistance otherwise, please contact the Technology Helpdesk at 419-267-1461 or email them at helpdesk@northweststate.edu. Thanks, and have a wonderful day, Michael Schneider Network/Systems Administrator Northwest State Community College 22-600 State Route 34 Archbold, OH 43502-9542 From tenderby at mailwash.com.au Mon Jul 17 07:51:13 2006 From: tenderby at mailwash.com.au (Tony Enderby) Date: Mon Jul 17 07:51:39 2006 Subject: Rejection report for attachment types. Message-ID: <44BB3361.9070107@mailwash.com.au> Hi All, I am familiar with the reject option in MailScanner.conf but wondered whether rules could be constructed to trigger alerts to senders of certain file attachments (specifically video media types)? Can attachment extensions be included in the rule sets for this so the regect messages option is only triggered for certain attachment types? Many thanks in advance. Tony. ----------------------------------------------------------------------------------- Scanned by MailWash Australia - http://www.mailwash.com.au ----------------------------------------------------------------------------------- From martinh at solid-state-logic.com Mon Jul 17 08:36:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jul 17 08:36:53 2006 Subject: sa-update and restarting MailScanner? In-Reply-To: References: Message-ID: <44BB3E09.8070004@solid-state-logic.com> Logan Shaw wrote: > Hello, everyone. > > Is it necessary to restart MailScanner after I run sa-update > (which updates SpamAssassin rules) in order for MailScanner > to start using the updated rules? > > MailScanner is using the SpamAssassin Perl modules directly, > so that makes me think so. > > On the other hand, I have > > Restart Every = 7200 > > in MailScanner.conf, so maybe that's sufficient. I'm not really > sure what "Restart Every" actually restarts, i.e. whether > it's just the children that process messages from the queue > or the parent (master) as well. (Presumably, the master has a > fairly small amount of fixed state and wouldn't need a restart > periodically to keep its restart usage in check.) > > Note that I don't really mind if it takes 0 to 2 hours to pick > up the new rules. > > - Logan Logan depends how quickly you want the changes to take effect.... if you want immediate changes then you need to restart MS. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From daniel.maher at ubisoft.com Mon Jul 17 13:05:01 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon Jul 17 13:05:06 2006 Subject: DCC config and MailScanner lint complaints on RHEL3 Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CF8A@UBIMAIL1.ubisoft.org> We are using RHEL3 here; however, it's a heavily modified version thereof. We maintain our own package repository, and use builds from there to keep the systems up to date - trying to use a "stock" RHEL3 system these days is next to impossible. :/ _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Potter Sent: July 16, 2006 8:18 PM To: MailScanner discussion Subject: Re: DCC config and MailScanner lint complaints on RHEL3 On the "Official" RHEL3 box no. Maybe on the Centos, but that seems less than desirable solution. I have not had the time to post this to the spamassassin list for their input, but a Google search did pull some bug reports. It would appear their are not any users on this list using RHEL3. Richard On Sun, Jul 16, 2006 at 01:45:20PM -0600, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Sun, Jul 16, 2006 at 12:37:00PM -0400, Richard Potter wrote: > > In reply to myself, a downgrade to spamassassin 3.0.6 fixed the problem. > > It seems there IS a problem with spamassassin 3.1.x and the perl shipped > > with RHEL3 (perl 5.0.8.0) > > > > Richard > > > > Can you not upgrade to perl 5.8.8? > > > On Thu, Jul 13, 2006 at 10:04:43AM -0400, Richard Potter wrote: > > > > > I'm having problems on two RHEL3 servers, one is official RedHat, the > > > other is a Centos box. SA lints OK, showing DCC and pyzor found, but > > > they are not working. > > > > > > MailScanner --lint pukes on pyzor_path and dcc_path, as mentioned by > > > Jeff in a previous thread. > > > > > > How can I troubleshoot this? > > > > > > What I find interesting, is that the very same MailScanner and SA setups > > > are working fine on two RHEL4 servers. Could it be a perl issue on RHEL3 ? > > > > > > Cheers! > > > -- > > > Richard Potter > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > -- > > > > Cheers! > > -- > > Richard Potter > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Cheers! -- Richard Potter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lshaw at emitinc.com Mon Jul 17 14:59:44 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Mon Jul 17 14:59:54 2006 Subject: sa-update and restarting MailScanner? In-Reply-To: <44BB3E09.8070004@solid-state-logic.com> References: <44BB3E09.8070004@solid-state-logic.com> Message-ID: On Mon, 17 Jul 2006, Martin Hepworth wrote: > Logan Shaw wrote: >> Is it necessary to restart MailScanner after I run sa-update >> (which updates SpamAssassin rules) in order for MailScanner >> to start using the updated rules? >> >> MailScanner is using the SpamAssassin Perl modules directly, >> so that makes me think so. >> >> On the other hand, I have >> >> Restart Every = 7200 >> >> in MailScanner.conf, so maybe that's sufficient. > depends how quickly you want the changes to take effect.... > > if you want immediate changes then you need to restart MS. I don't really need immediate changes, so what I'm wondering is this: if I don't restart it explicitly, is the "Restart Every" directive sufficient to cause MailScanner to pick up the new rules eventually? It could be implemented so that the loading of the rules is done before children are fork()ed, which would mean restarting children every 7200 seconds wouldn't cause the rules to be reloaded. Or, it could be the other way, in which case the "Restart Every" directive would be sufficient to have new rules picked up eventually. - Logan From Denis.Beauchemin at USherbrooke.ca Mon Jul 17 15:00:18 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jul 17 15:00:48 2006 Subject: Julian's holiday In-Reply-To: References: <44B79B4A.8060901@USherbrooke.ca> Message-ID: <44BB97F2.4010403@USherbrooke.ca> Julian Field a ?crit : > > On Fri14 Jul 06, at 14:25, Denis Beauchemin wrote: > >> Julian Field a ?crit : >>> I have just updated it to the latest ClamAV 0.88.3. >>> >> Thanks! >> >> Glad to see you're back... How was your vacation? Hope you had >> plenty of sun and chablis. > > The holiday was great. Can you imagine 25 C (about 79F) and glorious > sunshine in Bergen (look it up, it's a long way north). Only the last > couple of days were really wet and cloudy, the rest of the time we had > very good weather. Spectacular scenery every you look, mountains and > fjords everywhere. Loads of gorgeous blondes every where too, very > easy on the eyes :-) > > Had a lovely 12 days away from everything and everyone, just me and a > couple of my mates who were doing all the driving for me. I bought > myself a reindeer skin as well, to go with the sheepskin rug I have in > my living room, it is going to be lovely to lie on in the winter nights. > > A great time was had by all! > > Jules. You drove to Norway??? How far was it? The scenery must have been quite spectacular! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060717/85d849d1/smime.bin From MSCHNEIDER at northweststate.edu Mon Jul 17 16:10:37 2006 From: MSCHNEIDER at northweststate.edu (Michael Schneider) Date: Mon Jul 17 16:11:12 2006 Subject: Apologies Message-ID: My sincere apologies for the vacation rule reply to this list. I recently joined this list and forgot all about excluding it from my vacation rule. I have modified my vacation rule to take this list into consideration. Thanks for your patience and understanding, Michael Schneider Network/Systems Administrator Northwest State Community College 22-600 State Route 34 Archbold, OH 43502-9542 Phone: 419-267-1202 Fax: 419-267-3688 Email: mschneider@northweststate.edu From MailScanner at ecs.soton.ac.uk Mon Jul 17 16:24:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 17 16:25:26 2006 Subject: Julian's holiday In-Reply-To: <44BB97F2.4010403@USherbrooke.ca> References: <44B79B4A.8060901@USherbrooke.ca> <44BB97F2.4010403@USherbrooke.ca> Message-ID: On 17 Jul 2006, at 15:00, Denis Beauchemin wrote: > Julian Field a ?crit : >> >> On Fri14 Jul 06, at 14:25, Denis Beauchemin wrote: >> >>> Julian Field a ?crit : >>>> I have just updated it to the latest ClamAV 0.88.3. >>>> >>> Thanks! >>> >>> Glad to see you're back... How was your vacation? Hope you had >>> plenty of sun and chablis. >> >> The holiday was great. Can you imagine 25 C (about 79F) and >> glorious sunshine in Bergen (look it up, it's a long way north). >> Only the last couple of days were really wet and cloudy, the rest >> of the time we had very good weather. Spectacular scenery every >> you look, mountains and fjords everywhere. Loads of gorgeous >> blondes every where too, very easy on the eyes :-) >> >> Had a lovely 12 days away from everything and everyone, just me >> and a couple of my mates who were doing all the driving for me. I >> bought myself a reindeer skin as well, to go with the sheepskin >> rug I have in my living room, it is going to be lovely to lie on >> in the winter nights. >> >> A great time was had by all! >> >> Jules. > > You drove to Norway??? How far was it? No, we flew to Bergen. But we clocked up 2,200km going round southern Norway. > The scenery must have been quite spectacular! Certainly was. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon Jul 17 16:25:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 17 16:27:01 2006 Subject: sa-update and restarting MailScanner? In-Reply-To: References: <44BB3E09.8070004@solid-state-logic.com> Message-ID: <04276AC3-3FFA-4B29-B57C-FC0FFBEC1B4A@ecs.soton.ac.uk> On 17 Jul 2006, at 14:59, Logan Shaw wrote: > On Mon, 17 Jul 2006, Martin Hepworth wrote: > >> Logan Shaw wrote: >>> Is it necessary to restart MailScanner after I run sa-update >>> (which updates SpamAssassin rules) in order for MailScanner >>> to start using the updated rules? >>> MailScanner is using the SpamAssassin Perl modules directly, >>> so that makes me think so. >>> On the other hand, I have >>> >>> Restart Every = 7200 >>> in MailScanner.conf, so maybe that's sufficient. > >> depends how quickly you want the changes to take effect.... >> >> if you want immediate changes then you need to restart MS. > > I don't really need immediate changes, so what I'm wondering is > this: if I don't restart it explicitly, is the "Restart Every" > directive sufficient to cause MailScanner to pick up the new > rules eventually? It could be implemented so that the loading > of the rules is done before children are fork()ed, which would > mean restarting children every 7200 seconds wouldn't cause > the rules to be reloaded. Or, it could be the other way, in > which case the "Restart Every" directive would be sufficient > to have new rules picked up eventually. The new rules should be picked up eventually. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ssilva at sgvwater.com Mon Jul 17 16:32:35 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 17 16:37:44 2006 Subject: MS not scanning some mails. In-Reply-To: <1d1e72700607140346jfdf4388rbcd7c01c071f1c16@mail.gmail.com> References: <1152855340.2606.16.camel@suji> <44B75607.3040104@solid-state-logic.com> <1d1e72700607140346jfdf4388rbcd7c01c071f1c16@mail.gmail.com> Message-ID: Sujith Emmanuel spake the following on 7/14/2006 3:46 AM: > Hi there, > > I do hope the problem was due to DNS issues, but how do you check > whether bayes is the culprit or not. > > I do not have a caching nameserver on the MS machine. Can you > please send me a link on that. > > Thanks and Regards > Sujith Emmanuel yum install caching-nameserver -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jul 17 16:38:48 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 17 16:41:52 2006 Subject: strange dropping of Word.doc-attachements - sendmail dovecot RHEL4 In-Reply-To: <44BB2B1B.2000508@filmakademie.de> References: <44BB2B1B.2000508@filmakademie.de> Message-ID: G?tz Reinicke spake the following on 7/16/2006 11:15 PM: > Hi, > > we have a strange problem: two of our users informed me, that they > aren't able to send word-.doc-files anymore while othe attachements work > fine. The e-mail gets deliverd, but the attachement is dropped. > > This happens using the latest thunderbird 1.5.x and mac os x. The e-mail > is also not saved in the send-drawer. If the users send the same e-mail > to the same recepient using an other mailclient, there is no problem. > > Other users (like me) using the same systemsettings and software > versions don't have the problem. > > The server is RHEL 4 (2.6.9-kernel), sendmail 8.13.1 and dovecot 0.99. > > We use Mailscanner and spamassassin too, but as only the two users do > have the problem I'm looking for some help to track this problem down. > > Any ideas?? > > > Thanks and best regards > > G?tz Reinicke If it isn't saved in the sent folder, it is probably a Thunderbird problem. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Mon Jul 17 18:58:52 2006 From: ka at pacific.net (Ken A) Date: Mon Jul 17 23:05:45 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <44BBCFDC.90309@pacific.net> From ka at pacific.net Mon Jul 17 18:58:52 2006 From: ka at pacific.net (Ken A) Date: Tue Jul 18 02:41:17 2006 Subject: Another call for improvements In-Reply-To: <447CB0F3.5070401@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> Message-ID: <44BBCFDC.90309@pacific.net> I know you just got back from vacation, so please take it easy and file this somewhere deep in the pile.. :-) Per user S.A. scores would be nice. There are times when whitelisting isn't enough, especially as mail from .CN continues to be both very spammy and increasingly more necessary for business. :-\ Thanks, Ken A. Pacific.Net Julian Field wrote: > Any of you got any features which you really need? > I don't guarantee to implement them, or even consider them :-) > > Anything you don't like, anything you particularly like (gratitude is > always welcome :-) I'm a right sucker for it :-) > > At the moment there aren't any features people want, other than a 200% > speed improvement which I've done my best for in the past. > > Don't ignore anything you have asked for in the past, consider them > forgotten :-( > > Regards, > Jules. > From MailScanner at ecs.soton.ac.uk Tue Jul 18 10:08:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 18 10:09:52 2006 Subject: Another call for improvements In-Reply-To: <44BBCFDC.90309@pacific.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <44BBCFDC.90309@pacific.net> Message-ID: <5C0CF3F6-0800-49BE-823D-5DDA82FF494B@ecs.soton.ac.uk> On 17 Jul 2006, at 18:58, Ken A wrote: > Per user S.A. scores would be nice. There are times when > whitelisting isn't enough, especially as mail from .CN continues to > be both very spammy and increasingly more necessary for business. :-\ Can you not already do this with a Custom Ruleset on "Required SpamAssassin Score" ? -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dhawal at netmagicsolutions.com Tue Jul 18 11:07:28 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Jul 18 11:07:39 2006 Subject: Another call for improvements In-Reply-To: <44BBCFDC.90309@pacific.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <44BBCFDC.90309@pacific.net> Message-ID: <44BCB2E0.7050408@netmagicsolutions.com> Ken A wrote: > I know you just got back from vacation, so please take it easy and file > this somewhere deep in the pile.. :-) > > Per user S.A. scores would be nice. There are times when whitelisting > isn't enough, especially as mail from .CN continues to be both very > spammy and increasingly more necessary for business. :-\ Ken, have a look at the 'SQLSpamSettings.pm' from the mailwatch project.. you do not have to use mailwatch to use this module unless you need a front-end to manage the scores.. even if you use the front-end you do not have to use the SQL Logging function from mailwatch, which tends to get resource hungry. There is also a per-user / per-domain blacklist/whitelist module available if you require one. - dhawal > Thanks, > Ken A. > Pacific.Net > > Julian Field wrote: >> Any of you got any features which you really need? >> I don't guarantee to implement them, or even consider them :-) >> >> Anything you don't like, anything you particularly like (gratitude is >> always welcome :-) I'm a right sucker for it :-) >> >> At the moment there aren't any features people want, other than a 200% >> speed improvement which I've done my best for in the past. >> >> Don't ignore anything you have asked for in the past, consider them >> forgotten :-( >> >> Regards, >> Jules. From glenn.steen at gmail.com Tue Jul 18 12:52:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jul 18 12:52:47 2006 Subject: ClamAV+SA easy-install package In-Reply-To: References: <44B79B4A.8060901@USherbrooke.ca> Message-ID: <223f97700607180452g1ca3e9a5i8dcc7f9d7dcaf14a@mail.gmail.com> On 16/07/06, Julian Field wrote: > > On Fri14 Jul 06, at 14:25, Denis Beauchemin wrote: > > > Julian Field a ?crit : > >> I have just updated it to the latest ClamAV 0.88.3. > >> > > Thanks! > > > > Glad to see you're back... How was your vacation? Hope you had > > plenty of sun and chablis. > > The holiday was great. Can you imagine 25 C (about 79F) and glorious > sunshine in Bergen (look it up, it's a long way north). Only the last As in "the city of Bergen in Norway"? Also known as the most rainy place in the whole of Scandinavia? And you had sunny weather? Sheez, you *are* a lucky fellow! > couple of days were really wet and cloudy, the rest of the time we > had very good weather. Spectacular scenery every you look, mountains > and fjords everywhere. Loads of gorgeous blondes every where too, > very easy on the eyes :-) Yeah, well.... living up north has to have *some* perks, now doesn't it? :-) (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jeremy.henty at nec.ac.uk Tue Jul 18 13:32:14 2006 From: jeremy.henty at nec.ac.uk (Jeremy Henty) Date: Tue Jul 18 13:34:05 2006 Subject: ClamAV+SA easy-install package Message-ID: <1088590685jeremy.henty@nec.ac.uk> On Tuesday, July 18, 2006 12:52 pm, Glenn Steen wrote: > >As in "the city of Bergen in Norway"? Also known as the most rainy >place in the whole of Scandinavia? Tourist: Kid, does it *always* rain in Bergen? Child: I don't know, I'm only six! (Told to me by a friend who'd been there.) Regards, Jeremy Henty From glenn.steen at gmail.com Tue Jul 18 13:48:31 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jul 18 13:48:36 2006 Subject: ClamAV+SA easy-install package In-Reply-To: <1088590685jeremy.henty@nec.ac.uk> References: <1088590685jeremy.henty@nec.ac.uk> Message-ID: <223f97700607180548m41a68320ja923b2b6ca1300e1@mail.gmail.com> On 18 Jul 2006 13:32:14 +0100, Jeremy Henty wrote: > On Tuesday, July 18, 2006 12:52 pm, Glenn Steen wrote: > > > >As in "the city of Bergen in Norway"? Also known as the most rainy > >place in the whole of Scandinavia? > > Tourist: Kid, does it *always* rain in Bergen? > Child: I don't know, I'm only six! > > (Told to me by a friend who'd been there.) > > Regards, > > Jeremy Henty > Unfortunately (for the citizens of Bergen) it's not really a joke....:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Jul 18 14:18:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 18 14:19:52 2006 Subject: ClamAV+SA easy-install package In-Reply-To: <223f97700607180548m41a68320ja923b2b6ca1300e1@mail.gmail.com> References: <1088590685jeremy.henty@nec.ac.uk> <223f97700607180548m41a68320ja923b2b6ca1300e1@mail.gmail.com> Message-ID: <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> On 18 Jul 2006, at 13:48, Glenn Steen wrote: > On 18 Jul 2006 13:32:14 +0100, Jeremy Henty > wrote: >> On Tuesday, July 18, 2006 12:52 pm, Glenn Steen >> wrote: >> > >> >As in "the city of Bergen in Norway"? Also known as the most rainy >> >place in the whole of Scandinavia? >> >> Tourist: Kid, does it *always* rain in Bergen? >> Child: I don't know, I'm only six! >> >> (Told to me by a friend who'd been there.) >> >> Regards, >> >> Jeremy Henty >> > Unfortunately (for the citizens of Bergen) it's not really a > joke....:-) Yes, it really was Bergen in Norway. T-shirt and shorts weather and blazing hot sun. We couldn't quite believe it either! My photos are now online at www.jules.fm. Let me know what you think of them. Phil and Kerry (about the only people in them) are the two friends I went with. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Denis.Beauchemin at USherbrooke.ca Tue Jul 18 15:07:38 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jul 18 15:08:03 2006 Subject: ClamAV+SA easy-install package In-Reply-To: <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> References: <1088590685jeremy.henty@nec.ac.uk> <223f97700607180548m41a68320ja923b2b6ca1300e1@mail.gmail.com> <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> Message-ID: <44BCEB2A.4080704@USherbrooke.ca> Julian Field a ?crit : > > On 18 Jul 2006, at 13:48, Glenn Steen wrote: > >> On 18 Jul 2006 13:32:14 +0100, Jeremy Henty >> wrote: >>> On Tuesday, July 18, 2006 12:52 pm, Glenn Steen >>> wrote: >>> > >>> >As in "the city of Bergen in Norway"? Also known as the most rainy >>> >place in the whole of Scandinavia? >>> >>> Tourist: Kid, does it *always* rain in Bergen? >>> Child: I don't know, I'm only six! >>> >>> (Told to me by a friend who'd been there.) >>> >>> Regards, >>> >>> Jeremy Henty >>> >> Unfortunately (for the citizens of Bergen) it's not really a joke....:-) > > Yes, it really was Bergen in Norway. T-shirt and shorts weather and > blazing hot sun. We couldn't quite believe it either! > > My photos are now online at www.jules.fm. > > Let me know what you think of them. Phil and Kerry (about the only > people in them) are the two friends I went with. > --Julian Field Quite impressive! At first I thought it was just some ice at the bottom of a hill but then I saw little people on it! Never been near a glacier! I spotted a geocaching hat... were you geocaching along your trip? I know people that plan their vacations around geocaching. Great way to visit remote places that are quite often very beautiful/interesting. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060718/bbca695f/smime.bin From ka at pacific.net Tue Jul 18 16:02:27 2006 From: ka at pacific.net (Ken A) Date: Tue Jul 18 16:01:51 2006 Subject: Another call for improvements In-Reply-To: <5C0CF3F6-0800-49BE-823D-5DDA82FF494B@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <44BBCFDC.90309@pacific.net> <5C0CF3F6-0800-49BE-823D-5DDA82FF494B@ecs.soton.ac.uk> Message-ID: <44BCF803.3050703@pacific.net> Julian Field wrote: > > On 17 Jul 2006, at 18:58, Ken A wrote: > >> Per user S.A. scores would be nice. There are times when whitelisting >> isn't enough, especially as mail from .CN continues to be both very >> spammy and increasingly more necessary for business. :-\ > > Can you not already do this with a Custom Ruleset on "Required > SpamAssassin Score" > ? The required SpamAssassin Score helps, because I can adjust spam/non-spam threshold per user, but it would be nice to say something like this in a .rules file: username SA_RULE -1.5 Thanks, Ken A > > --Julian Field > MailScanner@ecs.soton.ac.uk > > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ka at pacific.net Tue Jul 18 16:16:15 2006 From: ka at pacific.net (Ken A) Date: Tue Jul 18 16:15:35 2006 Subject: Another call for improvements In-Reply-To: <44BCB2E0.7050408@netmagicsolutions.com> References: <447CB0F3.5070401@ecs.soton.ac.uk> <44BBCFDC.90309@pacific.net> <44BCB2E0.7050408@netmagicsolutions.com> Message-ID: <44BCFB3F.3080603@pacific.net> Dhawal Doshy wrote: > Ken A wrote: >> I know you just got back from vacation, so please take it easy and >> file this somewhere deep in the pile.. :-) >> >> Per user S.A. scores would be nice. There are times when whitelisting >> isn't enough, especially as mail from .CN continues to be both very >> spammy and increasingly more necessary for business. :-\ > > Ken, have a look at the 'SQLSpamSettings.pm' from the mailwatch > project.. you do not have to use mailwatch to use this module unless you > need a front-end to manage the scores.. even if you use the front-end > you do not have to use the SQL Logging function from mailwatch, which > tends to get resource hungry. This looks to be an SQL implementation of a .rules file, and very handy for building front-ends to manage the HIGH/LOW spam thresholds, but not really what I'm looking for. I want to be able to set per user scores on every rule in SA, similar to what's possible using SA alone. The Mail::SpamAssassin API allows an optional $userprefs_filename parameter that contains the path to a per user S.A. prefs file, but I'm not sure what would be involved in using this with MailScanner, or if it's even possible with MailScanner. Thanks, Ken A. Pacific.Net > There is also a per-user / per-domain blacklist/whitelist module > available if you require one. > > - dhawal > >> Thanks, >> Ken A. >> Pacific.Net >> >> Julian Field wrote: >>> Any of you got any features which you really need? >>> I don't guarantee to implement them, or even consider them :-) >>> >>> Anything you don't like, anything you particularly like (gratitude is >>> always welcome :-) I'm a right sucker for it :-) >>> >>> At the moment there aren't any features people want, other than a >>> 200% speed improvement which I've done my best for in the past. >>> >>> Don't ignore anything you have asked for in the past, consider them >>> forgotten :-( >>> >>> Regards, >>> Jules. From akostocker at gmail.com Tue Jul 18 18:36:12 2006 From: akostocker at gmail.com (Tony Stocker) Date: Tue Jul 18 18:36:14 2006 Subject: Allowing nsmail.tmp files through Message-ID: <7801ad8f0607181036x49fda5bcvcab597828663fdd1@mail.gmail.com> Hello All, I'm new to Mailscanner and while I found brief mention of the "Warning: ( nsmail.tmp)" file in the list archives, I didn't see any resolution to the issue. If I don't want to unblock ALL *.tmp files, but I want to ALLOW nsmail.tmpfiles through, which file do I modify, what should the entry look like, and where in the file should it be placed (i.e. above or below the \.tmp$ entry)? Thanks for the help Tony -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060718/d6e8c8b9/attachment.html From ka at pacific.net Tue Jul 18 18:37:48 2006 From: ka at pacific.net (Ken A) Date: Tue Jul 18 18:37:09 2006 Subject: all quiet on the mailscanner list? Message-ID: <44BD1C6C.1030707@pacific.net> or has something run amok? 2nd day of very few posts has got me curious... Ken A Pacific.Net From jeff at image-src.com Tue Jul 18 18:41:28 2006 From: jeff at image-src.com (Jeff Graves) Date: Tue Jul 18 18:41:39 2006 Subject: SMTP Authorization In-Reply-To: <44AD1BA6.2020500@trayerproducts.com> Message-ID: <004201c6aa91$6653b6e0$5a0a10ac@bellingham.imagesrc.com> I've been looking for a SMTP server authorization mechanism. Basically, it would work something like a system connects trying to send mail that's from user@domain.com - the receiving server queries the DNS records for domain.com and checks that the connecting IP is authorized to send mail for the domain.com domain. Plugging this into a MailScanner install could do a couple of things: block it, force greylist milter, assign a higher spamassassin score (or whitelist), etc. I've seen a few drafts out there for such an implementation but no working software. Does anything exist (preferably that works with MailScanner and sendmail)? -- Jeff Graves, MCSA Image Source, Inc. 508.966.5200 x31 www.image-src.com From Denis.Beauchemin at USherbrooke.ca Tue Jul 18 18:53:06 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jul 18 18:53:35 2006 Subject: Allowing nsmail.tmp files through In-Reply-To: <7801ad8f0607181036x49fda5bcvcab597828663fdd1@mail.gmail.com> References: <7801ad8f0607181036x49fda5bcvcab597828663fdd1@mail.gmail.com> Message-ID: <44BD2002.5020308@USherbrooke.ca> Tony Stocker a ?crit : > Hello All, > > I'm new to Mailscanner and while I found brief mention of the > "Warning: (nsmail.tmp)" file in the list archives, I didn't see any > resolution to the issue. > > If I don't want to unblock ALL *.tmp files, but I want to ALLOW > nsmail.tmp files through, which file do I modify, what should the > entry look like, and where in the file should it be placed (i.e. above > or below the \.tmp$ entry)? > > Thanks for the help > > > Tony Tony, Use the following in MailScanner.conf: # Allow any attachment filenames matching any of the patters listed here. # If this setting is empty, it is ignored and no matches are made. # This can also be the filename of a ruleset. Allow Filenames = ^nsmail.tmp$ Then reload MailScanner. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060718/a10c3bc6/smime.bin From michele at blacknight.ie Tue Jul 18 18:55:25 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Tue Jul 18 18:55:28 2006 Subject: SMTP Authorization In-Reply-To: <004201c6aa91$6653b6e0$5a0a10ac@bellingham.imagesrc.com> References: <004201c6aa91$6653b6e0$5a0a10ac@bellingham.imagesrc.com> Message-ID: <44BD208D.90203@blacknight.ie> Jeff Graves wrote: > I've been looking for a SMTP server authorization mechanism. Basically, it > would work something like a system connects trying to send mail that's from > user@domain.com - the receiving server queries the DNS records for > domain.com and checks that the connecting IP is authorized to send mail for > the domain.com domain. Plugging this into a MailScanner install could do a > couple of things: block it, force greylist milter, assign a higher > spamassassin score (or whitelist), etc. I've seen a few drafts out there for > such an implementation but no working software. Does anything exist > (preferably that works with MailScanner and sendmail)? > Unless I'm losing my mind it sounds like SPF... -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From steve.swaney at fsl.com Tue Jul 18 19:05:39 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Jul 18 19:03:42 2006 Subject: SMTP Authorization In-Reply-To: <004201c6aa91$6653b6e0$5a0a10ac@bellingham.imagesrc.com> Message-ID: <42f701c6aa94$c6ef6fa0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff Graves > Sent: Tuesday, July 18, 2006 1:41 PM > To: 'MailScanner discussion' > Subject: SMTP Authorization > > I've been looking for a SMTP server authorization mechanism. Basically, it > would work something like a system connects trying to send mail that's > from > user@domain.com - the receiving server queries the DNS records for > domain.com and checks that the connecting IP is authorized to send mail > for > the domain.com domain. Plugging this into a MailScanner install could do a > couple of things: block it, force greylist milter, assign a higher > spamassassin score (or whitelist), etc. I've seen a few drafts out there > for > such an implementation but no working software. Does anything exist > (preferably that works with MailScanner and sendmail)? > > -- > Jeff Graves, MCSA > Image Source, Inc. > 508.966.5200 x31 > www.image-src.com > Looks like you're looking for SPF and milters. Check out: www.openspf.org/ http://www.milter.org/ http://www.snertsoft.com Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From sailer at bnl.gov Tue Jul 18 19:02:29 2006 From: sailer at bnl.gov (Tim Sailer) Date: Tue Jul 18 19:04:45 2006 Subject: SMTP Authorization In-Reply-To: <44BD208D.90203@blacknight.ie> References: <004201c6aa91$6653b6e0$5a0a10ac@bellingham.imagesrc.com> <44BD208D.90203@blacknight.ie> Message-ID: <20060718180229.GD17250@bnl.gov> On Tue, Jul 18, 2006 at 06:55:25PM +0100, Michele Neylon:: Blacknight.ie wrote: > Unless I'm losing my mind it sounds like SPF... Thorazine addiction aside, that's what SPF was supposed to do. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From michele at blacknight.ie Tue Jul 18 19:14:19 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Tue Jul 18 19:14:22 2006 Subject: SMTP Authorization In-Reply-To: <20060718180229.GD17250@bnl.gov> References: <004201c6aa91$6653b6e0$5a0a10ac@bellingham.imagesrc.com> <44BD208D.90203@blacknight.ie> <20060718180229.GD17250@bnl.gov> Message-ID: <44BD24FB.3030500@blacknight.ie> Tim Sailer wrote: > On Tue, Jul 18, 2006 at 06:55:25PM +0100, Michele Neylon:: Blacknight.ie wrote: >> Unless I'm losing my mind it sounds like SPF... > > Thorazine addiction aside, How did you guess? :) -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From Phil.Udel at salemcorp.com Tue Jul 18 19:23:38 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Tue Jul 18 19:24:08 2006 Subject: all quiet on the mailscanner list? In-Reply-To: <44BD1C6C.1030707@pacific.net> Message-ID: <200607181828.k6IIRwq3010986@cat.salemcarriers.com> Lol. Well, I am installing the new ver in production today. I am sure I will have a question or two :) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Tuesday, July 18, 2006 12:38 PM To: MailScanner discussion Subject: all quiet on the mailscanner list? or has something run amok? 2nd day of very few posts has got me curious... Ken A Pacific.Net -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 18 20:45:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 18 20:46:09 2006 Subject: ClamAV+SA easy-install package In-Reply-To: <44BCEB2A.4080704@USherbrooke.ca> References: <1088590685jeremy.henty@nec.ac.uk> <223f97700607180548m41a68320ja923b2b6ca1300e1@mail.gmail.com> <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> <44BCEB2A.4080704@USherbrooke.ca> Message-ID: <19AC54B3-A8BD-4603-B535-44969603840F@ecs.soton.ac.uk> On Tue18 Jul 06, at 15:07, Denis Beauchemin wrote: > Julian Field a ?crit : >> >> On 18 Jul 2006, at 13:48, Glenn Steen wrote: >> >>> On 18 Jul 2006 13:32:14 +0100, Jeremy Henty >>> wrote: >>>> On Tuesday, July 18, 2006 12:52 pm, Glenn Steen >>>> wrote: >>>> > >>>> >As in "the city of Bergen in Norway"? Also known as the most rainy >>>> >place in the whole of Scandinavia? >>>> >>>> Tourist: Kid, does it *always* rain in Bergen? >>>> Child: I don't know, I'm only six! >>>> >>>> (Told to me by a friend who'd been there.) >>>> >>>> Regards, >>>> >>>> Jeremy Henty >>>> >>> Unfortunately (for the citizens of Bergen) it's not really a >>> joke....:-) >> >> Yes, it really was Bergen in Norway. T-shirt and shorts weather >> and blazing hot sun. We couldn't quite believe it either! >> >> My photos are now online at www.jules.fm. >> >> Let me know what you think of them. Phil and Kerry (about the only >> people in them) are the two friends I went with. >> --Julian Field > > Quite impressive! At first I thought it was just some ice at the > bottom of a hill but then I saw little people on it! Never been > near a glacier! > > I spotted a geocaching hat... were you geocaching along your trip? > I know people that plan their vacations around geocaching. Great > way to visit remote places that are quite often very beautiful/ > interesting. The geocaching was incidental. We did a bit of geocaching along the way as we got near caches along our route. My friends I went with are really into geocaching, I'm a newbie myself, just about got all the software sorted out for my PDA. I'm going to do more caching in the future, for definite. It's a great way of finding interesting places in your surroundings. But you have to watch out for mugglers! :-) (see www.geocaching.com for those not yet educated in the finer arts). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jul 18 20:46:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 18 20:47:07 2006 Subject: Another call for improvements In-Reply-To: <44BCFB3F.3080603@pacific.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <44BBCFDC.90309@pacific.net> <44BCB2E0.7050408@netmagicsolutions.com> <44BCFB3F.3080603@pacific.net> Message-ID: <32FCF9ED-347B-42ED-A53A-9C72EAAFB9C4@ecs.soton.ac.uk> As I said earlier, use a ruleset with the Required SpamAssassin Score setting. On Tue18 Jul 06, at 16:16, Ken A wrote: > > > Dhawal Doshy wrote: >> Ken A wrote: >>> I know you just got back from vacation, so please take it easy >>> and file this somewhere deep in the pile.. :-) >>> >>> Per user S.A. scores would be nice. There are times when >>> whitelisting isn't enough, especially as mail from .CN continues >>> to be both very spammy and increasingly more necessary for >>> business. :-\ >> Ken, have a look at the 'SQLSpamSettings.pm' from the mailwatch >> project.. you do not have to use mailwatch to use this module >> unless you need a front-end to manage the scores.. even if you use >> the front-end you do not have to use the SQL Logging function from >> mailwatch, which tends to get resource hungry. > > This looks to be an SQL implementation of a .rules file, and very > handy for building front-ends to manage the HIGH/LOW spam > thresholds, but not really what I'm looking for. I want to be able > to set per user scores on every rule in SA, similar to what's > possible using SA alone. > > The Mail::SpamAssassin API allows an optional $userprefs_filename > parameter that contains the path to a per user S.A. prefs file, but > I'm not sure what would be involved in using this with MailScanner, > or if it's even possible with MailScanner. > > Thanks, > Ken A. > Pacific.Net > > >> There is also a per-user / per-domain blacklist/whitelist module >> available if you require one. >> - dhawal >>> Thanks, >>> Ken A. >>> Pacific.Net >>> >>> Julian Field wrote: >>>> Any of you got any features which you really need? >>>> I don't guarantee to implement them, or even consider them :-) >>>> >>>> Anything you don't like, anything you particularly like >>>> (gratitude is always welcome :-) I'm a right sucker for it :-) >>>> >>>> At the moment there aren't any features people want, other than >>>> a 200% speed improvement which I've done my best for in the past. >>>> >>>> Don't ignore anything you have asked for in the past, consider >>>> them forgotten :-( >>>> >>>> Regards, >>>> Jules. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Tue Jul 18 20:47:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 18 20:47:50 2006 Subject: Allowing nsmail.tmp files through Message-ID: Add an allow rule to filename.rules.conf. Hello All, I'm new to Mailscanner and while I found brief mention of the "Warning: (nsmail.tmp)" file in the list archives, I didn't see any resolution to the issue. If I don't want to unblock ALL *.tmp files, but I want to ALLOW nsmail.tmp files through, which file do I modify, what should the entry look like, and where in the file should it be placed (i.e. above or below the \.tmp$ entry)? Thanks for the help Tony -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Denis.Beauchemin at USherbrooke.ca Tue Jul 18 20:59:06 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jul 18 20:59:41 2006 Subject: ClamAV+SA easy-install package In-Reply-To: <19AC54B3-A8BD-4603-B535-44969603840F@ecs.soton.ac.uk> References: <1088590685jeremy.henty@nec.ac.uk> <223f97700607180548m41a68320ja923b2b6ca1300e1@mail.gmail.com> <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> <44BCEB2A.4080704@USherbrooke.ca> <19AC54B3-A8BD-4603-B535-44969603840F@ecs.soton.ac.uk> Message-ID: <44BD3D8A.3040000@USherbrooke.ca> Julian Field a ?crit : >> I spotted a geocaching hat... were you geocaching along your trip? I >> know people that plan their vacations around geocaching. Great way >> to visit remote places that are quite often very beautiful/interesting. > > The geocaching was incidental. We did a bit of geocaching along the > way as we got near caches along our route. My friends I went with are > really into geocaching, I'm a newbie myself, just about got all the > software sorted out for my PDA. I'm going to do more caching in the > future, for definite. It's a great way of finding interesting places > in your surroundings. But you have to watch out for mugglers! :-) (see > www.geocaching.com for those not yet educated in the finer arts). I think you mean "muggles" as in Harry Potter. It translates to "moldus" in French and we use geomoldus for people without the geocaching knowledge, which would be geomuggles in English. See http://en.wikipedia.org/wiki/Geocaching for more info on the subject. Denis aka MotoGeo in the www.geocaching.com world... -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060718/ca22e0b1/smime.bin From Denis.Beauchemin at USherbrooke.ca Tue Jul 18 21:29:52 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jul 18 21:30:10 2006 Subject: ClamAV vs password-protected ZIP files Message-ID: <44BD44C0.3020802@USherbrooke.ca> Hello, It seems ClamAv now blocks password-encrypted ZIP files. Could this behaviour be changed? We block ZIPs if enclosed filenames match certain patterns, otherwise we let them through. Now they always get blocked... I use ClamAV 0.88.3 with clamavmodule in MS 4.54.6 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060718/3a957d57/smime.bin From ka at pacific.net Tue Jul 18 21:36:55 2006 From: ka at pacific.net (Ken A) Date: Tue Jul 18 21:36:17 2006 Subject: Another call for improvements In-Reply-To: <32FCF9ED-347B-42ED-A53A-9C72EAAFB9C4@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <44BBCFDC.90309@pacific.net> <44BCB2E0.7050408@netmagicsolutions.com> <44BCFB3F.3080603@pacific.net> <32FCF9ED-347B-42ED-A53A-9C72EAAFB9C4@ecs.soton.ac.uk> Message-ID: <44BD4667.8070603@pacific.net> Maybe I'm just being dense, but I don't see how this would work. For example, if userA wants IN_CN (some S.A rule) to be scored at 0.00 and userB wants IN_CN to be scored at 2.5, how would I go about writing a .rules file using Required SpamAssassin Score to achieve this? The nearest I can come is this hack...assuming there was a rule called IN_CN and it's score was 1.5 by default. Required SpamAssassin Score = %rules_dir%/sa.rules.rules # sa.rules.rules file # # subtract 1.5 for userA From *.cn AND To userA 4.0 # add 1.0 for userB From *.cn AND To userB 7.5 default 6.5 What am I missing? I want to write: userA IN_CN 0.00 userB IN_CN 2.50 This is better, since it can work for all kinds of rules. Thanks, Ken A. Pacific.Net Julian Field wrote: > As I said earlier, use a ruleset with the Required SpamAssassin Score > setting. > > On Tue18 Jul 06, at 16:16, Ken A wrote: > >> >> >> Dhawal Doshy wrote: >>> Ken A wrote: >>>> I know you just got back from vacation, so please take it easy and >>>> file this somewhere deep in the pile.. :-) >>>> >>>> Per user S.A. scores would be nice. There are times when >>>> whitelisting isn't enough, especially as mail from .CN continues to >>>> be both very spammy and increasingly more necessary for business. :-\ >>> Ken, have a look at the 'SQLSpamSettings.pm' from the mailwatch >>> project.. you do not have to use mailwatch to use this module unless >>> you need a front-end to manage the scores.. even if you use the >>> front-end you do not have to use the SQL Logging function from >>> mailwatch, which tends to get resource hungry. >> >> This looks to be an SQL implementation of a .rules file, and very >> handy for building front-ends to manage the HIGH/LOW spam thresholds, >> but not really what I'm looking for. I want to be able to set per user >> scores on every rule in SA, similar to what's possible using SA alone. >> >> The Mail::SpamAssassin API allows an optional $userprefs_filename >> parameter that contains the path to a per user S.A. prefs file, but >> I'm not sure what would be involved in using this with MailScanner, or >> if it's even possible with MailScanner. >> >> Thanks, >> Ken A. >> Pacific.Net >> >> >>> There is also a per-user / per-domain blacklist/whitelist module >>> available if you require one. >>> - dhawal >>>> Thanks, >>>> Ken A. >>>> Pacific.Net >>>> >>>> Julian Field wrote: >>>>> Any of you got any features which you really need? >>>>> I don't guarantee to implement them, or even consider them :-) >>>>> >>>>> Anything you don't like, anything you particularly like (gratitude >>>>> is always welcome :-) I'm a right sucker for it :-) >>>>> >>>>> At the moment there aren't any features people want, other than a >>>>> 200% speed improvement which I've done my best for in the past. >>>>> >>>>> Don't ignore anything you have asked for in the past, consider them >>>>> forgotten :-( >>>>> >>>>> Regards, >>>>> Jules. >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store ! > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jul 18 22:23:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 18 22:24:08 2006 Subject: Another call for improvements In-Reply-To: <44BD4667.8070603@pacific.net> References: <447CB0F3.5070401@ecs.soton.ac.uk> <44BBCFDC.90309@pacific.net> <44BCB2E0.7050408@netmagicsolutions.com> <44BCFB3F.3080603@pacific.net> <32FCF9ED-347B-42ED-A53A-9C72EAAFB9C4@ecs.soton.ac.uk> <44BD4667.8070603@pacific.net> Message-ID: <8A57A4C4-A138-48B4-9565-5DB4625EE07C@ecs.soton.ac.uk> I misunderstood your requirements. Currently I cannot do different sets of SA rule scores for different people. Sorry. All the SA calls are done as the same user (the "Run As User" user). Doing this any other way would slow things down too much, and this is a rare requirement. On Tue18 Jul 06, at 21:36, Ken A wrote: > Maybe I'm just being dense, but I don't see how this would work. > > For example, if userA wants IN_CN (some S.A rule) to be scored at > 0.00 and userB wants IN_CN to be scored at 2.5, how would I go > about writing a .rules file using Required SpamAssassin Score to > achieve this? > > The nearest I can come is this hack...assuming there was a rule > called IN_CN and it's score was 1.5 by default. > > Required SpamAssassin Score = %rules_dir%/sa.rules.rules > > # sa.rules.rules file > # > # subtract 1.5 for userA > From *.cn AND To userA 4.0 > # add 1.0 for userB > From *.cn AND To userB 7.5 > default 6.5 > > What am I missing? > > I want to write: > > userA IN_CN 0.00 > userB IN_CN 2.50 > > This is better, since it can work for all kinds of rules. > > Thanks, > Ken A. > Pacific.Net > > > Julian Field wrote: >> As I said earlier, use a ruleset with the Required SpamAssassin >> Score setting. >> On Tue18 Jul 06, at 16:16, Ken A wrote: >>> >>> >>> Dhawal Doshy wrote: >>>> Ken A wrote: >>>>> I know you just got back from vacation, so please take it easy >>>>> and file this somewhere deep in the pile.. :-) >>>>> >>>>> Per user S.A. scores would be nice. There are times when >>>>> whitelisting isn't enough, especially as mail from .CN >>>>> continues to be both very spammy and increasingly more >>>>> necessary for business. :-\ >>>> Ken, have a look at the 'SQLSpamSettings.pm' from the mailwatch >>>> project.. you do not have to use mailwatch to use this module >>>> unless you need a front-end to manage the scores.. even if you >>>> use the front-end you do not have to use the SQL Logging >>>> function from mailwatch, which tends to get resource hungry. >>> >>> This looks to be an SQL implementation of a .rules file, and very >>> handy for building front-ends to manage the HIGH/LOW spam >>> thresholds, but not really what I'm looking for. I want to be >>> able to set per user scores on every rule in SA, similar to >>> what's possible using SA alone. >>> >>> The Mail::SpamAssassin API allows an optional $userprefs_filename >>> parameter that contains the path to a per user S.A. prefs file, >>> but I'm not sure what would be involved in using this with >>> MailScanner, or if it's even possible with MailScanner. >>> >>> Thanks, >>> Ken A. >>> Pacific.Net >>> >>> >>>> There is also a per-user / per-domain blacklist/whitelist module >>>> available if you require one. >>>> - dhawal >>>>> Thanks, >>>>> Ken A. >>>>> Pacific.Net >>>>> >>>>> Julian Field wrote: >>>>>> Any of you got any features which you really need? >>>>>> I don't guarantee to implement them, or even consider them :-) >>>>>> >>>>>> Anything you don't like, anything you particularly like >>>>>> (gratitude is always welcome :-) I'm a right sucker for it :-) >>>>>> >>>>>> At the moment there aren't any features people want, other >>>>>> than a 200% speed improvement which I've done my best for in >>>>>> the past. >>>>>> >>>>>> Don't ignore anything you have asked for in the past, consider >>>>>> them forgotten :-( >>>>>> >>>>>> Regards, >>>>>> Jules. >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store ! >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From r.berber at computer.org Tue Jul 18 22:44:53 2006 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Tue Jul 18 22:45:20 2006 Subject: ClamAV vs password-protected ZIP files In-Reply-To: <44BD44C0.3020802@USherbrooke.ca> References: <44BD44C0.3020802@USherbrooke.ca> Message-ID: Denis Beauchemin wrote: > It seems ClamAv now blocks password-encrypted ZIP files. No it doesn't... unless you changed the default setting. > Could this > behaviour be changed? We block ZIPs if enclosed filenames match certain > patterns, otherwise we let them through. Now they always get blocked... What do you see in your log as the clamavmodule message? -- Ren? Berber From Denis.Beauchemin at USherbrooke.ca Wed Jul 19 13:44:42 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jul 19 13:45:02 2006 Subject: ClamAV vs password-protected ZIP files In-Reply-To: References: <44BD44C0.3020802@USherbrooke.ca> Message-ID: <44BE293A.1080205@USherbrooke.ca> Ren? Berber a ?crit : > Denis Beauchemin wrote: > > >> It seems ClamAv now blocks password-encrypted ZIP files. >> > > No it doesn't... unless you changed the default setting. > > >> Could this >> behaviour be changed? We block ZIPs if enclosed filenames match certain >> patterns, otherwise we let them through. Now they always get blocked... >> > > What do you see in your log as the clamavmodule message? > Ren?, This is the message: Jul 18 03:03:08 smtpe2 MailScanner[18831]: ClamAVModule::INFECTED:: Encrypted.Zip:: ./k6I72VrO030528/Bennett.zip But I just noticed the following one: Jul 18 03:03:09 smtpe2 MailScanner[18831]: Viruses marked as silent: ClamAV Module: msg-18831-96.html was infected: Worm.Bagle.pwd-eml, McAfee: /k6I72VrO030528/Bennett.zip contient le virus W32/Bagle.fc!pwdzip !!! ,Bitdefender: Found virus Win32.Bagle.GL@mm in file Bennett.zip,ClamAV Module: Bennett.zip was infected: Encrypted.Zip Sorry!!! Looks like the file contains a virus! :-! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060719/3c649144/smime.bin From ram at netcore.co.in Wed Jul 19 14:00:07 2006 From: ram at netcore.co.in (Ramprasad) Date: Wed Jul 19 14:00:17 2006 Subject: performance with large rules files Message-ID: <1153314007.4767.72.camel@darkstar.netcore.co.in> I posted this a few days ago , sorry for reposting We scan mails for quiet a large number of domains ( around 1.5k domains). The scanning happens on multiple identically configured MS +postfix+SA linux boxes behind load balancers For every domain that is added there will be entries in spamcheck.rules spamaction.rules etc. Besides the domains will have their own whitelists and blacklists which go into whitelist/blacklist rules files. Already these have more than 10000 lines each Obviously the easiest way to scale would be to break the architecture. Have first set of domains on one set of machines, next on another , .. etc But that creates a maintenance problem. Today with identical servers , maintenance is relatively easy .. If I have non identical configuration I may have more problems managing servers Thanks Ram From paul at blacknight.ie Wed Jul 19 14:03:56 2006 From: paul at blacknight.ie (Paul Kelly :: Blacknight) Date: Wed Jul 19 14:02:38 2006 Subject: test Message-ID: <1153314236.13928.8.camel@localhost.localdomain> Hi Folks, just a wee test message to see if all is well after the mailman upgrade on Sunday night. thanks, Paul sent: Wed Jul 19 14:03:51 IST 2006 -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers Lo-call: 1850 927 280 DDI: 059 9183091 e-mail: paul@blacknight.ie From drew at themarshalls.co.uk Wed Jul 19 14:07:49 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Wed Jul 19 14:08:04 2006 Subject: all quiet on the mailscanner list? In-Reply-To: <44BD1C6C.1030707@pacific.net> References: <44BD1C6C.1030707@pacific.net> Message-ID: <63946.194.70.180.170.1153314469.squirrel@webmail.r-bit.net> On Tue, July 18, 2006 18:37, Ken A wrote: > or has something run amok? > 2nd day of very few posts has got me curious... And a 3rd with only 1 post in about 12 hours. The world must be on holiday (Except the spammers who seem to be ever increasing in my mail percentage. Perhaps this is due to a reduction of other mail...) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From martinh at solid-state-logic.com Wed Jul 19 14:24:56 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 19 14:25:11 2006 Subject: all quiet on the mailscanner list? In-Reply-To: <63946.194.70.180.170.1153314469.squirrel@webmail.r-bit.net> References: <44BD1C6C.1030707@pacific.net> <63946.194.70.180.170.1153314469.squirrel@webmail.r-bit.net> Message-ID: <44BE32A8.3040308@solid-state-logic.com> Drew Marshall wrote: > On Tue, July 18, 2006 18:37, Ken A wrote: >> or has something run amok? >> 2nd day of very few posts has got me curious... > > And a 3rd with only 1 post in about 12 hours. The world must be on holiday > (Except the spammers who seem to be ever increasing in my mail percentage. > Perhaps this is due to a reduction of other mail...) > > Drew > > Getting 17 or so overnight.... quite a few daytime GMT.. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From ka at pacific.net Wed Jul 19 16:55:53 2006 From: ka at pacific.net (Ken A) Date: Wed Jul 19 16:55:15 2006 Subject: Another call for improvements In-Reply-To: <8A57A4C4-A138-48B4-9565-5DB4625EE07C@ecs.soton.ac.uk> References: <447CB0F3.5070401@ecs.soton.ac.uk> <44BBCFDC.90309@pacific.net> <44BCB2E0.7050408@netmagicsolutions.com> <44BCFB3F.3080603@pacific.net> <32FCF9ED-347B-42ED-A53A-9C72EAAFB9C4@ecs.soton.ac.uk> <44BD4667.8070603@pacific.net> <8A57A4C4-A138-48B4-9565-5DB4625EE07C@ecs.soton.ac.uk> Message-ID: <44BE5609.80506@pacific.net> Julian Field wrote: > I misunderstood your requirements. Currently I cannot do different sets > of SA rule scores for different people. Sorry. > All the SA calls are done as the same user (the "Run As User" user). > Doing this any other way would slow things down too much, and this is a > rare requirement. Okay, that makes sense. It was just a thought for a possible future improvement, though I do see how it would slow things down. I've seen ISPs who offer customers SpamAssassin web interfaces with checkboxes to activate/deactivate groups of rules, some individual rules, dnsrbls, etc. It's always about features and ease of use. End users don't care about speed issues on the server side... That's our problem! :-) Thanks, Ken A Pacific.Net > On Tue18 Jul 06, at 21:36, Ken A wrote: > >> Maybe I'm just being dense, but I don't see how this would work. >> >> For example, if userA wants IN_CN (some S.A rule) to be scored at 0.00 >> and userB wants IN_CN to be scored at 2.5, how would I go about >> writing a .rules file using Required SpamAssassin Score to achieve this? >> >> The nearest I can come is this hack...assuming there was a rule called >> IN_CN and it's score was 1.5 by default. >> >> Required SpamAssassin Score = %rules_dir%/sa.rules.rules >> >> # sa.rules.rules file >> # >> # subtract 1.5 for userA >> From *.cn AND To userA 4.0 >> # add 1.0 for userB >> From *.cn AND To userB 7.5 >> default 6.5 >> >> What am I missing? >> >> I want to write: >> >> userA IN_CN 0.00 >> userB IN_CN 2.50 >> >> This is better, since it can work for all kinds of rules. >> >> Thanks, >> Ken A. >> Pacific.Net >> >> >> Julian Field wrote: >>> As I said earlier, use a ruleset with the Required SpamAssassin Score >>> setting. >>> On Tue18 Jul 06, at 16:16, Ken A wrote: >>>> >>>> >>>> Dhawal Doshy wrote: >>>>> Ken A wrote: >>>>>> I know you just got back from vacation, so please take it easy and >>>>>> file this somewhere deep in the pile.. :-) >>>>>> >>>>>> Per user S.A. scores would be nice. There are times when >>>>>> whitelisting isn't enough, especially as mail from .CN continues >>>>>> to be both very spammy and increasingly more necessary for >>>>>> business. :-\ >>>>> Ken, have a look at the 'SQLSpamSettings.pm' from the mailwatch >>>>> project.. you do not have to use mailwatch to use this module >>>>> unless you need a front-end to manage the scores.. even if you use >>>>> the front-end you do not have to use the SQL Logging function from >>>>> mailwatch, which tends to get resource hungry. >>>> >>>> This looks to be an SQL implementation of a .rules file, and very >>>> handy for building front-ends to manage the HIGH/LOW spam >>>> thresholds, but not really what I'm looking for. I want to be able >>>> to set per user scores on every rule in SA, similar to what's >>>> possible using SA alone. >>>> >>>> The Mail::SpamAssassin API allows an optional $userprefs_filename >>>> parameter that contains the path to a per user S.A. prefs file, but >>>> I'm not sure what would be involved in using this with MailScanner, >>>> or if it's even possible with MailScanner. >>>> >>>> Thanks, >>>> Ken A. >>>> Pacific.Net >>>> >>>> >>>>> There is also a per-user / per-domain blacklist/whitelist module >>>>> available if you require one. >>>>> - dhawal >>>>>> Thanks, >>>>>> Ken A. >>>>>> Pacific.Net >>>>>> >>>>>> Julian Field wrote: >>>>>>> Any of you got any features which you really need? >>>>>>> I don't guarantee to implement them, or even consider them :-) >>>>>>> >>>>>>> Anything you don't like, anything you particularly like >>>>>>> (gratitude is always welcome :-) I'm a right sucker for it :-) >>>>>>> >>>>>>> At the moment there aren't any features people want, other than a >>>>>>> 200% speed improvement which I've done my best for in the past. >>>>>>> >>>>>>> Don't ignore anything you have asked for in the past, consider >>>>>>> them forgotten :-( >>>>>>> >>>>>>> Regards, >>>>>>> Jules. >>>> --MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> --Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store ! >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> --This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> MailScanner thanks transtec Computers for their support. >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> Before posting, read http://wiki.mailscanner.info/posting >>> Support MailScanner development - buy the book off the website! >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store ! > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Phil.Udel at salemcorp.com Wed Jul 19 17:14:06 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Wed Jul 19 17:14:21 2006 Subject: A Few Post Install Questions Message-ID: <200607191618.k6JGISDe003066@cat.salemcarriers.com> I finished the install in production and it was really smooth to set up. :) So I have a few setup questions I thought I would ask the group. Currently I am running a 5 for Spam Actions and I quarantine them and a 9 for the High Scoring Spam Actions witch are deleted. This might be hard to answer, but would that be a normal setup for a company? Would it be unwise to push up the Spam score on RCVD_IN_BL_SPAMCOP_NET and a few other list servers to something like 15 to force the mail into a high score and force the delete? I figure if they are in the lists then I don't need them. I have installed MailWatch for the first time, and I really like it. But I did have a concern with the Whitelist/blacklist. It seems less functional then the normal tables and it does not look like it supports wildcards. Is that truly a disadvantage? Currently I have MCP Checks set to no in the MailScanner.Conf but in the mail log I see this message: Jul 19 12:03:54 cat MailScanner[30088]: MCP Checks completed at 1389073 bytes per second Is that normal? Phillip Udel Senior Systems Administrator Admin@SalemCorp.com (800) 877-2536 Ext 212 Rules To Live By: 1) On the keyboard of life, always keep one finger on the escape key. 2) There are absolutely no absolutes. 3) Artificial Intelligence is no match for natural stupidity 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not Truth -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Phil Udel.vcf Type: text/x-vcard Size: 445 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060719/f340b721/PhilUdel.vcf From mike at vesol.com Wed Jul 19 17:32:45 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Jul 19 17:32:51 2006 Subject: A Few Post Install Questions In-Reply-To: <200607191618.k6JGISDe003066@cat.salemcarriers.com> Message-ID: mailscanner-bounces@lists.mailscanner.info <> scribbled on : > I finished the install in production and it was really smooth > to set up. :) So I have a few setup questions I thought I > would ask the group. > > Currently I am running a 5 for Spam Actions and I quarantine > them and a 9 for the High Scoring Spam Actions witch are > deleted. This might be hard to answer, but would that be a > normal setup for a company? > > Would it be unwise to push up the Spam score on > RCVD_IN_BL_SPAMCOP_NET and a few other list servers to > something like 15 to force the mail into a high score and > force the delete? I figure if they are in the lists then I > don't need them. > > I have installed MailWatch for the first time, and I really > like it. But I did have a concern with the > Whitelist/blacklist. It seems less functional then the normal > tables and it does not look like it supports wildcards. Is > that truly a disadvantage? > > > Currently I have MCP Checks set to no in the MailScanner.Conf > but in the mail log I see this message: > Jul 19 12:03:54 cat MailScanner[30088]: MCP Checks completed > at 1389073 bytes per second Is that normal? > > > Phillip Udel > Senior Systems Administrator > Admin@SalemCorp.com > (800) 877-2536 Ext 212 > Rules To Live By: > 1) On the keyboard of life, always keep one finger on the escape key. > 2) There are absolutely no absolutes. > 3) Artificial Intelligence is no match for natural stupidity > 4) Information is not Knowledge, Knowledge is not Wisdom, and > Wisdom is not Truth I have 5.7 as my spam threshold and I delete at 10. I wouldn't bump the spamcop score up and it can be somewhat unreliable. Mike From steve.swaney at fsl.com Wed Jul 19 17:43:37 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Jul 19 17:41:40 2006 Subject: Another call for improvements In-Reply-To: <44BE5609.80506@pacific.net> Message-ID: <4e2901c6ab52$7be0b5f0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: Wednesday, July 19, 2006 11:56 AM > To: MailScanner discussion > Subject: Re: Another call for improvements > > > > Julian Field wrote: > > I misunderstood your requirements. Currently I cannot do different sets > > of SA rule scores for different people. Sorry. > > All the SA calls are done as the same user (the "Run As User" user). > > Doing this any other way would slow things down too much, and this is a > > rare requirement. > > Okay, that makes sense. It was just a thought for a possible future > improvement, though I do see how it would slow things down. > > I've seen ISPs who offer customers SpamAssassin web interfaces with > checkboxes to activate/deactivate groups of rules, some individual > rules, dnsrbls, etc. It's always about features and ease of use. End > users don't care about speed issues on the server side... That's our > problem! :-) > > Thanks, > Ken A > Pacific.Net > We have added this feature to DefenderMX, our Commercial implementation of MailScanner and it's far from trivial to implement. You first need to provide an authentication methodology to validate the users and since MailScanner can scan email for multiple domains, the validation method specified may vary for different domains. Also you don't want to create a process where the administrator of each domain needs to maintain the state of user accounts on the gateway. When a user is added on a mail hub, they should be able to access their settings and quarantine directly on the Gateway(s) simply by logging into the web interface using their email address and mail hub password. The next step is to setup a hierarchy for checking spam scores, white lists and black lists. The order in which lists and settings should be examined and applied is: User preferences / lists Then Domain preferences / lists Then Site preferences / lists You also need to provide a mechanism that allows users and domain administrators to access only their messages and settings. Hopefully you can understand why I say this is not trivial to implement and it does slow things down a bit. We also have the luxury of only supporting one Operating system and database. This would be very difficult to build into MailScanner given the wide range of platforms that Julian supports. We have all of these features working in the current version of DefenderMX but there is still one missing piece that we believe we will be able to implement in the next version of DefenderMX. This is the ability to apply the correct User preferences and quarantine rules to all the email destined for a specific user including their aliases. Also not trivial to implement if you want to support different back end mail hubs and not manually maintain user state on the gateway :) I hope this puts the "Feature Request" into perspective, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ka at pacific.net Wed Jul 19 17:46:58 2006 From: ka at pacific.net (Ken A) Date: Wed Jul 19 17:46:25 2006 Subject: A Few Post Install Questions In-Reply-To: <200607191618.k6JGISDe003066@cat.salemcarriers.com> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> Message-ID: <44BE6202.8010001@pacific.net> Phillip Udel wrote: > I finished the install in production and it was really smooth to set up. :) > So I have a few setup questions I thought I would ask the group. > > Currently I am running a 5 for Spam Actions and I quarantine them and a 9 > for the High Scoring Spam Actions witch are deleted. This might be hard to > answer, but would that be a normal setup for a company? Depends on the company. We tag, deliver, attachment {SPAM}, but we are an ISP (who does email for companies too). You _will_ see some legitimate email quarantined and possibly some deleted at those levels. You might want to set the delete threshold to a higher value (15 or so), especially if you are quarantining spam, at least for a few months to see what your false positive rates are. In the worst case, you'll end up with a very large quarantine, but that should tell your boss that your system is catching LOTS of spam! > Would it be unwise to push up the Spam score on RCVD_IN_BL_SPAMCOP_NET and > a few other list servers to something like 15 to force the mail into a high > score and force the delete? I figure if they are in the lists then I don't > need them. If you are going to do that, then you might as well run the RBL checks in your MTA instead and send back an error on connect instead of deleting mail. Ken A Pacific.Net > I have installed MailWatch for the first time, and I really like it. But I > did have a concern with the Whitelist/blacklist. It seems less functional > then the normal tables and it does not look like it supports wildcards. Is > that truly a disadvantage? > > > Currently I have MCP Checks set to no in the MailScanner.Conf but in the > mail log I see this message: > Jul 19 12:03:54 cat MailScanner[30088]: MCP Checks completed at 1389073 > bytes per second Is that normal? > > > Phillip Udel > Senior Systems Administrator > Admin@SalemCorp.com > (800) 877-2536 Ext 212 > Rules To Live By: > 1) On the keyboard of life, always keep one finger on the escape key. > 2) There are absolutely no absolutes. > 3) Artificial Intelligence is no match for natural stupidity > 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not > Truth > > > From sobralm at agro.uba.ar Wed Jul 19 17:47:29 2006 From: sobralm at agro.uba.ar (Marcos Sobral) Date: Wed Jul 19 18:04:10 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <200607191618.k6JGISDe003066@cat.salemcarriers.com> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> Message-ID: <44BE6221.5060400@agro.uba.ar> Hi, I need a hand. I?m actually having problems with Mailscaner. I have around 150,000 emails each day. I?m working with 3 smtps servers each one with sendmail and mailscanner, the servers are an Atlhlon 2000 (512mb ram), a P4 2.4 (1Gb ram) a P4 2.8 (512ram). I use pen loadbalancer to balance them Both P4 have 2 harddrives (ide 7200rpm) one for the system other for de mqueues dirs, the Atlhon has only one hard disk. And after trying tunning Mailscaner (like using tmpfs for de incoming dir), instead of all my efforts the mqueue.in increases creating delays of 20 to 60 minutes. If someone had problems of this kind I would like if he could give me some advices. Also I would like to know which hardware do you recommend for a diary traffic of around 300,000 emails. Thanks! Marcos. From jstevens at athensdistributing.com Wed Jul 19 18:05:21 2006 From: jstevens at athensdistributing.com (James R. Stevens) Date: Wed Jul 19 18:05:29 2006 Subject: Upgrade -- Shirt Message-ID: <1A65E6BAEADF9B4F865314484A13ECF10F8E8E@atlas.athensdistributing.com> Two questions, One stone. (Sorry if one is a little odd) Current setup: RH 9 Sendmail 8.12.8-9 Mailscanner 4.29.7-1 Spam assassin 2.63 ClamAV 0.88.2 MySQL 3.23.58-1.9 MailWatch 0.5.1 1) I am ready to upgrade MailScanner and Mailwatch to gain some functionality and reporting within the two, Should we upgrade through the different versions on our way to the current release OR can we upgrade straight to the current release? 2) We hail from USA, Nashville TN. When trying to order some MailScanner PoloT's (The nice ones) there is no currency converter to US dollars, also My Creditcard info wont take because the address info (US address) isn't correct. How does a US resident order some polo T's? Lost in the shadow of chaos... -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060719/cd3c1328/attachment.html From ka at pacific.net Wed Jul 19 18:12:07 2006 From: ka at pacific.net (Ken A) Date: Wed Jul 19 18:11:27 2006 Subject: Another call for improvements In-Reply-To: <4e2901c6ab52$7be0b5f0$287ba8c0@office.fsl> References: <4e2901c6ab52$7be0b5f0$287ba8c0@office.fsl> Message-ID: <44BE67E7.4010700@pacific.net> Stephen Swaney wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ken A >> Sent: Wednesday, July 19, 2006 11:56 AM >> To: MailScanner discussion >> Subject: Re: Another call for improvements >> >> >> >> Julian Field wrote: >>> I misunderstood your requirements. Currently I cannot do different sets >>> of SA rule scores for different people. Sorry. >>> All the SA calls are done as the same user (the "Run As User" user). >>> Doing this any other way would slow things down too much, and this is a >>> rare requirement. >> Okay, that makes sense. It was just a thought for a possible future >> improvement, though I do see how it would slow things down. >> >> I've seen ISPs who offer customers SpamAssassin web interfaces with >> checkboxes to activate/deactivate groups of rules, some individual >> rules, dnsrbls, etc. It's always about features and ease of use. End >> users don't care about speed issues on the server side... That's our >> problem! :-) >> >> Thanks, >> Ken A >> Pacific.Net >> > > We have added this feature to DefenderMX, our Commercial implementation of > MailScanner and it's far from trivial to implement. > > You first need to provide an authentication methodology to validate the > users and since MailScanner can scan email for multiple domains, the > validation method specified may vary for different domains. Also you don't > want to create a process where the administrator of each domain needs to > maintain the state of user accounts on the gateway. When a user is added on > a mail hub, they should be able to access their settings and quarantine > directly on the Gateway(s) simply by logging into the web interface using > their email address and mail hub password. > > The next step is to setup a hierarchy for checking spam scores, white lists > and black lists. The order in which lists and settings should be examined > and applied is: > > User preferences / lists > Then > Domain preferences / lists > Then > Site preferences / lists > > You also need to provide a mechanism that allows users and domain > administrators to access only their messages and settings. > > Hopefully you can understand why I say this is not trivial to implement and > it does slow things down a bit. We also have the luxury of only supporting > one Operating system and database. This would be very difficult to build > into MailScanner given the wide range of platforms that Julian supports. > > We have all of these features working in the current version of DefenderMX > but there is still one missing piece that we believe we will be able to > implement in the next version of DefenderMX. This is the ability to apply > the correct User preferences and quarantine rules to all the email destined > for a specific user including their aliases. Also not trivial to implement > if you want to support different back end mail hubs and not manually > maintain user state on the gateway :) Those aliases are a bear, since they normally get resolved last! > I hope this puts the "Feature Request" into perspective, It does indeed, and more, but I just want to pass MailScanner a username that it passes to Mail::SpamAssassin as SpamAssassin's 'userprefs_file'. I have the luxury of only having to design a system that works here. I already have the user auth stuff and web front end for white/blacklists & opt-outs with backend in mysql, and various other mail related functions (vacation messages, etc). This would just be an addition to an existing set of tools. Thanks, Ken A Pacific.Net > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > From Phil.Udel at salemcorp.com Wed Jul 19 18:27:13 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Wed Jul 19 18:27:25 2006 Subject: Upgrade -- Shirt In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF10F8E8E@atlas.athensdistributing.com> Message-ID: <200607191731.k6JHVZxb011008@cat.salemcarriers.com> Well. I just upgraded RH 8.0 and Mailscanner 4.24.? to the current release and it went well. The upgrade doc is good. Did have some issues with Spamassassin 3.X I had to force DBI, SPF and a few of the others like DKIM, LWP,DBE,DBD had a issue or two and SSL was missing a lib. The MailWatch was a new install for me. ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of James R. Stevens Sent: Wednesday, July 19, 2006 12:05 PM To: mailscanner@lists.mailscanner.info Subject: Upgrade -- Shirt Two questions, One stone. (Sorry if one is a little odd) Current setup: RH 9 Sendmail 8.12.8-9 Mailscanner 4.29.7-1 Spam assassin 2.63 ClamAV 0.88.2 MySQL 3.23.58-1.9 MailWatch 0.5.1 1) I am ready to upgrade MailScanner and Mailwatch to gain some functionality and reporting within the two, Should we upgrade through the different versions on our way to the current release OR can we upgrade straight to the current release? 2) We hail from USA, Nashville TN. When trying to order some MailScanner PoloT's (The nice ones) there is no currency converter to US dollars, also My Creditcard info wont take because the address info (US address) isn't correct. How does a US resident order some polo T's? Lost in the shadow of chaos. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From michele at blacknight.ie Wed Jul 19 18:43:47 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Wed Jul 19 18:44:35 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BE6221.5060400@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> Message-ID: <44BE6F53.6030100@blacknight.ie> . If you up the RAM on all the servers you should see improvements. Which checks are you running? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From cparker at swatgear.com Wed Jul 19 18:43:24 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Jul 19 18:44:38 2006 Subject: "I/O error on connection" problem. MailScanner related? Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4ECE@ati-ex-02.ati.local> Hello, A user complained to me today that some of her customers are not receiving her emails and vice versa (she is not able to receive theirs). I've noticed that I get these messages in the logs at least once everyday from different hosts. I've searched and searched on this and haven't found any kind of concrete resolution to it. One strange thing about the posts I find on this are that they're generally all old. Late nineties mostly. Dunno if that means anything... So, could this be related to MailScanner in that MailScanner is putting too high a load on my box and therefore these errors are generated. I see that ClamAV and BitDefender really use a lot of cpu. Not really sure how to investigate this so any advice would be much appreciated. Thanks, Chris. From Denis.Beauchemin at USherbrooke.ca Wed Jul 19 18:49:17 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jul 19 18:49:41 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BE6221.5060400@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> Message-ID: <44BE709D.8090806@USherbrooke.ca> Marcos Sobral a ?crit : > Hi, I need a hand. > I?m actually having problems with Mailscaner. I have around 150,000 > emails each day. > I?m working with 3 smtps servers each one with sendmail and > mailscanner, the servers are an Atlhlon 2000 (512mb ram), a P4 2.4 > (1Gb ram) a P4 2.8 (512ram). I use pen loadbalancer to balance them > Both P4 have 2 harddrives (ide 7200rpm) one for the system other for > de mqueues dirs, the Atlhon has only one hard disk. > And after trying tunning Mailscaner (like using tmpfs for de incoming > dir), instead of all my efforts the mqueue.in increases creating > delays of 20 to 60 minutes. > If someone had problems of this kind I would like if he could give me > some advices. > Also I would like to know which hardware do you recommend for a diary > traffic of around 300,000 emails. > Marcos, 1GB is the miminum you should have in your servers if you use tmpfs (ram disks). I upgraded the RAM to 2.5GB on all my servers and they are much happier. Fast disks are also a blessing. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060719/ae23e143/smime.bin From sobralm at agro.uba.ar Wed Jul 19 19:14:20 2006 From: sobralm at agro.uba.ar (Marcos Sobral) Date: Wed Jul 19 19:11:31 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BE6F53.6030100@blacknight.ie> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> Message-ID: <44BE767C.1030500@agro.uba.ar> Checks. Virus Scan with clamav Attach Filename check SpamAssassin I forward the spam to another acount to do the spam-digest. There are some things that maybe could help me with the tunning of MailScanner, like the Number of mails in each process, now that I?m working with a tmpfs maybe I could rise the Max Messages Per Scan values. And what about the Childs, is it good to have a good number of childs? do they allow me to process more mail? How can I know which amount is the right one for my servers?. Thanks a lot!! Marcos Michele Neylon:: Blacknight.ie wrote: > . > If you up the RAM on all the servers you should see improvements. > > Which checks are you running? > > From MailScanner at ecs.soton.ac.uk Wed Jul 19 19:25:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 19 19:26:07 2006 Subject: A Few Post Install Questions In-Reply-To: <200607191618.k6JGISDe003066@cat.salemcarriers.com> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> Message-ID: On Wed19 Jul 06, at 17:14, Phillip Udel wrote: > I finished the install in production and it was really smooth to > set up. :) Thanks! > So I have a few setup questions I thought I would ask the group. > > Currently I am running a 5 for Spam Actions and I quarantine them > and a 9 > for the High Scoring Spam Actions witch are deleted. This might be > hard to > answer, but would that be a normal setup for a company? I run 6 and 10 and everyone here is happy with that. Most people use my auto-delete-at-the-gateway feature of my system, and never complain that they lost something they wanted. I also use a lot of the rules_du_jour rulesets, which really help a lot. > > Would it be unwise to push up the Spam score on > RCVD_IN_BL_SPAMCOP_NET and > a few other list servers to something like 15 to force the mail > into a high > score and force the delete? I figure if they are in the lists then > I don't > need them. I wouldn't advise tweaking any of the rule scores until you have been running your setup for quite a long time and know how it behaves. If you want to force a delete if it's in a single RBL then do it in your MTA as it will be a lot faster and less load on your mail server. Leave the scores alone. > > I have installed MailWatch for the first time, and I really like > it. But I > did have a concern with the Whitelist/blacklist. It seems less > functional > then the normal tables and it does not look like it supports > wildcards. Is > that truly a disadvantage? It doesn't support wildcards as that would involve it having to evaluate every rule for every sender/recipient of every message, which will be no faster than using a standard MailScanner ruleset. By banning wildcards, you end up with a system like the per-domain and per-user white/blacklist code in CustomConfig.pm which does all the hard work in about half a dozen hash table lookups, which is very fast in Perl. It's not a great problem as far as most of our customers are concerned. As you add more entries to the list, it stays running at full speed and its speed is not affected by the number of entries. > > > Currently I have MCP Checks set to no in the MailScanner.Conf but > in the > mail log I see this message: > Jul 19 12:03:54 cat MailScanner[30088]: MCP Checks completed at > 1389073 > bytes per second Is that normal? Yes, that's normal, sorry. Just ignore it. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060719/b8c0fc57/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jul 19 19:31:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 19 19:32:08 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BE6221.5060400@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> Message-ID: <0518D2E0-557F-4F8F-A8C2-B2BD108B713E@ecs.soton.ac.uk> You need 1Gb per CPU core. RAM is cheap, go buy some more, or else you will find they are swapping. "vmstat 5" will show you if it's swapping under the pi and po (page in and page out) columns. And read the Wiki.mailscanner.info pages about performance optimisation and tweaking. On Wed19 Jul 06, at 17:47, Marcos Sobral wrote: > Hi, I need a hand. > I?m actually having problems with Mailscaner. I have around 150,000 > emails each day. > I?m working with 3 smtps servers each one with sendmail and > mailscanner, the servers are an Atlhlon 2000 (512mb ram), a P4 2.4 > (1Gb ram) a P4 2.8 (512ram). I use pen loadbalancer to balance them > Both P4 have 2 harddrives (ide 7200rpm) one for the system other > for de mqueues dirs, the Atlhon has only one hard disk. > And after trying tunning Mailscaner (like using tmpfs for de > incoming dir), instead of all my efforts the mqueue.in increases > creating delays of 20 to 60 minutes. > If someone had problems of this kind I would like if he could give > me some advices. > Also I would like to know which hardware do you recommend for a > diary traffic of around 300,000 emails. > > Thanks! > > Marcos. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Jul 19 19:34:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 19 19:34:38 2006 Subject: Upgrade -- Shirt In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF10F8E8E@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF10F8E8E@atlas.athensdistributing.com> Message-ID: <5FFEF9C6-6FB4-454C-B230-7A13B8D7E484@ecs.soton.ac.uk> On Wed19 Jul 06, at 18:05, James R. Stevens wrote: > Two questions, One stone. (Sorry if one is a little odd) > > > > Current setup: RH 9 > > > > Sendmail 8.12.8-9 > > Mailscanner 4.29.7-1 > > Spam assassin 2.63 > > ClamAV 0.88.2 > > MySQL 3.23.58-1.9 > > MailWatch 0.5.1 > > > > 1) I am ready to upgrade MailScanner and Mailwatch to gain some > functionality and reporting within the two, Should we upgrade > through the different versions on our way to the current release OR > can we upgrade straight to the current release? Just upgrade to the latest release. No need to walk through all the versions in between! > > > > 2) We hail from USA, Nashville TN. When trying to order some > MailScanner PoloT?s (The nice ones) there is no currency converter > to US dollars, also My Creditcard info wont take because the > address info (US address) isn?t correct. How does a US resident > order some polo T?s? If you're really stuck, and can pay me via Paypal, I'll order the T- shirts for you and try to get them shipped straight to you. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060719/5fe5c011/attachment-0001.html From MailScanner at ecs.soton.ac.uk Wed Jul 19 19:41:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 19 19:41:53 2006 Subject: "I/O error on connection" problem. MailScanner related? In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172C4ECE@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172C4ECE@ati-ex-02.ati.local> Message-ID: <9821BFD5-8C52-458F-9F90-A6F68E10BEDF@ecs.soton.ac.uk> On Wed19 Jul 06, at 18:43, Chris W. Parker wrote: > Hello, > > A user complained to me today that some of her customers are not > receiving her emails and vice versa (she is not able to receive > theirs). > > I've noticed that I get these messages in the logs at least once > everyday from different hosts. > > I've searched and searched on this and haven't found any kind of > concrete resolution to it. One strange thing about the posts I find on > this are that they're generally all old. Late nineties mostly. > Dunno if > that means anything... > > So, could this be related to MailScanner in that MailScanner is > putting > too high a load on my box and therefore these errors are generated. I > see that ClamAV and BitDefender really use a lot of cpu. > > Not really sure how to investigate this so any advice would be much > appreciated. The "uptime" load averages (also printed by "top") are a vague indication of system load, but don't worry if these are much greater than 1. If they are less than 1 then your system definitely isn't loaded. Check your sendmail settings in /etc/mail/sendmail.cf. Look for QueueLA and other load averages limits (which all contain LA in their name). It's usually worth increasing them as MailScanner can push the load average up to 15 quite easily when fully loaded and working nicely. So don't start refusing messages until the load average is really quite high. The virus scanners should only use CPU very briefly, they usually aren't significant at all in the load of MailScanner. Try switching off the biggies such as SpamAssassin and see how it speeds up. > > > > Thanks, > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Wed Jul 19 19:44:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 19 19:44:59 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BE767C.1030500@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> Message-ID: On Wed19 Jul 06, at 19:14, Marcos Sobral wrote: > Checks. > Virus Scan with clamav > Attach Filename check > SpamAssassin > > I forward the spam to another acount to do the spam-digest. > > There are some things that maybe could help me with the tunning of > MailScanner, like the Number of mails in each process, now that I?m > working with a tmpfs maybe I could rise the Max Messages Per Scan > values. Leave it at 30, no great reason to change this. I mostly only ever change this when debugging MailScanner. It's very rare to change this value. > And what about the Childs, is it good to have a good number of > childs? do they allow me to process more mail? How can I know which > amount is the right one for my servers?. I usually recommend 5 per normal CPU core, 8 per hyper-threading core. This seems to work pretty well for 99% of users. > Thanks a lot!! > > Marcos > > Michele Neylon:: Blacknight.ie wrote: >> . >> If you up the RAM on all the servers you should see improvements. >> >> Which checks are you running? >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cparker at swatgear.com Wed Jul 19 20:11:28 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Jul 19 20:11:42 2006 Subject: "I/O error on connection" problem. MailScanner related? Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8EE9@ati-ex-02.ati.local> Julian Field on Wednesday, July 19, 2006 11:42 AM said: > The "uptime" load averages (also printed by "top") are a vague > indication of system load, but don't worry if these are much greater > than 1. If they are less than 1 then your system definitely isn't > loaded. Check your sendmail settings in /etc/mail/sendmail.cf. Look > for QueueLA and other load averages limits (which all contain LA in > their name). It's usually worth increasing them as MailScanner can > push the load average up to 15 quite easily when fully loaded and > working nicely. So don't start refusing messages until the load > average is really quite high. Thanks Julian. I'm going to experiment with this for a few days and see what happens. As an extreme test I set both QueueLA and RefuseLA to 0. > The virus scanners should only use CPU very briefly, they usually > aren't significant at all in the load of MailScanner. Try switching > off the biggies such as SpamAssassin and see how it speeds up. As I don't want to lose spam detection or virus detection I also tried changing the Queue Scan Interval from 10 seconds to 30. I don't recall what the default value was (perhaps 10?) but I imagine that at some point it's more efficient to check the queue often rather than let the queue build up quite large and check it only periodically. Is there any rule of thumb to this or does it vary too greatly from system to system? Chris. From sobralm at agro.uba.ar Wed Jul 19 20:51:46 2006 From: sobralm at agro.uba.ar (Marcos Sobral) Date: Wed Jul 19 21:22:42 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> Message-ID: <44BE8D52.9050309@agro.uba.ar> And what about the Queue Scan Interval?. The default value is 30 ( I think), I?m testing 10 in one server to see if I get a better result. Which is the disadvantages of using ramdisks for the /var/spool/MailScanner/incoming dir? Thanks Marcos Julian Field wrote: > > On Wed19 Jul 06, at 19:14, Marcos Sobral wrote: > >> Checks. >> Virus Scan with clamav >> Attach Filename check >> SpamAssassin >> >> I forward the spam to another acount to do the spam-digest. >> >> There are some things that maybe could help me with the tunning of >> MailScanner, like the Number of mails in each process, now that I?m >> working with a tmpfs maybe I could rise the Max Messages Per Scan >> values. > > Leave it at 30, no great reason to change this. I mostly only ever > change this when debugging MailScanner. It's very rare to change this > value. > >> And what about the Childs, is it good to have a good number of >> childs? do they allow me to process more mail? How can I know which >> amount is the right one for my servers?. > > I usually recommend 5 per normal CPU core, 8 per hyper-threading core. > This seems to work pretty well for 99% of users. > >> Thanks a lot!! >> >> Marcos >> >> Michele Neylon:: Blacknight.ie wrote: >>> . >>> If you up the RAM on all the servers you should see improvements. >>> >>> Which checks are you running? >>> >>> >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store ! > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > --No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.394 / Virus Database: 268.10.1/391 - Release Date: > 18/07/2006 > > From TGFurnish at herffjones.com Wed Jul 19 21:25:34 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Wed Jul 19 21:25:53 2006 Subject: ~root/.spamassassin/auto-whitelist is huge -- but autowhitelist is not enabled...? Message-ID: <57573D714A832C43B9D80EAFBDA48D0301357074@inex3.herffjones.hj-int> If SpamAssassin Auto Whitelist = no, shouldn't my system NOT be creating ~root/.spamassassin/auto-whitelist? My auto-whitelist file is 185MB, even though mailscanner's configured not to use auto-whitelist (and spamassassin isn't used by anything on this server other than mailscanner). MailScanner version is 4.38.9; spamassassin version is 3.0.2. I only noticed the huge auto-whitelist file as part of preparing for upgrades to the latest versions of both. I'm just surprised to find it being used, since the mailscanner setting is set to no. (And yes, the file's recent, not just an old file.) Am I misunderstanding? Should that be in use? Is this just a bug in my software versions? -- Trever Furnish, tgfurnish@herffjones.com Herff Jones, Inc. Unix / Network Administrator Phone: 317.612.3519 Any sufficiently advanced technology is indistinguishable from Unix. From TGFurnish at herffjones.com Wed Jul 19 22:03:11 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Wed Jul 19 22:03:17 2006 Subject: ~root/.spamassassin/auto-whitelist is huge -- but autowhitelist is not enabled...? Message-ID: <57573D714A832C43B9D80EAFBDA48D0301357075@inex3.herffjones.hj-int> D'OH! Nevermind -- found the comment next to this option in the new config file: # To disable whitelisting, you must set "use_auto_whitelist 0" in your # spam.assassin.prefs.conf file as well as set this to no. Thanks, Julian, for adding that comment. :-) -- Trever > -----Original Message----- > From: Furnish, Trever G > Sent: Wednesday, July 19, 2006 4:26 PM > To: 'MailScanner discussion' > Subject: ~root/.spamassassin/auto-whitelist is huge -- but > autowhitelist is not enabled...? > > If SpamAssassin Auto Whitelist = no, shouldn't my system NOT > be creating ~root/.spamassassin/auto-whitelist? > > My auto-whitelist file is 185MB, even though mailscanner's > configured not to use auto-whitelist (and spamassassin isn't > used by anything on this server other than mailscanner). > > MailScanner version is 4.38.9; spamassassin version is 3.0.2. > I only noticed the huge auto-whitelist file as part of > preparing for upgrades to the latest versions of both. I'm > just surprised to find it being used, since the mailscanner > setting is set to no. (And yes, the file's recent, not just > an old file.) > > Am I misunderstanding? Should that be in use? Is this just > a bug in my software versions? > > -- > Trever Furnish, tgfurnish@herffjones.com Herff Jones, Inc. > Unix / Network Administrator > Phone: 317.612.3519 > Any sufficiently advanced technology is indistinguishable from Unix. > From lshaw at emitinc.com Wed Jul 19 22:05:57 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed Jul 19 22:06:12 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BE767C.1030500@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> Message-ID: On Wed, 19 Jul 2006, Marcos Sobral wrote: > Checks. > Virus Scan with clamav > Attach Filename check > SpamAssassin > > I forward the spam to another acount to do the spam-digest. > > There are some things that maybe could help me with the tunning of > MailScanner, like the Number of mails in each process, now that I�m working > with a tmpfs maybe I could rise the Max Messages Per Scan values. I'm very doubtful that your tmpfs is gaining you any significant performance increase. Unless your users are sending and receiving nothing but large mail messages, the I/O to read and write the messages to and from disk is very unlikely to be the bottleneck. Mail scanning is just not a very I/O intensive operation. Instead, with something like MailScanner and SpamAssassin, usually the scarce resources are CPU time and memory. > And what about the Childs, is it good to have a good number of childs? do > they allow me to process more mail? Here is the way I understand it: The way to achieve maximum throughput (without disabling tests or changing what you're testing) is to, as much as possible, make sure the CPU or CPUs are not sitting idle while there is work to be done. If the processes were cpu-bound, then one child per CPU would be enough. But, for example, if a child process is checking a message against a DNS blacklist, the child process will block while it is waiting to get a reply back from the DNS server. If there is only one child per CPU, the CPU will sit idle while the child is blocked waiting on the network. So, you need to increase the number of children to the point where there is always one (or more) runnable. (A similar situation occurs if a child blocks on a disk wait, but with a modern kernel and modern hardware, in practice this is pretty rare, since sendmail will write the data to disk and it will remain in cache for MailScanner to grab instantly with no physical I/O necessary.) Balanced against this is the fact that increasing the children increases the memory used that is being actively used by the system. If you reach the point where physical RAM isn't enough and the system starts paging, then performance becomes terrible. A whole different approach to coping with blocked processes is to reduce the external factors that cause them to block. Do you have a dedicated caching-only DNS server set up on the machines runnin MailScanner, or at least on a machine (that isn't overloaded) on the same network so that they can access it quickly? The longer it takes to get replies to DNS queries, the longer the children will block. Also, if your mail volume is high enough, it may be good to get local copies of some blacklist databases. I don't run a high-volume server, so I haven't looked into that and can't give specifics. > How can I know which amount is the right > one for my servers?. By testing! Set it to a reasonable starting value, like 5 children per CPU. Then watch the system under heavy load when the input queue has lots of messages in it. Run "top" and check the CPU usage. Is the CPU idle percentage significant (like over 5% or 10%)? If so, you could maybe benefit by increasing the number of children. If not, then adding children won't make that much of a difference, as a general rule. - Logan From ssilva at sgvwater.com Wed Jul 19 22:18:32 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 19 22:18:54 2006 Subject: Upgrade -- Shirt In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF10F8E8E@atlas.athensdistributing.com> References: <1A65E6BAEADF9B4F865314484A13ECF10F8E8E@atlas.athensdistributing.com> Message-ID: James R. Stevens spake the following on 7/19/2006 10:05 AM: > Two questions, One stone. (Sorry if one is a little odd) > > > > Current setup: RH 9 > > > > Sendmail 8.12.8-9 > > Mailscanner 4.29.7-1 > > Spam assassin 2.63 > > ClamAV 0.88.2 > > MySQL 3.23.58-1.9 > > MailWatch 0.5.1 > When you upgrade Mailwatch, you need to find the database upgrade script from 1.0.0 as an intermediate to the one in 1.0.3. If you can't find it, someone on the list probably has a copy floating around. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Jul 19 22:47:44 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 19 22:48:10 2006 Subject: Upgrade -- Shirt In-Reply-To: References: <1A65E6BAEADF9B4F865314484A13ECF10F8E8E@atlas.athensdistributing.com> Message-ID: Scott Silva spake the following on 7/19/2006 2:18 PM: > James R. Stevens spake the following on 7/19/2006 10:05 AM: >> Two questions, One stone. (Sorry if one is a little odd) >> >> >> >> Current setup: RH 9 >> >> >> >> Sendmail 8.12.8-9 >> >> Mailscanner 4.29.7-1 >> >> Spam assassin 2.63 >> >> ClamAV 0.88.2 >> >> MySQL 3.23.58-1.9 >> >> MailWatch 0.5.1 >> > When you upgrade Mailwatch, you need to find the database upgrade script from > 1.0.0 as an intermediate to the one in 1.0.3. If you can't find it, someone on > the list probably has a copy floating around. > > As a matter of fact, here it is. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: upgrade051-10.tar.gz Type: application/x-gzip Size: 2557 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060719/94b7d2c7/upgrade051-10.tar.gz From jpabuyer at tecnoera.com Wed Jul 19 22:59:27 2006 From: jpabuyer at tecnoera.com (Juan Pablo Abuyeres) Date: Wed Jul 19 22:59:39 2006 Subject: MailScanner+Postfix virtual_maps support Message-ID: <1153346367.8859.93.camel@blackbird.tecnoera.com> I use postfix + MailScanner. My postfix configuration includes these lines: virtual_mailbox_domains = mysql:/etc/postfix/mysql-vdomains.cf virtual_mailbox_base = / virtual_mailbox_maps = mysql:/etc/postfix/mysql-mailbox-maps.cf virtual_minimum_uid = 500 virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf virtual_maps = mysql:/etc/postfix/mysql-virtual-maps.cf transport_maps = mysql:/etc/postfix/mysql-transport-maps.cf My MailScanner.conf file contains this line: Required SpamAssassin Score = /etc/MailScanner/rules/Tpanel.spamassassin.score.rules and that file contains: To: acct1@tecnoera.com 5 To: acct2@tecnoera.com 4 To: acct3@tecnoera.com 6 To: everyone@tecnoera.com 1 To: acct4@tecnoera.com 4 FromOrTo: default 6 everyone@tecnoera.com is really only an "alias".. it's a forward to other accounts like "acct1@tecnoera.com", "acct2@tecnoera.com", and others. The problem is when an email is sent to everyone@tecnoera.com, the Score assigned to everyone@tecnoera.com in the ruleset is not correctly grabbed by MailScanner, because virtual_maps rewrites the queue files and replaces the destination with each email address listed in everyone@tecnoera.com before MailScanner processes the queue file. (http://www.postfix.org/ADDRESS_REWRITING_README.html#virtual) I can't use alias_maps because it's only for local transport, and I need to use virtual. I was trying a 2-postfix approach, one not using virtual_maps, just to enqueue mails -> MailScanner -> another postfix... but it's just a big- mess solution. I didn't like it at all. So, what I think would be a good solution is an option in MailScanner to either take options from rulesets for destinations just like it is doing now, or instead take options from rulesets taking in account _original_ destinations. Can anyone please give me advice on this? Thank you. From jaearick at colby.edu Wed Jul 19 23:14:11 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Jul 19 23:16:28 2006 Subject: A Few Post Install Questions In-Reply-To: <200607191618.k6JGISDe003066@cat.salemcarriers.com> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> Message-ID: On Wed, 19 Jul 2006, Phillip Udel wrote: > Currently I am running a 5 for Spam Actions and I quarantine them and a 9 > for the High Scoring Spam Actions witch are deleted. This might be hard to > answer, but would that be a normal setup for a company? I have run 5 for spam and 10 for high spam for a loooong time, and it works for my site. > > Would it be unwise to push up the Spam score on RCVD_IN_BL_SPAMCOP_NET and > a few other list servers to something like 15 to force the mail into a high > score and force the delete? I figure if they are in the lists then I don't > need them. IMHO, bad move. I used to use spamcop for a DNS RBL and they seemed to have gotten overly aggresive in the past six months or so. I was starting to get howls from my users. I quit using them both as a sendmail RBL and within MailScanner's RBL list. I just let SpamAssassin boost the spam score. I wouldn't fiddle with the default SA score either. Jeff Earickson Colby College From lshaw at emitinc.com Thu Jul 20 00:10:09 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Thu Jul 20 00:10:23 2006 Subject: A Few Post Install Questions In-Reply-To: References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> Message-ID: On Wed, 19 Jul 2006, Jeff A. Earickson wrote: > On Wed, 19 Jul 2006, Phillip Udel wrote: >> Would it be unwise to push up the Spam score on RCVD_IN_BL_SPAMCOP_NET and >> a few other list servers to something like 15 to force the mail into a high >> score and force the delete? I figure if they are in the lists then I don't >> need them. > IMHO, bad move. I used to use spamcop for a DNS RBL and they seemed to have > gotten overly aggresive in the past six months or so. I was starting to get > howls from my users. I quit using them both as a sendmail RBL and within > MailScanner's RBL list. I just let SpamAssassin boost the spam score. I > wouldn't fiddle with the default SA score either. For what it's worth, a fair amount of effort does go into setting the scores for SpamAssassin rules: http://wiki.apache.org/spamassassin/HowScoresAreAssigned They don't just say "ah, 1.5 sounds too high for that score, but 1.0 sounds too low, so set it to 1.25". Instead, they run a neural net against a corpus of known messages and generate the scores based on that. The scores they assign are probably near optimal for that corpus, so as far as I'm concerned, the only reason to mess with the scores is if your own messages differ significantly from the corpus they use to generate the scores. I don't doubt that it is possible to outsmart a computer with a clever AI algorithm and zillions of messages to use in evaluating its set of scores, but I also don't think it's very easy, unless you have a fairly unique situation. - Logan From res at ausics.net Thu Jul 20 02:08:51 2006 From: res at ausics.net (Res) Date: Thu Jul 20 02:08:58 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BE767C.1030500@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> Message-ID: On Wed, 19 Jul 2006, Marcos Sobral wrote: > SpamAssassin disable that and i bet it'll fly, just try it for an hour or so, we noticed improivments within a few minutes (all the thousands in the queue were processed as agaisnt adding up :) -- Cheers Res From sobralm at agro.uba.ar Thu Jul 20 02:50:20 2006 From: sobralm at agro.uba.ar (Marcos Sobral) Date: Thu Jul 20 02:47:35 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> Message-ID: <44BEE15C.9050106@agro.uba.ar> And what check you use to detect spam?. Res wrote: > On Wed, 19 Jul 2006, Marcos Sobral wrote: > > >> SpamAssassin > > disable that and i bet it'll fly, just try it for an hour or so, we > noticed improivments within a few minutes (all the thousands in the > queue were processed as agaisnt adding up :) > > -- > Cheers > Res -- ________________________________________________________ Marcos Andres Sobral Administrador de Red Facultad de Agronom?a - Buenos Aires - Argentina Te.: (+54 11) 4524-8000 int.8108 email: mailto:sobralm@agro.uba.ar www: http://www.agro.uba.ar From martinh at solid-state-logic.com Thu Jul 20 08:23:08 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 20 08:23:29 2006 Subject: ~root/.spamassassin/auto-whitelist is huge -- but autowhitelist is not enabled...? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0301357075@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0301357075@inex3.herffjones.hj-int> Message-ID: <44BF2F5C.2050600@solid-state-logic.com> Furnish, Trever G wrote: > D'OH! Nevermind -- found the comment next to this option in the new > config file: > > # To disable whitelisting, you must set "use_auto_whitelist 0" in your > # spam.assassin.prefs.conf file as well as set this to no. > > Thanks, Julian, for adding that comment. :-) > > -- > Trever > >> -----Original Message----- >> From: Furnish, Trever G >> Sent: Wednesday, July 19, 2006 4:26 PM >> To: 'MailScanner discussion' >> Subject: ~root/.spamassassin/auto-whitelist is huge -- but >> autowhitelist is not enabled...? >> >> If SpamAssassin Auto Whitelist = no, shouldn't my system NOT >> be creating ~root/.spamassassin/auto-whitelist? >> >> My auto-whitelist file is 185MB, even though mailscanner's >> configured not to use auto-whitelist (and spamassassin isn't >> used by anything on this server other than mailscanner). >> >> MailScanner version is 4.38.9; spamassassin version is 3.0.2. >> I only noticed the huge auto-whitelist file as part of >> preparing for upgrades to the latest versions of both. I'm >> just surprised to find it being used, since the mailscanner >> setting is set to no. (And yes, the file's recent, not just >> an old file.) >> >> Am I misunderstanding? Should that be in use? Is this just >> a bug in my software versions? >> >> -- >> Trever Furnish, tgfurnish@herffjones.com Herff Jones, Inc. >> Unix / Network Administrator >> Phone: 317.612.3519 >> Any sufficiently advanced technology is indistinguishable from Unix. >> Trevor If you're using SpamAssassin 3.x you need to edit the /etc/mail/spamassassin/*.pre files and make sure the autowhitelist pluging is commented out... -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Jul 20 09:47:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 20 09:48:29 2006 Subject: "I/O error on connection" problem. MailScanner related? In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8EE9@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8EE9@ati-ex-02.ati.local> Message-ID: <3B588EA2-A94E-4B3E-AC21-25FD7BD6E5A9@ecs.soton.ac.uk> On 19 Jul 2006, at 20:11, Chris W. Parker wrote: > Julian Field > on Wednesday, July 19, 2006 11:42 AM said: > >> The "uptime" load averages (also printed by "top") are a vague >> indication of system load, but don't worry if these are much greater >> than 1. If they are less than 1 then your system definitely isn't >> loaded. Check your sendmail settings in /etc/mail/sendmail.cf. Look >> for QueueLA and other load averages limits (which all contain LA in >> their name). It's usually worth increasing them as MailScanner can >> push the load average up to 15 quite easily when fully loaded and >> working nicely. So don't start refusing messages until the load >> average is really quite high. > > Thanks Julian. I'm going to experiment with this for a few days and > see > what happens. As an extreme test I set both QueueLA and RefuseLA to 0. > >> The virus scanners should only use CPU very briefly, they usually >> aren't significant at all in the load of MailScanner. Try switching >> off the biggies such as SpamAssassin and see how it speeds up. > > As I don't want to lose spam detection or virus detection I also tried > changing the Queue Scan Interval from 10 seconds to 30. I don't recall > what the default value was (perhaps 10?) but I imagine that at some > point it's more efficient to check the queue often rather than let the > queue build up quite large and check it only periodically. Is there > any > rule of thumb to this or does it vary too greatly from system to > system? Remember you have several child processes, all of which will be checking the queue once every 10 seconds. You could quite happily increase this number without causing any problems. Feel free to tweak it up a bit. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Thu Jul 20 09:49:23 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 20 09:50:38 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BE8D52.9050309@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BE8D52.9050309@agro.uba.ar> Message-ID: On 19 Jul 2006, at 20:51, Marcos Sobral wrote: > And what about the Queue Scan Interval?. The default value is 30 > ( I think), I?m testing 10 in one server to see if I get a better > result. > Which is the disadvantages of using ramdisks for the /var/spool/ > MailScanner/incoming dir? No disadvantages at all, this is one of the first speed improvements you can make. It does make quite a large difference as there is a lot of disk i/o being done to that directory. > > Thanks > Marcos > > > Julian Field wrote: >> >> On Wed19 Jul 06, at 19:14, Marcos Sobral wrote: >> >>> Checks. >>> Virus Scan with clamav >>> Attach Filename check >>> SpamAssassin >>> >>> I forward the spam to another acount to do the spam-digest. >>> >>> There are some things that maybe could help me with the tunning >>> of MailScanner, like the Number of mails in each process, now >>> that I?m working with a tmpfs maybe I could rise the Max Messages >>> Per Scan values. >> >> Leave it at 30, no great reason to change this. I mostly only ever >> change this when debugging MailScanner. It's very rare to change >> this value. >> >>> And what about the Childs, is it good to have a good number of >>> childs? do they allow me to process more mail? How can I know >>> which amount is the right one for my servers?. >> >> I usually recommend 5 per normal CPU core, 8 per hyper-threading >> core. >> This seems to work pretty well for 99% of users. >> >>> Thanks a lot!! >>> >>> Marcos >>> >>> Michele Neylon:: Blacknight.ie wrote: >>>> . >>>> If you up the RAM on all the servers you should see improvements. >>>> >>>> Which checks are you running? >>>> >>>> >>> >>> --MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store ! >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> >> --This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> --No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.1.394 / Virus Database: 268.10.1/391 - Release Date: >> 18/07/2006 >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From glenn.steen at gmail.com Thu Jul 20 10:04:10 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jul 20 10:04:13 2006 Subject: ClamAV+SA easy-install package In-Reply-To: <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> References: <1088590685jeremy.henty@nec.ac.uk> <223f97700607180548m41a68320ja923b2b6ca1300e1@mail.gmail.com> <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> Message-ID: <223f97700607200204x3a2bcf5br51b6043e2e9beefc@mail.gmail.com> On 18/07/06, Julian Field wrote: > > On 18 Jul 2006, at 13:48, Glenn Steen wrote: > > > On 18 Jul 2006 13:32:14 +0100, Jeremy Henty > > wrote: > >> On Tuesday, July 18, 2006 12:52 pm, Glenn Steen > >> wrote: > >> > > >> >As in "the city of Bergen in Norway"? Also known as the most rainy > >> >place in the whole of Scandinavia? > >> > >> Tourist: Kid, does it *always* rain in Bergen? > >> Child: I don't know, I'm only six! > >> > >> (Told to me by a friend who'd been there.) > >> > >> Regards, > >> > >> Jeremy Henty > >> > > Unfortunately (for the citizens of Bergen) it's not really a > > joke....:-) > > Yes, it really was Bergen in Norway. T-shirt and shorts weather and > blazing hot sun. We couldn't quite believe it either! Unbeleivable... But the photos don't lie .... Norway is really a spectacular country, so I'm glad you got to see it from its best. > My photos are now online at www.jules.fm. > > Let me know what you think of them. Phil and Kerry (about the only > people in them) are the two friends I went with. > -- > Julian Field > MailScanner@ecs.soton.ac.uk > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Thu Jul 20 11:58:56 2006 From: res at ausics.net (Res) Date: Thu Jul 20 11:59:05 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BEE15C.9050106@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> Message-ID: On Wed, 19 Jul 2006, Marcos Sobral wrote: > And what check you use to detect spam?. The problem only existed on one of the servers, it was either disable it or customers get mail an hour to day later which is very unacceptable, most the reponses i got off this list was expand the hardware, not a very efficent business decision, so we disabled it, we do run SA on other machines that can handle it, we arent talking about system load here either these delyas banked up with a server at no more than 3 loading. We stop majority of spam by blocking non rfc1912 compliant servers, and all of cn/tw, might be harsh blocking TLD's but frankly I dont care, not until they care and do something about their spamming users. Also I find spamassassin pretty pointless, I mean we have our min spam levels set to 3, that warns people, and the high level set to kill it off at 10, so we are accepting 99.9% of it anyway arent we, vast majority of it lately scores around 2 to 7, even the latest calais viagra BS is rated at 1-2 by SA so it will pass, too much legitimate email is in 3-7, at a score of 7 there is genuine emails, I get weekly emails for cisco equipment and it regulary scores 4-7 :) So in essence, S.A is good for stopping about 0.1% of it. nice and handy and warns the suer the otehr 99.9% of the time BUT because its a warning people will at least start to read it to see if its spam or genuine. -- Cheers Res From Denis.Beauchemin at USherbrooke.ca Thu Jul 20 14:11:21 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jul 20 14:12:00 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> Message-ID: <44BF80F9.2070504@USherbrooke.ca> Res a ?crit : > Also I find spamassassin pretty pointless, I mean we have our min spam > levels set to 3, that warns people, and the high level set to kill it > off at 10, so we are accepting 99.9% of it anyway arent we, vast > majority of it lately scores around 2 to 7, even the latest calais > viagra BS is rated at 1-2 by SA so it will pass, too much legitimate > email is in 3-7, at a > score of 7 there is genuine emails, I get weekly emails for cisco > equipment > and it regulary scores 4-7 :) > > So in essence, S.A is good for stopping about 0.1% of it. > nice and handy and warns the suer the otehr 99.9% of the time BUT > because its a warning people will at least start to read it to see if > its spam or genuine. I disagree with you. SA, if you tune it right, will detect pretty much ALL spam. But it needs lots of RAM. We warn users above 5 and delete mails above 20 and yesterday we managed to delete 59% of spam... Most of our users can activate a filter that will move all flagged spam to a spam folder that is cleaned automatically... this is really good for all! Our stats for yesterday: sa-score2 --log /var/log/old/maillog.20060719 --by 5 Processing /var/log/old/maillog.20060719 for scores greater than 5 by increments of 5... 5 .. 10 : 3048 time(s) 5% 10 .. 15 : 6492 time(s) 12% 15 .. 20 : 12981 time(s) 24% 20 .. 25 : 15769 time(s) 29% 25 .. 30 : 8537 time(s) 15% 30 .. 35 : 3668 time(s) 6% 35 .. 40 : 1766 time(s) 3% 40 .. 45 : 806 time(s) 1% 45 .. 50 : 343 time(s) 0% 50 .. 55 : 155 time(s) 0% 55 .. 60 : 119 time(s) 0% 60 .. 65 : 55 time(s) 0% 65 .. 70 : 20 time(s) 0% ... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/09da4b3c/smime.bin From Denis.Beauchemin at USherbrooke.ca Thu Jul 20 14:16:39 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jul 20 14:17:01 2006 Subject: ~root/.spamassassin/auto-whitelist is huge -- but autowhitelist is not enabled...? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D0301357074@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D0301357074@inex3.herffjones.hj-int> Message-ID: <44BF8237.7010007@USherbrooke.ca> Furnish, Trever G a ?crit : > If SpamAssassin Auto Whitelist = no, shouldn't my system NOT be creating > ~root/.spamassassin/auto-whitelist? > > My auto-whitelist file is 185MB, even though mailscanner's configured > not to use auto-whitelist (and spamassassin isn't used by anything on > this server other than mailscanner). > > MailScanner version is 4.38.9; spamassassin version is 3.0.2. I only > noticed the huge auto-whitelist file as part of preparing for upgrades > to the latest versions of both. I'm just surprised to find it being > used, since the mailscanner setting is set to no. (And yes, the file's > recent, not just an old file.) > > Am I misunderstanding? Should that be in use? Is this just a bug in my > software versions? > > Trever, To really turn it off you need to put the following line into spam.assassin.prefs.conf and reload MS: use_auto_whitelist 0 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/26af7096/smime.bin From dyioulos at firstbhph.com Thu Jul 20 14:34:36 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Jul 20 14:34:42 2006 Subject: ClamAV+SA easy-install package In-Reply-To: <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> References: <1088590685jeremy.henty@nec.ac.uk> <223f97700607180548m41a68320ja923b2b6ca1300e1@mail.gmail.com> <56589D0D-CAA9-49F9-864C-41DE66CCB6CC@ecs.soton.ac.uk> Message-ID: <200607200934.36505.dyioulos@firstbhph.com> On Tuesday July 18 2006 9:18 am, Julian Field wrote: > On 18 Jul 2006, at 13:48, Glenn Steen wrote: > > On 18 Jul 2006 13:32:14 +0100, Jeremy Henty > > > > wrote: > >> On Tuesday, July 18, 2006 12:52 pm, Glenn Steen > >> > >> wrote: > >> >As in "the city of Bergen in Norway"? Also known as the most > >> > rainy place in the whole of Scandinavia? > >> > >> Tourist: Kid, does it *always* rain in Bergen? > >> Child: I don't know, I'm only six! > >> > >> (Told to me by a friend who'd been there.) > >> > >> Regards, > >> > >> Jeremy Henty > > > > Unfortunately (for the citizens of Bergen) it's not really a > > joke....:-) > > Yes, it really was Bergen in Norway. T-shirt and shorts weather and > blazing hot sun. We couldn't quite believe it either! > > My photos are now online at www.jules.fm. > > Let me know what you think of them. Phil and Kerry (about the only > people in them) are the two friends I went with. > -- > Julian Field > MailScanner@ecs.soton.ac.uk > Expert hacker AND great photographer (the pics are superb)! I am humble before you. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Mailscanner at mailing.kaufland-informationssysteme.com Thu Jul 20 14:57:44 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Thu Jul 20 14:57:53 2006 Subject: Exim mail Gateway with recipients check for incoming mails Message-ID: <44BF8BD8.3020102@mailing.kaufland-informationssysteme.com> Hello, i have to setup a exim that should check for existing recipients. The recipients users data are stored in a flat text mail so i know witch users are homed on the local side. Do somebody know how I to configure the exim, that he check for the incoming recipients and let all mails from the relay_from_hosts untouched/unchecked? Sorry for the short problem description, but I don't know how to decribe. Do somebody need more informations for help. Please conatact me. Matthias From sobralm at agro.uba.ar Thu Jul 20 15:04:32 2006 From: sobralm at agro.uba.ar (Marcos Sobral) Date: Thu Jul 20 15:01:49 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BF80F9.2070504@USherbrooke.ca> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> <44BF80F9.2070504@USherbrooke.ca> Message-ID: <44BF8D70.8030900@agro.uba.ar> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/4cf597a5/attachment.html From akostocker at gmail.com Thu Jul 20 15:04:13 2006 From: akostocker at gmail.com (Tony Stocker) Date: Thu Jul 20 15:04:15 2006 Subject: Modifying SpamAssassin scores when using MailScanner Message-ID: <7801ad8f0607200704h794cbescb945840e3ddbc8a@mail.gmail.com> Hello All, I know that MailScanner moves some of the SA configuration into it so before I go mucking around with files I want to make sure that I'm mucking around with the RIGHT files. Basically I want to raise the score assigned to spam. For instance the default value for "INVESTMENT_ADVICE" is 2.960 and I want to raise this. Now the header comments for /usr/share/spamassassin/50_scores.cf says not to directly modify that file, but rather to modify /etc/mail/spamassassin/local.cf. Is this still true when using MailScanner? Or is there a place in MS that I should be making these custom scoring tweaks? Thanks! From MailScanner at ecs.soton.ac.uk Thu Jul 20 15:57:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 20 15:57:59 2006 Subject: Modifying SpamAssassin scores when using MailScanner In-Reply-To: <7801ad8f0607200704h794cbescb945840e3ddbc8a@mail.gmail.com> References: <7801ad8f0607200704h794cbescb945840e3ddbc8a@mail.gmail.com> Message-ID: <93500F61-A9FD-4258-A8DE-6E531866686E@ecs.soton.ac.uk> On 20 Jul 2006, at 15:04, Tony Stocker wrote: > Hello All, > > I know that MailScanner moves some of the SA configuration into it so > before I go mucking around with files I want to make sure that I'm > mucking around with the RIGHT files. > > Basically I want to raise the score assigned to spam. For instance > the default value for "INVESTMENT_ADVICE" is 2.960 and I want to raise > this. Now the header comments for > /usr/share/spamassassin/50_scores.cf says not to directly modify that > file, but rather to modify /etc/mail/spamassassin/local.cf. > > Is this still true when using MailScanner? Or is there a place in MS > that I should be making these custom scoring tweaks? /etc/MailScanner/spam.assassin.prefs.conf -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Denis.Beauchemin at USherbrooke.ca Thu Jul 20 15:57:46 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jul 20 15:58:04 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BF8D70.8030900@agro.uba.ar> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> <44BF80F9.2070504@USherbrooke.ca> <44BF8D70.8030900@agro.uba.ar> Message-ID: <44BF99EA.5080703@USherbrooke.ca> Marcos Sobral a ?crit : > Denis: > How many mails do you process per day and how much memory do you > have?. How many child process you have set? > I think that maybe I cannot support the spam load with my actual > configuration... And I need to find some fast solutions until I have > new equipments. > Marcos, We have 3 servers with this configuration: 1 Xeon 2.8GHz 2.5GB RAM 1 SCSI disk RHEL 4 MS + SA They process about 100K messages per day for them all. This will probably double in september when students return. I use the default values for children (5) and batch size. I just deployed the third server. Last semester we were running with 2 servers and they sometimes had trouble keeping up with the incoming mail. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/63bb42aa/smime.bin From Denis.Beauchemin at USherbrooke.ca Thu Jul 20 16:02:02 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jul 20 16:02:18 2006 Subject: Modifying SpamAssassin scores when using MailScanner In-Reply-To: <7801ad8f0607200704h794cbescb945840e3ddbc8a@mail.gmail.com> References: <7801ad8f0607200704h794cbescb945840e3ddbc8a@mail.gmail.com> Message-ID: <44BF9AEA.1050901@USherbrooke.ca> Tony Stocker a ?crit : > Hello All, > > I know that MailScanner moves some of the SA configuration into it so > before I go mucking around with files I want to make sure that I'm > mucking around with the RIGHT files. > > Basically I want to raise the score assigned to spam. For instance > the default value for "INVESTMENT_ADVICE" is 2.960 and I want to raise > this. Now the header comments for > /usr/share/spamassassin/50_scores.cf says not to directly modify that > file, but rather to modify /etc/mail/spamassassin/local.cf. > > Is this still true when using MailScanner? Or is there a place in MS > that I should be making these custom scoring tweaks? > > Thanks! Tony, You can put them in spam.assassin.prefs.conf. That's what I do and it works just fine. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/8fd044da/smime.bin From hburbano at novadevices.com Thu Jul 20 16:10:44 2006 From: hburbano at novadevices.com (Henry Burbano) Date: Thu Jul 20 16:10:20 2006 Subject: MailScanner and Spamassassin give me diferent scores Message-ID: <01ed01c6ac0e$af0c0d00$170a000a@SENADER.LOCAL> Hi everybody, I'm having problems with spam mails, when I run "spamssassin -D < mail" I get scores up to 15 but when the mail go trough the MailScanner, it is scored with 2 or less points. I believe it's a missconfiguration, but I don't found the answer. I am running MailScanner version 4.54.6 SpamAssassin version 3.1.3 running on Perl version 5.8.1 When I run MailScanner --lint, I get: Read 748 hostnames from the phishing whitelist Config: calling custom init function InternalActions Initialising Internal account list Internal Account List read 2 domains and 1 accounts Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav and MailScanner -V: Running on Linux proton 2.4.27 #36 SMP Mon Nov 15 12:10:06 ECT 2005 i686 unknown unknown GNU/Linux This is Perl version 5.008001 (5.8.1) This is MailScanner version 4.54.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.06 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.122 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.06 POSIX 1.76 Socket 0.04 Sys::Syslog 01.20 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.806 DB_File 1.11 DBD::SQLite 1.50 DBI 1.02 Digest 1.01 Digest::HMAC 2.27 Digest::MD5 2.01 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001003 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 1.24 Net::IP 0.41 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.30 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.19 URI Thanks for your support -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/5abda2ff/attachment.html From akostocker at gmail.com Thu Jul 20 16:23:13 2006 From: akostocker at gmail.com (Tony Stocker) Date: Thu Jul 20 16:23:16 2006 Subject: Modifying SpamAssassin scores when using MailScanner In-Reply-To: <93500F61-A9FD-4258-A8DE-6E531866686E@ecs.soton.ac.uk> References: <7801ad8f0607200704h794cbescb945840e3ddbc8a@mail.gmail.com> <93500F61-A9FD-4258-A8DE-6E531866686E@ecs.soton.ac.uk> Message-ID: <7801ad8f0607200823p53f4ebbfxb641853e75bf4939@mail.gmail.com> Julien, Thanks, so basically I would just add an entry that follows the same format as I would use in local.cf, correct? In other words I would just add a line to spam.assassin.prefs.conf that looks like: score INVESTMENT_ADVICE 5.0 Is that correct? Also, a related question - I'm using Postfix, and my SA bayes directory seems to be /var/spool/MailScanner/spamassassin/. Now the 'postfix' user is a nologin account, and the home directory is slightly different. When I use `sa-learn` to try to train the SA bayes database from root, the files get created in /root/.spamassassin. I want to train the system-wide entries, thus applying to all users, in the /var/spool/MailScanner/spamassassin/ directory. How can I do this? Thanks for the help, by the way the book has been very helpful for most situations! Tony On 7/20/06, Julian Field wrote: > > On 20 Jul 2006, at 15:04, Tony Stocker wrote: > > > Hello All, > > > > I know that MailScanner moves some of the SA configuration into it so > > before I go mucking around with files I want to make sure that I'm > > mucking around with the RIGHT files. > > > > Basically I want to raise the score assigned to spam. For instance > > the default value for "INVESTMENT_ADVICE" is 2.960 and I want to raise > > this. Now the header comments for > > /usr/share/spamassassin/50_scores.cf says not to directly modify that > > file, but rather to modify /etc/mail/spamassassin/local.cf. > > > > Is this still true when using MailScanner? Or is there a place in MS > > that I should be making these custom scoring tweaks? > > /etc/MailScanner/spam.assassin.prefs.conf > > -- > Julian Field > MailScanner@ecs.soton.ac.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From igal at securenet.co.il Thu Jul 20 17:32:50 2006 From: igal at securenet.co.il (Igal Katzir) Date: Thu Jul 20 16:32:28 2006 Subject: "I/O error on connection" problem. MailScanner related? Message-ID: <38531FBA30509D418523F41CC6E981D88BC032@securenetdc.securenet.co.il> You Should upgrade the Physical Memory (RAM) of the machine. You can check free memory with the free command. Regards, igal katzir ???? ???? ???? ???????? -----Original Message----- From: Chris W. Parker [mailto:cparker@swatgear.com] Sent: Wednesday, July 19, 2006 19:43 To: mailscanner@jiscmail.ac.uk Subject: "I/O error on connection" problem. MailScanner related? Hello, A user complained to me today that some of her customers are not receiving her emails and vice versa (she is not able to receive theirs). I've noticed that I get these messages in the logs at least once everyday from different hosts. I've searched and searched on this and haven't found any kind of concrete resolution to it. One strange thing about the posts I find on this are that they're generally all old. Late nineties mostly. Dunno if that means anything... So, could this be related to MailScanner in that MailScanner is putting too high a load on my box and therefore these errors are generated. I see that ClamAV and BitDefender really use a lot of cpu. Not really sure how to investigate this so any advice would be much appreciated. Thanks, Chris. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From akostocker at gmail.com Thu Jul 20 16:34:23 2006 From: akostocker at gmail.com (Tony Stocker) Date: Thu Jul 20 16:34:25 2006 Subject: Modifying SpamAssassin scores when using MailScanner In-Reply-To: <7801ad8f0607200823p53f4ebbfxb641853e75bf4939@mail.gmail.com> References: <7801ad8f0607200704h794cbescb945840e3ddbc8a@mail.gmail.com> <93500F61-A9FD-4258-A8DE-6E531866686E@ecs.soton.ac.uk> <7801ad8f0607200823p53f4ebbfxb641853e75bf4939@mail.gmail.com> Message-ID: <7801ad8f0607200834s3dd7ee19l92196e019163e118@mail.gmail.com> Looking around at the documentation, I think I just need to do the following, but somebody please check me if I'm wrong: sa-learn --dbpath /var/spool/MailScanner/spamassassin --spam [path/to/spam] Yes? On 7/20/06, Tony Stocker wrote: > Julien, > > Thanks, so basically I would just add an entry that follows the same > format as I would use in local.cf, correct? In other words I would > just add a line to spam.assassin.prefs.conf that looks like: > > score INVESTMENT_ADVICE 5.0 > > Is that correct? > > Also, a related question - I'm using Postfix, and my SA bayes > directory seems to be > /var/spool/MailScanner/spamassassin/. Now the 'postfix' user is a > nologin account, and the home directory is slightly different. When I > use `sa-learn` to try to train the SA bayes database from root, the > files get created in /root/.spamassassin. I want to train the > system-wide entries, thus applying to all users, in the > /var/spool/MailScanner/spamassassin/ directory. How can I do this? > > Thanks for the help, by the way the book has been very helpful for > most situations! > > Tony > > On 7/20/06, Julian Field wrote: > > > > On 20 Jul 2006, at 15:04, Tony Stocker wrote: > > > > > Hello All, > > > > > > I know that MailScanner moves some of the SA configuration into it so > > > before I go mucking around with files I want to make sure that I'm > > > mucking around with the RIGHT files. > > > > > > Basically I want to raise the score assigned to spam. For instance > > > the default value for "INVESTMENT_ADVICE" is 2.960 and I want to raise > > > this. Now the header comments for > > > /usr/share/spamassassin/50_scores.cf says not to directly modify that > > > file, but rather to modify /etc/mail/spamassassin/local.cf. > > > > > > Is this still true when using MailScanner? Or is there a place in MS > > > that I should be making these custom scoring tweaks? > > > > /etc/MailScanner/spam.assassin.prefs.conf > > > > -- > > Julian Field > > MailScanner@ecs.soton.ac.uk > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > MailScanner thanks transtec Computers for their support. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > From rowan at rownetco.com Thu Jul 20 16:29:43 2006 From: rowan at rownetco.com (John Rowan) Date: Thu Jul 20 16:35:44 2006 Subject: Rejecting Spammers Message-ID: <44BFA167.4000208@rownetco.com> I've posted similar inquiries to sendmail's news group without receiving a successful resolution. I have had feedback there but it wasn't something that could be implemented without impacting potential customers. I, like most everyone else receiving email, receive trash where the Received from: only indicates a number. Sometimes the number is negative. I don't know the significance of the number, perhaps it is the ad campaign or the spammer's customer number. I have been using procmail recipes to send their crap to /dev/null. The procmail recipe is getting quite long. In a very large majority of the junk I have noticed that the X-Mailer is The Bat! (see last line below). Today I added a new section to the recipe that looks to see if the X-Mailer line is The Bat! and will be /dev/nulling that crap as well. This is all well and good but it takes (ever increasing) cpu cycles to process each message (as the recipe gets longer and longer). I also use sendmail's access.db to reject domain names and IP netblocks which is more efficient as it turns these morons away at the door with an "in your face" message informing them of the rejection. Granted these jerks aren't going to care about one rejected message. I take some satisfaction though when I see that 7000 plus junk emails have been rejected by the access database or by the real time black hole listing services that are also part of my sendmail configuration. Long story short, does anyone here know of additional methods of turning these morons away upon connection rather than accepting their junk then having to have procmail examine / trash them? Two recipes from my .procmailrc file: :0 * ^Received: from 149051672 { LOGFILE= $HOME/spammerhiding :0 $HOME/spammerhiding.log } :0 * ^X-Mailer: The Bat! { LOGFILE= $HOME/thebatcrap :0 $HOME/thebatcrap.log } Received: from -1214334648 ([58.38.104.145]) by deleted (8.11.6/8.11.6) with SMTP id k6KF5Mb16420 for ; Thu, 20 Jul 2006 11:05:23 -0400 Received: from graphimpressions.com (-1217230040 [-1214449216]) by goodstitch.com (Qmailv1) with ESMTP id 91710279CB for ; Thu, 20 Jul 2006 08:07:33 -0700 Date: Thu, 20 Jul 2006 08:07:33 -0700 From: "Conservationists F. Divinest" X-Mailer: The Bat! (v2.00.9) Personal -------------- next part -------------- A non-text attachment was scrubbed... Name: rowan.vcf Type: text/x-vcard Size: 235 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/4bfce678/rowan.vcf From jpabuyer at tecnoera.com Thu Jul 20 16:35:52 2006 From: jpabuyer at tecnoera.com (Juan Pablo Abuyeres) Date: Thu Jul 20 16:36:03 2006 Subject: MailScanner and Spamassassin give me diferent scores In-Reply-To: <01ed01c6ac0e$af0c0d00$170a000a@SENADER.LOCAL> References: <01ed01c6ac0e$af0c0d00$170a000a@SENADER.LOCAL> Message-ID: <1153409752.8859.108.camel@blackbird.tecnoera.com> Is the destination a real email address or an alias/forward ? On Thu, 2006-07-20 at 10:10 -0500, Henry Burbano wrote: > Hi everybody, I'm having problems with spam mails, when I run > "spamssassin -D < mail" I get scores up to 15 but when the mail go > trough the MailScanner, it is scored with 2 or less points. > > I believe it's a missconfiguration, but I don't found the answer. > > I am running > > MailScanner version 4.54.6 > SpamAssassin version 3.1.3 > running on Perl version 5.8.1 > > > When I run MailScanner --lint, I get: > > Read 748 hostnames from the phishing whitelist > Config: calling custom init function InternalActions > Initialising Internal account list > Internal Account List read 2 domains and 1 accounts > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > > > > and MailScanner -V: > > Running on > Linux proton 2.4.27 #36 SMP Mon Nov 15 12:10:06 ECT 2005 i686 unknown > unknown GNU/Linux > > This is Perl version 5.008001 (5.8.1) > > This is MailScanner version 4.54.6 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.01 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.72 File::Basename > 2.06 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.54 HTML::Parser > 2.37 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.122 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.10 Net::CIDR > 1.06 POSIX > 1.76 Socket > 0.04 Sys::Syslog > 01.20 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.806 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.02 Digest > 1.01 Digest::HMAC > 2.27 Digest::MD5 > 2.01 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001003 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 1.24 Net::IP > 0.41 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > missing Sys::Hostname::Long > 2.30 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.19 URI > > > > > Thanks for your support > > From Phil.Udel at salemcorp.com Thu Jul 20 16:41:24 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Thu Jul 20 16:41:39 2006 Subject: MailScanner and Spamassassin give me diferent scores In-Reply-To: <01ed01c6ac0e$af0c0d00$170a000a@SENADER.LOCAL> Message-ID: <200607201545.k6KFjq5E013231@cat.salemcarriers.com> I am not sure that it makes a difference. But you could try spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Henry Burbano Sent: Thursday, July 20, 2006 10:11 AM To: mailscanner@lists.mailscanner.info Subject: MailScanner and Spamassassin give me diferent scores Hi everybody, I'm having problems with spam mails, when I run "spamssassin -D < mail" I get scores up to 15 but when the mail go trough the MailScanner, it is scored with 2 or less points. I believe it's a missconfiguration, but I don't found the answer. I am running MailScanner version 4.54.6 SpamAssassin version 3.1.3 running on Perl version 5.8.1 When I run MailScanner --lint, I get: Read 748 hostnames from the phishing whitelist Config: calling custom init function InternalActions Initialising Internal account list Internal Account List read 2 domains and 1 accounts Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav and MailScanner -V: Running on Linux proton 2.4.27 #36 SMP Mon Nov 15 12:10:06 ECT 2005 i686 unknown unknown GNU/Linux This is Perl version 5.008001 (5.8.1) This is MailScanner version 4.54.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.06 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.122 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.06 POSIX 1.76 Socket 0.04 Sys::Syslog 01.20 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.806 DB_File 1.11 DBD::SQLite 1.50 DBI 1.02 Digest 1.01 Digest::HMAC 2.27 Digest::MD5 2.01 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001003 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 1.24 Net::IP 0.41 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.30 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.19 URI Thanks for your support -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/540f6146/attachment.html From MailScanner at ecs.soton.ac.uk Thu Jul 20 16:48:26 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jul 20 16:48:59 2006 Subject: Modifying SpamAssassin scores when using MailScanner In-Reply-To: <7801ad8f0607200823p53f4ebbfxb641853e75bf4939@mail.gmail.com> References: <7801ad8f0607200704h794cbescb945840e3ddbc8a@mail.gmail.com> <93500F61-A9FD-4258-A8DE-6E531866686E@ecs.soton.ac.uk> <7801ad8f0607200823p53f4ebbfxb641853e75bf4939@mail.gmail.com> Message-ID: On 20 Jul 2006, at 16:23, Tony Stocker wrote: > Julien, > > Thanks, so basically I would just add an entry that follows the same > format as I would use in local.cf, correct? In other words I would > just add a line to spam.assassin.prefs.conf that looks like: > > score INVESTMENT_ADVICE 5.0 > > Is that correct? Yes. > > Also, a related question - I'm using Postfix, and my SA bayes > directory seems to be > /var/spool/MailScanner/spamassassin/. Now the 'postfix' user is a > nologin account, and the home directory is slightly different. When I > use `sa-learn` to try to train the SA bayes database from root, the > files get created in /root/.spamassassin. I want to train the > system-wide entries, thus applying to all users, in the > /var/spool/MailScanner/spamassassin/ directory. How can I do this? Your followup says what I was going to say. Just make sure the ownership of the files is correct, or the postfix user won't be able to write to them. > Thanks for the help, by the way the book has been very helpful for > most situations! Glad you like it! > > Tony > > On 7/20/06, Julian Field wrote: >> >> On 20 Jul 2006, at 15:04, Tony Stocker wrote: >> >> > Hello All, >> > >> > I know that MailScanner moves some of the SA configuration into >> it so >> > before I go mucking around with files I want to make sure that I'm >> > mucking around with the RIGHT files. >> > >> > Basically I want to raise the score assigned to spam. For instance >> > the default value for "INVESTMENT_ADVICE" is 2.960 and I want to >> raise >> > this. Now the header comments for >> > /usr/share/spamassassin/50_scores.cf says not to directly modify >> that >> > file, but rather to modify /etc/mail/spamassassin/local.cf. >> > >> > Is this still true when using MailScanner? Or is there a place >> in MS >> > that I should be making these custom scoring tweaks? >> >> /etc/MailScanner/spam.assassin.prefs.conf >> >> -- >> Julian Field >> MailScanner@ecs.soton.ac.uk >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From davidn at KeyMarkinc.com Thu Jul 20 16:58:33 2006 From: davidn at KeyMarkinc.com (David Nalley) Date: Thu Jul 20 16:57:50 2006 Subject: Modifying SpamAssassin scores when using MailScanner Message-ID: <81214BB68B68BF4586FE1D82E7B3C472BB6F34@kmex01.keymark.dom> Tony, That works, however, I found it easier to just symlink the roots bayes directory to MailScanners, no having to enter the dbpath switch. David Nalley > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Tony Stoer > Sent: Thursday, July 20, 2006 11:34 AM > To: MailScanner discussion > Subject: Re: Modifying SpamAssassin scores when using MailScanner > > Looking around at the documentation, I think I just need to > do the following, but somebody please check me if I'm wrong: > > sa-learn --dbpath /var/spool/MailScanner/spamassassin --spam > [path/to/spam] > > Yes? > > On 7/20/06, Tony Stocker wrote: > > Julien, > > > > Thanks, so basically I would just add an entry that follows > the same > > format as I would use in local.cf, correct? In other words I would > > just add a line to spam.assassin.prefs.conf that looks like: > > > > score INVESTMENT_ADVICE 5.0 > > > > Is that correct? > > > > Also, a related question - I'm using Postfix, and my SA bayes > > directory seems to be /var/spool/MailScanner/spamassassin/. > Now the > > 'postfix' user is a nologin account, and the home directory is > > slightly different. When I use `sa-learn` to try to train the SA > > bayes database from root, the files get created in > > /root/.spamassassin. I want to train the system-wide entries, thus > > applying to all users, in the /var/spool/MailScanner/spamassassin/ > > directory. How can I do this? > > > > Thanks for the help, by the way the book has been very helpful for > > most situations! > > > > Tony > > > > On 7/20/06, Julian Field wrote: > > > > > > On 20 Jul 2006, at 15:04, Tony Stocker wrote: > > > > > > > Hello All, > > > > > > > > I know that MailScanner moves some of the SA > configuration into it > > > > so before I go mucking around with files I want to make > sure that > > > > I'm mucking around with the RIGHT files. > > > > > > > > Basically I want to raise the score assigned to spam. For > > > > instance the default value for "INVESTMENT_ADVICE" is > 2.960 and I > > > > want to raise this. Now the header comments for > > > > /usr/share/spamassassin/50_scores.cf says not to > directly modify > > > > that file, but rather to modify /etc/mail/spamassassin/local.cf. > > > > > > > > Is this still true when using MailScanner? Or is there > a place in > > > > MS that I should be making these custom scoring tweaks? > > > > > > /etc/MailScanner/spam.assassin.prefs.conf > > > > > > -- > > > Julian Field > > > MailScanner@ecs.soton.ac.uk > > > > > > > > > > > > -- > > > This message has been scanned for viruses and dangerous > content by > > > MailScanner, and is believed to be clean. > > > MailScanner thanks transtec Computers for their support. > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mailscanner at yeticomputers.com Thu Jul 20 17:00:52 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Thu Jul 20 17:01:07 2006 Subject: Rejecting Spammers In-Reply-To: <44BFA167.4000208@rownetco.com> References: <44BFA167.4000208@rownetco.com> Message-ID: <44BFA8B4.9060404@yeticomputers.com> John Rowan wrote: > Long story short, does anyone here know of additional methods of > turning these morons away upon connection rather than accepting their > junk then having to have procmail examine / trash them? > > [...] > > X-Mailer: The Bat! (v2.00.9) Personal Greylisting helps quite a bit for me - you might want to try it out. The Bat!, by the way, is a legitimate mail client. I used it for a couple of years, only dropping it when I'd switched almost all of my mail servers away from POP3 to IMAP. (The Bat! treats - or used to treat, anyway - IMAP mail in pretty much the same way it does POP3 mail. Not what I was looking for.) Anyway, many bulk-mail applications allow you to forge the X-Mailer header. I wouldn't block on that. Check this out: http://www.silverstones.com/thebat/spammer.html Your call, though. Rick From mike at vesol.com Thu Jul 20 17:02:08 2006 From: mike at vesol.com (Mike Kercher) Date: Thu Jul 20 17:02:29 2006 Subject: Rejecting Spammers In-Reply-To: <44BFA167.4000208@rownetco.com> Message-ID: I recommend the GreetPause feature of sendmail 8.13.x and milter-sender Mike mailscanner-bounces@lists.mailscanner.info <> scribbled on : > I've posted similar inquiries to sendmail's news group > without receiving a successful resolution. I have had > feedback there but it wasn't something that could be > implemented without impacting potential customers. > > I, like most everyone else receiving email, receive trash > where the Received from: only indicates a number. Sometimes > the number is negative. I don't know the significance of the > number, perhaps it is the ad campaign or the spammer's > customer number. I have been using procmail recipes to send > their crap to /dev/null. The procmail recipe > is getting quite long. In a very large majority of the junk I have > noticed that the X-Mailer is The Bat! (see last line below). > Today I added a new section to the recipe that looks to see > if the X-Mailer line is The Bat! and will be /dev/nulling > that crap as well. This is all well and good but it takes > (ever increasing) cpu cycles to process each message (as the > recipe gets longer and longer). I also use sendmail's > access.db to reject domain names and IP netblocks which is > more efficient as it turns these morons away at the door with > an "in your face" message informing them of the rejection. > Granted these jerks aren't going to care about one rejected > message. I take some satisfaction though when I see that > 7000 plus junk emails have been rejected by the access > database or by the real time black hole listing services that > are also part of my sendmail configuration. > > Long story short, does anyone here know of additional methods > of turning these morons away upon connection rather than > accepting their junk then having to have procmail examine / > trash them? > > > Two recipes from my .procmailrc file: > >> 0 > * ^Received: from 149051672 > { > LOGFILE= $HOME/spammerhiding > :0 > $HOME/spammerhiding.log > } > >> 0 > * ^X-Mailer: The Bat! > { > LOGFILE= $HOME/thebatcrap > :0 > $HOME/thebatcrap.log > } > > > > Received: from -1214334648 ([58.38.104.145]) > by deleted (8.11.6/8.11.6) with SMTP id k6KF5Mb16420 > for ; Thu, 20 Jul 2006 11:05:23 -0400 > Received: from graphimpressions.com (-1217230040 [-1214449216]) > by goodstitch.com (Qmailv1) with ESMTP id 91710279CB > for ; Thu, 20 Jul 2006 08:07:33 -0700 > Date: Thu, 20 Jul 2006 08:07:33 -0700 > From: "Conservationists F. Divinest" > X-Mailer: The Bat! (v2.00.9) Personal From jethro.binks at strath.ac.uk Thu Jul 20 17:22:57 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu Jul 20 17:23:04 2006 Subject: Rejecting Spammers In-Reply-To: <44BFA8B4.9060404@yeticomputers.com> References: <44BFA167.4000208@rownetco.com> <44BFA8B4.9060404@yeticomputers.com> Message-ID: <20060720171914.O66139@defjam.cc.strath.ac.uk> On Thu, 20 Jul 2006, Rick Chadderdon wrote: > Anyway, many bulk-mail applications allow you to forge the X-Mailer > header. I wouldn't block on that. Check this out: > http://www.silverstones.com/thebat/spammer.html Your call, though. Well it's worth blocking on the X-Mailer: headers produced by known spamming software, of course. Anyone who forges an X-Mailer header of such software deserves everything they get probably! But you're correct that The Bat! is legit and often placed in the X-Mailer: by spammers (I'd not seen that web page - very useful). I haven't checked to see if it gets hit for a quite while, but I have a (conservative) list of some of them in my MTA configuration. I presume SpamAssassin will also detect and score some too. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From cparker at swatgear.com Thu Jul 20 17:38:49 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 20 17:39:02 2006 Subject: "I/O error on connection" problem. MailScanner related? Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8EF0@ati-ex-02.ati.local> Igal Katzir on Thursday, July 20, 2006 9:33 AM said: > You Should upgrade the Physical Memory (RAM) of the machine. > You can check free memory with the free command. I definitely do need ram on this thing... [root@filter /var/log]# free total used free shared buffers cached Mem: 255232 220660 34572 0 19556 58512 -/+ buffers/cache: 142592 112640 Swap: 514040 42740 471300 But do you think increasing the ram will help with the "I/O error on connection" issue? It's happened four time today already, all with different hosts. Chris. From hburbano at novadevices.com Thu Jul 20 17:42:44 2006 From: hburbano at novadevices.com (Henry Burbano) Date: Thu Jul 20 17:42:12 2006 Subject: MailScanner and Spamassassin give me diferent scores References: <01ed01c6ac0e$af0c0d00$170a000a@SENADER.LOCAL> <1153409752.8859.108.camel@blackbird.tecnoera.com> Message-ID: <026b01c6ac1b$893deff0$170a000a@SENADER.LOCAL> The destination is a real email address. Saludos cordiales, _________________________________ Ing. Henry Burbano Nova Devices hburbano@novadevices.com www.novadevices.com Isla Fernandina N41-112 e Isla Floreana Tlf. 29 23 008 Quito - Ecuador _________________________________ ----- Original Message ----- From: "Juan Pablo Abuyeres" To: "MailScanner discussion" Sent: Thursday, July 20, 2006 10:35 AM Subject: Re: MailScanner and Spamassassin give me diferent scores > Is the destination a real email address or an alias/forward ? > > > On Thu, 2006-07-20 at 10:10 -0500, Henry Burbano wrote: > > Hi everybody, I'm having problems with spam mails, when I run > > "spamssassin -D < mail" I get scores up to 15 but when the mail go > > trough the MailScanner, it is scored with 2 or less points. > > > > I believe it's a missconfiguration, but I don't found the answer. > > > > I am running > > > > MailScanner version 4.54.6 > > SpamAssassin version 3.1.3 > > running on Perl version 5.8.1 > > > > > > When I run MailScanner --lint, I get: > > > > Read 748 hostnames from the phishing whitelist > > Config: calling custom init function InternalActions > > Initialising Internal account list > > Internal Account List read 2 domains and 1 accounts > > Checking for SpamAssassin errors (if you use it)... > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > > SpamAssassin reported no errors. > > > > MailScanner.conf says "Virus Scanners = clamav" > > Found these virus scanners installed: clamav > > > > > > > > > > and MailScanner -V: > > > > Running on > > Linux proton 2.4.27 #36 SMP Mon Nov 15 12:10:06 ECT 2005 i686 unknown > > unknown GNU/Linux > > > > This is Perl version 5.008001 (5.8.1) > > > > This is MailScanner version 4.54.6 > > Module versions are: > > 1.00 AnyDBM_File > > 1.14 Archive::Zip > > 1.01 Carp > > 1.119 Convert::BinHex > > 1.00 DirHandle > > 1.05 Fcntl > > 2.72 File::Basename > > 2.06 File::Copy > > 2.01 FileHandle > > 1.06 File::Path > > 0.14 File::Temp > > 0.90 Filesys::Df > > 1.35 HTML::Entities > > 3.54 HTML::Parser > > 2.37 HTML::TokeParser > > 1.21 IO > > 1.10 IO::File > > 1.122 IO::Pipe > > 1.71 Mail::Header > > 3.05 MIME::Base64 > > 5.420 MIME::Decoder > > 5.420 MIME::Decoder::UU > > 5.420 MIME::Head > > 5.420 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.420 MIME::Tools > > 0.10 Net::CIDR > > 1.06 POSIX > > 1.76 Socket > > 0.04 Sys::Syslog > > 01.20 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 0.17 Convert::TNEF > > 1.806 DB_File > > 1.11 DBD::SQLite > > 1.50 DBI > > 1.02 Digest > > 1.01 Digest::HMAC > > 2.27 Digest::MD5 > > 2.01 Digest::SHA1 > > missing Inline > > missing Mail::ClamAV > > 3.001003 Mail::SpamAssassin > > missing Mail::SPF::Query > > missing Net::CIDR::Lite > > 1.24 Net::IP > > 0.41 Net::DNS > > missing Net::LDAP > > missing Parse::RecDescent > > missing SAVI > > missing Sys::Hostname::Long > > 2.30 Test::Harness > > 0.47 Test::Simple > > 1.95 Text::Balanced > > 1.19 URI > > > > > > > > > > Thanks for your support > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hburbano at novadevices.com Thu Jul 20 17:48:03 2006 From: hburbano at novadevices.com (Henry Burbano) Date: Thu Jul 20 17:47:27 2006 Subject: MailScanner and Spamassassin give me diferent scores References: <200607201545.k6KFjq5E013231@cat.salemcarriers.com> Message-ID: <027801c6ac1c$478ecb00$170a000a@SENADER.LOCAL> I tried, and in both cases, I got the same result. ----- Original Message ----- From: Phillip Udel To: 'MailScanner discussion' Sent: Thursday, July 20, 2006 10:41 AM Subject: RE: MailScanner and Spamassassin give me diferent scores I am not sure that it makes a difference. But you could try spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint ------------------------------------------------------------------------------ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Henry Burbano Sent: Thursday, July 20, 2006 10:11 AM To: mailscanner@lists.mailscanner.info Subject: MailScanner and Spamassassin give me diferent scores Hi everybody, I'm having problems with spam mails, when I run "spamssassin -D < mail" I get scores up to 15 but when the mail go trough the MailScanner, it is scored with 2 or less points. I believe it's a missconfiguration, but I don't found the answer. I am running MailScanner version 4.54.6 SpamAssassin version 3.1.3 running on Perl version 5.8.1 When I run MailScanner --lint, I get: Read 748 hostnames from the phishing whitelist Config: calling custom init function InternalActions Initialising Internal account list Internal Account List read 2 domains and 1 accounts Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav and MailScanner -V: Running on Linux proton 2.4.27 #36 SMP Mon Nov 15 12:10:06 ECT 2005 i686 unknown unknown GNU/Linux This is Perl version 5.008001 (5.8.1) This is MailScanner version 4.54.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.06 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.21 IO 1.10 IO::File 1.122 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.06 POSIX 1.76 Socket 0.04 Sys::Syslog 01.20 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.806 DB_File 1.11 DBD::SQLite 1.50 DBI 1.02 Digest 1.01 Digest::HMAC 2.27 Digest::MD5 2.01 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001003 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 1.24 Net::IP 0.41 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.30 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.19 URI Thanks for your support -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/42c0a19d/attachment.html From mauriciopcavalcanti at hotmail.com Thu Jul 20 18:05:11 2006 From: mauriciopcavalcanti at hotmail.com (Mauricio) Date: Thu Jul 20 18:06:44 2006 Subject: OT:distributed AWL In-Reply-To: <44BF8BD8.3020102@mailing.kaufland-informationssysteme.com> Message-ID: Hi, I have many servers using MS+SA and I was thinking about use or not use AWL (auto-whitelist). Its work fine, but a in a small traffic server, I have some false positives. So, if SA makes AWL files with score and IP and we can log these information into MYSQL DB, I think it's a good idea make a centralized DB and share it, like a big sender base. Am I crazy thinking about it? Anyone has tried this? We could share this "sender base" to anyone (read) and select some "good partners" to help in this populate work. I think ironport is working with something like that. Thanks in advance, Mauricio From Denis.Beauchemin at USherbrooke.ca Thu Jul 20 18:56:29 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jul 20 18:56:48 2006 Subject: "I/O error on connection" problem. MailScanner related? In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8EF0@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8EF0@ati-ex-02.ati.local> Message-ID: <44BFC3CD.30009@USherbrooke.ca> Chris W. Parker a ?crit : > But do you think increasing the ram will help with the "I/O error on > connection" issue? It's happened four time today already, all with > different hosts. > Chris, No it shouldn't make any difference. I am pretty sure this is caused by network issues. I usually disregard these messages as the mails will most likely be delivered on the next connection. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/5a53dc95/smime.bin From mikea at mikea.ath.cx Thu Jul 20 19:11:27 2006 From: mikea at mikea.ath.cx (mikea) Date: Thu Jul 20 19:11:32 2006 Subject: "I/O error on connection" problem. MailScanner related? In-Reply-To: <44BFC3CD.30009@USherbrooke.ca>; from Denis.Beauchemin@USherbrooke.ca on Thu, Jul 20, 2006 at 01:56:29PM -0400 References: <97FD54B5E57A1842AA1A4B232E4761172D8EF0@ati-ex-02.ati.local> <44BFC3CD.30009@USherbrooke.ca> Message-ID: <20060720131127.A34747@mikea.ath.cx> On Thu, Jul 20, 2006 at 01:56:29PM -0400, Denis Beauchemin wrote: > Chris W. Parker a ?crit : > > But do you think increasing the ram will help with the "I/O error on > > connection" issue? It's happened four time today already, all with > > different hosts. > > > Chris, > > No it shouldn't make any difference. I am pretty sure this is caused by > network issues. I usually disregard these messages as the mails will > most likely be delivered on the next connection. In my logs, "I/O error on connection" typically has a line soon before it with payload something like "collect: premature EOM: Connection reset by ". This certainly would indicate that it's not you. Are you seeing anything of the sort?" I also think it's probably network issues, or possibly flaky MTAs on the distant end, and that adding RAM won't fix that. Adding RAM *will* help with other things, though, and especially so if you use ramdisk for your temp directory. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From cparker at swatgear.com Thu Jul 20 19:37:14 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 20 19:37:27 2006 Subject: "I/O error on connection" problem. MailScanner related? Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8EF1@ati-ex-02.ati.local> mikea on Thursday, July 20, 2006 11:11 AM said: > In my logs, "I/O error on connection" typically has a line soon > before it with payload something like "collect: premature EOM: > Connection reset by ". This certainly would indicate that it's > not you. Are you seeing anything of the sort?" Interesting. Yes I see these messages. In fact, with a cursory glance based on my memory of remote server addresses, it looks like almost all (if not all) the "I/O error on connection" entries have a corresponding "collect: premature EOM: Connection reset by " entry. Why would the remote server reset the connection? Is there anyway I can manually test if this is an ICMP issue? Thanks, Chris. From campbell at cnpapers.com Thu Jul 20 19:59:43 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jul 20 20:05:32 2006 Subject: "I/O error on connection" problem. MailScanner related? References: <97FD54B5E57A1842AA1A4B232E4761172D8EF1@ati-ex-02.ati.local> Message-ID: <003401c6ac2e$a949ffb0$0705000a@DDF5DW71> ----- Original Message ----- From: "Chris W. Parker" To: "MailScanner discussion" Sent: Thursday, July 20, 2006 2:37 PM Subject: RE: "I/O error on connection" problem. MailScanner related? > mikea > on Thursday, July 20, 2006 11:11 AM said: > >> In my logs, "I/O error on connection" typically has a line soon >> before it with payload something like "collect: premature EOM: >> Connection reset by ". This certainly would indicate that it's >> not you. Are you seeing anything of the sort?" > > Interesting. Yes I see these messages. In fact, with a cursory glance > based on my memory of remote server addresses, it looks like almost all > (if not all) the "I/O error on connection" entries have a corresponding > "collect: premature EOM: Connection reset by " entry. > > Why would the remote server reset the connection? I'm not sure, but I seem to have ran into the same problem (sort of) recently. We, both ends, sort of figured out it was a combination of my timeout settings and his greylist settings. For some reason, the connection was almost always broken during the DATA phase, which didn't make sense, but my end thought that it was bad enough to resend, over and over to his end, which never changed the greylist entry to a whitelist (accept) entry. I don't recall see similar messages in my logs, though. But this could be one of the causes. Steve Campbell campbell@cnpapers.com Charleston Newspapers > > Is there anyway I can manually test if this is an ICMP issue? > > > > Thanks, > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ken.hoegeman at gmail.com Fri Jul 21 02:16:42 2006 From: ken.hoegeman at gmail.com (Ken Hoegeman) Date: Fri Jul 21 02:16:44 2006 Subject: Rejecting non-existant users Message-ID: Hello All, 2 years ago I setup a spam filter gateway that delivers to a 2nd mail server running Windows 2003. I set it up using a paper : CREATING A SPAMFILTER RELAY SERVER By Scott L. Henderson Later I added Mailscanner and everything works fine except I get a large number of spam messages to random email addresses in 4 virtual domains I have a Postfix book, but I cannot figure out if I can have a static list of valid email addresses that postfix checks before running all the spam / virus checks and trys to forward to the 2nd sever and then fails because the address in no good. I would like to just drop the invalid email addresses at the postfix level. My postfix queue is at 12,000 messages most of which are for bogus addresses. I have less than 150 email accounts Please excuse my ignorance I have very limited linux know-how Thanks for your time Ken -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060720/83749551/attachment.html From res at ausics.net Fri Jul 21 02:21:06 2006 From: res at ausics.net (Res) Date: Fri Jul 21 02:21:19 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44BF80F9.2070504@USherbrooke.ca> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> <44BF80F9.2070504@USherbrooke.ca> Message-ID: On Thu, 20 Jul 2006, Denis Beauchemin wrote: >> So in essence, S.A is good for stopping about 0.1% of it. >> nice and handy and warns the suer the otehr 99.9% of the time BUT because >> its a warning people will at least start to read it to see if its spam or >> genuine. > I disagree with you. SA, if you tune it right, will detect pretty much ALL > spam. But it needs lots of RAM. > > We warn users above 5 and delete mails above 20 and yesterday we managed to > delete 59% of spam... > Then its not catching the sort of crap we see, as per my previous most of it is low scoring so they see it anyway, if I was to run your settings here it would be a pure waste of time because you are still sending 99% of it to users to evaluate if itsspam or not, but each network to their own i supose. But I see in your followup post you only do about 100K a day, we have 3 machines that do 3/4 of a million+ and 1 that does well over a million a day (which is the problem one) each so they are not exactly little machines. -- Cheers Res From chrisgreen at hotmail.com Fri Jul 21 03:54:27 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Fri Jul 21 03:54:32 2006 Subject: Rejecting non-existant users In-Reply-To: Message-ID: Hi Ken, The answer is here: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users I have been using this and it works a treat, reduced my quarantine area by 95% instantly. Just take the default answers when installing Net::LDAP and you should be fine. I'm now trying to do the same in Exim - I'll post up that solution if it's not there already. > >Hello All, > >2 years ago I setup a spam filter gateway that delivers to a 2nd mail >server running Windows 2003. >I set it up using a paper : >CREATING A SPAMFILTER RELAY SERVER By Scott L. Henderson >Later I added Mailscanner and everything works fine except I get a large >number of spam messages to random email addresses in 4 virtual domains > >I have a Postfix book, but I cannot figure out if I can have a static list >of valid email addresses that postfix checks before running all the spam / >virus checks and trys to forward to the 2nd sever and then fails because >the >address in no good. I would like to just drop the invalid email addresses >at the postfix level. My postfix queue is at 12,000 messages most of which >are for bogus addresses. > >I have less than 150 email accounts >Please excuse my ignorance I have very limited linux know-how > >Thanks for your time > >Ken >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From chrisgreen at hotmail.com Fri Jul 21 04:55:16 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Fri Jul 21 04:55:20 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: Message-ID: >On Thu, 20 Jul 2006, Denis Beauchemin wrote: > >>>So in essence, S.A is good for stopping about 0.1% of it. >>>nice and handy and warns the suer the otehr 99.9% of the time BUT because >>>its a warning people will at least start to read it to see if its spam >>>or genuine. > >>I disagree with you. SA, if you tune it right, will detect pretty much >>ALL spam. But it needs lots of RAM. >> >>We warn users above 5 and delete mails above 20 and yesterday we managed >>to delete 59% of spam... >> > >Then its not catching the sort of crap we see, as per my previous most of >it is low scoring so they see it anyway, if I was to run your settings here >it would be a pure waste of time because you are still sending 99% of it to >users to evaluate if itsspam or not, but each network to their own i >supose. > >But I see in your followup post you only do about 100K a day, we have 3 >machines that do 3/4 of a million+ and 1 that does well over a million a >day (which is the problem one) each so they are not exactly little >machines. > Are you running sa-learn on those boxes? I'm truely surprised at the woeful performance you're getting. It's almost like you are feeding spam in to sa-learn as ham...! From goetz.reinicke at filmakademie.de Fri Jul 21 07:55:36 2006 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke?=) Date: Fri Jul 21 07:55:41 2006 Subject: strange: logwatch mail on mailserver is marked as spam Message-ID: <44C07A68.3030100@filmakademie.de> Hi, I have no idea what's going wrong: I do get the logwatch report generated on my mailserver detected as spam by the mailservers mailscanner/SA installation :-) The server is RHEL 4 (2.6.9-kernel), MS 4.54.6, SA 3.1.3. The score for the report is e.g. spam, SpamAssassin (nicht zwischen gespeichert, Wertung=17.019, benoetigt 3.6, ALL_TRUSTED -1.80, BAYES_00 -2.60, INFO_TLD 1.27, NO_REAL_NAME 0.96, URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SBL 1.64, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) Any ideas or what information may I provide? Thanks for any hint!! Regards G?tz -- G?tz Reinicke IT Koordinator Tel. +49 7141 969-420 Fax +49 7141 969 55-420 goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de From chrisgreen at hotmail.com Fri Jul 21 09:01:38 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Fri Jul 21 09:01:45 2006 Subject: strange: logwatch mail on mailserver is marked as spam In-Reply-To: <44C07A68.3030100@filmakademie.de> Message-ID: The SA score is high because it's tripping over on the RBL scores. This means that the IP address from which the mail came from is blacklisted - which is odd if it's from the same machine (it would normally appear to come from 127.0.0.1). Check to see if your machine is listening on this IP. Perhaps you have restricted incoming mail to use IP addresses other than 127.0.0.1? Another option would be to whitelist the sender, but that spoils the troubleshooting fun really! G�tz Reinicke wrote: > >Hi, > >I have no idea what's going wrong: > >I do get the logwatch report generated on my mailserver detected as spam by >the mailservers mailscanner/SA installation :-) > >The server is RHEL 4 (2.6.9-kernel), MS 4.54.6, SA 3.1.3. > >The score for the report is e.g. > >spam, SpamAssassin (nicht zwischen gespeichert, Wertung=17.019, benoetigt >3.6, ALL_TRUSTED -1.80, BAYES_00 -2.60, INFO_TLD 1.27, NO_REAL_NAME 0.96, >URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SBL >1.64, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) > >Any ideas or what information may I provide? > >Thanks for any hint!! From martinh at solid-state-logic.com Fri Jul 21 09:10:16 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jul 21 09:10:25 2006 Subject: strange: logwatch mail on mailserver is marked as spam In-Reply-To: References: Message-ID: <44C08BE8.4000101@solid-state-logic.com> Chris Green wrote: > The SA score is high because it's tripping over on the RBL scores. This > means that the IP address from which the mail came from is blacklisted - > which is odd if it's from the same machine (it would normally appear to > come from 127.0.0.1). Check to see if your machine is listening on this > IP. Perhaps you have restricted incoming mail to use IP addresses other > than 127.0.0.1? > > Another option would be to whitelist the sender, but that spoils the > troubleshooting fun really! > > > G?tz Reinicke wrote: >> >> Hi, >> >> I have no idea what's going wrong: >> >> I do get the logwatch report generated on my mailserver detected as >> spam by the mailservers mailscanner/SA installation :-) >> >> The server is RHEL 4 (2.6.9-kernel), MS 4.54.6, SA 3.1.3. >> >> The score for the report is e.g. >> >> spam, SpamAssassin (nicht zwischen gespeichert, Wertung=17.019, >> benoetigt 3.6, ALL_TRUSTED -1.80, BAYES_00 -2.60, INFO_TLD 1.27, >> NO_REAL_NAME 0.96, URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, >> URIBL_OB_SURBL 3.01, URIBL_SBL 1.64, URIBL_SC_SURBL 4.50, >> URIBL_WS_SURBL 2.14) >> >> Any ideas or what information may I provide? >> >> Thanks for any hint!! > > The URIRBL scores here are looking at the message body, not the headers.. personally I remove all the emails 127.0.0.1 from any checks but anti-virus... -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From raymond at prolocation.net Fri Jul 21 10:00:32 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Fri Jul 21 10:00:33 2006 Subject: strange: logwatch mail on mailserver is marked as spam In-Reply-To: <44C07A68.3030100@filmakademie.de> References: <44C07A68.3030100@filmakademie.de> Message-ID: Hi! > The server is RHEL 4 (2.6.9-kernel), MS 4.54.6, SA 3.1.3. > > The score for the report is e.g. > > spam, SpamAssassin (nicht zwischen gespeichert, Wertung=17.019, benoetigt > 3.6, ALL_TRUSTED -1.80, BAYES_00 -2.60, INFO_TLD 1.27, NO_REAL_NAME 0.96, > URIBL_AB_SURBL 3.81, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SBL > 1.64, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14) > > Any ideas or what information may I provide? In logwatch you have tripped a listed domain, simple. Can be either lame resolving servers, or perhaps a break in attempt from a host listed. Happenes all the time. Bye, Raymond. From ram at netcore.co.in Fri Jul 21 11:39:49 2006 From: ram at netcore.co.in (Ramprasad) Date: Fri Jul 21 11:39:44 2006 Subject: Mailscanner dies on some "corrupt" files Message-ID: <1153478389.25560.76.camel@darkstar.netcore.co.in> This happens rarely but I dont know what is the real reason I use Mailscanner + postfix + spamassassin. Everything seems to run properly. Suddenly mailscanner would stop scanningany more mails from hold queue and Mailscanner processes go defunct When I start Mailscanner again in debug mode I get "Can't call method "DropFromBatch" on unblessed reference at /usr/lib/MailScanner/MailScanner/Postfix.pm line 332. I have to find which file it is looking at by puting debug statements in Postfix.pm and find out which file it is and remove it from the hold queue Thanks Ram From amoore at dekalbmemorial.com Fri Jul 21 13:31:33 2006 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Fri Jul 21 13:31:38 2006 Subject: distributed AWL In-Reply-To: Message-ID: <60D398EB2DB948409CA1F50D8AF12257014C5BA3@exch1.dekalbmemorial.local> Check out the SpamAssassin Wiki at spamassassin.apache.org. You might want to check out their mailing list as well. Mauricio wrote: > Hi, > I have many servers using MS+SA and I was thinking about use or not > use AWL (auto-whitelist). Its work fine, but a in a small traffic > server, I have some false positives. > > So, if SA makes AWL files with score and IP and we can log these > information into MYSQL DB, I think it's a good idea make a > centralized DB and share it, like a big sender base. > > Am I crazy thinking about it? Anyone has tried this? > > We could share this "sender base" to anyone (read) and select some > "good partners" to help in this populate work. > > I think ironport is working with something like that. > > Thanks in advance, > Mauricio -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com From Denis.Beauchemin at USherbrooke.ca Fri Jul 21 13:45:27 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jul 21 13:46:29 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> <44BF80F9.2070504@USherbrooke.ca> Message-ID: <44C0CC67.7030103@USherbrooke.ca> Res a ?crit : > On Thu, 20 Jul 2006, Denis Beauchemin wrote: > >>> So in essence, S.A is good for stopping about 0.1% of it. >>> nice and handy and warns the suer the otehr 99.9% of the time BUT >>> because its a warning people will at least start to read it to see >>> if its spam or genuine. > >> I disagree with you. SA, if you tune it right, will detect pretty >> much ALL spam. But it needs lots of RAM. >> >> We warn users above 5 and delete mails above 20 and yesterday we >> managed to delete 59% of spam... >> > > Then its not catching the sort of crap we see, as per my previous most > of it is low scoring so they see it anyway, if I was to run your > settings here it would be a pure waste of time because you are still > sending 99% of it to users to evaluate if itsspam or not, but each > network to their own i supose. > > But I see in your followup post you only do about 100K a day, we have > 3 machines that do 3/4 of a million+ and 1 that does well over a > million a day (which is the problem one) each so they are not exactly > little machines. > > I can't imagine what it would be like if I had that many emails... but I still think things like DCC/Razor/Pyzor might help you out. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060721/b05b1a6b/smime.bin From tchamtieh at nayzak.com Fri Jul 21 14:33:00 2006 From: tchamtieh at nayzak.com (Thomas Chamtieh) Date: Fri Jul 21 14:32:10 2006 Subject: MailWatch Issue Message-ID: <9EF54EC4D23F874F9034C2A245622AC506E87A@ad.hosting.farm> Hi All, for some reason MailWatch stopped logging messages to the maillog table. Nothing has changed, it connects to the DB fine, it logs to the "inq" table, I can update geoip and sa_rules and all. MailScanner reports that it logged the message to SQL, but nothing is in the tables. I dropped and re-created the DB to no avail. It's driving me nuts. Any ideas? Thanks, -Thomas From Peter.Bates at lshtm.ac.uk Fri Jul 21 14:45:02 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Fri Jul 21 14:45:18 2006 Subject: Archive nested too deeply In-Reply-To: <000d01c6ac1e$a92ef0e0$57fefe0a@corprj01.disec.com.br> References: <44BF8BD8.3020102@mailing.kaufland-informationssysteme.com> <000d01c6ac1e$a92ef0e0$57fefe0a@corprj01.disec.com.br> Message-ID: <44C0E86E02000076000061B1@193.63.251.15> Hi all... Now and again (a couple of times a week) I get the following sort of error: Report: MailScanner: Message contained archive nested too deeply I'm just wondering if it's a configuration setting I'm missing, or just genuinely unusual emails. I've put up two examples at: http://www2.lshtm.ac.uk/mail/3A06E13F6E3 http://www2.lshtm.ac.uk/mail/E084A13FB1A (in Postfix queue format). This is MS 4.54.6-1 on RHEL4 (Postfix 2.1.5) ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From davidn at KeyMarkinc.com Fri Jul 21 15:28:19 2006 From: davidn at KeyMarkinc.com (David Nalley) Date: Fri Jul 21 15:27:37 2006 Subject: Archive nested too deeply Message-ID: <81214BB68B68BF4586FE1D82E7B3C472BB6FFC@kmex01.keymark.dom> > Hi all... > > Now and again (a couple of times a week) I get the following sort of > error: > > Report: MailScanner: Message contained archive nested too deeply > > I'm just wondering if it's a configuration setting I'm > missing, or just genuinely unusual emails. In MailScanner.conf change the depth as appropriate, the default is 2 iirc. Maximum Archive Depth = 2 From Peter.Bates at lshtm.ac.uk Fri Jul 21 15:57:20 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Fri Jul 21 15:58:14 2006 Subject: Archive nested too deeply In-Reply-To: <81214BB68B68BF4586FE1D82E7B3C472BB6FFC@kmex01.keymark.dom> References: <81214BB68B68BF4586FE1D82E7B3C472BB6FFC@kmex01.keymark.dom> Message-ID: <44C0F96002000076000061BA@193.63.251.15> Hello again all... ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 >>> davidn@KeyMarkinc.com 21/07/06 15:28:19 >>> >> I'm just wondering if it's a configuration setting I'm >> missing, or just genuinely unusual emails. >In MailScanner.conf change the depth as appropriate, the default is 2 iirc. >Maximum Archive Depth = 2 Sorry, yes, I should have said I have this set to 2, which I think is the default. My main query, I guess is that: Jul 21 14:27:58 postbox MailScanner[21712]: Files hidden in very deeply nested archive in E084A13FB1A.22FE1 doesn't really give me a hint as to whether I should be changing the setting to 0/disabling it, or whether 5, 50 or 500 will be better. From davidn at KeyMarkinc.com Fri Jul 21 16:21:12 2006 From: davidn at KeyMarkinc.com (David Nalley) Date: Fri Jul 21 16:20:34 2006 Subject: Archive nested too deeply Message-ID: <81214BB68B68BF4586FE1D82E7B3C472BB7010@kmex01.keymark.dom> > > My main query, I guess is that: > > Jul 21 14:27:58 postbox MailScanner[21712]: Files hidden in > very deeply nested archive in E084A13FB1A.22FE1 > > doesn't really give me a hint as to whether I should be > changing the setting to 0/disabling it, or whether 5, 50 or > 500 will be better. > I think the issue is that if you allow it to unzip continuously it could lead to a situation where the virus scanner would time out and then pass on a potentially harmful attachment. In addition it would burn CPU cycles. Realistically, I think that you could open the zip files (assuming that they are legitimate) and determine depth and use depth+n to make it a non-issue. Unfortunately I don't really see a way of gunzip telling how deeply nested the file is, other than it is nested at least once more than the limit specified, and thus it has no way of giving you a hint. From dave.list at pixelhammer.com Fri Jul 21 16:44:29 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 21 16:44:45 2006 Subject: Filetypes and filenames not being checked Message-ID: <44C0F65D.3070401@pixelhammer.com> Good morning, I have just had a user bring to my attention that since I upgraded to 4.54.x we are no longer stopping filenames with double suffixes or banned suffixes. I tried a test and sure enough two files went right through, test.svx.doc and test.scr. I double checked my conf files and everything looks good, mailscanner --lint shows no errors. I haven't changed anything in the conf file except to add MailWatch. I went through the change log and docs and didn't see anything that I thought would affect me. Has there been a change in how the filename.rules.conf files work? Thanks, DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From jchezny at northcarolina.edu Fri Jul 21 17:05:12 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Fri Jul 21 17:05:20 2006 Subject: Help! MS broken after upgrade from 4.51.6 to 4.54.6-1 Message-ID: <1153497912.44c0fb38d416e@webmail.northcarolina.edu> MailScanner -V Running on Linux (hostname) 2.6.9-34.0.2.ELsmp #1 SMP Fri Jun 30 10:33:58 EDT 2006 i686 i686 i386 GNU/Linux RAM: 1GB This is Red Hat Enterprise Linux ES release 4 (Nahant Update 3) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.54.6 Error message in /var/log/maillog: "...status=deferred (delivery temporarily suspended: transport is unavailable)" Thanks in advance for any help you can provide. Kind regards, -jc ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From jchezny at northcarolina.edu Fri Jul 21 17:08:04 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Fri Jul 21 17:08:06 2006 Subject: Fwd: Help! MS broken after upgrade from 4.51.6 to 4.54.6-1 (addendum) Message-ID: <1153498084.44c0fbe45eb9c@webmail.northcarolina.edu> MailScanner -V Running on Linux (hostname) 2.6.9-34.0.2.ELsmp #1 SMP Fri Jun 30 10:33:58 EDT 2006 i686 i686 i386 GNU/Linux SMTP: postfix-2.1.5-4.2.RHEL4 RAM: 1GB This is Red Hat Enterprise Linux ES release 4 (Nahant Update 3) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.54.6 Error message in /var/log/maillog: "...status=deferred (delivery temporarily suspended: transport is unavailable)" Thanks in advance for any help you can provide. Kind regards, -jc ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu ----- End forwarded message ----- ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From raymond at prolocation.net Fri Jul 21 17:13:53 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Fri Jul 21 17:13:52 2006 Subject: Help! MS broken after upgrade from 4.51.6 to 4.54.6-1 In-Reply-To: <1153497912.44c0fb38d416e@webmail.northcarolina.edu> References: <1153497912.44c0fb38d416e@webmail.northcarolina.edu> Message-ID: Hi! > Running on Linux (hostname) 2.6.9-34.0.2.ELsmp #1 SMP Fri Jun 30 10:33:58 EDT > 2006 i686 i686 i386 GNU/Linux > > RAM: 1GB > > This is Red Hat Enterprise Linux ES release 4 (Nahant Update 3) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.54.6 > > Error message in /var/log/maillog: > "...status=deferred (delivery temporarily suspended: transport is unavailable)" > > Thanks in advance for any help you can provide. Uhm ... and this should ring a bell? The error is from your mailer, not MailScanner, or ? Bye, Raymond. From martinh at solid-state-logic.com Fri Jul 21 17:20:46 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Jul 21 17:20:56 2006 Subject: Fwd: Help! MS broken after upgrade from 4.51.6 to 4.54.6-1 (addendum) In-Reply-To: <1153498084.44c0fbe45eb9c@webmail.northcarolina.edu> References: <1153498084.44c0fbe45eb9c@webmail.northcarolina.edu> Message-ID: <44C0FEDE.9060106@solid-state-logic.com> jchezny@northcarolina.edu wrote: > MailScanner -V > Running on Linux (hostname) 2.6.9-34.0.2.ELsmp #1 SMP Fri Jun 30 10:33:58 EDT > 2006 i686 i686 i386 GNU/Linux > > SMTP: postfix-2.1.5-4.2.RHEL4 > > RAM: 1GB > > This is Red Hat Enterprise Linux ES release 4 (Nahant Update 3) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.54.6 > > Error message in /var/log/maillog: > "...status=deferred (delivery temporarily suspended: transport is unavailable)" > > Thanks in advance for any help you can provide. > > Kind regards, > > -jc > Sounds like the MTA giving problems....have you stopped and restarted the MTA (or both of them if the MTA handles MS that way - most do). -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jchezny at northcarolina.edu Fri Jul 21 17:38:02 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Fri Jul 21 17:38:12 2006 Subject: Fwd: Help! MS broken after upgrade from 4.51.6 to 4.54.6-1 (addendum) In-Reply-To: <44C0FEDE.9060106@solid-state-logic.com> References: <1153498084.44c0fbe45eb9c@webmail.northcarolina.edu> <44C0FEDE.9060106@solid-state-logic.com> Message-ID: <1153499882.44c102ea19082@webmail.northcarolina.edu> Yes. Stopped and restarted. Checked configs (/etc/postfix/main.cf & master.cf). Quoting Martin Hepworth : > jchezny@northcarolina.edu wrote: > > MailScanner -V > > Running on Linux (hostname) 2.6.9-34.0.2.ELsmp #1 SMP Fri Jun 30 10:33:58 > EDT > > 2006 i686 i686 i386 GNU/Linux > > > > SMTP: postfix-2.1.5-4.2.RHEL4 > > > > RAM: 1GB > > > > This is Red Hat Enterprise Linux ES release 4 (Nahant Update 3) > > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.54.6 > > > > Error message in /var/log/maillog: > > "...status=deferred (delivery temporarily suspended: transport is > unavailable)" > > > > Thanks in advance for any help you can provide. > > > > Kind regards, > > > > -jc > > > > Sounds like the MTA giving problems....have you stopped and restarted > the MTA (or both of them if the MTA handles MS that way - most do). > > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From jchezny at northcarolina.edu Fri Jul 21 17:39:06 2006 From: jchezny at northcarolina.edu (jchezny@northcarolina.edu) Date: Fri Jul 21 17:39:09 2006 Subject: Help! MS broken after upgrade from 4.51.6 to 4.54.6-1 In-Reply-To: References: <1153497912.44c0fb38d416e@webmail.northcarolina.edu> Message-ID: <1153499946.44c1032ab63ec@webmail.northcarolina.edu> Thanks. Figured as much; however, didn't know if there was something funky MS did w/ master.cf that I didn't know about. -jc Quoting Raymond Dijkxhoorn : > Hi! > > > Running on Linux (hostname) 2.6.9-34.0.2.ELsmp #1 SMP Fri Jun 30 10:33:58 > EDT > > 2006 i686 i686 i386 GNU/Linux > > > > RAM: 1GB > > > > This is Red Hat Enterprise Linux ES release 4 (Nahant Update 3) > > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.54.6 > > > > Error message in /var/log/maillog: > > "...status=deferred (delivery temporarily suspended: transport is > unavailable)" > > > > Thanks in advance for any help you can provide. > > Uhm ... and this should ring a bell? > > The error is from your mailer, not MailScanner, or ? > > Bye, > Raymond. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ---------------------------------------------------------------- This message was sent with UNC-GA Webmail http://webmail.northcarolina.edu From drew at themarshalls.co.uk Fri Jul 21 17:40:20 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jul 21 17:40:33 2006 Subject: Help! MS broken after upgrade from 4.51.6 to 4.54.6-1 In-Reply-To: <1153497912.44c0fb38d416e@webmail.northcarolina.edu> References: <1153497912.44c0fb38d416e@webmail.northcarolina.edu> Message-ID: <36801.194.70.180.170.1153500020.squirrel@webmail.r-bit.net> On Fri, July 21, 2006 17:05, jchezny@northcarolina.edu wrote: > MailScanner -V > Running on Linux (hostname) 2.6.9-34.0.2.ELsmp #1 SMP Fri Jun 30 10:33:58 > EDT > 2006 i686 i686 i386 GNU/Linux > > RAM: 1GB > > This is Red Hat Enterprise Linux ES release 4 (Nahant Update 3) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.54.6 > > Error message in /var/log/maillog: > "...status=deferred (delivery temporarily suspended: transport is > unavailable)" And what else does your log say? Have you restarted Postfix? Do #postfix reload and see what kicks out in the maillog. This is not a (Direct) MAilScanner error. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From dave.list at pixelhammer.com Fri Jul 21 18:18:05 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 21 18:18:17 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C0F65D.3070401@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> Message-ID: <44C10C4D.2080309@pixelhammer.com> DAve wrote: > Good morning, > > I have just had a user bring to my attention that since I upgraded to > 4.54.x we are no longer stopping filenames with double suffixes or > banned suffixes. > > I tried a test and sure enough two files went right through, > test.svx.doc and test.scr. I double checked my conf files and everything > looks good, mailscanner --lint shows no errors. > > I haven't changed anything in the conf file except to add MailWatch. I > went through the change log and docs and didn't see anything that I > thought would affect me. > > Has there been a change in how the filename.rules.conf files work? > > Thanks, > > DAve > Hmm, double checked the filename.rules.conf and filetype.rules.conf and they looked fine (yes, tabs not spaces). Just on a whim I changed the MailScanner.conf to Filename Rules = %rules-dir%/user.filename.rules #Filename Rules = %etc-dir%/filename.rules.conf Then created %rules-dir%/user.filename.rules as # Default, disallow for all others To: default /usr/local/etc/MailScanner/filename.deny.rules.conf From: default /usr/local/etc/MailScanner/filename.deny.rules.conf And filename.deny.rules.conf is a copy of a fresh filename.rules.conf from the install source. Still test.svx.doc gets through as does test.scr. mailscanner --lint still shows no issues. I tried to run in debug mode but I got no unusual output. So I stopped MailScanner and called with the debug switch with no change. Is there a way to run in debug and output to the terminal? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From dhawal at netmagicsolutions.com Fri Jul 21 18:41:29 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Jul 21 18:41:37 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C10C4D.2080309@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <44C10C4D.2080309@pixelhammer.com> Message-ID: <44C111C9.1050806@netmagicsolutions.com> DAve wrote: > DAve wrote: >> Good morning, >> >> I have just had a user bring to my attention that since I upgraded to >> 4.54.x we are no longer stopping filenames with double suffixes or >> banned suffixes. >> >> I tried a test and sure enough two files went right through, >> test.svx.doc and test.scr. I double checked my conf files and >> everything looks good, mailscanner --lint shows no errors. >> >> I haven't changed anything in the conf file except to add MailWatch. I >> went through the change log and docs and didn't see anything that I >> thought would affect me. >> >> Has there been a change in how the filename.rules.conf files work? Do you have 'Scan Messages = yes' & 'Dangerous Content Scanning = yes'? See http://wiki.mailscanner.info/doku.php?id=documentation:configuration:dependencies, for an incomplete list of dependencies.. - dhawal > Hmm, double checked the filename.rules.conf and filetype.rules.conf and > they looked fine (yes, tabs not spaces). > > Just on a whim I changed the MailScanner.conf to > Filename Rules = %rules-dir%/user.filename.rules > #Filename Rules = %etc-dir%/filename.rules.conf > > Then created %rules-dir%/user.filename.rules as > # Default, disallow for all others > To: default /usr/local/etc/MailScanner/filename.deny.rules.conf > From: default /usr/local/etc/MailScanner/filename.deny.rules.conf > > And filename.deny.rules.conf is a copy of a fresh filename.rules.conf > from the install source. > > Still test.svx.doc gets through as does test.scr. mailscanner --lint > still shows no issues. > > I tried to run in debug mode but I got no unusual output. So I stopped > MailScanner and called with the debug switch with no change. Is there a > way to run in debug and output to the terminal? > > DAve From cparker at swatgear.com Fri Jul 21 19:31:18 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Fri Jul 21 19:31:31 2006 Subject: "I/O error on connection" problem. MailScanner related? Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4EE6@ati-ex-02.ati.local> Steve Campbell on Thursday, July 20, 2006 12:00 PM said: > I'm not sure, but I seem to have ran into the same problem (sort of) > recently. We, both ends, sort of figured out it was a combination of > my timeout settings and his greylist settings. For some reason, the > connection was almost always broken during the DATA phase, which > didn't make sense, but my end thought that it was bad enough to > resend, over and over to his end, which never changed the greylist > entry to a whitelist (accept) entry. I don't recall see similar > messages in my logs, though. But this could be one of the causes. So what did you do to fix it? Thanks, Chris. From MailScanner at ecs.soton.ac.uk Fri Jul 21 19:51:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 21 19:51:49 2006 Subject: Mailscanner dies on some "corrupt" files In-Reply-To: <1153478389.25560.76.camel@darkstar.netcore.co.in> References: <1153478389.25560.76.camel@darkstar.netcore.co.in> Message-ID: <0EF67E62-3843-4BE0-B890-433909D1F275@ecs.soton.ac.uk> Can you possibly send me the messages queue file that is causing this problem please? I need to be able to reproduce this problem in order to fix it for you. On Fri21 Jul 06, at 11:39, Ramprasad wrote: > This happens rarely but I dont know what is the real reason > > I use Mailscanner + postfix + spamassassin. Everything seems to run > properly. Suddenly mailscanner would stop scanningany more mails from > hold queue and Mailscanner processes go defunct > When I start Mailscanner again in debug mode I get > > "Can't call method "DropFromBatch" on unblessed reference > at /usr/lib/MailScanner/MailScanner/Postfix.pm line 332. > > I have to find which file it is looking at by puting debug > statements in > Postfix.pm and find out which file it is and remove it from the hold > queue > > Thanks > Ram > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From davidn at KeyMarkinc.com Fri Jul 21 20:05:10 2006 From: davidn at KeyMarkinc.com (David Nalley) Date: Fri Jul 21 20:04:31 2006 Subject: Mailscanner dies on some "corrupt" files Message-ID: <81214BB68B68BF4586FE1D82E7B3C472BB7076@kmex01.keymark.dom> > I use Mailscanner + postfix + spamassassin. Everything seems > to run properly. Suddenly mailscanner would stop scanningany > more mails from hold queue and Mailscanner processes go > defunct When I start Mailscanner again in debug mode I get > > "Can't call method "DropFromBatch" on unblessed reference at > /usr/lib/MailScanner/MailScanner/Postfix.pm line 332. > > I have to find which file it is looking at by puting debug > statements in Postfix.pm and find out which file it is and e > If I understand the situation that you are describing properly I think I have seen it once before, and it was a result of a failing hard drive. MailScanner would see the messages in queue and fail repeatedly on accessing it, claiming that it was a corrupt message. IIRC (it's been quite a while) the mail was essentially corrupted, and removing the file allowed it to continue processing the rest of the messages in the queue. I think the queue would be processed up til the point it came upon the "corrupted" message and wouldn't move past that, so a small trickle of mail would flow through. Again, this was a year and a half ago, and we may not be talking about the same thing, but it sounds awfully familiar. David Nalley KeyMark, Inc. 105 Tech Lane Liberty, SC 29657, USA 864.343.0329 Voice 864.343.0429 Fax 864.630.4906 Mobile www.KeyMarkInc.com ------------- From campbell at cnpapers.com Fri Jul 21 20:06:12 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jul 21 20:06:31 2006 Subject: "I/O error on connection" problem. MailScanner related? References: <97FD54B5E57A1842AA1A4B232E4761172C4EE6@ati-ex-02.ati.local> Message-ID: <002101c6acf8$bbc4edb0$0705000a@DDF5DW71> ----- Original Message ----- From: "Chris W. Parker" To: "MailScanner discussion" Sent: Friday, July 21, 2006 2:31 PM Subject: RE: "I/O error on connection" problem. MailScanner related? > Steve Campbell > on Thursday, July 20, 2006 12:00 PM said: > >> I'm not sure, but I seem to have ran into the same problem (sort of) >> recently. We, both ends, sort of figured out it was a combination of >> my timeout settings and his greylist settings. For some reason, the >> connection was almost always broken during the DATA phase, which >> didn't make sense, but my end thought that it was bad enough to >> resend, over and over to his end, which never changed the greylist >> entry to a whitelist (accept) entry. I don't recall see similar >> messages in my logs, though. But this could be one of the causes. > > So what did you do to fix it? He whitelisted our site manually and I left my settings as they were. I could have upped my sendmail timeouts, though. Steve > > > Thanks, > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dave.list at pixelhammer.com Fri Jul 21 20:30:10 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 21 20:30:22 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C111C9.1050806@netmagicsolutions.com> References: <44C0F65D.3070401@pixelhammer.com> <44C10C4D.2080309@pixelhammer.com> <44C111C9.1050806@netmagicsolutions.com> Message-ID: <44C12B42.5060103@pixelhammer.com> Dhawal Doshy wrote: > DAve wrote: >> DAve wrote: >>> Good morning, >>> >>> I have just had a user bring to my attention that since I upgraded to >>> 4.54.x we are no longer stopping filenames with double suffixes or >>> banned suffixes. >>> >>> I tried a test and sure enough two files went right through, >>> test.svx.doc and test.scr. I double checked my conf files and >>> everything looks good, mailscanner --lint shows no errors. >>> >>> I haven't changed anything in the conf file except to add MailWatch. >>> I went through the change log and docs and didn't see anything that I >>> thought would affect me. >>> >>> Has there been a change in how the filename.rules.conf files work? > > Do you have 'Scan Messages = yes' & 'Dangerous Content Scanning = yes'? > > See > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:dependencies, > for an incomplete list of dependencies.. > Yes I do, but I'll go read that page anyway Never hurts to learn sumthin' DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From dhawal at netmagicsolutions.com Fri Jul 21 20:38:20 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Jul 21 20:38:34 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C12B42.5060103@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <44C10C4D.2080309@pixelhammer.com> <44C111C9.1050806@netmagicsolutions.com> <44C12B42.5060103@pixelhammer.com> Message-ID: <44C12D2C.1030206@netmagicsolutions.com> DAve wrote: > Dhawal Doshy wrote: >> DAve wrote: >>> DAve wrote: >>>> Good morning, >>>> >>>> I have just had a user bring to my attention that since I upgraded >>>> to 4.54.x we are no longer stopping filenames with double suffixes >>>> or banned suffixes. >>>> >>>> I tried a test and sure enough two files went right through, >>>> test.svx.doc and test.scr. I double checked my conf files and >>>> everything looks good, mailscanner --lint shows no errors. >>>> >>>> I haven't changed anything in the conf file except to add MailWatch. >>>> I went through the change log and docs and didn't see anything that >>>> I thought would affect me. >>>> >>>> Has there been a change in how the filename.rules.conf files work? >> >> Do you have 'Scan Messages = yes' & 'Dangerous Content Scanning = yes'? >> >> See >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:dependencies, >> for an incomplete list of dependencies.. >> > > Yes I do, but I'll go read that page anyway Never hurts to learn sumthin' Just thought i'd warn you, the wiki entry is incomplete and unverified.. - dhawal From drew at themarshalls.co.uk Fri Jul 21 20:58:50 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Jul 21 20:59:15 2006 Subject: MailScanner+Postfix virtual_maps support In-Reply-To: <1153346367.8859.93.camel@blackbird.tecnoera.com> References: <1153346367.8859.93.camel@blackbird.tecnoera.com> Message-ID: On 19 Jul 2006, at 22:59, Juan Pablo Abuyeres wrote: > I use postfix + MailScanner. My postfix configuration includes these > lines: > virtual_mailbox_domains = mysql:/etc/postfix/mysql-vdomains.cf > virtual_mailbox_base = / > virtual_mailbox_maps = mysql:/etc/postfix/mysql-mailbox-maps.cf > virtual_minimum_uid = 500 > virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf > virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf > virtual_maps = mysql:/etc/postfix/mysql-virtual-maps.cf > transport_maps = mysql:/etc/postfix/mysql-transport-maps.cf > > My MailScanner.conf file contains this line: > Required SpamAssassin Score > = /etc/MailScanner/rules/Tpanel.spamassassin.score.rules > > and that file contains: > To: acct1@tecnoera.com 5 > To: acct2@tecnoera.com 4 > To: acct3@tecnoera.com 6 > To: everyone@tecnoera.com 1 > To: acct4@tecnoera.com 4 > FromOrTo: default 6 > > everyone@tecnoera.com is really only an "alias".. it's a forward to > other accounts like "acct1@tecnoera.com", "acct2@tecnoera.com", and > others. > > The problem is when an email is sent to everyone@tecnoera.com, the > Score > assigned to everyone@tecnoera.com in the ruleset is not correctly > grabbed by MailScanner, because virtual_maps rewrites the queue files > and replaces the destination with each email address listed in > everyone@tecnoera.com before MailScanner processes the queue file. > (http://www.postfix.org/ADDRESS_REWRITING_README.html#virtual) > > I can't use alias_maps because it's only for local transport, and I > need > to use virtual. > > I was trying a 2-postfix approach, one not using virtual_maps, just to > enqueue mails -> MailScanner -> another postfix... but it's just a > big- > mess solution. I didn't like it at all. > > So, what I think would be a good solution is an option in > MailScanner to > either take options from rulesets for destinations just like it is > doing > now, or instead take options from rulesets taking in account > _original_ > destinations. > > Can anyone please give me advice on this? Sadly there isn't really any advice to give. This is a 'design feature' of Postfix's virtual alias expansion. The only work round is to make everyone a local alias, which expands to the virtual aliases later e.g. everyone@ecnoera.com => everyone@host.ecnoera.com and then in aliases you then have everyone: acct1 acct2 etc. You then set your score.rules file acordingly. Not ideal but less messy than 2 Postfix instances. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From hden at kcbbs.gen.nz Fri Jul 21 23:07:49 2006 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Fri Jul 21 22:51:35 2006 Subject: Sophos v5 - Root's Cron In-Reply-To: <0EF67E62-3843-4BE0-B890-433909D1F275@ecs.soton.ac.uk> References: <1153478389.25560.76.camel@darkstar.netcore.co.in> <0EF67E62-3843-4BE0-B890-433909D1F275@ecs.soton.ac.uk> Message-ID: <20060721220749.GA24736@mew.kcbbs.gen.nz> Hello We're rebuilding our firewall which also runs MailScanner. I've upgraded the Sophos to v5. The WIKI says.. 'Even if you use MailScanners Sophos.install, you should also check roots crontab. The sophos installation script puts an entry in there to update sophos' Where exactly do I look for the Sophos script I need to remove? (System is Centos v4) Cheers! Hendrik From cparker at swatgear.com Fri Jul 21 22:57:35 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Fri Jul 21 22:57:48 2006 Subject: "I/O error on connection" problem. MailScanner related? Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4EEB@ati-ex-02.ati.local> Steve Campbell on Friday, July 21, 2006 12:06 PM said: > He whitelisted our site manually and I left my settings as they were. > I could have upped my sendmail timeouts, though. Darn. I was hoping it was something you did. I've got multiple hosts having this issue. Thanks though. Chris. From lshaw at emitinc.com Fri Jul 21 23:16:59 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Fri Jul 21 23:17:09 2006 Subject: Sophos v5 - Root's Cron In-Reply-To: <20060721220749.GA24736@mew.kcbbs.gen.nz> References: <1153478389.25560.76.camel@darkstar.netcore.co.in> <0EF67E62-3843-4BE0-B890-433909D1F275@ecs.soton.ac.uk> <20060721220749.GA24736@mew.kcbbs.gen.nz> Message-ID: On Sat, 22 Jul 2006, Hendrik den Hartog wrote: > We're rebuilding our firewall which also runs MailScanner. I've > upgraded the Sophos to v5. The WIKI says.. > > 'Even if you use MailScanners Sophos.install, you should also check roots crontab. The sophos installation script puts an entry in there to update sophos' > > Where exactly do I look for the Sophos script I need to remove? > (System is Centos v4) How about looking in root's crontab? Just run "crontab -e" as root. - Logan From hden at kcbbs.gen.nz Sat Jul 22 00:47:35 2006 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Sat Jul 22 00:31:20 2006 Subject: Sophos v5 - Root's Cron In-Reply-To: References: <1153478389.25560.76.camel@darkstar.netcore.co.in> <0EF67E62-3843-4BE0-B890-433909D1F275@ecs.soton.ac.uk> <20060721220749.GA24736@mew.kcbbs.gen.nz> Message-ID: <20060721234735.GA24779@mew.kcbbs.gen.nz> Thanks, easy if you know, which I didn't, so appreciate the help. (am a teacher in charge IT, not a techo) The entry by Sophos was there, presume deleting that line that comes up when you run that command is sufficient? Cheers! Hendrik On Fri, Jul 21, 2006 at 05:16:59PM -0500, Logan Shaw wrote: > On Sat, 22 Jul 2006, Hendrik den Hartog wrote: > >We're rebuilding our firewall which also runs MailScanner. I've > >upgraded the Sophos to v5. The WIKI says.. > > > >'Even if you use MailScanners Sophos.install, you should also check roots > >crontab. The sophos installation script puts an entry in there to update > >sophos' > > > >Where exactly do I look for the Sophos script I need to remove? > >(System is Centos v4) > > How about looking in root's crontab? Just run "crontab -e" as root. > > - Logan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Sat Jul 22 01:07:07 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Sat Jul 22 01:07:24 2006 Subject: "I/O error on connection" problem. MailScanner related? In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172C4EEB@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172C4EEB@ati-ex-02.ati.local> Message-ID: <1153526827.44c16c2b6ff81@perdition.cnpapers.net> Quoting "Chris W. Parker" : > Steve Campbell > on Friday, July 21, 2006 12:06 PM said: > > > He whitelisted our site manually and I left my settings as they were. > > I could have upped my sendmail timeouts, though. > > Darn. I was hoping it was something you did. I've got multiple hosts > having this issue. Thanks though. Well, like I mentioned, I could have upped my timeouts, but I also mentioned that I didn't understand why these kept retrying so frequently. It is only happening at one domain. It was like my end wasn't seeing the broken connection. I'm not sure which greylist stuff he was using, and whether whatever he was using might vary from how other greylisting software works. When you say multiple hosts, are you meaning recipient or sending hosts? What MTA are you using? What type of timeout settings do you have set? Is this happening to any domain you send to or is it particular to one or two? Are you running any milters? I run MimeDefang as a look-ahead milter and have noticed an increased amount of orphaned data files in my incoming queue, but these are more like uncleansed files as the queue files have been moved to the outgoing queue and delivered. I think MS just s-links files and doesn't really copy them. Sorry I can't be more specific about the problem, but I was really never certain how all of this occurred. I just know what fixed it. Steve > > > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From res at ausics.net Sat Jul 22 01:11:39 2006 From: res at ausics.net (Res) Date: Sat Jul 22 01:11:52 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: References: Message-ID: Hi Chris, On Fri, 21 Jul 2006, Chris Green wrote: >> But I see in your followup post you only do about 100K a day, we have 3 >> machines that do 3/4 of a million+ and 1 that does well over a million a >> day (which is the problem one) each so they are not exactly little >> machines. >> > Are you running sa-learn on those boxes? I'm truely surprised at the woeful > performance you're getting. It's almost like you are feeding spam in to > sa-learn as ham...! Yes on the smaller ones, but not on the problem one, I've tried turning as much off with it as possible, all to no avail, once S.A is on bang, the queue starts to blow out. I admit im no S.A guru, extremely far from it, but the other boxes handle it well, but they dont do as much work as that one, and no it does swap, theres ample memory and its fast scsi raid like the others, I could understand it if the load blew out but it barely peaks much higher than normal. -- Cheers Res From res at ausics.net Sat Jul 22 01:13:10 2006 From: res at ausics.net (Res) Date: Sat Jul 22 01:13:18 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44C0CC67.7030103@USherbrooke.ca> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> <44BF80F9.2070504@USherbrooke.ca> <44C0CC67.7030103@USherbrooke.ca> Message-ID: On Fri, 21 Jul 2006, Denis Beauchemin wrote: > Res a �crit : >> On Thu, 20 Jul 2006, Denis Beauchemin wrote: >> >>>> So in essence, S.A is good for stopping about 0.1% of it. >>>> nice and handy and warns the suer the otehr 99.9% of the time BUT because >>>> its a warning people will at least start to read it to see if its spam >>>> or genuine. >> >>> I disagree with you. SA, if you tune it right, will detect pretty much >>> ALL spam. But it needs lots of RAM. >>> >>> We warn users above 5 and delete mails above 20 and yesterday we managed >>> to delete 59% of spam... >>> >> >> Then its not catching the sort of crap we see, as per my previous most of >> it is low scoring so they see it anyway, if I was to run your settings here >> it would be a pure waste of time because you are still sending 99% of it to >> users to evaluate if itsspam or not, but each network to their own i >> supose. >> >> But I see in your followup post you only do about 100K a day, we have 3 >> machines that do 3/4 of a million+ and 1 that does well over a million a >> day (which is the problem one) each so they are not exactly little >> machines. >> >> > I can't imagine what it would be like if I had that many emails... but I > still think things like DCC/Razor/Pyzor might help you out. Running pyzor, but not razor or DCC, maybe they are worth looking into ? > > Denis > > -- Cheers Res From dhawal at netmagicsolutions.com Sat Jul 22 01:26:54 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Jul 22 01:27:14 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: References: Message-ID: <44C170CE.1030204@netmagicsolutions.com> Res wrote: > Hi Chris, > > On Fri, 21 Jul 2006, Chris Green wrote: > >>> But I see in your followup post you only do about 100K a day, we have >>> 3 machines that do 3/4 of a million+ and 1 that does well over a >>> million a day (which is the problem one) each so they are not exactly >>> little machines. >>> >> Are you running sa-learn on those boxes? I'm truely surprised at the >> woeful performance you're getting. It's almost like you are feeding >> spam in to sa-learn as ham...! > > Yes on the smaller ones, but not on the problem one, I've tried turning > as much off with it as possible, all to no avail, once S.A is on bang, > the queue starts to blow out. I admit im no S.A guru, extremely far from > it, but the other boxes handle it well, but they dont do as much work as > that one, and no it does swap, theres ample memory and its fast scsi > raid like the others, I could understand it if the load blew out but it > barely peaks much higher than normal. Have you considered any alternative to SA? if you have the resources and patience try using some other tool with 'Custom Spam Scanner'.. dspam, crm114, popfile come to mind immediately though there are others as well. As for the SA problem on your main machine, are you possibly being conservative on resource allocation to SA? like try running a higher number of Children or a bigger batch size etc.. - dhawal From dhawal at netmagicsolutions.com Sat Jul 22 01:37:02 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Jul 22 01:37:06 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> <44BF80F9.2070504@USherbrooke.ca> <44C0CC67.7030103@USherbrooke.ca> Message-ID: <44C1732E.4040407@netmagicsolutions.com> Res wrote: [snip] >> I can't imagine what it would be like if I had that many emails... >> but I still think things like DCC/Razor/Pyzor might help you out. > > Running pyzor, but not razor or DCC, maybe they are worth looking into ? FYI, the restrictive usage of razor was withdrawn some time back and can be used by everyone in a reasonable manner (reasonable is defined by cloudmark, razor's parent company). DCC, though is sort of restrictive unless a) you do not charge for the spam-filtering service and b) you contribute hashes back to them. - dhawal From res at ausics.net Sat Jul 22 02:53:18 2006 From: res at ausics.net (Res) Date: Sat Jul 22 02:53:33 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44C170CE.1030204@netmagicsolutions.com> References: <44C170CE.1030204@netmagicsolutions.com> Message-ID: On Sat, 22 Jul 2006, Dhawal Doshy wrote: > Res wrote: >> Hi Chris, >> >> On Fri, 21 Jul 2006, Chris Green wrote: >> >>>> But I see in your followup post you only do about 100K a day, we have 3 >>>> machines that do 3/4 of a million+ and 1 that does well over a million a >>>> day (which is the problem one) each so they are not exactly little >>>> machines. >>>> >>> Are you running sa-learn on those boxes? I'm truely surprised at the >>> woeful performance you're getting. It's almost like you are feeding spam >>> in to sa-learn as ham...! >> >> Yes on the smaller ones, but not on the problem one, I've tried turning >> as much off with it as possible, all to no avail, once S.A is on bang, the >> queue starts to blow out. I admit im no S.A guru, extremely far from it, >> but the other boxes handle it well, but they dont do as much work as that >> one, and no it does swap, theres ample memory and its fast scsi raid like >> the others, I could understand it if the load blew out but it barely peaks >> much higher than normal. > > Have you considered any alternative to SA? if you have the resources and > patience try using some other tool with 'Custom Spam Scanner'.. dspam, > crm114, popfile come to mind immediately though there are others as well. Must admit not yet, i might play around with dspam, as i've heard about it. > > As for the SA problem on your main machine, are you possibly being > conservative on resource allocation to SA? like try running a higher number > of Children or a bigger batch size etc.. children runnnig is 10, we increased the batch 30 to 50, made a little difference, then increased it to 100, but no improvement over 50 even tried the SA check first size of 30k to as low as 5, which made a only minimal improvement. > > - dhawal > -- Cheers Res From res at ausics.net Sat Jul 22 02:55:15 2006 From: res at ausics.net (Res) Date: Sat Jul 22 02:55:23 2006 Subject: Mailscanner mqueuein trouble In-Reply-To: <44C1732E.4040407@netmagicsolutions.com> References: <200607191618.k6JGISDe003066@cat.salemcarriers.com> <44BE6221.5060400@agro.uba.ar> <44BE6F53.6030100@blacknight.ie> <44BE767C.1030500@agro.uba.ar> <44BEE15C.9050106@agro.uba.ar> <44BF80F9.2070504@USherbrooke.ca> <44C0CC67.7030103@USherbrooke.ca> <44C1732E.4040407@netmagicsolutions.com> Message-ID: On Sat, 22 Jul 2006, Dhawal Doshy wrote: > Res wrote: > [snip] > >>> I can't imagine what it would be like if I had that many emails... but I >>> still think things like DCC/Razor/Pyzor might help you out. >> >> Running pyzor, but not razor or DCC, maybe they are worth looking into ? > > FYI, the restrictive usage of razor was withdrawn some time back and can be > used by everyone in a reasonable manner (reasonable is defined by cloudmark, > razor's parent company). DCC, though is sort of restrictive unless a) you do > not charge for the spam-filtering service and b) you contribute hashes back > to them. Thanks, and no we dont change for filtering, I'm of the belief that should be standard by all SP's, I'll try razor first, then perhaps DCC. > > - dhawal > -- Cheers Res From ram at netcore.co.in Sat Jul 22 08:01:24 2006 From: ram at netcore.co.in (Ramprasad) Date: Sat Jul 22 08:01:27 2006 Subject: Mailscanner dies on some "corrupt" files In-Reply-To: <0EF67E62-3843-4BE0-B890-433909D1F275@ecs.soton.ac.uk> References: <1153478389.25560.76.camel@darkstar.netcore.co.in> <0EF67E62-3843-4BE0-B890-433909D1F275@ecs.soton.ac.uk> Message-ID: <1153551684.3648.21.camel@darkstar.netcore.co.in> I am attaching the file in a tgz. It was a spam anyway The postfix queue-id was 8491154B55. ( I dont know If that is important ) I am using MS 4.46.2. and Postfix 2.2.5-3 on CentOS 4.2 Thanks Ram On Fri, 2006-07-21 at 19:51 +0100, Julian Field wrote: > Can you possibly send me the messages queue file that is causing this > problem please? > I need to be able to reproduce this problem in order to fix it for you. > > On Fri21 Jul 06, at 11:39, Ramprasad wrote: > > > This happens rarely but I dont know what is the real reason > > > > I use Mailscanner + postfix + spamassassin. Everything seems to run > > properly. Suddenly mailscanner would stop scanningany more mails from > > hold queue and Mailscanner processes go defunct > > When I start Mailscanner again in debug mode I get > > > > "Can't call method "DropFromBatch" on unblessed reference > > at /usr/lib/MailScanner/MailScanner/Postfix.pm line 332. > > > > I have to find which file it is looking at by puting debug > > statements in > > Postfix.pm and find out which file it is and remove it from the hold > > queue > > > > Thanks > > Ram > > > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store ! > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > -------------- next part -------------- A non-text attachment was scrubbed... Name: badq.tgz Type: application/x-compressed-tar Size: 1281 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060722/a2e35672/badq.bin From hden at kcbbs.gen.nz Sun Jul 23 05:58:07 2006 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Sun Jul 23 05:41:53 2006 Subject: DCC Message-ID: <20060723045807.GA25408@mew.kcbbs.gen.nz> RE: DCC I've just set up MailScanner on a replacement Drive. I've installed DCC, but spamassassin can't seem to find it. >From MailScanner debug I get.. info: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc info: config: failed to parse line, skipping: use_dcc 1 So, a Q, how do I let spamassassin/mailscanner know I've got DCC installed? Cheers! Hendrik From pravin.rane at gmail.com Sun Jul 23 06:40:54 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Sun Jul 23 06:41:02 2006 Subject: DCC In-Reply-To: <20060723045807.GA25408@mew.kcbbs.gen.nz> References: <20060723045807.GA25408@mew.kcbbs.gen.nz> Message-ID: <13c021a90607222240o2f3481ccm8186c995ced75ec1@mail.gmail.com> same old init.pre problem Add below line in your /etc/mail/spamassassin/init.pre loadplugin Mail::SpamAssassin::Plugin::DCC Spamassassin could not find it because of missing plugin Mail::SpamAssassin::Plugin::DCC On 7/23/06, Hendrik den Hartog wrote: > > RE: DCC > > I've just set up MailScanner on a replacement Drive. I've installed DCC, > but spamassassin can't seem to find it. > >From MailScanner debug I get.. > > info: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dccproc > info: config: failed to parse line, skipping: use_dcc 1 > > So, a Q, how do I let spamassassin/mailscanner know I've got DCC > installed? > > Cheers! > Hendrik > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060723/62c2ba66/attachment.html From pravin.rane at gmail.com Sun Jul 23 07:01:38 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Sun Jul 23 07:01:41 2006 Subject: Archive nested too deeply In-Reply-To: <81214BB68B68BF4586FE1D82E7B3C472BB7010@kmex01.keymark.dom> References: <81214BB68B68BF4586FE1D82E7B3C472BB7010@kmex01.keymark.dom> Message-ID: <13c021a90607222301h492c2136o9b9eed808197b65e@mail.gmail.com> Which virus scanner you are using? If it is clamav then check for ArchiveMaxRecursion in /etc/clamd.conf I am just guessing this could be a problem. Its not bad to give it a try. On 7/21/06, David Nalley wrote: > > > > > My main query, I guess is that: > > > > Jul 21 14:27:58 postbox MailScanner[21712]: Files hidden in > > very deeply nested archive in E084A13FB1A.22FE1 > > > > doesn't really give me a hint as to whether I should be > > changing the setting to 0/disabling it, or whether 5, 50 or > > 500 will be better. > > > I think the issue is that if you allow it to unzip continuously it could > lead to a situation where the virus scanner would time out and then pass > on a potentially harmful attachment. In addition it would burn CPU > cycles. > > Realistically, I think that you could open the zip files (assuming that > they are legitimate) and determine depth and use depth+n to make it a > non-issue. Unfortunately I don't really see a way of gunzip telling how > deeply nested the file is, other than it is nested at least once more > than the limit specified, and thus it has no way of giving you a hint. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060723/cc662f34/attachment.html From MailScanner at ecs.soton.ac.uk Sun Jul 23 11:24:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 23 11:25:01 2006 Subject: Beta 4.55.8 -- please test! Message-ID: <761C20D9-FB37-43BD-AA99-F83A785440EE@ecs.soton.ac.uk> I have just released beta 4.55.8. This is intended to be the last beta before the next stable release at the start of August. The main changes to this are -- Postfix virtual user and virtual domain handling. It is especially important that you ensure I haven't broken anything here, it is relying on contributed code (which I rarely do!). -- Upgrade DBD-SQLite so that it builds more easily on many platforms. -- It should no longer matter if syslogd dies during execution. Download as usual from www.mailscanner.info Full change log is this: * New Features and Improvements * 1 Added educ.ar and uba.ar to country.domains.conf for less strict phishing net. 1 Code tidy up in Message constructor. 1 Speed improvements to ZMailer attachment extraction to keep up with the other MTAs. 1 "Log Speed = no" now does what it says on the tin. (UK in-joke :-) 1 Added "stopms" option to Linux init.d scripts. 1 Improved behaviour when %percentvars% at start of MailScanner.conf have not been configured at all. It now uses the fully-qualified hostname to guess the domain name and website address. It used to refuse to run which was very impolite. 1 Added Sys::Hostname::Long to list of required modules to implement the above. 2 Documentation rationalisation. Most up to date versions are all on the web. 3 Now output lock type in use with "--lint". 4 Improvement to Sophos.install for Sophos Version 5 so that email logging is disabled. 4 Now use syslog "notice" priority instead of "info" when issuing messages that are nearly warnings. This helps you drastically reduce the amount of syslog output by just logging priorities greater than or equal to "notice". 5 Added a "Contact Us" web page instead of just a mailto: link. 6 Improved Help guidance in Contact Us web page. 6 New command-line option: "-c" or "--changed". This will print out a table of all the configuration settings that have been changed from the default values hard-coded into MailScanner. Note this may not be quite the same as the differences from the supplied default MailScanner.conf file. 6 Updated hard-coded defaults to better match MailScanner.conf settings. 6 Improved handling of broken Custom Functions. Having a broken Custom Function will now just result in the setting's default value being used. 7 Bugfix for "--changed" printing when using Custom Functions. 8 Improved syslog-ing code so it doesn't matter is syslogd dies. 8 Upgraded DBD-SQLite to version 1.12 as it builds a lot more easily. 8 Improved handling of Postfix virtual users. Thanks to jpabuyer@tecnoera.com. * Fixes * 1 Put back in the checks of free disk space that were in 4.53.1 but then lost. 1 Fix in check_MailScanner for MacOSX. 3 Default lock type for sendmail is now posix, as it should be. 4 Fix to phishing net so that links to "www.domain.com." are accepted as legal. 6 Fixed problem with dangerous filenames in TNEF archives when using the external TNEF expander. 8 Fixed problem with long SpamAssassin report in report files getting truncated at % signs. 8 Fixed phishing net problem with some cases of outbind://\d+/.... URLs. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Jul 23 11:29:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 23 11:30:07 2006 Subject: MailScanner+Postfix virtual_maps support In-Reply-To: References: <1153346367.8859.93.camel@blackbird.tecnoera.com> Message-ID: Please try the support for this in the latest beta, and let me know if it has improved. On Fri21 Jul 06, at 20:58, Drew Marshall wrote: > On 19 Jul 2006, at 22:59, Juan Pablo Abuyeres wrote: > >> I use postfix + MailScanner. My postfix configuration includes these >> lines: >> virtual_mailbox_domains = mysql:/etc/postfix/mysql-vdomains.cf >> virtual_mailbox_base = / >> virtual_mailbox_maps = mysql:/etc/postfix/mysql-mailbox-maps.cf >> virtual_minimum_uid = 500 >> virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf >> virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf >> virtual_maps = mysql:/etc/postfix/mysql-virtual-maps.cf >> transport_maps = mysql:/etc/postfix/mysql-transport-maps.cf >> >> My MailScanner.conf file contains this line: >> Required SpamAssassin Score >> = /etc/MailScanner/rules/Tpanel.spamassassin.score.rules >> >> and that file contains: >> To: acct1@tecnoera.com 5 >> To: acct2@tecnoera.com 4 >> To: acct3@tecnoera.com 6 >> To: everyone@tecnoera.com 1 >> To: acct4@tecnoera.com 4 >> FromOrTo: default 6 >> >> everyone@tecnoera.com is really only an "alias".. it's a forward to >> other accounts like "acct1@tecnoera.com", "acct2@tecnoera.com", and >> others. >> >> The problem is when an email is sent to everyone@tecnoera.com, the >> Score >> assigned to everyone@tecnoera.com in the ruleset is not correctly >> grabbed by MailScanner, because virtual_maps rewrites the queue files >> and replaces the destination with each email address listed in >> everyone@tecnoera.com before MailScanner processes the queue file. >> (http://www.postfix.org/ADDRESS_REWRITING_README.html#virtual) >> >> I can't use alias_maps because it's only for local transport, and >> I need >> to use virtual. >> >> I was trying a 2-postfix approach, one not using virtual_maps, >> just to >> enqueue mails -> MailScanner -> another postfix... but it's just a >> big- >> mess solution. I didn't like it at all. >> >> So, what I think would be a good solution is an option in >> MailScanner to >> either take options from rulesets for destinations just like it is >> doing >> now, or instead take options from rulesets taking in account >> _original_ >> destinations. >> >> Can anyone please give me advice on this? > > Sadly there isn't really any advice to give. This is a 'design > feature' of Postfix's virtual alias expansion. The only work round > is to make everyone a local alias, which expands to the virtual > aliases later e.g. everyone@ecnoera.com => > everyone@host.ecnoera.com and then in aliases you then have > everyone: acct1 acct2 etc. You then set your score.rules file > acordingly. > > Not ideal but less messy than 2 Postfix instances. > > Drew > > -- > In line with our policy, this message hasbeen scanned for viruses > and dangerouscontent by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sun Jul 23 11:31:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 23 11:31:46 2006 Subject: Sophos v5 - Root's Cron In-Reply-To: <20060721234735.GA24779@mew.kcbbs.gen.nz> References: <1153478389.25560.76.camel@darkstar.netcore.co.in> <0EF67E62-3843-4BE0-B890-433909D1F275@ecs.soton.ac.uk> <20060721220749.GA24736@mew.kcbbs.gen.nz> <20060721234735.GA24779@mew.kcbbs.gen.nz> Message-ID: <589840D5-D423-48CC-B965-1FCDD58103BB@ecs.soton.ac.uk> Just make sure you are running a recent enough version of MailScanner. Search the Change Log (www.mailscanner.info/ChangeLog) for which version introduced support for Sophos 5. If it's supported, then it will work :-) On Sat22 Jul 06, at 00:47, Hendrik den Hartog wrote: > > Thanks, easy if you know, which I didn't, so appreciate the help. > (am a teacher in charge IT, not a techo) > > The entry by Sophos was there, presume deleting that line that comes > up when you run that command is sufficient? > > Cheers! > Hendrik > > > > > On Fri, Jul 21, 2006 at 05:16:59PM -0500, Logan Shaw wrote: >> On Sat, 22 Jul 2006, Hendrik den Hartog wrote: >>> We're rebuilding our firewall which also runs MailScanner. I've >>> upgraded the Sophos to v5. The WIKI says.. >>> >>> 'Even if you use MailScanners Sophos.install, you should also >>> check roots >>> crontab. The sophos installation script puts an entry in there to >>> update >>> sophos' >>> >>> Where exactly do I look for the Sophos script I need to remove? >>> (System is Centos v4) >> >> How about looking in root's crontab? Just run "crontab -e" as root. >> >> - Logan >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From grover1711 at gmail.com Sun Jul 23 12:42:04 2006 From: grover1711 at gmail.com (ankush grover) Date: Sun Jul 23 12:42:07 2006 Subject: how to wirte this kind of mcp rule Message-ID: <5f638b360607230442n18aeee17g1c109c5930c042a0@mail.gmail.com> hey friends, I am using Postfix with MailScanner. For last 2 or 3 days I am receiving lot of Spam a particular spam header or subject is "VlzAGRA". This word is not alone in the header or subject there are other words with it like "Re: efasfd VlzAGRA" it is become difficult to add every subject coming with " VlzAGRA" to mcp list. How do I write a mcp rule in such a way if there is a subject which contains "VlzAGRA" it should be marked as spam. I have written below rules but still I am getting the mails with subject "VlzAGRA" or "Re: VlzAGRA" in it. header RULE26 Subject =~ /VlzAGRA/i describe RULE26 Banned Subject score RULE26 10 header RULE27 Subject =~ /Re:zakeg VlzAGRA/i describe RULE27 Banned Subject score RULE27 10 How do I write a rule which will ban the mail if it contains subject "VlzAGRA" in it ? Please let me know if you need any further inputs. Thanks & Regards Ankush Grover From MailScanner at ecs.soton.ac.uk Sun Jul 23 13:07:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 23 13:07:49 2006 Subject: how to wirte this kind of mcp rule In-Reply-To: <5f638b360607230442n18aeee17g1c109c5930c042a0@mail.gmail.com> References: <5f638b360607230442n18aeee17g1c109c5930c042a0@mail.gmail.com> Message-ID: <58AEB5EA-DB0B-4A80-8B96-81A596F5BB6E@ecs.soton.ac.uk> On Sun23 Jul 06, at 12:42, ankush grover wrote: > hey friends, > > I am using Postfix with MailScanner. For last 2 or 3 days I am > receiving lot of Spam a particular spam header or subject is > "VlzAGRA". This word is not alone in the header or subject there are > other words with it like "Re: efasfd VlzAGRA" it is become difficult > to add every subject coming with " VlzAGRA" to mcp list. How do I > write a mcp rule in such a way if there is a subject which contains > "VlzAGRA" it should be marked as spam. > > I have written below rules but still I am getting the mails with > subject "VlzAGRA" or "Re: VlzAGRA" in it. > > header RULE26 Subject =~ /VlzAGRA/i > describe RULE26 Banned Subject > score RULE26 10 > > header RULE27 Subject =~ /Re:zakeg VlzAGRA/i > describe RULE27 Banned Subject > score RULE27 10 > header RULE28 Subject =~ /VisAGRA/ is all you need. > How do I write a rule which will ban the mail if it contains subject > "VlzAGRA" in it ? > > Please let me know if you need any further inputs. > > > Thanks & Regards > > Ankush Grover > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From grover1711 at gmail.com Sun Jul 23 15:31:01 2006 From: grover1711 at gmail.com (ankush grover) Date: Sun Jul 23 15:31:04 2006 Subject: how to wirte this kind of mcp rule In-Reply-To: <58AEB5EA-DB0B-4A80-8B96-81A596F5BB6E@ecs.soton.ac.uk> References: <5f638b360607230442n18aeee17g1c109c5930c042a0@mail.gmail.com> <58AEB5EA-DB0B-4A80-8B96-81A596F5BB6E@ecs.soton.ac.uk> Message-ID: <5f638b360607230731r7cd0982fj1d5f43bf85839c7e@mail.gmail.com> On 7/23/06, Julian Field wrote: > > On Sun23 Jul 06, at 12:42, ankush grover wrote: > > > hey friends, > > > > I am using Postfix with MailScanner. For last 2 or 3 days I am > > receiving lot of Spam a particular spam header or subject is > > "VlzAGRA". This word is not alone in the header or subject there are > > other words with it like "Re: efasfd VlzAGRA" it is become difficult > > to add every subject coming with " VlzAGRA" to mcp list. How do I > > write a mcp rule in such a way if there is a subject which contains > > "VlzAGRA" it should be marked as spam. > > > > I have written below rules but still I am getting the mails with > > subject "VlzAGRA" or "Re: VlzAGRA" in it. > > > > header RULE26 Subject =~ /VlzAGRA/i > > describe RULE26 Banned Subject > > score RULE26 10 > > > > header RULE27 Subject =~ /Re:zakeg VlzAGRA/i > > describe RULE27 Banned Subject > > score RULE27 10 > > > > header RULE28 Subject =~ /VisAGRA/ > > is all you need. > hey, Thanks for the reply. But if the subject is "Re:epykg VIzAGRA" then it is not getting banned. What you have told me is already there in my rules set and I had only put "i" at the end to make it case insensitive. What I want to know is how to stop any mail if the mail contains "VIzAGRA" as one of the words in the subject ? Thanks & Regards Ankush Grover From MailScanner at ecs.soton.ac.uk Sun Jul 23 16:51:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 23 16:51:14 2006 Subject: how to wirte this kind of mcp rule In-Reply-To: <5f638b360607230731r7cd0982fj1d5f43bf85839c7e@mail.gmail.com> References: <5f638b360607230442n18aeee17g1c109c5930c042a0@mail.gmail.com> <58AEB5EA-DB0B-4A80-8B96-81A596F5BB6E@ecs.soton.ac.uk> <5f638b360607230731r7cd0982fj1d5f43bf85839c7e@mail.gmail.com> Message-ID: <0ADD7ABA-CC00-4D95-8E32-2B2F6A94DCE2@ecs.soton.ac.uk> On Sun23 Jul 06, at 15:31, ankush grover wrote: > On 7/23/06, Julian Field wrote: >> >> On Sun23 Jul 06, at 12:42, ankush grover wrote: >> >> > hey friends, >> > >> > I am using Postfix with MailScanner. For last 2 or 3 days I am >> > receiving lot of Spam a particular spam header or subject is >> > "VlzAGRA". This word is not alone in the header or subject there >> are >> > other words with it like "Re: efasfd VlzAGRA" it is become >> difficult >> > to add every subject coming with " VlzAGRA" to mcp list. How do I >> > write a mcp rule in such a way if there is a subject which contains >> > "VlzAGRA" it should be marked as spam. >> > >> > I have written below rules but still I am getting the mails with >> > subject "VlzAGRA" or "Re: VlzAGRA" in it. >> > >> > header RULE26 Subject =~ /VlzAGRA/i >> > describe RULE26 Banned Subject >> > score RULE26 10 >> > >> > header RULE27 Subject =~ /Re:zakeg VlzAGRA/i >> > describe RULE27 Banned Subject >> > score RULE27 10 >> > >> >> header RULE28 Subject =~ /VisAGRA/ >> >> is all you need. >> > hey, > > Thanks for the reply. But if the subject is "Re:epykg VIzAGRA" then it > is not getting banned. > > What you have told me is already there in my rules set and I had only > put "i" at the end to make it case insensitive. > > What I want to know is how to stop any mail if the mail contains > "VIzAGRA" as one of the words in the subject ? You still need to add the "describe" and "score" lines as well, for it to be recognised and used by SpamAssassin. Give it a large score (e.g. 1000) and make sure your High Scoring Spam Actions include "delete" so that it gets removed by MailScanner. Sorry if that lot wasn't clear in my previous email, I didn't write the message very well :-( -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From hden at kcbbs.gen.nz Sun Jul 23 20:20:16 2006 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Sun Jul 23 20:04:00 2006 Subject: DCC In-Reply-To: <13c021a90607222240o2f3481ccm8186c995ced75ec1@mail.gmail.com> References: <20060723045807.GA25408@mew.kcbbs.gen.nz> <13c021a90607222240o2f3481ccm8186c995ced75ec1@mail.gmail.com> Message-ID: <20060723192016.GA25768@mew.kcbbs.gen.nz> Thanks!! On Sun, Jul 23, 2006 at 11:10:54AM +0530, Pravin Rane wrote: > same old init.pre problem > > Add below line in your /etc/mail/spamassassin/init.pre > loadplugin Mail::SpamAssassin::Plugin::DCC > > Spamassassin could not find it because of missing plugin > Mail::SpamAssassin::Plugin::DCC > > > > > On 7/23/06, Hendrik den Hartog wrote: > > > >RE: DCC > > > >I've just set up MailScanner on a replacement Drive. I've installed DCC, > >but spamassassin can't seem to find it. > >>From MailScanner debug I get.. > > > >info: config: failed to parse line, skipping: dcc_path > >/usr/local/bin/dccproc > >info: config: failed to parse line, skipping: use_dcc 1 > > > >So, a Q, how do I let spamassassin/mailscanner know I've got DCC > >installed? > > > >Cheers! > >Hendrik > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > > > > > -- > Regards > > Pravin > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From pravin.rane at gmail.com Sun Jul 23 20:56:06 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Sun Jul 23 20:56:08 2006 Subject: DCC In-Reply-To: <20060723192016.GA25768@mew.kcbbs.gen.nz> References: <20060723045807.GA25408@mew.kcbbs.gen.nz> <13c021a90607222240o2f3481ccm8186c995ced75ec1@mail.gmail.com> <20060723192016.GA25768@mew.kcbbs.gen.nz> Message-ID: <13c021a90607231256l17499277s5389a87955b4bb1d@mail.gmail.com> You are welcome :D On 7/24/06, Hendrik den Hartog wrote: > > > Thanks!! > > > > On Sun, Jul 23, 2006 at 11:10:54AM +0530, Pravin Rane wrote: > > same old init.pre problem > > > > Add below line in your /etc/mail/spamassassin/init.pre > > loadplugin Mail::SpamAssassin::Plugin::DCC > > > > Spamassassin could not find it because of missing plugin > > Mail::SpamAssassin::Plugin::DCC > > > > > > > > > > On 7/23/06, Hendrik den Hartog wrote: > > > > > >RE: DCC > > > > > >I've just set up MailScanner on a replacement Drive. I've installed > DCC, > > >but spamassassin can't seem to find it. > > >>From MailScanner debug I get.. > > > > > >info: config: failed to parse line, skipping: dcc_path > > >/usr/local/bin/dccproc > > >info: config: failed to parse line, skipping: use_dcc 1 > > > > > >So, a Q, how do I let spamassassin/mailscanner know I've got DCC > > >installed? > > > > > >Cheers! > > >Hendrik > > >-- > > >MailScanner mailing list > > >mailscanner@lists.mailscanner.info > > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > >Before posting, read http://wiki.mailscanner.info/posting > > > > > >Support MailScanner development - buy the book off the website! > > > > > > > > > > > -- > > Regards > > > > Pravin > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/bc2ba144/attachment.html From dhawal at netmagicsolutions.com Sun Jul 23 21:43:26 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sun Jul 23 21:44:47 2006 Subject: how to wirte this kind of mcp rule In-Reply-To: <0ADD7ABA-CC00-4D95-8E32-2B2F6A94DCE2@ecs.soton.ac.uk> References: <5f638b360607230442n18aeee17g1c109c5930c042a0@mail.gmail.com> <58AEB5EA-DB0B-4A80-8B96-81A596F5BB6E@ecs.soton.ac.uk> <5f638b360607230731r7cd0982fj1d5f43bf85839c7e@mail.gmail.com> <0ADD7ABA-CC00-4D95-8E32-2B2F6A94DCE2@ecs.soton.ac.uk> Message-ID: <20060724021326.v8ewvp7tw48skos0@mail.netmagicsolutions.com> Quoting Julian Field : > > On Sun23 Jul 06, at 15:31, ankush grover wrote: > >> On 7/23/06, Julian Field wrote: >>> >>> On Sun23 Jul 06, at 12:42, ankush grover wrote: >>> >>>> hey friends, >>>> >>>> I am using Postfix with MailScanner. For last 2 or 3 days I am >>>> receiving lot of Spam a particular spam header or subject is >>>> "VlzAGRA". This word is not alone in the header or subject there are >>>> other words with it like "Re: efasfd VlzAGRA" it is become difficult >>>> to add every subject coming with " VlzAGRA" to mcp list. How do I >>>> write a mcp rule in such a way if there is a subject which contains >>>> "VlzAGRA" it should be marked as spam. >>>> >>>> I have written below rules but still I am getting the mails with >>>> subject "VlzAGRA" or "Re: VlzAGRA" in it. >>>> >>>> header RULE26 Subject =~ /VlzAGRA/i >>>> describe RULE26 Banned Subject >>>> score RULE26 10 >>>> >>>> header RULE27 Subject =~ /Re:zakeg VlzAGRA/i >>>> describe RULE27 Banned Subject >>>> score RULE27 10 >>>> >>> >>> header RULE28 Subject =~ /VisAGRA/ >>> >>> is all you need. >>> >> hey, >> >> Thanks for the reply. But if the subject is "Re:epykg VIzAGRA" then it >> is not getting banned. >> >> What you have told me is already there in my rules set and I had only >> put "i" at the end to make it case insensitive. >> >> What I want to know is how to stop any mail if the mail contains >> "VIzAGRA" as one of the words in the subject ? > > You still need to add the "describe" and "score" lines as well, for it > to be recognised and used by SpamAssassin. Give it a large score (e.g. > 1000) and make sure your High Scoring Spam Actions include "delete" so > that it gets removed by MailScanner. > > Sorry if that lot wasn't clear in my previous email, I didn't write the > message very well :-( just fyi, a similar mail hit the following rules at my site.. most rules are stock spamassasin 3.1.3 (afaik). Looks like you could benefit a lot from network tests. 4.00 BAYES_99 Bayesian spam probability is 99 to 100% 0.77 DIGEST_MULTIPLE Message hits more than one network digest check 0.14 FORGED_RCVD_HELO Received: contains a forged HELO 0.00 HTML_MESSAGE HTML included in message 0.50 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% 1.50 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% 0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 2.05 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address 1.46 RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web server 3.00 URIBL_BLACK Contains an URL listed in the URIBL blacklist 1.64 URIBL_SBL Contains an URL listed in the SBL blocklist 2.14 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist - dhawal > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store ! > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ugob at camo-route.com Mon Jul 24 03:15:18 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jul 24 03:15:53 2006 Subject: bl4ck_fr1d4y Message-ID: Hi, I got those weird logs on one of my servers. Why is MailScanner logging this? It is rather unusual to have only a file name or directory logged, isn't it? All I could find about this is http://www.blacksecurity.org/alpha/news/Bl4ck_Fr1d4y/5.html Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/ Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/ Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/bl4ck_readme.txt Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/bl4ck_ms06_036.py Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/scapy.pyc Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/scapy.py Jul 21 20:07:10 server MailScanner[5309]: [...] Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/ Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/bl4ck_ms06_014.py Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/bl4ck_readme.txt Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/rbl4ck_sendmail/ Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/rbl4ck_sendmail/rbl4ck-sendmail.py Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_fr1d4y.txt Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_cyrus-imapd/ Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/bl4ck_cyrus-imapd/cyrus-imapd-expl.rb Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/ Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/quickclient.c Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/shellcode.c Jul 21 20:07:10 server MailScanner[5309]: bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/sparcpoc.s All I can think of is that the archive found an the website (see above) transited through this server, but why the logs? I didn't see other weird log entries. Any ideas welcome, Ugo From mike at vesol.com Mon Jul 24 05:03:19 2006 From: mike at vesol.com (Mike Kercher) Date: Mon Jul 24 05:03:30 2006 Subject: bl4ck_fr1d4y In-Reply-To: Message-ID: I downloaded the tarball and the contents match what's in your logs. Perhaps someone emailed the tarball to one of your users. Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ugo Bellavance > Sent: Sunday, July 23, 2006 9:15 PM > To: mailscanner@lists.mailscanner.info > Subject: bl4ck_fr1d4y > > Hi, > > I got those weird logs on one of my servers. Why is > MailScanner logging this? It is rather unusual to have only > a file name or directory logged, isn't it? > > All I could find about this is > > http://www.blacksecurity.org/alpha/news/Bl4ck_Fr1d4y/5.html > > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/ Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/ > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/bl4ck_readme.txt > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/bl4ck_ms06_036.py > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/scapy.pyc > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/scapy.py > Jul 21 20:07:10 server MailScanner[5309]: > > [...] > > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/ > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/bl4ck_ms06_014.py > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/bl4ck_readme.txt > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/rbl4ck_sendmail/ > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/rbl4ck_sendmail/rbl4ck-sendmail.py > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_fr1d4y.txt > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_cyrus-imapd/ > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/bl4ck_cyrus-imapd/cyrus-imapd-expl.rb > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/ > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/quickclient.c > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/shellcode.c > Jul 21 20:07:10 server MailScanner[5309]: > bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/sparcpoc.s > > All I can think of is that the archive found an the website > (see above) transited through this server, but why the logs? > > I didn't see other weird log entries. > > Any ideas welcome, > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From grover1711 at gmail.com Mon Jul 24 06:32:36 2006 From: grover1711 at gmail.com (ankush grover) Date: Mon Jul 24 06:33:21 2006 Subject: how to wirte this kind of mcp rule In-Reply-To: <20060724021326.v8ewvp7tw48skos0@mail.netmagicsolutions.com> References: <5f638b360607230442n18aeee17g1c109c5930c042a0@mail.gmail.com> <58AEB5EA-DB0B-4A80-8B96-81A596F5BB6E@ecs.soton.ac.uk> <5f638b360607230731r7cd0982fj1d5f43bf85839c7e@mail.gmail.com> <0ADD7ABA-CC00-4D95-8E32-2B2F6A94DCE2@ecs.soton.ac.uk> <20060724021326.v8ewvp7tw48skos0@mail.netmagicsolutions.com> Message-ID: <5f638b360607232232y746d3118med089cbf347c9345@mail.gmail.com> > >> What I want to know is how to stop any mail if the mail contains > >> "VIzAGRA" as one of the words in the subject ? > > > > You still need to add the "describe" and "score" lines as well, for it > > to be recognised and used by SpamAssassin. Give it a large score (e.g. > > 1000) and make sure your High Scoring Spam Actions include "delete" so > > that it gets removed by MailScanner. > > > > Sorry if that lot wasn't clear in my previous email, I didn't write the > > message very well :-( Describe and Score are already present in the mcp rules. High Scoring Spam Actions include delete. > just fyi, a similar mail hit the following rules at my site.. most > rules are stock spamassasin 3.1.3 (afaik). Looks like you could > benefit a lot from network tests. > > 4.00 BAYES_99 Bayesian spam probability is 99 to 100% > 0.77 DIGEST_MULTIPLE Message hits more than one network digest check > 0.14 FORGED_RCVD_HELO Received: contains a forged HELO > 0.00 HTML_MESSAGE HTML included in message > 0.50 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > 1.50 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > above 50% > 0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 2.05 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address > 1.46 RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web server > 3.00 URIBL_BLACK Contains an URL listed in the URIBL blacklist > 1.64 URIBL_SBL Contains an URL listed in the SBL blocklist > 2.14 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist > > - dhawal > I haven't installed razor on my system. I am using FC3 and I think perl-Razor-Agent is the package that needs to be installed for this purpose. Where do I have to mention the above rules means in which spamassassin file ? Thanks & Regards Ankush Grover From MailScanner at ecs.soton.ac.uk Mon Jul 24 08:34:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 24 08:35:12 2006 Subject: how to wirte this kind of mcp rule In-Reply-To: <5f638b360607232232y746d3118med089cbf347c9345@mail.gmail.com> References: <5f638b360607230442n18aeee17g1c109c5930c042a0@mail.gmail.com> <58AEB5EA-DB0B-4A80-8B96-81A596F5BB6E@ecs.soton.ac.uk> <5f638b360607230731r7cd0982fj1d5f43bf85839c7e@mail.gmail.com> <0ADD7ABA-CC00-4D95-8E32-2B2F6A94DCE2@ecs.soton.ac.uk> <20060724021326.v8ewvp7tw48skos0@mail.netmagicsolutions.com> <5f638b360607232232y746d3118med089cbf347c9345@mail.gmail.com> Message-ID: On 24 Jul 2006, at 06:32, ankush grover wrote: >> >> What I want to know is how to stop any mail if the mail contains >> >> "VIzAGRA" as one of the words in the subject ? >> > >> > You still need to add the "describe" and "score" lines as well, >> for it >> > to be recognised and used by SpamAssassin. Give it a large score >> (e.g. >> > 1000) and make sure your High Scoring Spam Actions include >> "delete" so >> > that it gets removed by MailScanner. >> > >> > Sorry if that lot wasn't clear in my previous email, I didn't >> write the >> > message very well :-( > > Describe and Score are already present in the mcp rules. High Scoring > Spam Actions include delete. This is nothing to do with mcp. They should all be in your spam.assassin.prefs.conf. > > >> just fyi, a similar mail hit the following rules at my site.. most >> rules are stock spamassasin 3.1.3 (afaik). Looks like you could >> benefit a lot from network tests. >> >> 4.00 BAYES_99 Bayesian spam probability is 99 to 100% >> 0.77 DIGEST_MULTIPLE Message hits more than one network digest >> check >> 0.14 FORGED_RCVD_HELO Received: contains a forged HELO >> 0.00 HTML_MESSAGE HTML included in message >> 0.50 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level >> above 50% >> 1.50 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 >> confidence level >> above 50% >> 0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) >> 2.05 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic >> IP address >> 1.46 RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web >> server >> 3.00 URIBL_BLACK Contains an URL listed in the URIBL blacklist >> 1.64 URIBL_SBL Contains an URL listed in the SBL blocklist >> 2.14 URIBL_WS_SURBL Contains an URL listed in the WS SURBL >> blocklist >> >> - dhawal >> > > I haven't installed razor on my system. I am using FC3 and I think > perl-Razor-Agent is the package that needs to be installed for this > purpose. Where do I have to mention the above rules means in which > spamassassin file ? > > Thanks & Regards > > Ankush Grover > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailinglist at asyouneed.com Mon Jul 24 12:34:03 2006 From: mailinglist at asyouneed.com (Mailing List) Date: Mon Jul 24 12:34:22 2006 Subject: lots of spam getting through all of a sudden Message-ID: <002001c6af15$10b96f80$c000a8c0@accountant> Hi All, Got a problem with Mailscanner/spamassassin everything had been working fine and it was catching the majority of spam however now all of a sudden it has just starting letting lots through even stuff it used to catch. Any ideas what might have happened, server is running latest versions of Mailscanner and Spamassassin? Regards, Dee -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/30fc3b44/attachment.html From jlmiller at mmtnetworks.com.au Mon Jul 24 13:05:16 2006 From: jlmiller at mmtnetworks.com.au (Jon Miller) Date: Mon Jul 24 12:52:19 2006 Subject: uninstall Message-ID: I need to uninstall and reinstall to fix our mailscanner program, I cannot access it via a web browser so I have no idea if it's still working only that mail is still coming through but so is a lot of spam. Thanks Jon -------------- next part --------------
I need to uninstall and reinstall to fix our mailscanner program, I cannot access it via a web browser so I have no idea if it's still working only that mail is still coming through but so is a lot of spam.

Thanks

Jon
From ugob at camo-route.com Mon Jul 24 13:19:49 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jul 24 13:20:11 2006 Subject: bl4ck_fr1d4y In-Reply-To: References: Message-ID: Mike Kercher wrote: > I downloaded the tarball and the contents match what's in your logs. > Perhaps someone emailed the tarball to one of your users. Yeah, I did extract it as well... But does MailScanner does normally every file when it extracts a tarball? > > Mike > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Ugo Bellavance >> Sent: Sunday, July 23, 2006 9:15 PM >> To: mailscanner@lists.mailscanner.info >> Subject: bl4ck_fr1d4y >> >> Hi, >> >> I got those weird logs on one of my servers. Why is >> MailScanner logging this? It is rather unusual to have only >> a file name or directory logged, isn't it? >> >> All I could find about this is >> >> http://www.blacksecurity.org/alpha/news/Bl4ck_Fr1d4y/5.html >> >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/ Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/ >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/bl4ck_readme.txt >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/bl4ck_ms06_036.py >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/scapy.pyc >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/scapy.py >> Jul 21 20:07:10 server MailScanner[5309]: >> >> [...] >> >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/ >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/bl4ck_ms06_014.py >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/bl4ck_readme.txt >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/rbl4ck_sendmail/ >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/rbl4ck_sendmail/rbl4ck-sendmail.py >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_fr1d4y.txt >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_cyrus-imapd/ >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/bl4ck_cyrus-imapd/cyrus-imapd-expl.rb >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/ >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/quickclient.c >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/shellcode.c >> Jul 21 20:07:10 server MailScanner[5309]: >> bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/sparcpoc.s >> >> All I can think of is that the archive found an the website >> (see above) transited through this server, but why the logs? >> >> I didn't see other weird log entries. >> >> Any ideas welcome, >> >> Ugo >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From craig at csfs.co.za Mon Jul 24 14:04:19 2006 From: craig at csfs.co.za (Craig Retief) Date: Mon Jul 24 14:04:32 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <002001c6af15$10b96f80$c000a8c0@accountant> Message-ID: Hi List, I'm experiencing the same problem as Dee, Any advice on what might be the cause? One particular mail that I see coming through alot lately is a stock mail from "Goldmark Industries (GDKI.PK)". The message structure is very similar with an inline gif that contains the info and then some text that follows. Thanks Craig _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mailing List Sent: 24 July 2006 01:34 PM To: mailscanner@lists.mailscanner.info Subject: lots of spam getting through all of a sudden Hi All, Got a problem with Mailscanner/spamassassin everything had been working fine and it was catching the majority of spam however now all of a sudden it has just starting letting lots through even stuff it used to catch. Any ideas what might have happened, server is running latest versions of Mailscanner and Spamassassin? Regards, Dee -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/07c86ca6/attachment.html From raymond at prolocation.net Mon Jul 24 14:24:32 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Jul 24 14:24:33 2006 Subject: {Spam?} RE: lots of spam getting through all of a sudden In-Reply-To: References: Message-ID: Hi! > One particular mail that I see coming through alot lately is a stock mail > from "Goldmark Industries (GDKI.PK)". The message structure is very similar > with an inline gif that contains the info and then some text that follows. Start using the SARE stock rules. http://www.rulesemporium.com/rules/70_sare_stocks.cf Bye, Raymond. From Phil.Udel at salemcorp.com Mon Jul 24 14:38:00 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Mon Jul 24 14:38:16 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: Message-ID: <200607241342.k6ODgneX028318@cat.salemcarriers.com> I too received more than expected. I am still looking into it. Here are some of the mails of interest Mail 1 Return-Path: Received: from KRIS.j8r0e.org (ti132110a080-11738.bb.online.no [85.165.173.218] (may be forged)) by cat.salemcarriers.com (8.12.8/8.12.8) with SMTP id k6OCHT2q015856; Mon, 24 Jul 2006 08:17:31 -0400 Message-ID: <80029162979505.39A0065715@ZUBVQBP> From: "Dolan" To: Subject: I have ssex much longer, because I take Exxtra-Time! Date: Mon, 24 Jul 2006 14:12:26 +0200 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: 55mB1cMYPGiyaqqR6r7c5JU4JkducPZBZkHj Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-SalemCorp-MailScanner-Information: Please contact the Help Desk at (336) 768-6896 X231 for more information X-SalemCorp-MailScanner: Found to be clean X-SalemCorp-MailScanner-MCPCheck: X-SalemCorp-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=3.635, required 6, BAYES_99 3.50, FORGED_RCVD_HELO 0.14) X-SalemCorp-MailScanner-SpamScore: sss X-SalemCorp-MailScanner-From: dolanconservatism@hairdresser.net X-SalemCorp-Spam-Status: No Status: -- How are you? Why don't you leave the crowd of men who try to combat this? Forget about rubber, drinking, hypnosis and the like - Extra-Time is the way that works. You tried condoms, pauses, alcohol, but nothing worked. Eager to find a way to stop this premature thing forever? Enter here: http://florexx.com/gall/get/ It's obvious that a satisfied woman will be addicted to you like never before. -- Mail 2 Return-Path: Received: from NANCY.ekauqp08.org ([222.120.21.92]) by cat.salemcarriers.com (8.12.8/8.12.8) with SMTP id k6O51P2w029051; Mon, 24 Jul 2006 01:01:41 -0400 Message-ID: <45734107399288.8E0B32BDF3@2R5DFLZ> From: "addenda" To: Subject: Rocket stock pick is what pro traders say about this one., Recent stuff Date: Sun, 23 Jul 2006 21:58:34 -0700 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: z7j8aNMRFDttj6GjAnIaDycypMmr7c2s4dBv Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-SalemCorp-MailScanner-Information: Please contact the Help Desk at (336) 768-6896 X231 for more information X-SalemCorp-MailScanner: Found to be clean X-SalemCorp-MailScanner-MCPCheck: X-SalemCorp-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-2.13, required 6, BAYES_00 -2.60, FIN_FREE 0.47) X-SalemCorp-MailScanner-From: addendachin@execs.com X-SalemCorp-Spam-Status: No Status: Nervous to get trading alerts? I know this. Piece of mind is reachable even for a trader! Here's some valuable information that can improve the situation. Experienced traders say there are huge opportunities for big profits with this stock to hit the market soon. The alert is ON! Get QEGY First Thing Today! This Is Going To Explode! Check out for HOT NEWS! QUANTUM ENERGY INC (QEGY) CURRENT_PRICE: $2.34 GET IT N0W! About the company Quantum Energy is a publicly traded growth orientated oil and gas exploration company. The objective is to seek out and define opportunities that represent a low risk 0pp0rtunity to develop positive cash flow. As well, the company aims to define larger projects that can be developed with Joint Venture partners or be entered into by a Joint Venture. Red Hot News QUANTUM ENERGY INC. PURCHASES NEW FACILITY CORSICANA TEXAS. July 20, 2006 Quantum Energy, Inc. (QEGY) announced that its joint venture partner, JMT Resources, Ltd. has entered into a contract to purchase a ten acre facility yard in Corsicana, Texas. The acquisition was formerly the facilities yard for Mobile Oil, and is adjacent to the Corsicana Field, which it operates. The site contains an assortment of oil field equipment that the joint venture partnership will utilize in its field operations. The acquisition also gives the JV partnership surface ownership of its water injection disposal well, which is in the permitting process with the Texas Railroad Commission. Ownership of this parcel will reduce operating costs; it will also give the JV partnership the option to add more injection disposal wells on this site, while housing its own redevelopment operations. Due to the substantially increased Barnett Shale drilling activities in Johnson and surrounding counties, there is an enormous need for disposal options of high chloride (salt) water, which is used in the stimulation of Barnett Shale wells. Operators in the area are required to dispose of this treated water in sanctioned disposal zones. In this area, the zone most prevalently used is the Woodbine, which is the depth of the well the partnership is currently permitting. Demand for disposal facilities is substantial. Operators have resorted to trucking their treated water several hours from location for disposal. Current disposal rates are $2 per barrel and trucks will carry 150 to 200 barrel capacities. It is estimated that the JV partnership will be able to dispose of approximately 5,000 barrels of treated water per day. This operation will allow the JV partnership to attain substantial cash flow from this ancillary oil field operation reducing its reliance on outside capital. It is expected that the water disposal well will be operational during the fourth quarter of 2006. This facility would also be available for disposal of waste water recovered from the Nacatoch wells in the JV Polymer project as well. Ultimately, the disposal fluid from the polymer will be quite significant once the project passes from the pilot phase into full development. Correspondingly, the availability of the water disposal well that is owned by the JV partnership will lead to reduced costs and higher efficiencies. It's more than worth considering doing some trade business with this stock. I'm already enjoying financial freedom. Hope you are too, and if not yet, may success come your way! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Craig Retief Sent: Monday, July 24, 2006 8:04 AM To: 'MailScanner discussion' Subject: RE: lots of spam getting through all of a sudden Hi List, I'm experiencing the same problem as Dee, Any advice on what might be the cause? One particular mail that I see coming through alot lately is a stock mail from "Goldmark Industries (GDKI.PK)". The message structure is very similar with an inline gif that contains the info and then some text that follows. Thanks Craig _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mailing List Sent: 24 July 2006 01:34 PM To: mailscanner@lists.mailscanner.info Subject: lots of spam getting through all of a sudden Hi All, Got a problem with Mailscanner/spamassassin everything had been working fine and it was catching the majority of spam however now all of a sudden it has just starting letting lots through even stuff it used to catch. Any ideas what might have happened, server is running latest versions of Mailscanner and Spamassassin? Regards, Dee -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/eef30f32/attachment.html From craig at csfs.co.za Mon Jul 24 14:52:20 2006 From: craig at csfs.co.za (Craig Retief) Date: Mon Jul 24 14:52:34 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Raymond Dijkxhoorn > Sent: 24 July 2006 03:25 PM > To: MailScanner discussion > Subject: Re: {Spam?} RE: lots of spam getting through all of a sudden > > Hi! > > > One particular mail that I see coming through alot lately is a stock mail > > from "Goldmark Industries (GDKI.PK)". The message structure is very similar > > with an inline gif that contains the info and then some text that follows. > > Start using the SARE stock rules. > > http://www.rulesemporium.com/rules/70_sare_stocks.cf I am using the Sare Stocks rule that comes with RulesDuJour and it doesn't get flagged. SpamAssassin 3.1.3 MailScanner 4.54.6 Sendmail 8.13.7 DCC, Pyzor and Razor are latest builds as well RulesDuJour updates nightly The rules that trigger for the mentioned mail are as follows: 0.00 BAYES_50 Bayesian spam probability is 40 to 60% 1.96 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date 1.09 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 4.10 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC) 1.05 HTML_IMAGE_ONLY_32 HTML: images with 2800-3200 bytes of words 0.00 HTML_MESSAGE HTML included in message 0.75 SARE_GIF_ATTACH Email has a inline gif Thanks again, Craig > > Bye, > Raymond. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From sobralm at agro.uba.ar Mon Jul 24 14:57:04 2006 From: sobralm at agro.uba.ar (Marcos Sobral) Date: Mon Jul 24 14:53:49 2006 Subject: /etc/mail/spamassasin/local.cf Message-ID: <44C4D1B0.9040402@agro.uba.ar> What happens if you leave the configuration file /etc/mail/spamassasin/local.cf? The spamassassin.prefs.conf file (from /etc/Maiscanner), says that the local.cf file should not exists, but my question is what if it does? Thanks a lot! -- ________________________________________________________ Marcos Andres Sobral Administrador de Red Facultad de Agronom?a - Buenos Aires - Argentina Te.: (+54 11) 4524-8000 int.8108 email: mailto:sobralm@agro.uba.ar www: http://www.agro.uba.ar From Denis.Beauchemin at USherbrooke.ca Mon Jul 24 14:56:22 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jul 24 14:56:49 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <200607241342.k6ODgneX028318@cat.salemcarriers.com> References: <200607241342.k6ODgneX028318@cat.salemcarriers.com> Message-ID: <44C4D186.6030804@USherbrooke.ca> Phillip Udel a ?crit : > > I too received more than expected. I am still looking into it. > Here are some of the mails of interest > > *...* > > ** Philip, They scored BIG here: X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste blanche), SpamAssassin (not cached, score=18.17, requis 5, BAYES_50 0.00, FIN_FREE 0.47, FORGED_RCVD_HELO 0.14, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 0.23, INFO_TLD 1.27, SARE_LWHUGE 1.00, SARE_LWSYMFMT 1.66, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66, SARE_OBFU_PART_ORT 1.67, SARE_RMML_Stock4 0.67, SARE_RMML_Stock7 0.75, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.00) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/59741eef/smime.bin From daniel.maher at ubisoft.com Mon Jul 24 15:19:00 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon Jul 24 15:19:06 2006 Subject: lots of spam getting through all of a sudden Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CFDF@UBIMAIL1.ubisoft.org> Regarding that stock email, this is how it's been tagged via my setup: pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1 0.7 SARE_RMML_Stock4 BODY: SARE_RMML_Stock4 1.0 SARE_LWHUGE BODY: SARE_LWHUGE 1.7 SARE_MLB_Stock6 BODY: Obfuscated ticker symbols 0.5 FIN_FREE BODY: Freedom of a financial nature 0.8 SARE_RMML_Stock7 BODY: SARE_RMML_Stock7 1.7 SARE_LWSYMFMT BODY: SARE_LWSYMFMT 1.3 INFO_TLD URI: Contains an URL in the INFO top-level domain 0.2 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000] 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: florexx.com] 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: florexx.com] 2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: florexx.com] 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: florexx.com] 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: florexx.com] SpamAss 3.1.3, MailScanner 4.51.6, and SARE Stocks ruleset... -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Craig Retief Sent: Monday, July 24, 2006 9:52 AM To: 'MailScanner discussion' Subject: RE: lots of spam getting through all of a sudden I am using the Sare Stocks rule that comes with RulesDuJour and it doesn't get flagged. SpamAssassin 3.1.3 MailScanner 4.54.6 Sendmail 8.13.7 DCC, Pyzor and Razor are latest builds as well RulesDuJour updates nightly The rules that trigger for the mentioned mail are as follows: 0.00 BAYES_50 Bayesian spam probability is 40 to 60% 1.96 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date 1.09 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 4.10 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC) 1.05 HTML_IMAGE_ONLY_32 HTML: images with 2800-3200 bytes of words 0.00 HTML_MESSAGE HTML included in message 0.75 SARE_GIF_ATTACH Email has a inline gif Thanks again, Craig From Phil.Udel at salemcorp.com Mon Jul 24 15:29:54 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Mon Jul 24 15:30:06 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <44C4D186.6030804@USherbrooke.ca> Message-ID: <200607241434.k6OEYheX003117@cat.salemcarriers.com> Wow. Nice. I assume the SARE are your own entries? Who are the URIBL_BLACK URIBL_JP_SURBL Sites? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: Monday, July 24, 2006 8:56 AM To: MailScanner discussion Subject: Re: lots of spam getting through all of a sudden Phillip Udel a ?crit : > > I too received more than expected. I am still looking into it. > Here are some of the mails of interest > > *...* > > ** Philip, They scored BIG here: X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste blanche), SpamAssassin (not cached, score=18.17, requis 5, BAYES_50 0.00, FIN_FREE 0.47, FORGED_RCVD_HELO 0.14, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 0.23, INFO_TLD 1.27, SARE_LWHUGE 1.00, SARE_LWSYMFMT 1.66, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66, SARE_OBFU_PART_ORT 1.67, SARE_RMML_Stock4 0.67, SARE_RMML_Stock7 0.75, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.00) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Mon Jul 24 15:49:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Jul 24 15:49:13 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <200607241434.k6OEYheX003117@cat.salemcarriers.com> References: <200607241434.k6OEYheX003117@cat.salemcarriers.com> Message-ID: <44C4DDDC.5070601@solid-state-logic.com> Phillip Udel wrote: > Wow. Nice. > > I assume the SARE are your own entries? > Who are the URIBL_BLACK URIBL_JP_SURBL Sites? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis > Beauchemin > Sent: Monday, July 24, 2006 8:56 AM > To: MailScanner discussion > Subject: Re: lots of spam getting through all of a sudden > > Phillip Udel a ?crit : >> I too received more than expected. I am still looking into it. >> Here are some of the mails of interest >> >> *...* >> >> ** > Philip, > > They scored BIG here: > > X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste > blanche), > SpamAssassin (not cached, score=18.17, requis 5, BAYES_50 0.00, > FIN_FREE 0.47, FORGED_RCVD_HELO 0.14, HTML_MESSAGE 0.00, > HTML_TAG_BALANCE_BODY 0.23, INFO_TLD 1.27, SARE_LWHUGE 1.00, > SARE_LWSYMFMT 1.66, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66, > SARE_OBFU_PART_ORT 1.67, SARE_RMML_Stock4 0.67, > SARE_RMML_Stock7 0.75, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.00) > > > Denis > nope www.ruleemporium.com/rules.html and the http://www.uribl.com/ -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Denis.Beauchemin at USherbrooke.ca Mon Jul 24 15:57:50 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jul 24 15:58:12 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <200607241434.k6OEYheX003117@cat.salemcarriers.com> References: <200607241434.k6OEYheX003117@cat.salemcarriers.com> Message-ID: <44C4DFEE.4000700@USherbrooke.ca> Phillip Udel a ?crit : > Wow. Nice. > > I assume the SARE are your own entries? > Who are the URIBL_BLACK URIBL_JP_SURBL Sites? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis > Beauchemin > Sent: Monday, July 24, 2006 8:56 AM > To: MailScanner discussion > Subject: Re: lots of spam getting through all of a sudden > > Phillip Udel a ?crit : > >> I too received more than expected. I am still looking into it. >> Here are some of the mails of interest >> >> *...* >> >> ** >> > Philip, > > They scored BIG here: > > X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste > blanche), > SpamAssassin (not cached, score=18.17, requis 5, BAYES_50 0.00, > FIN_FREE 0.47, FORGED_RCVD_HELO 0.14, HTML_MESSAGE 0.00, > HTML_TAG_BALANCE_BODY 0.23, INFO_TLD 1.27, SARE_LWHUGE 1.00, > SARE_LWSYMFMT 1.66, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66, > SARE_OBFU_PART_ORT 1.67, SARE_RMML_Stock4 0.67, > SARE_RMML_Stock7 0.75, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.00) > > > Denis > > Philip, I use the following rulesets (/etc/mail/spamassassin): 70_sare_adult.cf 70_sare_html1.cf 70_sare_uri0.cf german.cf 70_sare_bayes_poison_nxm.cf 70_sare_obfu0.cf 70_sare_uri1.cf local.cf 70_sare_evilnum0.cf 70_sare_obfu1.cf 70_sare_whitelist_rcvd.cf mailscanner.cf 70_sare_evilnum1.cf 70_sare_oem.cf 70_sare_whitelist_spf.cf mr_wiggly.cf 70_sare_genlsubj0.cf 70_sare_random.cf 72_sare_bml_post25x.cf nazi.cf 70_sare_genlsubj1.cf 70_sare_specific.cf 72_sare_redirect_post3.0.0.cf spamcop_uri.cf 70_sare_header0.cf 70_sare_spoof.cf 99_sare_fraud_post25x.cf uribl.cf 70_sare_header1.cf 70_sare_stocks.cf backhair.cf 70_sare_html0.cf 70_sare_unsub.cf bogus-virus-warnings.cf $ cat uribl.cf urirhssub URIBL_BLACK multi.uribl.com. A 2 body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') describe URIBL_BLACK Contains an URL listed in the URIBL blacklist tflags URIBL_BLACK net score URIBL_BLACK 3.0 urirhssub URIBL_GREY multi.uribl.com. A 4 body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') describe URIBL_GREY Contains an URL listed in the URIBL greylist tflags URIBL_GREY net score URIBL_GREY 0.25 $ egrep -v "^(#.*|$)" spamcop_uri.cf urirhssub URIBL_WS_SURBL multi.surbl.org. A 4 header URIBL_WS_SURBL eval:check_uridnsbl('URIBL_WS_SURBL') describe URIBL_WS_SURBL Contains a URL listed in the WS SURBL blocklist tflags URIBL_WS_SURBL net urirhssub URIBL_PH_SURBL multi.surbl.org. A 8 header URIBL_PH_SURBL eval:check_uridnsbl('URIBL_PH_SURBL') describe URIBL_PH_SURBL Contains a URL listed in the PH SURBL blocklist tflags URIBL_PH_SURBL net urirhssub URIBL_OB_SURBL multi.surbl.org. A 16 header URIBL_OB_SURBL eval:check_uridnsbl('URIBL_OB_SURBL') describe URIBL_OB_SURBL Contains a URL listed in the OB SURBL blocklist tflags URIBL_OB_SURBL net urirhssub URIBL_AB_SURBL multi.surbl.org. A 32 header URIBL_AB_SURBL eval:check_uridnsbl('URIBL_AB_SURBL') describe URIBL_AB_SURBL Contains a URL listed in the AB SURBL blocklist tflags URIBL_AB_SURBL net urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_SC_SURBL 0 score URIBL_WS_SURBL 3.0 score URIBL_PH_SURBL 5.0 score URIBL_OB_SURBL 4.0 score URIBL_AB_SURBL 3.0 score URIBL_JP_SURBL 4.0 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/cb73dc8b/smime-0001.bin From timb at vwg.com Mon Jul 24 16:14:54 2006 From: timb at vwg.com (Timothy Barhorst) Date: Mon Jul 24 16:15:01 2006 Subject: Problem running Spamassassin Debug Message-ID: MailScanner-4.54.6-1 SpamAssassin version 3.0.6 running on Perl version 5.8.5 When I run: spamassassin --D --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --lint It gets to the following then pauses then loops for a long time..until I finally stopp it. What is happening? debug: lock: 13945 created /etc/MailScanner/bayes/bayes.mutex debug: lock: 13945 trying to get lock on /etc/MailScanner/bayes/bayes with 10 t debug: lock: 13945 link to /etc/MailScanner/bayes/bayes.mutex: link ok debug: bayes: 13945 tie-ing to DB file R/W /etc/MailScanner/bayes/bayes_toks debug: bayes: 13945 tie-ing to DB file R/W /etc/MailScanner/bayes/bayes_seen debug: bayes: found bayes db version 3 debug: refresh: 13945 refresh /etc/MailScanner/bayes/bayes.mutex debug: bayes: expiry check keep size, 0.75 * max: 112500 debug: bayes: token count: 3335502, final goal reduction size: 3223002 debug: bayes: First pass? Current: 1153753206, Last: 0, atime: 0, count: 0, ne debug: bayes: Can't use estimation method for expiry, something fishy, calculat debug: bayes: expiry max exponent: 9 debug: bayes: atime token reduction debug: bayes: ======== =============== debug: bayes: 43200 3291730 debug: bayes: 86400 3285893 debug: bayes: 172800 3279350 debug: bayes: 345600 3201447 debug: bayes: 691200 3027426 debug: bayes: 1382400 2821678 debug: bayes: 2764800 2420458 debug: bayes: 5529600 1466104 debug: bayes: 11059200 186144 debug: bayes: 22118400 110433 debug: bayes: First pass decided on 345600 for atime delta debug: refresh: 13945 refresh /etc/MailScanner/bayes/bayes.mutex debug: refresh: 13945 refresh /etc/MailScanner/bayes/bayes.mutex debug: refresh: 13945 refresh /etc/MailScanner/bayes/bayes.mutex debug: refresh: 13945 refresh /etc/MailScanner/bayes/bayes.mutex Keeps looping this output..... Tim Barhorst timb@vwg.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/6f5ad1ef/attachment.html From Phil.Udel at salemcorp.com Mon Jul 24 16:28:50 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Mon Jul 24 16:29:21 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <200607241434.k6OEYheX003117@cat.salemcarriers.com> Message-ID: <200607241533.k6OFXeeL009848@cat.salemcarriers.com> LOL. OK. I Just found the SARE Site. Lol Can I assume that everyone here but me know about this site :). Does anyone here use the RulesDuJour script? Any Suggestions on what rules would be safe to start using first? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phillip Udel Sent: Monday, July 24, 2006 9:30 AM To: 'MailScanner discussion' Subject: RE: lots of spam getting through all of a sudden Wow. Nice. I assume the SARE are your own entries? Who are the URIBL_BLACK URIBL_JP_SURBL Sites? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: Monday, July 24, 2006 8:56 AM To: MailScanner discussion Subject: Re: lots of spam getting through all of a sudden Phillip Udel a ?crit : > > I too received more than expected. I am still looking into it. > Here are some of the mails of interest > > *...* > > ** Philip, They scored BIG here: X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste blanche), SpamAssassin (not cached, score=18.17, requis 5, BAYES_50 0.00, FIN_FREE 0.47, FORGED_RCVD_HELO 0.14, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 0.23, INFO_TLD 1.27, SARE_LWHUGE 1.00, SARE_LWSYMFMT 1.66, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66, SARE_OBFU_PART_ORT 1.67, SARE_RMML_Stock4 0.67, SARE_RMML_Stock7 0.75, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.00) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon Jul 24 16:38:33 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jul 24 16:38:55 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <200607241533.k6OFXeeL009848@cat.salemcarriers.com> References: <200607241533.k6OFXeeL009848@cat.salemcarriers.com> Message-ID: <44C4E979.90701@USherbrooke.ca> Phillip Udel a ?crit : > LOL. OK. I Just found the SARE Site. Lol Can I assume that everyone here > but me know about this site :). Does anyone here use the RulesDuJour > script? > > Any Suggestions on what rules would be safe to start using first? > > Phillip, Pretty much everybody knows about them, yes :-P Most people use the script but I had developed one script prior to RDJ and just continued using my own. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/d2f7ce4f/smime.bin From daniel.maher at ubisoft.com Mon Jul 24 16:40:01 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon Jul 24 16:45:38 2006 Subject: lots of spam getting through all of a sudden Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226CFE2@UBIMAIL1.ubisoft.org> These are the RDJ rules I started with: TRUSTED_RULESETS="SARE_ADULT SARE_OBFU0 SARE_URI0 SARE_FRAUD SARE_BML SARE_SPOOF SARE_HEADER0 SARE_SPECIFIC SARE_STOCKS" Seems to be pretty safe. :) -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phillip Udel Sent: Monday, July 24, 2006 11:29 AM To: 'MailScanner discussion' Subject: RE: lots of spam getting through all of a sudden LOL. OK. I Just found the SARE Site. Lol Can I assume that everyone here but me know about this site :). Does anyone here use the RulesDuJour script? Any Suggestions on what rules would be safe to start using first? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phillip Udel Sent: Monday, July 24, 2006 9:30 AM To: 'MailScanner discussion' Subject: RE: lots of spam getting through all of a sudden Wow. Nice. I assume the SARE are your own entries? Who are the URIBL_BLACK URIBL_JP_SURBL Sites? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: Monday, July 24, 2006 8:56 AM To: MailScanner discussion Subject: Re: lots of spam getting through all of a sudden Phillip Udel a ?crit : > > I too received more than expected. I am still looking into it. > Here are some of the mails of interest > > *...* > > ** Philip, They scored BIG here: X-MailScanner-SpamCheck: n'est pas un polluriel (inscrit sur la liste blanche), SpamAssassin (not cached, score=18.17, requis 5, BAYES_50 0.00, FIN_FREE 0.47, FORGED_RCVD_HELO 0.14, HTML_MESSAGE 0.00, HTML_TAG_BALANCE_BODY 0.23, INFO_TLD 1.27, SARE_LWHUGE 1.00, SARE_LWSYMFMT 1.66, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66, SARE_OBFU_PART_ORT 1.67, SARE_RMML_Stock4 0.67, SARE_RMML_Stock7 0.75, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.00) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jul 24 16:48:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 24 16:49:36 2006 Subject: bl4ck_fr1d4y In-Reply-To: References: Message-ID: <0F47B584-123A-4DC5-B2AA-F26E5F1C0AB0@ecs.soton.ac.uk> On 24 Jul 2006, at 13:19, Ugo Bellavance wrote: > Mike Kercher wrote: >> I downloaded the tarball and the contents match what's in your logs. >> Perhaps someone emailed the tarball to one of your users. > > Yeah, I did extract it as well... But does MailScanner does normally > every file when it extracts a tarball? Yes, it opens up tar, zip and rar files to do filename/filetype checking on the contents. > >> >> Mike >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Ugo Bellavance >>> Sent: Sunday, July 23, 2006 9:15 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: bl4ck_fr1d4y >>> >>> Hi, >>> >>> I got those weird logs on one of my servers. Why is >>> MailScanner logging this? It is rather unusual to have only >>> a file name or directory logged, isn't it? >>> >>> All I could find about this is >>> >>> http://www.blacksecurity.org/alpha/news/Bl4ck_Fr1d4y/5.html >>> >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/ Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/ >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/bl4ck_readme.txt >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/bl4ck_ms06_036.py >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/scapy.pyc >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_036/scapy.py >>> Jul 21 20:07:10 server MailScanner[5309]: >>> >>> [...] >>> >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/ >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/bl4ck_ms06_014.py >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_ms06_014/bl4ck_readme.txt >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/rbl4ck_sendmail/ >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/rbl4ck_sendmail/rbl4ck-sendmail.py >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_fr1d4y.txt >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_cyrus-imapd/ >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/bl4ck_cyrus-imapd/cyrus-imapd-expl.rb >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/ >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/quickclient.c >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/shellcode.c >>> Jul 21 20:07:10 server MailScanner[5309]: >>> bl4ck_fr1d4y_2006-07-21/black_RXenc-con-back-SOLARIS/sparcpoc.s >>> >>> All I can think of is that the archive found an the website >>> (see above) transited through this server, but why the logs? >>> >>> I didn't see other weird log entries. >>> >>> Any ideas welcome, >>> >>> Ugo >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ugob at camo-route.com Mon Jul 24 17:42:10 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jul 24 17:42:45 2006 Subject: bl4ck_fr1d4y In-Reply-To: <0F47B584-123A-4DC5-B2AA-F26E5F1C0AB0@ecs.soton.ac.uk> References: <0F47B584-123A-4DC5-B2AA-F26E5F1C0AB0@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > On 24 Jul 2006, at 13:19, Ugo Bellavance wrote: > >> Mike Kercher wrote: >>> I downloaded the tarball and the contents match what's in your logs. >>> Perhaps someone emailed the tarball to one of your users. >> >> Yeah, I did extract it as well... But does MailScanner does normally >> every file when it extracts a tarball? > > Yes, it opens up tar, zip and rar files to do filename/filetype checking > on the contents. Sorry, I was missing a word in my question, it should read: But does MailScanner does normally log every file when it extracts a tarball? Thanks, Ugo From MailScanner at ecs.soton.ac.uk Mon Jul 24 17:51:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 24 17:52:42 2006 Subject: uninstall In-Reply-To: References: Message-ID: <6BFC1AFD-B5E8-482A-A438-A48BDE222B15@ecs.soton.ac.uk> What OS, version, etc ? rpm -e mailscanner will do most of it for you. Then just run the ./install.sh again to install it. On Mon24 Jul 06, at 13:05, Jon Miller wrote: > I need to uninstall and reinstall to fix our mailscanner program, I > cannot access it via a web browser so I have no idea if it's still > working only that mail is still coming through but so is a lot of > spam. > > Thanks > > > Jon > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Mon Jul 24 18:05:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 24 18:06:06 2006 Subject: bl4ck_fr1d4y In-Reply-To: References: <0F47B584-123A-4DC5-B2AA-F26E5F1C0AB0@ecs.soton.ac.uk> Message-ID: On Mon24 Jul 06, at 17:42, Ugo Bellavance wrote: > Julian Field wrote: >> On 24 Jul 2006, at 13:19, Ugo Bellavance wrote: >> >>> Mike Kercher wrote: >>>> I downloaded the tarball and the contents match what's in your >>>> logs. >>>> Perhaps someone emailed the tarball to one of your users. >>> >>> Yeah, I did extract it as well... But does MailScanner does >>> normally >>> every file when it extracts a tarball? >> >> Yes, it opens up tar, zip and rar files to do filename/filetype >> checking >> on the contents. > > Sorry, I was missing a word in my question, it should read: > > But does MailScanner does normally log every file when it extracts a > tarball? Depends on your logging options: mine say Log Speed = no Log Spam = yes Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no Log MCP = no -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ugob at camo-route.com Mon Jul 24 18:19:17 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Mon Jul 24 18:19:29 2006 Subject: bl4ck_fr1d4y In-Reply-To: References: <0F47B584-123A-4DC5-B2AA-F26E5F1C0AB0@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > > On Mon24 Jul 06, at 17:42, Ugo Bellavance wrote: > >> Julian Field wrote: >>> On 24 Jul 2006, at 13:19, Ugo Bellavance wrote: >>> >>>> Mike Kercher wrote: >>>>> I downloaded the tarball and the contents match what's in your logs. >>>>> Perhaps someone emailed the tarball to one of your users. >>>> >>>> Yeah, I did extract it as well... But does MailScanner does normally >>>> every file when it extracts a tarball? >>> >>> Yes, it opens up tar, zip and rar files to do filename/filetype checking >>> on the contents. >> >> Sorry, I was missing a word in my question, it should read: >> >> But does MailScanner does normally log every file when it extracts a >> tarball? > > Depends on your logging options: mine say > Log Speed = no > Log Spam = yes > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > Log MCP = no Log Speed = no Log Spam = yes Log Non Spam = yes Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no From cparker at swatgear.com Mon Jul 24 18:47:57 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Mon Jul 24 18:48:11 2006 Subject: "I/O error on connection" problem. MailScanner related? Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4EEE@ati-ex-02.ati.local> Steve Campbell on Friday, July 21, 2006 5:07 PM said: > When you say multiple hosts, are you meaning recipient or sending > hosts? Sending. > What MTA are you using? Sendmail 8.13.1 > What type of timeout settings do you have set? > Is this happening to any domain you send to or is it > particular to one or two? This server only receives mail. > Are you running any milters? I don't think so. > Sorry I can't be more specific about the problem, but I was really > never certain how all of this occurred. I just know what fixed it. It's okay, and thanks for trying. Chris. From ssilva at sgvwater.com Mon Jul 24 18:47:24 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 24 18:48:15 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <200607241533.k6OFXeeL009848@cat.salemcarriers.com> References: <200607241434.k6OEYheX003117@cat.salemcarriers.com> <200607241533.k6OFXeeL009848@cat.salemcarriers.com> Message-ID: Phillip Udel spake the following on 7/24/2006 8:28 AM: > LOL. OK. I Just found the SARE Site. Lol Can I assume that everyone here > but me know about this site :). Does anyone here use the RulesDuJour > script? > > Any Suggestions on what rules would be safe to start using first? There is a tarball at Fortress Systems - www.fsl.com/support.html - It is a good starting package, with a fixed bogus_virus_warnings that won't misfire on mailscanner messages. I would suggest starting there. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alden at engineno9inc.com Mon Jul 24 19:40:09 2006 From: alden at engineno9inc.com (Alden Levy) Date: Mon Jul 24 19:40:15 2006 Subject: Invalid Date from Blackberry? Slightly OT In-Reply-To: <200607241503.k6OF3ORx009729@bkserver.blacknight.ie> Message-ID: <002101c6af50$97a0f370$6f01a8c0@JKSEvents.local> I'm having a problem with Blackberries sending email. For some reason, whenever anyone in our office sends an email from a Blackberry, it gets marked as spam. I've included the headers below, but I have substituted for my mail server and RIM's. It looks like it's INVALID_DATE that's pushing me over the edge, although, MIME_BASE64_TEXT is pretty high, as well. Return-Path: Received: from mail.engineno9inc (root@localhost) by engineno9inc (8.12.10/8.12.10) with ESMTP id k6OIARHZ005257; Mon, 24 Jul 2006 14:10:27 -0400 X-ClientAddr: Received: from blackberry by mail.engineno9inc (8.12.10/8.12.10) with ESMTP id k6OIAQMp005247; Mon, 24 Jul 2006 14:10:26 -0400 Received: from blackberry (localhost.localdomain [127.0.0.1]) by blackberry (8.13.4 TEAMON/8.13.4) with ESMTP id k6OI2hkN007196; Mon, 24 Jul 2006 18:02:43 GMT Message-ID: <1941258053-1153764163-cardhu_blackberry.rim.net-922482159-@ blackberry> Reply-To: alden@engineno9inc Sensitivity: Normal Importance: Normal To: Subject: {Spam?} Fw: BAM From: "Alden Levy" Date: Mon, 24 Jul 2006 18:02:40 +0000 GMT Content-Type: text/plain; charset="Windows-1252" MIME-Version: 1.0 X-engineno9inc-MailScanner-Information: Please contact the ISP for more information X-engineno9inc-MailScanner: Found to be clean X-engineno9inc-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=4.303, required 4, BAYES_50 0.00, INVALID_DATE 2.19, MIME_BASE64_NO_NAME 0.22, MIME_BASE64_TEXT 1.89) X-engineno9inc-MailScanner-SpamScore: 4 X-Envelope-From: alden@engineno9inc X-Spam-Status: Yes Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by engineno9inc id k6OIARHZ005257 Status: RO Any help woould be appreciated. Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax From MailScanner at ecs.soton.ac.uk Mon Jul 24 21:15:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 24 21:15:19 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: References: <200607241434.k6OEYheX003117@cat.salemcarriers.com> <200607241533.k6OFXeeL009848@cat.salemcarriers.com> Message-ID: I keep getting this GDKI.PK spam as well. I have all the SARE rules, including SARE_STOCKS (from July 15th) but it gets not spam, SpamAssassin (score=4.992, required 6, BAYES_40 -0.18, DATE_IN_PAST_06_12 0.83, EXTRA_MPART_TYPE 1.09, HTML_IMAGE_ONLY_32 1.05, HTML_MESSAGE 0.00, RCVD_IN_SORBS_WEB 1.46, SARE_GIF_ATTACH 0.75) Any ideas if anything is wrong or I am missing something? I have TRUSTED_RULESETS="SARE_REDIRECT_POST300 EVILNUMBERS SARE_BAYES_POISON_NXM SARE_H TML0 SARE_HTML1 SARE_HEADER0 SARE_HEADER1 SARE_SPECIFIC SARE_ADULT SARE_BML SARE _FRAUD SARE_SPOOF SARE_RANDOM SARE_OEM SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_UNSUB SARE_URI SARE_HEADER SARE_CODING SARE_SPECIFIC TRIPWIRE SARE_OBFU0 SARE_STOCKS" Any thoughts? On Mon24 Jul 06, at 18:47, Scott Silva wrote: > Phillip Udel spake the following on 7/24/2006 8:28 AM: >> LOL. OK. I Just found the SARE Site. Lol Can I assume that >> everyone here >> but me know about this site :). Does anyone here use the RulesDuJour >> script? >> >> Any Suggestions on what rules would be safe to start using first? > There is a tarball at Fortress Systems - www.fsl.com/support.html - > It is a good starting package, with a fixed bogus_virus_warnings > that won't > misfire on mailscanner messages. > I would suggest starting there. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store ! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ka at pacific.net Mon Jul 24 21:40:07 2006 From: ka at pacific.net (Ken A) Date: Mon Jul 24 21:39:25 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: References: <200607241434.k6OEYheX003117@cat.salemcarriers.com> <200607241533.k6OFXeeL009848@cat.salemcarriers.com> Message-ID: <44C53027.7020804@pacific.net> I added an additional meta rule to spam.assassin.prefs.conf since I was seeing the same thing last friday. They seem to hit these two. The TVD rule is from sa-update, so you'll need to run 'sa-update -D' to get that one (it scores 2.80 by default too!). meta LOCAL_SPAM_07202006 (EXTRA_MPART_TYPE && TVD_FW_GRAPHIC_ID1) describe LOCAL_SPAM_07202006 spam bomb 07202006 score LOCAL_SPAM_07202006 10 Ken A Pacific.Net Julian Field wrote: > I keep getting this GDKI.PK spam as well. I have all the SARE rules, > including SARE_STOCKS (from July 15th) but it gets > > not spam, SpamAssassin (score=4.992, required 6, BAYES_40 -0.18, > DATE_IN_PAST_06_12 0.83, EXTRA_MPART_TYPE 1.09, HTML_IMAGE_ONLY_32 1.05, > HTML_MESSAGE 0.00, RCVD_IN_SORBS_WEB 1.46, SARE_GIF_ATTACH 0.75) > > Any ideas if anything is wrong or I am missing something? > > I have > > TRUSTED_RULESETS="SARE_REDIRECT_POST300 EVILNUMBERS > SARE_BAYES_POISON_NXM SARE_H > TML0 SARE_HTML1 SARE_HEADER0 SARE_HEADER1 SARE_SPECIFIC SARE_ADULT > SARE_BML SARE > _FRAUD SARE_SPOOF SARE_RANDOM SARE_OEM SARE_GENLSUBJ0 SARE_GENLSUBJ1 > SARE_UNSUB > SARE_URI SARE_HEADER SARE_CODING SARE_SPECIFIC TRIPWIRE SARE_OBFU0 > SARE_STOCKS" > > Any thoughts? > > On Mon24 Jul 06, at 18:47, Scott Silva wrote: > >> Phillip Udel spake the following on 7/24/2006 8:28 AM: >>> LOL. OK. I Just found the SARE Site. Lol Can I assume that >>> everyone here >>> but me know about this site :). Does anyone here use the RulesDuJour >>> script? >>> >>> Any Suggestions on what rules would be safe to start using first? >> There is a tarball at Fortress Systems - www.fsl.com/support.html - >> It is a good starting package, with a fixed bogus_virus_warnings that >> won't >> misfire on mailscanner messages. >> I would suggest starting there. >> >> -- >> MailScanner is like deodorant... >> You hope everybody uses it, and >> you notice quickly if they don't!!!! >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store ! > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jgolden at ci.grand-rapids.mi.us Mon Jul 24 22:07:18 2006 From: jgolden at ci.grand-rapids.mi.us (Golden, James) Date: Mon Jul 24 22:07:18 2006 Subject: MailScanner, sendmail & SpamAssassian Message-ID: <1153775239.7807.17.camel@doit-b8wsw21.grand-rapids.mi.us> I am having some trouble understanding something. I have been having an issue with AWL. I have been trying to reset an individual email's score and it doesn't seem to work. In my research I discovered that MailScanner with sendmail is supposed to run as root (according to the book). It also seems that Spamassassin is running as root as well. On top of that spamassassin seems to be invoked as spamd. I emailed this to the Spamassassin mailing list and someone suggested that I Post it here. Is this configuration correct. Should spamd be running as root. If that is the way it is supposed to run, why might I not be able to run this command as root and have it work: spamassassin --remove-addr-from-whitelist=joe@somwhere.com Any help would be greatly appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060724/a9339f23/attachment.html From raymond at prolocation.net Mon Jul 24 22:20:49 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Jul 24 22:20:48 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: References: <200607241434.k6OEYheX003117@cat.salemcarriers.com> <200607241533.k6OFXeeL009848@cat.salemcarriers.com> Message-ID: Hi! > I keep getting this GDKI.PK spam as well. I have all the SARE rules, > including SARE_STOCKS (from July 15th) but it gets > > not spam, SpamAssassin (score=4.992, required 6, BAYES_40 -0.18, > DATE_IN_PAST_06_12 0.83, EXTRA_MPART_TYPE 1.09, HTML_IMAGE_ONLY_32 1.05, > HTML_MESSAGE 0.00, RCVD_IN_SORBS_WEB 1.46, SARE_GIF_ATTACH 0.75) > > Any ideas if anything is wrong or I am missing something? SARE_STOCK is last modifies 14-07. Seems you dont update it properly. You could try with adding: body PROLO_STOCK_SYM4 /\b(?:WBRS\.PK|HLUN\.PK|GDKI\.PK|ILKG\.PK|VNGP\.PK|DPER\.PK|FCYI\.PK|KMAG\.PK|DPEK\.PK|EPLJ\.PK|KFTG\.PK|HYWI|FCYI\.PK|LITL\.PK|TGVI\.PK|VMCI\.PK|AGHG\.PK|DPGP\.PK|AVCP\.PK|FPPL\.PK|CTFE\.PK|UBTA\.PK|Mhpt.pk|BDWH\.PK|BIGN.PK|CRHI\.OB|CBIO\.PK|SWNM.PK)\b/ score PROLO_STOCK_SYM4 2 Bye, Raymond. From mailscanner at ecs.soton.ac.uk Tue Jul 25 00:06:49 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 25 00:07:04 2006 Subject: MailScanner, sendmail & SpamAssassian In-Reply-To: <1153775239.7807.17.camel@doit-b8wsw21.grand-rapids.mi.us> References: <1153775239.7807.17.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: <44C55289.5020909@ecs.soton.ac.uk> Golden, James wrote: > I am having some trouble understanding something. I have been having an > issue with AWL. I have been trying to reset an individual email's score > and it doesn't seem to work. In my research I discovered that > MailScanner with sendmail is supposed to run as root (according to the > book). It also seems that Spamassassin is running as root as well. On > top of that spamassassin seems to be invoked as spamd. MailScanner does not use spamd. It calls it directly through its Perl libraries (more direct, more efficient, does not rely on spamd not falling over). > I emailed this > to the Spamassassin mailing list and someone suggested that I Post it > here. Is this configuration correct. Should spamd be running as root. > > If that is the way it is supposed to run, why might I not be able to run > this command as root and have it work: > > spamassassin --remove-addr-from-whitelist=joe@somwhere.com > > > Any help would be greatly appreciated. > I don't know the exact syntax for the spamassassin script, but the basic idea should be okay. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Tue Jul 25 00:14:55 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 25 00:15:08 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: References: <200607241434.k6OEYheX003117@cat.salemcarriers.com> <200607241533.k6OFXeeL009848@cat.salemcarriers.com> Message-ID: <44C5546F.2000806@ecs.soton.ac.uk> Raymond Dijkxhoorn wrote: > Hi! > >> I keep getting this GDKI.PK spam as well. I have all the SARE rules, >> including SARE_STOCKS (from July 15th) but it gets >> >> not spam, SpamAssassin (score=4.992, required 6, BAYES_40 -0.18, >> DATE_IN_PAST_06_12 0.83, EXTRA_MPART_TYPE 1.09, HTML_IMAGE_ONLY_32 >> 1.05, HTML_MESSAGE 0.00, RCVD_IN_SORBS_WEB 1.46, SARE_GIF_ATTACH 0.75) >> >> Any ideas if anything is wrong or I am missing something? > > SARE_STOCK is last modifies 14-07. Seems you dont update it properly. I use Rulesdujour to do the updates. The last mod date was 14/07 and I updated my copy on 15/07 so the update is working fine. GDKI does not appear as a string in that rules cf file at all. I have added your suggested rule below, let's hope that has some effect. Thanks, Jules. > > You could try with adding: > > body PROLO_STOCK_SYM4 > /\b(?:WBRS\.PK|HLUN\.PK|GDKI\.PK|ILKG\.PK|VNGP\.PK|DPER\.PK|FCYI\.PK|KMAG\.PK|DPEK\.PK|EPLJ\.PK|KFTG\.PK|HYWI|FCYI\.PK|LITL\.PK|TGVI\.PK|VMCI\.PK|AGHG\.PK|DPGP\.PK|AVCP\.PK|FPPL\.PK|CTFE\.PK|UBTA\.PK|Mhpt.pk|BDWH\.PK|BIGN.PK|CRHI\.OB|CBIO\.PK|SWNM.PK)\b/ > > score PROLO_STOCK_SYM4 2 > > Bye, > Raymond. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From doc at maddoc.net Tue Jul 25 00:24:52 2006 From: doc at maddoc.net (Doc Schneider) Date: Tue Jul 25 00:24:57 2006 Subject: lots of spam getting through all of a sudden In-Reply-To: <44C5546F.2000806@ecs.soton.ac.uk> References: <200607241434.k6OEYheX003117@cat.salemcarriers.com> <200607241533.k6OFXeeL009848@cat.salemcarriers.com> <44C5546F.2000806@ecs.soton.ac.uk> Message-ID: <44C556C4.6050606@maddoc.net> Julian Field wrote: > > > Raymond Dijkxhoorn wrote: >> Hi! >> >>> I keep getting this GDKI.PK spam as well. I have all the SARE rules, >>> including SARE_STOCKS (from July 15th) but it gets >>> >>> not spam, SpamAssassin (score=4.992, required 6, BAYES_40 -0.18, >>> DATE_IN_PAST_06_12 0.83, EXTRA_MPART_TYPE 1.09, HTML_IMAGE_ONLY_32 >>> 1.05, HTML_MESSAGE 0.00, RCVD_IN_SORBS_WEB 1.46, SARE_GIF_ATTACH 0.75) >>> >>> Any ideas if anything is wrong or I am missing something? >> >> SARE_STOCK is last modifies 14-07. Seems you dont update it properly. > > I use Rulesdujour to do the updates. The last mod date was 14/07 and I > updated my copy on 15/07 so the update is working fine. GDKI does not > appear as a string in that rules cf file at all. > > I have added your suggested rule below, let's hope that has some effect. > Thanks, > Jules. > >> >> You could try with adding: >> >> body PROLO_STOCK_SYM4 >> /\b(?:WBRS\.PK|HLUN\.PK|GDKI\.PK|ILKG\.PK|VNGP\.PK|DPER\.PK|FCYI\.PK|KMAG\.PK|DPEK\.PK|EPLJ\.PK|KFTG\.PK|HYWI|FCYI\.PK|LITL\.PK|TGVI\.PK|VMCI\.PK|AGHG\.PK|DPGP\.PK|AVCP\.PK|FPPL\.PK|CTFE\.PK|UBTA\.PK|Mhpt.pk|BDWH\.PK|BIGN.PK|CRHI\.OB|CBIO\.PK|SWNM.PK)\b/ >> >> score PROLO_STOCK_SYM4 2 >> >> Bye, >> Raymond. > Seeing as I'm the maintainer for the 70_sare_stocks.cf file (Yeah, I'm one of those Ninjas) I need to do some updating to the rule set to include Raymond's stork rules--I have them. I have gotten behind with some things and will get a new set updated and set to go out this evening. 8*) -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From doc at maddoc.net Tue Jul 25 01:18:48 2006 From: doc at maddoc.net (Doc Schneider) Date: Tue Jul 25 01:18:52 2006 Subject: Storks updated Message-ID: <44C56368.10607@maddoc.net> Gang, I just committed the latest 70_sare_stocks.cf to the rulesemporium.com site and they'll be available within the hour. Version: 01.00.27 Modified: 07-24-2006 Have fun! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From mailscanner at icnet.net Tue Jul 25 05:45:31 2006 From: mailscanner at icnet.net (Brady Tucker) Date: Tue Jul 25 05:45:36 2006 Subject: High Scoring Spam Actions change/problem Message-ID: <20060725044531759.AAA1464@ICNET-66-210-160-5.icnet.net> ---------------------------------------------------------------------------- --- With 4.50.x and before I used: High Scoring Spam Actions = delete,forward spambox@mydomain.com and it worked fine. With 4.53.6 I get this error: Jul 24 22:48:19 mymail MailScanner[18496]: Message k6P3m8i9018698 produced illegal High-Scoring Spam Action "deleteforward", so message is being delivered appears to skip multiple arguments and misses the comma altogether now.... ---------------------------------------------------------------------------- --- If I swap the order around to : High Scoring Spam Actions = forward spambox@mydomain.com,delete It then attempts to forward mail to spambox@mydomain.comdelete (as seen in the following error) - not parsing multiple arguments/ignoring the comma again and appending delete to the e-mail address: Jul 24 21:02:53 mymail sendmail[15404]: k6P22ffK015390: to=, delay=00:00:12, xdelay=00:00:00, mailer=esmtp, pri=125089, relay=vpassets.comdelete, dsn=5.1.2, stat=Host unknown (Name server: mydomain.comdelete: host not found) ---------------------------------------------------------------------------- --- Thank you, Brady A. Tucker batucker@icnet.net Internet Complete! w w w . i c n e t . n e t From martinh at solid-state-logic.com Tue Jul 25 09:10:57 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jul 25 09:11:15 2006 Subject: Invalid Date from Blackberry? Slightly OT In-Reply-To: <002101c6af50$97a0f370$6f01a8c0@JKSEvents.local> References: <002101c6af50$97a0f370$6f01a8c0@JKSEvents.local> Message-ID: <44C5D211.4040902@solid-state-logic.com> Alden Levy wrote: > I'm having a problem with Blackberries sending email. For some reason, > whenever anyone in our office sends an email from a Blackberry, it gets > marked as spam. I've included the headers below, but I have substituted for > my mail server and RIM's. It looks like it's INVALID_DATE that's pushing me > over the edge, although, MIME_BASE64_TEXT is pretty high, as well. > > > > Return-Path: > Received: from mail.engineno9inc (root@localhost) > by engineno9inc (8.12.10/8.12.10) with ESMTP id k6OIARHZ005257; > Mon, 24 Jul 2006 14:10:27 -0400 > X-ClientAddr: > Received: from blackberry > by mail.engineno9inc (8.12.10/8.12.10) with ESMTP id k6OIAQMp005247; > Mon, 24 Jul 2006 14:10:26 -0400 > Received: from blackberry (localhost.localdomain [127.0.0.1]) > by blackberry (8.13.4 TEAMON/8.13.4) with ESMTP id k6OI2hkN007196; > Mon, 24 Jul 2006 18:02:43 GMT > Message-ID: <1941258053-1153764163-cardhu_blackberry.rim.net-922482159-@ > blackberry> > Reply-To: alden@engineno9inc > Sensitivity: Normal > Importance: Normal > To: > Subject: {Spam?} Fw: BAM > From: "Alden Levy" > Date: Mon, 24 Jul 2006 18:02:40 +0000 GMT > Content-Type: text/plain; charset="Windows-1252" > MIME-Version: 1.0 > X-engineno9inc-MailScanner-Information: Please contact the ISP for more > information > X-engineno9inc-MailScanner: Found to be clean > X-engineno9inc-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=4.303, required 4, BAYES_50 0.00, INVALID_DATE 2.19, > MIME_BASE64_NO_NAME 0.22, MIME_BASE64_TEXT 1.89) > X-engineno9inc-MailScanner-SpamScore: 4 > X-Envelope-From: alden@engineno9inc > X-Spam-Status: Yes > Content-Transfer-Encoding: 8bit > X-MIME-Autoconverted: from base64 to 8bit by engineno9inc id k6OIARHZ005257 > Status: RO > > Any help woould be appreciated. > > Thanks, > Alden > > Alden Levy > Engine No. 9, Inc. > 130 W. 57th Street, Suite 2F > New York, NY 10019 > (212) 981-1122 > (212) 504-9598 fax > > Alden prob best to ask on the SA list as to why this is occuring, but running the headers etc over my SA setup it doesn't fuss about invalid date.. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Tue Jul 25 09:32:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 25 09:33:22 2006 Subject: High Scoring Spam Actions change/problem In-Reply-To: <20060725044531759.AAA1464@ICNET-66-210-160-5.icnet.net> References: <20060725044531759.AAA1464@ICNET-66-210-160-5.icnet.net> Message-ID: <4EEBB913-026E-4D6D-A82D-143E2CB29041@ecs.soton.ac.uk> On 25 Jul 2006, at 05:45, Brady Tucker wrote: > > ---------------------------------------------------------------------- > ------ > --- > With 4.50.x and before I used: > High Scoring Spam Actions = delete,forward spambox@mydomain.com > and it worked fine. > > With 4.53.6 I get this error: > Jul 24 22:48:19 mymail MailScanner[18496]: Message k6P3m8i9018698 > produced > illegal High-Scoring Spam Action "deleteforward", so message is being > delivered Please change the comma to a space. I had no option but to make this a bit stricter for this option. > > appears to skip multiple arguments and misses the comma altogether > now.... > ---------------------------------------------------------------------- > ------ > --- > If I swap the order around to : > High Scoring Spam Actions = forward spambox@mydomain.com,delete > > It then attempts to forward mail to spambox@mydomain.comdelete (as > seen in > the following error) - not parsing multiple arguments/ignoring the > comma > again and appending delete to the e-mail address: Again, please replace the comma with a space. > > Jul 24 21:02:53 mymail sendmail[15404]: k6P22ffK015390: > to=, delay=00:00:12, xdelay=00:00:00, > mailer=esmtp, pri=125089, relay=vpassets.comdelete, dsn=5.1.2, > stat=Host > unknown (Name server: mydomain.comdelete: host not found) > ---------------------------------------------------------------------- > ------ > --- > > Thank you, > Brady A. Tucker > batucker@icnet.net > Internet Complete! > w w w . i c n e > t . n e t > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From AHKAPLAN at PARTNERS.ORG Tue Jul 25 16:07:02 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Tue Jul 25 16:07:08 2006 Subject: Order Of Installation Message-ID: <9C63A4713C4E3342B90428CE44806A73026797FF@PHSXMB5.partners.org> Hi there - I am going through the process of building a replacement mail server for our department. The server in question is running SuSE 10.0 Linux that has been 'hardened' via Bastille. The server currently has ClamAV 0.88.3 and SpamAssassin 3.1.3 installed via the Easy Installation package. The procedure that I have in mind to complete the installation is as follows: 1. Install from source Sendmail 8.13.7. 2. Update ClamAV to the latest version. 3. Update SpamAssassin to the latest version. 4. Install MailScanner 4.54.6-1. Is there anything that I missed, or something about the procedure that is wrong and should be corrected before proceeding? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060725/40e7ac52/attachment.html From sobralm at agro.uba.ar Tue Jul 25 16:15:59 2006 From: sobralm at agro.uba.ar (Marcos Sobral) Date: Tue Jul 25 16:12:52 2006 Subject: Problem with spamassassin confs Message-ID: <44C635AF.3020800@agro.uba.ar> Some days ago, I was experiencing some troubles with really big queues in the mqueue.in folder. I had to put 3 servers working in parallel but the queues where still big. Then I started enabling and disabling some scans, I noticed that when I had disabled de spamassassin test, the queue problem disapeared. So I started looking after an error or a heavy test of spamassassin in the spam.assassin.prefs.conf file. Everything was ok, except for one thing, I had the local.cf file that resides in the /etc/mail/spamassassin/local.cf . The spam.assassin.prefs.conf file asks to disable that file, moving it with another name. The fact is that when I moved that file, my problem had disappeared. Well, that?s my story, now my question is, why whe have to move the local.cf file, what happens when we leave it without moving it? Did someone had this problem? If someone is having mqueue.in problem check if you are having my problem. Another question is, does anyone know about a good statistics program to check the mail traffic, I been testing the mailscanner-mrtg, is good but I?d like to try others. Thanks. -- ________________________________________________________ Marcos Andres Sobral Administrador de Red Facultad de Agronom?a - Buenos Aires - Argentina Te.: (+54 11) 4524-8000 int.8108 email: mailto:sobralm@agro.uba.ar www: http://www.agro.uba.ar From martinh at solid-state-logic.com Tue Jul 25 16:19:24 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Jul 25 16:19:38 2006 Subject: Problem with spamassassin confs In-Reply-To: <44C635AF.3020800@agro.uba.ar> References: <44C635AF.3020800@agro.uba.ar> Message-ID: <44C6367C.9060509@solid-state-logic.com> Marcos Sobral wrote: > Some days ago, I was experiencing some troubles with really big queues > in the mqueue.in folder. > I had to put 3 servers working in parallel but the queues where still big. > Then I started enabling and disabling some scans, I noticed that when I > had disabled de spamassassin test, the queue problem disapeared. > So I started looking after an error or a heavy test of spamassassin in > the spam.assassin.prefs.conf file. Everything was ok, except for one > thing, I had the local.cf file that resides in the > /etc/mail/spamassassin/local.cf . The spam.assassin.prefs.conf file asks > to disable that file, moving it with another name. The fact is that when > I moved that file, my problem had disappeared. > Well, that?s my story, now my question is, why whe have to move the > local.cf file, what happens when we leave it without moving it? > Did someone had this problem? > If someone is having mqueue.in problem check if you are having my problem. > > Another question is, does anyone know about a good statistics program to > check the mail traffic, I been testing the mailscanner-mrtg, is good but > I?d like to try others. > > Thanks. > Vispan - http://www.while.org.uk/mailstats/ -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jgolden at ci.grand-rapids.mi.us Tue Jul 25 16:22:28 2006 From: jgolden at ci.grand-rapids.mi.us (Golden, James) Date: Tue Jul 25 16:22:17 2006 Subject: MailScanner, sendmail & SpamAssassian In-Reply-To: <44C55289.5020909@ecs.soton.ac.uk> References: <1153775239.7807.17.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: <1153840948.7807.29.camel@doit-b8wsw21.grand-rapids.mi.us> It looks like it was installed by the rpm. Which according to the documentation is not the recommended way. I have 2 questions then: Can this be corrected so it doesn't use spamd, if so where can I start looking for a complete answer on how to do it? OR is the best way to uninstall the rpm, and to install using CPAN? Thanks for all the help! Sincerely, James Golden On Tue, 2006-07-25 at 00:06 +0100, Julian Field wrote: > > Golden, James wrote: > > I am having some trouble understanding something. I have been having an > > issue with AWL. I have been trying to reset an individual email's score > > and it doesn't seem to work. In my research I discovered that > > MailScanner with sendmail is supposed to run as root (according to the > > book). It also seems that Spamassassin is running as root as well. On > > top of that spamassassin seems to be invoked as spamd. > > MailScanner does not use spamd. It calls it directly through its Perl > libraries (more direct, more efficient, does not rely on spamd not > falling over). > > > I emailed this > > to the Spamassassin mailing list and someone suggested that I Post it > > here. Is this configuration correct. Should spamd be running as root. > > > > If that is the way it is supposed to run, why might I not be able to run > > this command as root and have it work: > > > > spamassassin --remove-addr-from-whitelist=joe@somwhere.com > > > > > > Any help would be greatly appreciated. > > > > I don't know the exact syntax for the spamassassin script, but the basic > idea should be okay. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060725/73a719e9/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jul 25 16:25:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 25 16:26:06 2006 Subject: Order Of Installation In-Reply-To: <9C63A4713C4E3342B90428CE44806A73026797FF@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A73026797FF@PHSXMB5.partners.org> Message-ID: <7E1E593E-865C-458C-AE92-CB0606029643@ecs.soton.ac.uk> On 25 Jul 2006, at 16:07, Kaplan, Andrew H. wrote: > Hi there ? > > > > I am going through the process of building a replacement mail > server for our department. The server in question is running > > SuSE 10.0 Linux that has been ?hardened? via Bastille. The server > currently has ClamAV 0.88.3 and SpamAssassin 3.1.3 > > installed via the Easy Installation package. The procedure that I > have in mind to complete the installation is as follows: > > > > Install from source Sendmail 8.13.7. Can you not get this as an RPM? You are using an RPM of it now, so I would stick with that route if you can. If not, make sure you "rpm -e sendmail" before installing any new one, or else you will leave the RPM files database in a mess. > Update ClamAV to the latest version. > Update SpamAssassin to the latest version. You should find you have the latest ClamAV and SpamAssassin anyway. > Install MailScanner 4.54.6-1. I'm about to release a new stable version (1st Sept hopefully) so I would advise waiting for that. Download about 4th September to ensure there weren't any problems with the 1st release. > > > Is there anything that I missed, or something about the procedure > that is wrong and should be corrected before proceeding? I upgrade my Easy-install-Clam+SA package as soon as a new version of either package appears, so you can just re-install that over the top of your old version as new ones appear. I would normally recommend doing MailScanner before Clam+SA rather than after, but there's no reason why it shouldn't work. I would add Razor, DCC and RulesDuJour to the mix as well. You can get an easy-install package for RulesDuJour from www.fsl.com/support. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060725/9584fa90/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jul 25 16:29:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 25 16:30:48 2006 Subject: MailScanner, sendmail & SpamAssassian In-Reply-To: <1153840948.7807.29.camel@doit-b8wsw21.grand-rapids.mi.us> References: <1153775239.7807.17.camel@doit-b8wsw21.grand-rapids.mi.us> <1153840948.7807.29.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: On 25 Jul 2006, at 16:22, Golden, James wrote: > It looks like it was installed by the rpm. Which according to the > documentation is not the recommended way. I have 2 questions then: > > Can this be corrected so it doesn't use spamd, if so where can I > start looking for a complete answer on how to do it? Uninstall the RPM of it, and then use my easy-to-install package of ClamAV+SpamAssassin on the MailScanner downloads page. That will not only build it safely from source for you, but it will do a whole host of setup things for SpamAssassin and ClamAV and tell you what you still need to do yourself (there's one bit my script can't do for legal reasons). Building it from source gives the same result as using CPAN, but using my package takes care of all the required modules to make it all work together properly, which saves lots of headaches. > > OR is the best way to uninstall the rpm, and to install using CPAN? > > Thanks for all the help! > > Sincerely, > > James Golden > > On Tue, 2006-07-25 at 00:06 +0100, Julian Field wrote: >> Golden, James wrote: >> > I am having some trouble understanding something. I have been >> having an >> > issue with AWL. I have been trying to reset an individual >> email's score >> > and it doesn't seem to work. In my research I discovered that >> > MailScanner with sendmail is supposed to run as root (according >> to the >> > book). It also seems that Spamassassin is running as root as >> well. On >> > top of that spamassassin seems to be invoked as spamd. >> >> MailScanner does not use spamd. It calls it directly through its Perl >> libraries (more direct, more efficient, does not rely on spamd not >> falling over). >> >> > I emailed this >> > to the Spamassassin mailing list and someone suggested that I >> Post it >> > here. Is this configuration correct. Should spamd be running >> as root. >> > >> > If that is the way it is supposed to run, why might I not be >> able to run >> > this command as root and have it work: >> > >> > spamassassin --remove-addr-from-whitelist=joe@somwhere.com >> > >> > >> > Any help would be greatly appreciated. >> > >> >> I don't know the exact syntax for the spamassassin script, but the >> basic >> idea should be okay. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060725/21f2a39b/attachment.html From ssilva at sgvwater.com Tue Jul 25 16:33:56 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jul 25 16:36:06 2006 Subject: MailScanner, sendmail & SpamAssassian In-Reply-To: <1153840948.7807.29.camel@doit-b8wsw21.grand-rapids.mi.us> References: <1153775239.7807.17.camel@doit-b8wsw21.grand-rapids.mi.us> <1153840948.7807.29.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: Golden, James spake the following on 7/25/2006 8:22 AM: > It looks like it was installed by the rpm. Which according to the > documentation is not the recommended way. I have 2 questions then: > > Can this be corrected so it doesn't use spamd, if so where can I start > looking for a complete answer on how to do it? > > OR is the best way to uninstall the rpm, and to install using CPAN? You have a few choices; 1) Remove RPM and install from CPAN and take your chances. 2) Remove RPM and use Julian's spamassassin and ClamAV install bundle, which he updates regularly. This also gives you the benefit of the clam module for clamav, it is quite a bit faster and seems to have less system load. 3) Use an alternate repo for the spamassassin, and turn off spamd manually if the RPM enables it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From prandal at herefordshire.gov.uk Tue Jul 25 16:29:54 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jul 25 16:36:52 2006 Subject: New McAfee Commandline Scanners Are Out (5100 Engine) Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580E59E38A@isabella.herefordshire.gov.uk> Hi all, McAfee users should upgrade to the latest McAfee 5100 engine Unix commandline scanners. I've tested it here on both Fedora Core 1 and CentOS 4.3, and it works just fine. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From TGFurnish at herffjones.com Tue Jul 25 17:54:27 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Tue Jul 25 17:54:32 2006 Subject: is this just me? SPF cannot find Envelope-From? Message-ID: <57573D714A832C43B9D80EAFBDA48D03013570AB@inex3.herffjones.hj-int> Hope this isn't considered OT. Not sure if the problem is MS, SA, or (more likely) me. No matter what I set the envelope_sender_header to in spam.assassin.prefs.conf, SA claims it "cannot get Envelope-From, cannot use SPF". Is my test method is bad? I take a known spam message that has been quarantined on another system, add an X-MailScanner-From header with my own address (for which SPF records are defined), and pass it into spamassassin -D --lint. The SA lint output does show that spam.assassin.prefs.conf is being loaded, after local.cf. The server listed in the Received headers is not one of mine. Here's the test message headers that I've been using: ------Begin-test-message-headers------ Return-Path: Received: from 61.53.153.90 (hn.kd.dhcp [61.53.153.90] (may be forged)) by relay.public.herff-jones.com (8.12.11.20060308/8.12.11) with SMTP id k6L5NOr6032242; Fri, 21 Jul 2006 01:23:26 -0400 Message-Id: <200607210523.k6L5NOr6032242@relay.public.herff-jones.com> From: "Chrystal Kincaid" To: ksbillups@herff-jones.com Reply-To: Ksbillupscd7@ekqdgeiwhjb.com Subject: Re: Our bonus for you: $888 FREE TODAY! Date: Fri, 21 Jul 2006 13:56:10 -0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-Mailer: Eudora mail 1.1.3 X-HJMailScanner-From: tgfurnish@herffjones.com X-Envelope-From: tgfurnish@herffjones.com Envelope-From: tgfurnish@herffjones.com ------End-test-message-headers------ There are three similar headers there only because I was trying to find a header format that would make the "cannot get Envelope-From" error go away. -- Trever From mikej at rogers.com Tue Jul 25 18:10:12 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Jul 25 18:09:50 2006 Subject: SPF softfail for every email Message-ID: <44C65074.30304@rogers.com> I am getting a SPF softfail for every message that comes in on one of my boxes (SPF_HELO_SOFTFAIL 2.08, SPF_SOFTFAIL 1.47). It is causing false positives due to the increased score. Has anyone seem similar behavior or would have an idea why this is happening? I have identical setups at other locations working ok. From mailscanner at ecs.soton.ac.uk Tue Jul 25 19:06:39 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 25 19:06:50 2006 Subject: is this just me? SPF cannot find Envelope-From? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D03013570AB@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D03013570AB@inex3.herffjones.hj-int> Message-ID: <44C65DAF.3060901@ecs.soton.ac.uk> Take a look in spam.assassin.prefs.conf. Mine says this: # SpamAssassin will attempt to discover the address used in the 'MAIL FROM:' # phase of the SMTP transaction that delivered this message, if this data # has been made available by the SMTP server. This is used in the EnvelopeFrom # pseudo-header, and for various rules such as SPF checking. # This should be explicitly set for MailScanner envelope_sender_header X-ECS-MailScanner-From Basically you have to tell it where and how to find the Envelope From address in the headers. So make sure your MailScanner is adding this header (obviously you can call it whatever you like, this is for my site). Furnish, Trever G wrote: > Hope this isn't considered OT. Not sure if the problem is MS, SA, or > (more likely) me. > > No matter what I set the envelope_sender_header to in > spam.assassin.prefs.conf, SA claims it "cannot get Envelope-From, cannot > use SPF". > > Is my test method is bad? I take a known spam message that has been > quarantined on another system, add an X-MailScanner-From header with my > own address (for which SPF records are defined), and pass it into > spamassassin -D --lint. > > The SA lint output does show that spam.assassin.prefs.conf is being > loaded, after local.cf. The server listed in the Received headers is > not one of mine. Here's the test message headers that I've been using: > > ------Begin-test-message-headers------ > Return-Path: > Received: from 61.53.153.90 (hn.kd.dhcp [61.53.153.90] (may be forged)) > by relay.public.herff-jones.com (8.12.11.20060308/8.12.11) with > SMTP id k6L5NOr6032242; > Fri, 21 Jul 2006 01:23:26 -0400 > Message-Id: <200607210523.k6L5NOr6032242@relay.public.herff-jones.com> > From: "Chrystal Kincaid" > To: ksbillups@herff-jones.com > Reply-To: Ksbillupscd7@ekqdgeiwhjb.com > Subject: Re: Our bonus for you: $888 FREE TODAY! > Date: Fri, 21 Jul 2006 13:56:10 -0800 > MIME-Version: 1.0 > Content-Type: text/plain; > format=flowed; > charset="iso-8859-1"; > reply-type=original > Content-Transfer-Encoding: 7bit > X-Priority: 3 > X-Mailer: Eudora mail 1.1.3 > X-HJMailScanner-From: tgfurnish@herffjones.com > X-Envelope-From: tgfurnish@herffjones.com > Envelope-From: tgfurnish@herffjones.com > ------End-test-message-headers------ > > There are three similar headers there only because I was trying to find > a header format that would make the "cannot get Envelope-From" error go > away. > > > -- > Trever -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Tue Jul 25 19:07:21 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 25 19:07:53 2006 Subject: SPF softfail for every email In-Reply-To: <44C65074.30304@rogers.com> References: <44C65074.30304@rogers.com> Message-ID: <44C65DD9.4060009@ecs.soton.ac.uk> See the other SPF thread I just replied to, it may well be the same problem. Mike Jakubik wrote: > I am getting a SPF softfail for every message that comes in on one of my > boxes (SPF_HELO_SOFTFAIL 2.08, SPF_SOFTFAIL 1.47). It is causing false > positives due to the increased score. Has anyone seem similar behavior > or would have an idea why this is happening? I have identical setups at > other locations working ok. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From Phil.Udel at salemcorp.com Tue Jul 25 19:26:46 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Tue Jul 25 19:26:55 2006 Subject: Cool. I got my book today In-Reply-To: <44C65DAF.3060901@ecs.soton.ac.uk> Message-ID: <200607251831.k6PIVffX016987@cat.salemcarriers.com> :) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikej at rogers.com Tue Jul 25 19:27:53 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Jul 25 19:27:28 2006 Subject: SPF softfail for every email In-Reply-To: <44C65DD9.4060009@ecs.soton.ac.uk> References: <44C65074.30304@rogers.com> <44C65DD9.4060009@ecs.soton.ac.uk> Message-ID: <44C662A9.5010205@rogers.com> Julian Field wrote: > See the other SPF thread I just replied to, it may well be the same > problem. > > Mike Jakubik wrote: >> I am getting a SPF softfail for every message that comes in on one of >> my boxes (SPF_HELO_SOFTFAIL 2.08, SPF_SOFTFAIL 1.47). It is causing >> false positives due to the increased score. Has anyone seem similar >> behavior or would have an idea why this is happening? I have >> identical setups at other locations working ok. >> > Thats not the case in my configuration. Like i mentioned before, i have identical setups elsewhere. At this point, i believe the problem is a watchguard firewall at the clients location. It transparently filters dns and smtp traffic. From TGFurnish at herffjones.com Tue Jul 25 20:43:34 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Tue Jul 25 20:43:54 2006 Subject: is this just me? SPF cannot find Envelope-From? Message-ID: <57573D714A832C43B9D80EAFBDA48D03013570AD@inex3.herffjones.hj-int> > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Tuesday, July 25, 2006 2:07 PM > To: MailScanner discussion > Subject: Re: is this just me? SPF cannot find Envelope-From? > > Take a look in spam.assassin.prefs.conf. Mine says this: > envelope_sender_header X-ECS-MailScanner-From > > Basically you have to tell it where and how to find the > Envelope From address in the headers. So make sure your > MailScanner is adding this header (obviously you can call it > whatever you like, this is for my site). Thanks, Julian. That wasn't it exactly my problem, but after I went to lunch, took a 20-minute nap, and then started writing out all of my proof that I wasn't dumb enough to mess that bit up... Well, as usual that's when I realized my stupid mistake. :-) ...well, at least part of the problem. I hadn't been restarting MailScanner after updating the spam.assassin.prefs.conf file, so on messages passing in through MS the header name was still different. I'm still not sure why my testing with a spam file isn't working (spamassassin -D --lint foo 2>&1), but a message I passed in via sendmail and forged to use gmail.com WAS scored by SPF_NEUTRAL, which is an improvement. -- Trever From mikej at rogers.com Wed Jul 26 02:14:23 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 26 02:13:56 2006 Subject: is this just me? SPF cannot find Envelope-From? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D03013570AD@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D03013570AD@inex3.herffjones.hj-int> Message-ID: <44C6C1EF.7080905@rogers.com> Furnish, Trever G wrote: > I hadn't been restarting MailScanner after updating the > spam.assassin.prefs.conf file, so on messages passing in through MS the > header name was still different. Somone correct me if my wrong, but doesn't SA read this configuration every time its run? From marc at marcsnet.com Wed Jul 26 02:45:52 2006 From: marc at marcsnet.com (Marc Lucke) Date: Wed Jul 26 02:46:47 2006 Subject: won't write sendmail.in.pid Message-ID: <52431.203.206.179.78.1153878352.squirrel@webmail.marcsnet.com> CPU speed: PIII, 500MHz Memory: 452MB Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 MailScanner version: 4.51.5-1 MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) [blahblah~]# service MailScanner status Checking MailScanner daemons: MailScanner: [ OK ] incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' for reading: No such file or directory [FAILED] outgoing sendmail: [ OK ] Despite the above, I am receiving email and it is being filtered for spam as normal. /var/run/sendmail.out.pid is written and works fine. /var/run/sendmail.in.pid does not exist at all - whether MailScanner is started or not. INPID is defined as /var/run/sendmail.in.pid as per default. What could this be? From marc at marcsnet.com Wed Jul 26 03:04:27 2006 From: marc at marcsnet.com (Marc Lucke) Date: Wed Jul 26 03:04:46 2006 Subject: won't write sendmail.in.pid In-Reply-To: <52431.203.206.179.78.1153878352.squirrel@webmail.marcsnet.com> References: <52431.203.206.179.78.1153878352.squirrel@webmail.marcsnet.com> Message-ID: <52553.203.206.179.78.1153879467.squirrel@webmail.marcsnet.com> I just upgraded to MailScanner-4.54.6-1 using the rpm and following all instructions at the end: service sendmail stop chkconfig sendmail off chkconfig --level 2345 MailScanner on service MailScanner start cd /etc/MailScanner upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf cd /etc/MailScanner/reports/en upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new mv -f languages.conf languages.old mv -f languages.new languages.conf I should have also noted that I had been running MailScanner for a long time with no problem. This problem began "all of a sudden" a couple of days ago. Marc On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: > CPU speed: PIII, 500MHz > Memory: 452MB > Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 > MailScanner version: 4.51.5-1 > MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) > > [blahblah~]# service MailScanner status > Checking MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' > for reading: No such file or directory > [FAILED] > outgoing sendmail: [ OK ] > > Despite the above, I am receiving email and it is being filtered for spam > as normal. /var/run/sendmail.out.pid is written and works fine. > /var/run/sendmail.in.pid does not exist at all - whether MailScanner is > started or not. INPID is defined as /var/run/sendmail.in.pid as per > default. > > What could this be? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From marc at marcsnet.com Wed Jul 26 03:22:42 2006 From: marc at marcsnet.com (Marc Lucke) Date: Wed Jul 26 03:23:16 2006 Subject: won't write sendmail.in.pid Message-ID: <52657.203.206.179.78.1153880562.squirrel@webmail.marcsnet.com> I just upgraded to MailScanner-4.54.6-1 using the rpm and following all instructions at the end: service sendmail stop chkconfig sendmail off chkconfig --level 2345 MailScanner on service MailScanner start cd /etc/MailScanner upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf cd /etc/MailScanner/reports/en upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new mv -f languages.conf languages.old mv -f languages.new languages.conf I should have also noted that I had been running MailScanner for a long time with no problem. This problem began "all of a sudden" a couple of days ago. Marc On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: > CPU speed: PIII, 500MHz > Memory: 452MB > Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 > MailScanner version: 4.51.5-1 > MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) > > [blahblah~]# service MailScanner status > Checking MailScanner daemons: > MailScanner: [ OK ] incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' > for reading: No such file or directory > [FAILED] > outgoing sendmail: [ OK ] > > Despite the above, I am receiving email and it is being filtered for spam as normal. /var/run/sendmail.out.pid is written and works fine. /var/run/sendmail.in.pid does not exist at all - whether MailScanner is started or not. INPID is defined as /var/run/sendmail.in.pid as per default. > > What could this be? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikej at rogers.com Wed Jul 26 05:48:03 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 26 05:47:36 2006 Subject: newer clamscan causes sig 11 Message-ID: <44C6F403.3040201@rogers.com> I've noticed recently in many of my systems that clamscan is dumping core on sig 11. pid 42922 (clamscan), uid 125: exited on signal 11 (core dumped) pid 61564 (clamscan), uid 125: exited on signal 11 (core dumped) pid 91931 (clamscan), uid 125: exited on signal 11 (core dumped) This only started happening when i updated it. Has anyone noticed this with recent versions? I am also using the rarlib patch. This is FreeBSD 5 and 6. From martinh at solid-state-logic.com Wed Jul 26 08:59:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 26 08:59:18 2006 Subject: newer clamscan causes sig 11 In-Reply-To: <44C6F403.3040201@rogers.com> References: <44C6F403.3040201@rogers.com> Message-ID: <44C720C4.4050601@solid-state-logic.com> Mike Jakubik wrote: > I've noticed recently in many of my systems that clamscan is dumping > core on sig 11. > > pid 42922 (clamscan), uid 125: exited on signal 11 (core dumped) > pid 61564 (clamscan), uid 125: exited on signal 11 (core dumped) > pid 91931 (clamscan), uid 125: exited on signal 11 (core dumped) > > This only started happening when i updated it. Has anyone noticed this > with recent versions? I am also using the rarlib patch. This is FreeBSD > 5 and 6. > > Running FreeBSD 4.11 and ClamAV 0.88.3 with no errors.... what happens if you run clamscan from the command line? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jul 26 08:59:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 09:00:14 2006 Subject: is this just me? SPF cannot find Envelope-From? In-Reply-To: <44C6C1EF.7080905@rogers.com> References: <57573D714A832C43B9D80EAFBDA48D03013570AD@inex3.herffjones.hj-int> <44C6C1EF.7080905@rogers.com> Message-ID: On 26 Jul 2006, at 02:14, Mike Jakubik wrote: > Furnish, Trever G wrote: >> I hadn't been restarting MailScanner after updating the >> spam.assassin.prefs.conf file, so on messages passing in through >> MS the >> header name was still different. > > Somone correct me if my wrong, but doesn't SA read this > configuration every time its run? No, as MailScanner does not use the "spamassassin" script at all. -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From adrik at salesmanager.nl Wed Jul 26 09:08:02 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Wed Jul 26 09:08:04 2006 Subject: newer clamscan causes sig 11 Message-ID: > Mike Jakubik wrote: > > I've noticed recently in many of my systems that clamscan > is dumping > > core on sig 11. > > > > pid 42922 (clamscan), uid 125: exited on signal 11 (core > dumped) pid > > 61564 (clamscan), uid 125: exited on signal 11 (core > dumped) pid 91931 > > (clamscan), uid 125: exited on signal 11 (core dumped) > > > > This only started happening when i updated it. Has anyone > noticed this > > with recent versions? I am also using the rarlib patch. This is > > FreeBSD > > 5 and 6. > > > > > Running FreeBSD 4.11 and ClamAV 0.88.3 with no errors.... > > what happens if you run clamscan from the command line? Same here. Running FreeBSD 5.4 and ClamAV 0.88.3 build from ports with no errors. Adri. From grover1711 at gmail.com Wed Jul 26 13:03:26 2006 From: grover1711 at gmail.com (ankush grover) Date: Wed Jul 26 13:03:39 2006 Subject: Message part of white list but marked as MCP how to get rid of this Message-ID: <5f638b360607260503l31381287n30b1b910f908e81@mail.gmail.com> hey friends, We are running a bug tracking software on the same server on which the Mail Server is hosted. When we enter any bug in that software a mail is sent to the person to whom that bug is assigned. Now the MailScanner is marking these messages as mcp even though we have added the email id through which bug issue mail is sent to the the person in the spam.whitelist.rules but the MailScanner is marking that mail as mcp and the mail is not going to the concerned person rather going to the root account. This is generated by the MailWatch. bugs@example.com ankush@example.com [Project1 0000046]: Problem in Chart Module 2.6Kb 0.00 1.00 W/L MCP You can see this message is part of W/L but marked as MCP. How do we configure MailScanner so that if any type of message is generated by that email id for example bugs@example.com that message should not be marked as spam or mcp ? We are using MailScanner 4.44 with Postfix 2.1.5 on FC3. Please let me know if you need any further inputs. Thanks & Regards Ankush Grover From martinh at solid-state-logic.com Wed Jul 26 13:40:39 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 26 13:40:55 2006 Subject: Message part of white list but marked as MCP how to get rid of this In-Reply-To: <5f638b360607260503l31381287n30b1b910f908e81@mail.gmail.com> References: <5f638b360607260503l31381287n30b1b910f908e81@mail.gmail.com> Message-ID: <44C762C7.2020100@solid-state-logic.com> ankush grover wrote: > hey friends, > > We are running a bug tracking software on the same server on which the > Mail Server is hosted. When we enter any bug in that software a mail > is sent to the person to whom that bug is assigned. Now the > MailScanner is marking these messages as mcp even though we have added > the email id through which bug issue mail is sent to the the person in > the spam.whitelist.rules but the MailScanner is marking that mail as > mcp and the mail is not going to the concerned person rather going to > the root account. > > This is generated by the MailWatch. > bugs@example.com ankush@example.com > [Project1 0000046]: Problem in Chart Module 2.6Kb 0.00 > 1.00 W/L MCP > > You can see this message is part of W/L but marked as MCP. > > How do we configure MailScanner so that if any type of message is > generated by that email id for example bugs@example.com that message > should not be marked as spam or mcp ? > > We are using MailScanner 4.44 with Postfix 2.1.5 on FC3. > > Please let me know if you need any further inputs. > > Thanks & Regards > > Ankush Grover Ankush Add a ruleset to the MailScanner.conf option "Scan Messages" so that it doesn't scan messages from 127.0.0.1.. eg Scan Message = %rules-dir%/scan.messages.rules and the scan.messages.rules file contains the following.. From: 127.0.0.1 no FromOrTo: Default yes and then MS won't scan any messages from it's own computer. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Denis.Beauchemin at USherbrooke.ca Wed Jul 26 13:52:09 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jul 26 13:52:20 2006 Subject: newer clamscan causes sig 11 In-Reply-To: <44C6F403.3040201@rogers.com> References: <44C6F403.3040201@rogers.com> Message-ID: <44C76579.4090507@USherbrooke.ca> Mike Jakubik a ?crit : > I've noticed recently in many of my systems that clamscan is dumping > core on sig 11. > > pid 42922 (clamscan), uid 125: exited on signal 11 (core dumped) > pid 61564 (clamscan), uid 125: exited on signal 11 (core dumped) > pid 91931 (clamscan), uid 125: exited on signal 11 (core dumped) > > This only started happening when i updated it. Has anyone noticed this > with recent versions? I am also using the rarlib patch. This is > FreeBSD 5 and 6. > > Everything is fine here: RHEL4, ClamAV 0.88.3. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/b83b0201/smime.bin From grover1711 at gmail.com Wed Jul 26 14:01:11 2006 From: grover1711 at gmail.com (ankush grover) Date: Wed Jul 26 14:01:14 2006 Subject: Message part of white list but marked as MCP how to get rid of this In-Reply-To: <44C762C7.2020100@solid-state-logic.com> References: <5f638b360607260503l31381287n30b1b910f908e81@mail.gmail.com> <44C762C7.2020100@solid-state-logic.com> Message-ID: <5f638b360607260601h27b030dk93ea4a1ade4fef0@mail.gmail.com> On 7/26/06, Martin Hepworth wrote: > ankush grover wrote: > > hey friends, > > > > We are running a bug tracking software on the same server on which the > > Mail Server is hosted. When we enter any bug in that software a mail > > is sent to the person to whom that bug is assigned. Now the > > MailScanner is marking these messages as mcp even though we have added > > the email id through which bug issue mail is sent to the the person in > > the spam.whitelist.rules but the MailScanner is marking that mail as > > mcp and the mail is not going to the concerned person rather going to > > the root account. > > > > This is generated by the MailWatch. > > bugs@example.com ankush@example.com > > [Project1 0000046]: Problem in Chart Module 2.6Kb 0.00 > > 1.00 W/L MCP > > > > You can see this message is part of W/L but marked as MCP. > > > > How do we configure MailScanner so that if any type of message is > > generated by that email id for example bugs@example.com that message > > should not be marked as spam or mcp ? > > > > We are using MailScanner 4.44 with Postfix 2.1.5 on FC3. > > > > Please let me know if you need any further inputs. > > > > Thanks & Regards > > > > Ankush Grover > Ankush > > Add a ruleset to the MailScanner.conf option "Scan Messages" so that it > doesn't scan messages from 127.0.0.1.. > > eg > Scan Message = %rules-dir%/scan.messages.rules > > and the scan.messages.rules file contains the following.. > > From: 127.0.0.1 no > FromOrTo: Default yes > > > and then MS won't scan any messages from it's own computer. Hey, Thanks for the information. Thanks & Regards Ankush Grover From MailScanner at ecs.soton.ac.uk Wed Jul 26 14:12:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 14:13:30 2006 Subject: newer clamscan causes sig 11 In-Reply-To: <44C76579.4090507@USherbrooke.ca> References: <44C6F403.3040201@rogers.com> <44C76579.4090507@USherbrooke.ca> Message-ID: Hmmm.... tricky one this. You are "using the rarlib patch". Everyone else has no problems at all, you are using some patch or other. Perhaps the problem lies with the patch? Have you tried it without this patch? :-) On 26 Jul 2006, at 13:52, Denis Beauchemin wrote: > Mike Jakubik a ?crit : >> I've noticed recently in many of my systems that clamscan is >> dumping core on sig 11. >> >> pid 42922 (clamscan), uid 125: exited on signal 11 (core dumped) >> pid 61564 (clamscan), uid 125: exited on signal 11 (core dumped) >> pid 91931 (clamscan), uid 125: exited on signal 11 (core dumped) >> >> This only started happening when i updated it. Has anyone noticed >> this with recent versions? I am also using the rarlib patch. This >> is FreeBSD 5 and 6. >> >> > Everything is fine here: RHEL4, ClamAV 0.88.3. > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From rich at mail.wvnet.edu Wed Jul 26 14:30:42 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Wed Jul 26 14:31:13 2006 Subject: A quick and easy performance improvement Message-ID: <44C76E82.3070407@mail.wvnet.edu> I thought I'd post to the list about a change I made yesterday which provided a huge boost in system's performance. By far the largest amount of time spent in the life of a disk I/O operation is seek time. Seek time is the amount of time it takes to move the disk R/W heads from one cylinder to another. The /var/spool filesystem is where the inbound and outbound mail queues are located. Note also that the Bayes database is accessed heavily when analyzing a message. Like many installations we have our root filesystem (/) and /var filesystem on separate partitions on a single hard drive. The default location for the SpamAssassin bayes database is in /root/.spamassassin/ which is on the rootfs. Moving the bayes database to /var/spool/spamassassin resulted in a huge decrease in IOWait time. In our case it was an order of magnitude reduction. For example, IOWait percentages went from 30% to 3%. IOWait is the percentage of time the processor is waiting on an I/O operation to complete. Our mail queues no longer get behind and throughput is outstanding! Making the change is trivial (from root).... 1. Shutdown MS 2. mkdir /var/spool/spamassassin 3. mv .spamassassin/bayes* /var/spool/spamassassin/ 4. Edit /etc/MailScanner/spam.assassin.prefs.conf and uncomment the lines which define where the bayes DB is located. Thanks Julian! The lines are... auto_whitelist_path /var/spool/spamassassin/auto-whitelist auto_whitelist_file_mode 0600 bayes_path /var/spool/spamassassin/bayes bayes_file_mode 0600 5. Start MS Just wanted to let others know and perhaps benefit from our experiences. Richard Lynch Morgantown -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/5ee9f177/rich.vcf From gmatt at nerc.ac.uk Wed Jul 26 15:08:01 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Jul 26 15:08:18 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C76E82.3070407@mail.wvnet.edu> References: <44C76E82.3070407@mail.wvnet.edu> Message-ID: <44C77741.90308@nerc.ac.uk> Richard Lynch wrote: > > I thought I'd post to the list about a change I made yesterday which > provided a huge boost in system's performance. one for the wiki? -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From mikej at rogers.com Wed Jul 26 15:20:02 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 26 15:19:32 2006 Subject: newer clamscan causes sig 11 In-Reply-To: <44C720C4.4050601@solid-state-logic.com> References: <44C6F403.3040201@rogers.com> <44C720C4.4050601@solid-state-logic.com> Message-ID: <44C77A12.5060300@rogers.com> Martin Hepworth wrote: > Running FreeBSD 4.11 and ClamAV 0.88.3 with no errors.... > what happens if you run clamscan from the command line? > It works just fine from command line. From chris at tac.esi.net Wed Jul 26 15:20:02 2006 From: chris at tac.esi.net (Chris Hammond) Date: Wed Jul 26 15:20:16 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C76E82.3070407@mail.wvnet.edu> References: <44C76E82.3070407@mail.wvnet.edu> Message-ID: <44C74219.B662.0038.0@tac.esi.net> I might be a little thick, but what would the reason for this performance increase be the fact the / and /var are seperate partitions? Chris >>> Richard Lynch 07/26/06 9:30 AM >>> I thought I'd post to the list about a change I made yesterday which provided a huge boost in system's performance. By far the largest amount of time spent in the life of a disk I/O operation is seek time. Seek time is the amount of time it takes to move the disk R/W heads from one cylinder to another. The /var/spool filesystem is where the inbound and outbound mail queues are located. Note also that the Bayes database is accessed heavily when analyzing a message. Like many installations we have our root filesystem (/) and /var filesystem on separate partitions on a single hard drive. The default location for the SpamAssassin bayes database is in /root/.spamassassin/ which is on the rootfs. Moving the bayes database to /var/spool/spamassassin resulted in a huge decrease in IOWait time. In our case it was an order of magnitude reduction. For example, IOWait percentages went from 30% to 3%. IOWait is the percentage of time the processor is waiting on an I/O operation to complete. Our mail queues no longer get behind and throughput is outstanding! Making the change is trivial (from root).... 1. Shutdown MS 2. mkdir /var/spool/spamassassin 3. mv .spamassassin/bayes* /var/spool/spamassassin/ 4. Edit /etc/MailScanner/spam.assassin.prefs.conf and uncomment the lines which define where the bayes DB is located. Thanks Julian! The lines are... auto_whitelist_path /var/spool/spamassassin/auto- whitelist auto_whitelist_file_mode 0600 bayes_path /var/spool/spamassassin/bayes bayes_file_mode 0600 5. Start MS Just wanted to let others know and perhaps benefit from our experiences. Richard Lynch Morgantown -- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at vesol.com Wed Jul 26 15:23:12 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Jul 26 15:23:24 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C76E82.3070407@mail.wvnet.edu> Message-ID: I don't suppose this would have any effect if you are using MySQL for bayes, right? Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Richard Lynch > Sent: Wednesday, July 26, 2006 8:31 AM > To: MailScanner discussion > Subject: A quick and easy performance improvement > > > I thought I'd post to the list about a change I made > yesterday which provided a huge boost in system's performance. > > By far the largest amount of time spent in the life of a disk > I/O operation is seek time. Seek time is the amount of time > it takes to move the disk R/W heads from one cylinder to > another. The /var/spool filesystem is where the inbound and > outbound mail queues are located. > Note also that the Bayes database is accessed heavily when > analyzing a message. > > Like many installations we have our root filesystem (/) and > /var filesystem on separate partitions on a single hard > drive. The default location for the SpamAssassin bayes > database is in /root/.spamassassin/ > which is on the rootfs. Moving the bayes database to > /var/spool/spamassassin resulted in a huge decrease in IOWait > time. In our case it was an order of magnitude reduction. > For example, IOWait percentages went from 30% to 3%. IOWait > is the percentage of time the processor is waiting on an I/O > operation to complete. Our mail queues no longer get behind > and throughput is outstanding! > > Making the change is trivial (from root).... > > 1. Shutdown MS > 2. mkdir /var/spool/spamassassin > 3. mv .spamassassin/bayes* /var/spool/spamassassin/ 4. Edit > /etc/MailScanner/spam.assassin.prefs.conf and uncomment the > lines which define where the bayes DB is located. Thanks > Julian! > The lines > are... > > auto_whitelist_path /var/spool/spamassassin/auto-whitelist > auto_whitelist_file_mode 0600 > bayes_path /var/spool/spamassassin/bayes > bayes_file_mode 0600 > > 5. Start MS > > > Just wanted to let others know and perhaps benefit from our > experiences. > > Richard Lynch > Morgantown > > -- > > > From mikej at rogers.com Wed Jul 26 15:24:13 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 26 15:23:41 2006 Subject: newer clamscan causes sig 11 In-Reply-To: References: <44C6F403.3040201@rogers.com> <44C76579.4090507@USherbrooke.ca> Message-ID: <44C77B0D.8040208@rogers.com> Julian Field wrote: > Hmmm.... tricky one this. You are "using the rarlib patch". Everyone > else has no problems at all, you are using some patch or other. > Perhaps the problem lies with the patch? Have you tried it without > this patch? > :-) Thats my guess too, since the current version of rar is beta 6 (wouldn't disabling rarlib patch mean v3+ rar files will never get scanned?), however it's happened on a system than never received a rar file. But it works just fine from command line, i catch these errors every so often in my logs. I don't suppose anything major has changed in the way MS uses clamscan? From mikej at rogers.com Wed Jul 26 15:35:45 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 26 15:35:17 2006 Subject: SPF softfail for every email In-Reply-To: <44C662A9.5010205@rogers.com> References: <44C65074.30304@rogers.com> <44C65DD9.4060009@ecs.soton.ac.uk> <44C662A9.5010205@rogers.com> Message-ID: <44C77DC1.6060904@rogers.com> Mike Jakubik wrote: > Julian Field wrote: >> See the other SPF thread I just replied to, it may well be the same >> problem. >> >> Mike Jakubik wrote: >>> I am getting a SPF softfail for every message that comes in on one >>> of my boxes (SPF_HELO_SOFTFAIL 2.08, SPF_SOFTFAIL 1.47). It is >>> causing false positives due to the increased score. Has anyone seem >>> similar behavior or would have an idea why this is happening? I have >>> identical setups at other locations working ok. >>> >> > > Thats not the case in my configuration. Like i mentioned before, i > have identical setups elsewhere. At this point, i believe the problem > is a watchguard firewall at the clients location. It transparently > filters dns and smtp traffic. > Just an FYI, it was the damned watchguard firewall that was causing SPF to soft fail. And now its blocking ntp requests, ugh, i hate this thing. From rich at mail.wvnet.edu Wed Jul 26 15:38:48 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Wed Jul 26 15:38:59 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C74219.B662.0038.0@tac.esi.net> References: <44C76E82.3070407@mail.wvnet.edu> <44C74219.B662.0038.0@tac.esi.net> Message-ID: <44C77E78.7050200@mail.wvnet.edu> Chris Hammond wrote: > I might be a little thick, but what would the reason for this performance increase be the fact the / and /var are seperate partitions? > Essentially, yes. It really comes down to how far apart on disk the BayesDB is from the mail queues and MailScanner temp work area. The closer things are on disk the less time spent doing disk seek operations. That's where the benefit comes from. A disk seek (i.e. moving the heads over the proper cylinder) is much much slower than any other operation! Richard Lynch Morgantown, WVa > Chris > > >>>> Richard Lynch 07/26/06 9:30 AM >>> >>>> > > I thought I'd post to the list about a change I made yesterday which > provided a huge boost in system's performance. > > By far the largest amount of time spent in the life of a disk I/O > operation is seek time. Seek time is the amount of time it takes to > move the disk R/W heads from one cylinder to another. The /var/spool > filesystem is where the inbound and outbound mail queues are located. > Note also that the Bayes database is accessed heavily when analyzing a > message. > > Like many installations we have our root filesystem (/) and /var > filesystem on separate partitions on a single hard drive. The default > location for the SpamAssassin bayes database is in /root/.spamassassin/ > which is on the rootfs. Moving the bayes database to > /var/spool/spamassassin resulted in a huge decrease in IOWait time. In > our case it was an order of magnitude reduction. For example, IOWait > percentages went from 30% to 3%. IOWait is the percentage of time the > processor is waiting on an I/O operation to complete. Our mail queues > no longer get behind and throughput is outstanding! > > Making the change is trivial (from root).... > > 1. Shutdown MS > 2. mkdir /var/spool/spamassassin > 3. mv .spamassassin/bayes* /var/spool/spamassassin/ > 4. Edit /etc/MailScanner/spam.assassin.prefs.conf and uncomment the > lines which define where the bayes DB is located. Thanks Julian! > The lines > are... > > auto_whitelist_path /var/spool/spamassassin/auto- whitelist > auto_whitelist_file_mode 0600 > bayes_path /var/spool/spamassassin/bayes > bayes_file_mode 0600 > > 5. Start MS > > > Just wanted to let others know and perhaps benefit from our experiences. > > Richard Lynch > Morgantown > > -- > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/4af01d79/rich.vcf From naolson at gmail.com Wed Jul 26 15:40:32 2006 From: naolson at gmail.com (Nathan Olson) Date: Wed Jul 26 15:40:34 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C77E78.7050200@mail.wvnet.edu> References: <44C76E82.3070407@mail.wvnet.edu> <44C74219.B662.0038.0@tac.esi.net> <44C77E78.7050200@mail.wvnet.edu> Message-ID: <8f54b4330607260740s13fe0288k38cddba6429f0425@mail.gmail.com> Would noatime affect bayes operation on /var/spool? Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/783ecb6d/attachment.html From rich at mail.wvnet.edu Wed Jul 26 15:45:19 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Wed Jul 26 15:45:28 2006 Subject: A quick and easy performance improvement In-Reply-To: References: Message-ID: <44C77FFF.4050409@mail.wvnet.edu> Mike Kercher wrote: > I don't suppose this would have any effect if you are using MySQL for > bayes, right? > > Mike > True, changing the location of bayes in the spam.asssassin.prefs.conf file won't help. However, putting the MySQL DB files closer to the mail queues will help. Ultimately, it all comes down to disk I/O and minimizing the time it takes to seek from one disk location to another will result in benefits in IOWait time. BTW... I'm running on RHEL V3. I have the sysstat package installed which provides the sar command. Using sar I can see various performance statistics one of which is IOWait. Richard Lynch Morgantown, WVa > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Richard Lynch >> Sent: Wednesday, July 26, 2006 8:31 AM >> To: MailScanner discussion >> Subject: A quick and easy performance improvement >> >> >> I thought I'd post to the list about a change I made >> yesterday which provided a huge boost in system's performance. >> >> By far the largest amount of time spent in the life of a disk >> I/O operation is seek time. Seek time is the amount of time >> it takes to move the disk R/W heads from one cylinder to >> another. The /var/spool filesystem is where the inbound and >> outbound mail queues are located. >> Note also that the Bayes database is accessed heavily when >> analyzing a message. >> >> Like many installations we have our root filesystem (/) and >> /var filesystem on separate partitions on a single hard >> drive. The default location for the SpamAssassin bayes >> database is in /root/.spamassassin/ >> which is on the rootfs. Moving the bayes database to >> /var/spool/spamassassin resulted in a huge decrease in IOWait >> time. In our case it was an order of magnitude reduction. >> For example, IOWait percentages went from 30% to 3%. IOWait >> is the percentage of time the processor is waiting on an I/O >> operation to complete. Our mail queues no longer get behind >> and throughput is outstanding! >> >> Making the change is trivial (from root).... >> >> 1. Shutdown MS >> 2. mkdir /var/spool/spamassassin >> 3. mv .spamassassin/bayes* /var/spool/spamassassin/ 4. Edit >> /etc/MailScanner/spam.assassin.prefs.conf and uncomment the >> lines which define where the bayes DB is located. Thanks >> Julian! >> The lines >> are... >> >> auto_whitelist_path /var/spool/spamassassin/auto-whitelist >> auto_whitelist_file_mode 0600 >> bayes_path /var/spool/spamassassin/bayes >> bayes_file_mode 0600 >> >> 5. Start MS >> >> >> Just wanted to let others know and perhaps benefit from our >> experiences. >> >> Richard Lynch >> Morgantown >> >> -- >> >> >> >> -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/c9fa34ec/rich.vcf From HancockS at morganco.com Wed Jul 26 15:48:31 2006 From: HancockS at morganco.com (Hancock, Scott) Date: Wed Jul 26 15:50:19 2006 Subject: Orphaned processing directory Message-ID: <7A6F9F7356141C42987075747C5B87D30303FD9F@wmail.int.morganco.com> I have a directory containing 60 files in /var/spool/MailScanner/input The directory is 6 days old at this point. How can I tell MailScanner to process these files? Or can I assume these files have already been processed and the directory clean up was missed? I see in the mail log the incoming event but not the delivery. I think exim would tag another msg ID after MailScanner processing anyway? Thanks for any help Scott Hancock From denis at croombs.org Wed Jul 26 15:56:46 2006 From: denis at croombs.org (denis@croombs.org) Date: Wed Jul 26 15:54:54 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C76E82.3070407@mail.wvnet.edu> References: <44C76E82.3070407@mail.wvnet.edu> Message-ID: <20477.87.238.80.64.1153925806.squirrel@www.croombs.org> > > I thought I'd post to the list about a change I made yesterday which > provided a huge boost in system's performance. > > By far the largest amount of time spent in the life of a disk I/O > operation is seek time. Seek time is the amount of time it takes to > move the disk R/W heads from one cylinder to another. The /var/spool > filesystem is where the inbound and outbound mail queues are located. > Note also that the Bayes database is accessed heavily when analyzing a > message. > > Like many installations we have our root filesystem (/) and /var > filesystem on separate partitions on a single hard drive. The default > location for the SpamAssassin bayes database is in /root/.spamassassin/ > which is on the rootfs. Moving the bayes database to > /var/spool/spamassassin resulted in a huge decrease in IOWait time. In > our case it was an order of magnitude reduction. For example, IOWait > percentages went from 30% to 3%. IOWait is the percentage of time the > processor is waiting on an I/O operation to complete. Our mail queues > no longer get behind and throughput is outstanding! > I would also assume having them on different hard drives would give an even larger increase in throughput ? Regards Denis From rich at mail.wvnet.edu Wed Jul 26 16:00:01 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Wed Jul 26 16:00:07 2006 Subject: A quick and easy performance improvement In-Reply-To: <20477.87.238.80.64.1153925806.squirrel@www.croombs.org> References: <44C76E82.3070407@mail.wvnet.edu> <20477.87.238.80.64.1153925806.squirrel@www.croombs.org> Message-ID: <44C78371.6040207@mail.wvnet.edu> denis@croombs.org wrote: >>I thought I'd post to the list about a change I made yesterday which >>provided a huge boost in system's performance. >> >>By far the largest amount of time spent in the life of a disk I/O >>operation is seek time. Seek time is the amount of time it takes to >>move the disk R/W heads from one cylinder to another. The /var/spool >>filesystem is where the inbound and outbound mail queues are located. >>Note also that the Bayes database is accessed heavily when analyzing a >>message. >> >>Like many installations we have our root filesystem (/) and /var >>filesystem on separate partitions on a single hard drive. The default >>location for the SpamAssassin bayes database is in /root/.spamassassin/ >>which is on the rootfs. Moving the bayes database to >>/var/spool/spamassassin resulted in a huge decrease in IOWait time. In >>our case it was an order of magnitude reduction. For example, IOWait >>percentages went from 30% to 3%. IOWait is the percentage of time the >>processor is waiting on an I/O operation to complete. Our mail queues >>no longer get behind and throughput is outstanding! >> >> >> >I would also assume having them on different hard drives would give an >even larger increase in throughput ? > >Regards > >Denis > > > Most certainly, however this would depend on what else is happening on the two drives. -- Rich -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 296 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/f49c13e8/rich.vcf From martinh at solid-state-logic.com Wed Jul 26 16:11:47 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Jul 26 16:12:00 2006 Subject: Orphaned processing directory In-Reply-To: <7A6F9F7356141C42987075747C5B87D30303FD9F@wmail.int.morganco.com> References: <7A6F9F7356141C42987075747C5B87D30303FD9F@wmail.int.morganco.com> Message-ID: <44C78633.2040304@solid-state-logic.com> Hancock, Scott wrote: > I have a directory containing 60 files in /var/spool/MailScanner/input > > The directory is 6 days old at this point. > > How can I tell MailScanner to process these files? > > Or can I assume these files have already been processed and the > directory clean up was missed? > > I see in the mail log the incoming event but not the delivery. I think > exim would tag another msg ID after MailScanner processing anyway? > > Thanks for any help > > Scott Hancock > > > > These should still be in the incoming exim queue if they are not processed, and should keep the msgID all the way through. What version of exim and MS are you using? -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mailscanner at mango.zw Wed Jul 26 16:09:22 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Jul 26 16:15:06 2006 Subject: Denial Of Service attack handling by MS 4.54.6 Message-ID: Hi Julian I have only just installed the above version of MailScanner and was interested to see how it dealt with the problem of DOS attacks affecting the virus scanner. I came across an example this morning: The message was 650 KB in size, with a PowerPoint attachment 10 minutes after scanning of the batch started, MailScanner reported "Commercial scanner clamav timed out!" (this corresponds with the time configured for Virus Scanner Timeout) followed by "Denial Of Service attack detected!" 10 minutes later there was another maillog entry reporting "Commercial scanner clamav timed out!" again followed by details of which message caused the denial of service attack. 22 minutes after the above, the message was finally quarantined. I presume that the above actions are as now intended. However there are still some associated problems: The complete batch of 16 messages totalling 805877 bytes took a full 45 minutes to be processed before the uninfected messages were delivered, in spite of my having set Virus Scanner Timeout to 10 minutes per batch. The message was treated as containing a silent virus, so there was no notification to the recipient. Are the following changes possible and if so, agreeable to you: Stop virus scanning any individual message once it exceeds a reasonable time - eg if "Virus Scanner Timeout = 300", then stop scanning a message after say (300/no of msgs in batch)*10 secs or the full virus scanner timeout time, whichever is the smaller. Flag the message as being infected with a Denial of Service attack (as it does now). Remove "Denial Of Service attack" from the list of silent viruses, so that such messages are delivered with a notice to say that the attachment has been removed. I presume that the final option could alternatively be handled by simply adding: Virus: /Denial.of.Service/ yes to still_deliver_silent_viruses.rules which is what I have now done. However I think that in general such cases are far more likely to be genuine files than deliberately crafted bombs. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From lshaw at emitinc.com Wed Jul 26 16:20:30 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed Jul 26 16:20:46 2006 Subject: newer clamscan causes sig 11 In-Reply-To: <44C77B0D.8040208@rogers.com> References: <44C6F403.3040201@rogers.com> <44C76579.4090507@USherbrooke.ca> <44C77B0D.8040208@rogers.com> Message-ID: On Wed, 26 Jul 2006, Mike Jakubik wrote: > Julian Field wrote: >> Hmmm.... tricky one this. You are "using the rarlib patch". Everyone else >> has no problems at all, you are using some patch or other. Perhaps the >> problem lies with the patch? Have you tried it without this patch? >> :-) > > Thats my guess too, since the current version of rar is beta 6 (wouldn't > disabling rarlib patch mean v3+ rar files will never get scanned?), however > it's happened on a system than never received a rar file. Just because it never goes through the subset of rarlib code that actually decompresses a rar file does not mean the patch isn't at fault. - Logan From rich at mail.wvnet.edu Wed Jul 26 16:21:57 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Wed Jul 26 16:22:29 2006 Subject: A quick and easy performance improvement In-Reply-To: <8f54b4330607260740s13fe0288k38cddba6429f0425@mail.gmail.com> References: <44C76E82.3070407@mail.wvnet.edu> <44C74219.B662.0038.0@tac.esi.net> <44C77E78.7050200@mail.wvnet.edu> <8f54b4330607260740s13fe0288k38cddba6429f0425@mail.gmail.com> Message-ID: <44C78895.3090405@mail.wvnet.edu> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/369eda7b/smime.bin From uxbod at splatnix.net Wed Jul 26 17:29:14 2006 From: uxbod at splatnix.net (uxbod) Date: Wed Jul 26 16:33:10 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C78895.3090405@mail.wvnet.edu> References: <44C78895.3090405@mail.wvnet.edu> Message-ID: <0de9d617518cc3bcf429359367da7a54@localhost> Why not hold the bayes on a RAM partition, and have a cronjob that periodically backs it up throughout the day so that changes are not lost if the server crashes ? On Wed, 26 Jul 2006 11:21:57 -0400, Richard Lynch wrote: > Nathan Olson wrote: > >> Would noatime affect bayes operation on /var/spool? >> >> Nate >> > Noatime will probably help since it would reduce the number of I/O > operations to the disk -- fewer I/Os is good for performance. If I > recall correctly, noatime means that the system will not update the last > access date for the file. One less I/O will certainly help. The > benefit I'm going after comes from reducing disk seek time by putting > the bayes DB closer to the mail queues. For me, using pretty much a > default installation, the benefit was in decreasing the IOWait time to > 1/10th that value it was. > > -- Rich > > -- > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From naolson at gmail.com Wed Jul 26 16:39:16 2006 From: naolson at gmail.com (Nathan Olson) Date: Wed Jul 26 16:39:19 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C78895.3090405@mail.wvnet.edu> References: <44C76E82.3070407@mail.wvnet.edu> <44C74219.B662.0038.0@tac.esi.net> <44C77E78.7050200@mail.wvnet.edu> <8f54b4330607260740s13fe0288k38cddba6429f0425@mail.gmail.com> <44C78895.3090405@mail.wvnet.edu> Message-ID: <8f54b4330607260839r56f2ac16p351e6741ac5845bf@mail.gmail.com> I was just curious if anything in the bayes code relied on atime. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/6b642a0a/attachment.html From mikej at rogers.com Wed Jul 26 16:45:08 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 26 16:44:35 2006 Subject: A quick and easy performance improvement In-Reply-To: <8f54b4330607260839r56f2ac16p351e6741ac5845bf@mail.gmail.com> References: <44C76E82.3070407@mail.wvnet.edu> <44C74219.B662.0038.0@tac.esi.net> <44C77E78.7050200@mail.wvnet.edu> <8f54b4330607260740s13fe0288k38cddba6429f0425@mail.gmail.com> <44C78895.3090405@mail.wvnet.edu> <8f54b4330607260839r56f2ac16p351e6741ac5845bf@mail.gmail.com> Message-ID: <44C78E04.6090204@rogers.com> Nathan Olson wrote: > I was just curious if anything in the bayes code relied on atime. Or for that matter MS's spools. I keep them on a seperate partition, so if its not required, i would like to set noatime on it. From daniel.maher at ubisoft.com Wed Jul 26 16:45:54 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Wed Jul 26 16:48:24 2006 Subject: how to actually disable MCP checks? Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D00C@UBIMAIL1.ubisoft.org> Hello all, I would like to disable MCP checks on one group of my email servers. In MailScanner.conf: MCP Checks = no However, if I take a look in my logs, it would appear MCP checks are still being run: Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks: Starting Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks completed at 546003 bytes per second Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks: Starting Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks completed at 607785 bytes per second Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks: Starting Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks completed at 546278 bytes per second What's the deal? How do I actually turn off MCP checks? Alternatively, MCP checks are in fact disabled (which is why they appear to process so quickly) - in which case, I can't help but wonder why such misleading output is still sent to the logs... Any comments? Thanks! -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/e253e63a/attachment-0001.html From mailscanner at mango.zw Wed Jul 26 16:35:49 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Jul 26 16:50:18 2006 Subject: Request for separate report file for file size limits Message-ID: Hi Julian I make extensive use of the attachmentsize.rules file for users with poor connectivity or who are using cellphones with only 9600 bps capability. Currently when files exceed the specified limits the message is delivered after removal of the attachment(s) along with the following report file: stored.virus.message.txt which by default says: The original e-mail attachment "$filename" was believed to be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment . . . The subject line of the delivered message has the words: {Dangerous Content?} added. The above wording is rather alarming and inappropriate for a message that has an over-large attachment, even if it does go on to say: At Wed Jul 26 09:07:26 2006 the virus scanner said: MailScanner: Attachment is too large I have always edited the report wording to: The original e-mail attachment: "$filename" was believed to be infected by a virus OR to violate the file size limits for the recipient and has been replaced by this warning message. If you wish to receive a copy of the *infected* or oversize attachment . . . However the above wording is still not ideal for two totally different types of problems. I would like to request a separate report file for oversize attachments to replace the above, as well as a change in the wording added to the subject line of delivered messages to say: {Oversize attachment}. In addition, it would be extremely helpful if the report also included details of the size(s) of the attachment(s) that had been quarantined. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From mailscanner at mango.zw Wed Jul 26 16:43:07 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Jul 26 16:56:47 2006 Subject: Orphaned processing directory In-Reply-To: <7A6F9F7356141C42987075747C5B87D30303FD9F@wmail.int.morganco.com> Message-ID: Hi On Wed, 26 Jul 2006, Hancock, Scott wrote: > I have a directory containing 60 files in /var/spool/MailScanner/input > > The directory is 6 days old at this point. > > How can I tell MailScanner to process these files? > > Or can I assume these files have already been processed and the > directory clean up was missed? > > I see in the mail log the incoming event but not the delivery. I think > exim would tag another msg ID after MailScanner processing anyway? I note that the number of messages is a multiple of the default number of messages per batch (30). Are you sure that this isn't a case of a Denial of Service attack? ie the virus scanner has timed out on one of the messages so refuses to process the remainder in each batch. You should see an entry: Virus Scanning: Denial Of Service attack detected! in the log. The solution is to upgrade to the latest version of MailScanner (see my posting earlier today). Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From mailscanner at mango.zw Wed Jul 26 16:59:30 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Jul 26 17:20:13 2006 Subject: Installation of MailScanner on Debian Message-ID: Hi all There doesn't seem to be much in the way of documentation for installing MailScanner on a Debian system. Users seem to face two choices: Install the Debian package, but that is always somewhat out of date or Install from source, but that will result in an installation that is not Debianised at all. I would like to have the best of both worlds. Ideally what is needed is for the maintainer of the Debian package to bring that out within a week or so of the standard RPM and source packages. Assuming that their resources are limited, could we not set up a Debian group that could assist in ensuring that this gets out as quickly as possible? Alternatively, what about some basic instructions on Debianising the source package so that users can do it themselves? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From rich at mail.wvnet.edu Wed Jul 26 17:25:07 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Wed Jul 26 17:25:29 2006 Subject: A quick and easy performance improvement In-Reply-To: <0de9d617518cc3bcf429359367da7a54@localhost> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> Message-ID: <44C79763.1060201@mail.wvnet.edu> uxbod wrote: >Why not hold the bayes on a RAM partition, and have a cronjob that periodically backs it up throughout the day so that changes are not lost if the server crashes ? > > That would definitely improve things. Seek time in RAM is zero! While monitoring disk I/Os (iostat 1) I was surprised at the high number for bayes. I didn't expect to see it so high. One my systems it was actually higher than the I/O for the mail queues. -- Rich >On Wed, 26 Jul 2006 11:21:57 -0400, Richard Lynch wrote: > > >>Nathan Olson wrote: >> >> >> >>>Would noatime affect bayes operation on /var/spool? >>> >>>Nate >>> >>> >>> >>Noatime will probably help since it would reduce the number of I/O >>operations to the disk -- fewer I/Os is good for performance. If I >>recall correctly, noatime means that the system will not update the last >>access date for the file. One less I/O will certainly help. The >>benefit I'm going after comes from reducing disk seek time by putting >>the bayes DB closer to the mail queues. For me, using pretty much a >>default installation, the benefit was in decreasing the IOWait time to >>1/10th that value it was. >> >>-- Rich >> >>-- >> >> >> >> >> >> > > > > -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 308 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/560f8849/rich.vcf From steve.swaney at fsl.com Wed Jul 26 17:42:10 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Jul 26 17:40:17 2006 Subject: how to actually disable MCP checks? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D00C@UBIMAIL1.ubisoft.org> Message-ID: <155e01c6b0d2$70db5180$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Daniel Maher > Sent: Wednesday, July 26, 2006 11:46 AM > To: MailScanner discussion > Subject: how to actually disable MCP checks? > > Hello all, > > I would like to disable MCP checks on one group of my email servers. > > In MailScanner.conf: > > MCP Checks = no > > However, if I take a look in my logs, it would appear MCP checks are still > being run: > > Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks: Starting > > Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks completed at 546003 > bytes per second > > Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks: Starting > > Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks completed at 607785 > bytes per second > > Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks: Starting > > Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks completed at 546278 > bytes per second > > What's the deal? How do I actually turn off MCP checks? > > Alternatively, MCP checks are in fact disabled (which is why they appear > to process so quickly) - in which case, I can't help but wonder why such > misleading output is still sent to the logs. > > Any comments? Thanks! > You have disabled MCP checks. You don't say what version of MailScanner you're using but I suspect it an older version which logged this message even if MCP checks were turned off. An upgrade should fix your problem :) Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From chris at tac.esi.net Wed Jul 26 18:13:16 2006 From: chris at tac.esi.net (Chris Hammond) Date: Wed Jul 26 18:13:33 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C79763.1060201@mail.wvnet.edu> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> Message-ID: <44C76AB2.B662.0038.0@tac.esi.net> Maybe this could be a new feature request? Have MailScanner copy the bayes db that are used by SA that is being called by it to memory and then sync back to the drive at low disk IO times or a maximum time, which ever comes first? Or am I out in left field somewhere? Oh wait, don't answer that...... Chris >>> Richard Lynch 07/26/06 12:25 PM >>> uxbod wrote: >Why not hold the bayes on a RAM partition, and have a cronjob that periodically backs it up throughout the day so that changes are not lost if the server crashes ? > > That would definitely improve things. Seek time in RAM is zero! While monitoring disk I/Os (iostat 1) I was surprised at the high number for bayes. I didn't expect to see it so high. One my systems it was actually higher than the I/O for the mail queues. -- Rich >On Wed, 26 Jul 2006 11:21:57 -0400, Richard Lynch wrote: > > >>Nathan Olson wrote: >> >> >> >>>Would noatime affect bayes operation on /var/spool? >>> >>>Nate >>> >>> >>> >>Noatime will probably help since it would reduce the number of I/O >>operations to the disk -- fewer I/Os is good for performance. If I >>recall correctly, noatime means that the system will not update the last >>access date for the file. One less I/O will certainly help. The >>benefit I'm going after comes from reducing disk seek time by putting >>the bayes DB closer to the mail queues. For me, using pretty much a >>default installation, the benefit was in decreasing the IOWait time to >>1/10th that value it was. >> >>-- Rich >> >>-- >> >> >> >> >> >> > > > > -- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Phil.Udel at salemcorp.com Wed Jul 26 18:15:30 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Wed Jul 26 18:15:40 2006 Subject: how to actually disable MCP checks? In-Reply-To: <155e01c6b0d2$70db5180$287ba8c0@office.fsl> Message-ID: <200607261720.k6QHKVJK024485@cat.salemcarriers.com> I am running the current version and I have the MCP Checks set to "no" and I still get the messages in the log. I think this is an Undocumented Feature. :) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney Sent: Wednesday, July 26, 2006 11:42 AM To: 'MailScanner discussion' Subject: RE: how to actually disable MCP checks? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Daniel Maher > Sent: Wednesday, July 26, 2006 11:46 AM > To: MailScanner discussion > Subject: how to actually disable MCP checks? > > Hello all, > > I would like to disable MCP checks on one group of my email servers. > > In MailScanner.conf: > > MCP Checks = no > > However, if I take a look in my logs, it would appear MCP checks are still > being run: > > Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks: Starting > > Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks completed at 546003 > bytes per second > > Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks: Starting > > Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks completed at 607785 > bytes per second > > Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks: Starting > > Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks completed at 546278 > bytes per second > > What's the deal? How do I actually turn off MCP checks? > > Alternatively, MCP checks are in fact disabled (which is why they appear > to process so quickly) - in which case, I can't help but wonder why such > misleading output is still sent to the logs. > > Any comments? Thanks! > You have disabled MCP checks. You don't say what version of MailScanner you're using but I suspect it an older version which logged this message even if MCP checks were turned off. An upgrade should fix your problem :) Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Wed Jul 26 18:15:44 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 18:15:54 2006 Subject: Denial Of Service attack handling by MS 4.54.6 In-Reply-To: References: Message-ID: <44C7A340.6060601@ecs.soton.ac.uk> Please can you put a copy of the message on a web URL somewhere and mail me (off-list!) the URL so I can go and get it? What happens (or should happen) is this: Message Batch is scanned at one go Scanner times out Message Batch is scanned one message at a time, looking for the nasty message Scanner times out on the nasty message DoS attack detected. Message should be handled as a normal virus infection, not a silent one. I could really do with a copy of the message if at all possible. I certainly wouldn't advise setting the Virus Scanner Timeout any higher than the default (5 minutes). You could easily reduce it to 2 minutes on most systems, my default is very conservative. It will always take at least double that figure to process the batch, but I'm a bit worried by the factor of 4 you are seeing. Hence the need to test it. Jim Holland wrote: > Hi Julian > > I have only just installed the above version of MailScanner and was > interested to see how it dealt with the problem of DOS attacks affecting > the virus scanner. I came across an example this morning: > > The message was 650 KB in size, with a PowerPoint attachment > > 10 minutes after scanning of the batch started, MailScanner reported > "Commercial scanner clamav timed out!" (this corresponds with > the time configured for Virus Scanner Timeout) followed by > "Denial Of Service attack detected!" > > 10 minutes later there was another maillog entry reporting > "Commercial scanner clamav timed out!" again followed by details > of which message caused the denial of service attack. > > 22 minutes after the above, the message was finally quarantined. > > I presume that the above actions are as now intended. However there are > still some associated problems: > > The complete batch of 16 messages totalling 805877 bytes took a > full 45 minutes to be processed before the uninfected messages > were delivered, in spite of my having set Virus Scanner Timeout to > 10 minutes per batch. > > The message was treated as containing a silent virus, so there > was no notification to the recipient. > > Are the following changes possible and if so, agreeable to you: > > Stop virus scanning any individual message once it exceeds a > reasonable time - eg if "Virus Scanner Timeout = 300", then stop > scanning a message after say (300/no of msgs in batch)*10 secs > or the full virus scanner timeout time, whichever is the smaller. > > Flag the message as being infected with a Denial of Service attack > (as it does now). > > Remove "Denial Of Service attack" from the list of silent viruses, > so that such messages are delivered with a notice to say that the > attachment has been removed. > > I presume that the final option could alternatively be handled by simply > adding: > > Virus: /Denial.of.Service/ yes > to > still_deliver_silent_viruses.rules > > which is what I have now done. However I think that in general such cases > are far more likely to be genuine files than deliberately crafted bombs. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Wed Jul 26 18:18:57 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 18:19:10 2006 Subject: Request for separate report file for file size limits In-Reply-To: References: Message-ID: <44C7A401.40302@ecs.soton.ac.uk> Please mail me off-list next week about this. It won't make it into the September 1st release, but I will give it consideration for the next release, if it's pretty easy to do, which it should be. I don't want to be tempted to add new features this late in the month :o) Jim Holland wrote: > Hi Julian > > I make extensive use of the attachmentsize.rules file for users with poor > connectivity or who are using cellphones with only 9600 bps capability. > Currently when files exceed the specified limits the message is delivered > after removal of the attachment(s) along with the following report file: > > stored.virus.message.txt > > which by default says: > > The original e-mail attachment "$filename" > was believed to be infected by a virus and has been replaced by this > warning message. > > If you wish to receive a copy of the *infected* attachment . . . > > The subject line of the delivered message has the words: > > {Dangerous Content?} > > added. > > The above wording is rather alarming and inappropriate for a message that > has an over-large attachment, even if it does go on to say: > > At Wed Jul 26 09:07:26 2006 the virus scanner said: > MailScanner: Attachment is too large > > I have always edited the report wording to: > > The original e-mail attachment: "$filename" > was believed to be infected by a virus OR to violate the file size limits > for the recipient and has been replaced by this warning message. > > If you wish to receive a copy of the *infected* or oversize attachment . . . > > However the above wording is still not ideal for two totally different > types of problems. > > I would like to request a separate report file for oversize attachments to > replace the above, as well as a change in the wording added to the subject > line of delivered messages to say: {Oversize attachment}. > > In addition, it would be extremely helpful if the report also included > details of the size(s) of the attachment(s) that had been quarantined. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Wed Jul 26 18:26:49 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 18:27:01 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C79763.1060201@mail.wvnet.edu> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> Message-ID: <44C7A5D9.2080204@ecs.soton.ac.uk> Richard Lynch wrote: > uxbod wrote: > >> Why not hold the bayes on a RAM partition, and have a cronjob that >> periodically backs it up throughout the day so that changes are not >> lost if the server crashes ? >> >> > > That would definitely improve things. Seek time in RAM is zero! > > While monitoring disk I/Os (iostat 1) I was surprised at the high number > for bayes. I didn't expect to see it so high. One my systems it was > actually higher than the I/O for the mail queues. That's very interesting. Most people these days just use 1 big partition for / and nothing else. So it won't be available to them. So why is this an improvement when /var/spool and /.spamassassin are on the same partition? I can see why, if they are on different partitions, though you're still relying on the mapping of sector number --> physical hard disk location. But if / and /var/spool are on the same partition anyway, why would it run any faster? I am sorely tempted to say that you have merely cancelled out the speed slowdown caused by splitting / and /var onto different partitions. If they are both on the same partition anyway, and are being written to a lot, they will end up very close to each other by virtue of how the filesystem is likely to work. I think that splitting / and /var slowed your system down. You have just cancelled that out. Thoughts? > > -- Rich > >> On Wed, 26 Jul 2006 11:21:57 -0400, Richard Lynch >> wrote: >> >> >>> Nathan Olson wrote: >>> >>> >>>> Would noatime affect bayes operation on /var/spool? >>>> >>>> Nate >>>> >>>> >>> Noatime will probably help since it would reduce the number of I/O >>> operations to the disk -- fewer I/Os is good for performance. If I >>> recall correctly, noatime means that the system will not update the last >>> access date for the file. One less I/O will certainly help. The >>> benefit I'm going after comes from reducing disk seek time by putting >>> the bayes DB closer to the mail queues. For me, using pretty much a >>> default installation, the benefit was in decreasing the IOWait time to >>> 1/10th that value it was. >>> >>> -- Rich >>> >>> -- >>> >>> >>> >>> >>> >> >> >> >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Wed Jul 26 18:29:02 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 18:29:12 2006 Subject: Orphaned processing directory In-Reply-To: References: Message-ID: <44C7A65E.9020205@ecs.soton.ac.uk> Jim Holland wrote: > Hi > > On Wed, 26 Jul 2006, Hancock, Scott wrote: > >> I have a directory containing 60 files in /var/spool/MailScanner/input >> >> The directory is 6 days old at this point. >> >> How can I tell MailScanner to process these files? >> >> Or can I assume these files have already been processed and the >> directory clean up was missed? >> >> I see in the mail log the incoming event but not the delivery. I think >> exim would tag another msg ID after MailScanner processing anyway? > > I note that the number of messages is a multiple of the default number of > messages per batch (30). Are you sure that this isn't a case of a Denial > of Service attack? ie the virus scanner has timed out on one of the > messages so refuses to process the remainder in each batch. You should > see an entry: > > Virus Scanning: Denial Of Service attack detected! > > in the log. > > The solution is to upgrade to the latest version of MailScanner (see my > posting earlier today). The whole batch will still be processed even if there is a denial of service attack. I designed it to cope with DoS attacks, even back in version 1 (back in 2000). The only bit that worries me is the time taken to recover from it, which is double what I would expect. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Wed Jul 26 18:30:34 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 18:30:49 2006 Subject: how to actually disable MCP checks? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D00C@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D00C@UBIMAIL1.ubisoft.org> Message-ID: <44C7A6BA.6080108@ecs.soton.ac.uk> It's just printing irrelevant log entries. The MCP checks are not being done. I'll see what I can do to stop them. MCP checks are definitely not being done. Daniel Maher wrote: > Hello all, > > > > I would like to disable MCP checks on one group of my email servers. > > > > In MailScanner.conf: > > MCP Checks = no > > > > However, if I take a look in my logs, it would appear MCP checks are > still being run: > > Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks: Starting > > Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks completed at 546003 > bytes per second > > Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks: Starting > > Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks completed at 607785 > bytes per second > > Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks: Starting > > Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks completed at 546278 > bytes per second > > > > What?s the deal? How do I /actually/ turn off MCP checks? > > > > Alternatively, MCP checks are in fact disabled (which is why they appear > to process so quickly) ? in which case, I can?t help but wonder why such > misleading output is still sent to the logs? > > > > Any comments? Thanks! > > > > > > -- > > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > > ^ ^ Unix System Administrator > > > > //Sentio aliquos togatos contra me conspirare.// > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Wed Jul 26 18:33:19 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 18:33:31 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C76AB2.B662.0038.0@tac.esi.net> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C76AB2.B662.0038.0@tac.esi.net> Message-ID: <44C7A75F.2050608@ecs.soton.ac.uk> A lot more suitable would be a cron job you could easily write to back it up to another location every hour or so. It would be harder to configure it to do it in MailScanner than it would be just to write the cron job yourself. It's only 1 cp command. Chris Hammond wrote: > Maybe this could be a new feature request? Have MailScanner copy the bayes db that are used by SA that is being called by it to memory and then sync back to the drive at low disk IO times or a maximum time, which ever comes first? Or am I out in left field somewhere? Oh wait, don't answer that...... > > Chris > >>>> Richard Lynch 07/26/06 12:25 PM >>> > uxbod wrote: > >> Why not hold the bayes on a RAM partition, and have a cronjob that periodically backs it up throughout the day so that changes are not lost if the server crashes ? >> >> > > That would definitely improve things. Seek time in RAM is zero! > > While monitoring disk I/Os (iostat 1) I was surprised at the high number > for bayes. I didn't expect to see it so high. One my systems it was > actually higher than the I/O for the mail queues. > > -- Rich > >> On Wed, 26 Jul 2006 11:21:57 -0400, Richard Lynch wrote: >> >> >>> Nathan Olson wrote: >>> >>> >>> >>>> Would noatime affect bayes operation on /var/spool? >>>> >>>> Nate >>>> >>>> >>>> >>> Noatime will probably help since it would reduce the number of I/O >>> operations to the disk -- fewer I/Os is good for performance. If I >>> recall correctly, noatime means that the system will not update the last >>> access date for the file. One less I/O will certainly help. The >>> benefit I'm going after comes from reducing disk seek time by putting >>> the bayes DB closer to the mail queues. For me, using pretty much a >>> default installation, the benefit was in decreasing the IOWait time to >>> 1/10th that value it was. >>> >>> -- Rich >>> >>> -- >>> >>> >>> >>> >>> >>> >> >> >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From HancockS at morganco.com Wed Jul 26 18:37:59 2006 From: HancockS at morganco.com (Hancock, Scott) Date: Wed Jul 26 18:38:28 2006 Subject: Orphaned processing directory Message-ID: <7A6F9F7356141C42987075747C5B87D30303FE80@wmail.int.morganco.com> > Hi > > On Wed, 26 Jul 2006, Hancock, Scott wrote: > > > I have a directory containing 60 files in > /var/spool/MailScanner/input > > > > The directory is 6 days old at this point. > > > > How can I tell MailScanner to process these files? > > I note that the number of messages is a multiple of the > default number of messages per batch (30). Are you sure that > this isn't a case of a Denial of Service attack? ie the > virus scanner has timed out on one of the messages so refuses > to process the remainder in each batch. You should see an entry: > > Virus Scanning: Denial Of Service attack detected! > > in the log. You're correct about the batch size. I did not see this message in my log files. I did have messages in my incoming queue that were held up on the TNEF issue. Changing that to "ADD" which emptied the queue. Now there are no messages in either exim queue. Only messages in the processing directory. > > The solution is to upgrade to the latest version of > MailScanner (see my posting earlier today). > Will the latest version find the orphaned processing directory? Maybe I'll go back to running from source. This Debian delay seems to happen in the summer time. > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > From HancockS at morganco.com Wed Jul 26 18:46:48 2006 From: HancockS at morganco.com (Hancock, Scott) Date: Wed Jul 26 18:47:21 2006 Subject: Orphaned processing directory Message-ID: <7A6F9F7356141C42987075747C5B87D30303FE91@wmail.int.morganco.com> If you want to check it out first hand, let me know. Is there a command line for Mailscanner that will process the directory or msg ID? > > The whole batch will still be processed even if there is a > denial of service attack. I designed it to cope with DoS > attacks, even back in version 1 (back in 2000). The only bit > that worries me is the time taken to recover from it, which > is double what I would expect. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > From rich at mail.wvnet.edu Wed Jul 26 18:51:24 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Wed Jul 26 18:51:27 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7A5D9.2080204@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> Message-ID: <44C7AB9C.2030407@mail.wvnet.edu> Julian Field wrote: > > > Richard Lynch wrote: > >> uxbod wrote: >> >>> Why not hold the bayes on a RAM partition, and have a cronjob that >>> periodically backs it up throughout the day so that changes are not >>> lost if the server crashes ? >>> >>> >> >> That would definitely improve things. Seek time in RAM is zero! >> >> While monitoring disk I/Os (iostat 1) I was surprised at the high >> number for bayes. I didn't expect to see it so high. One my systems >> it was actually higher than the I/O for the mail queues. > > > That's very interesting. > > Most people these days just use 1 big partition for / and nothing > else. So it won't be available to them. So why is this an improvement > when /var/spool and /.spamassassin are on the same partition? I can > see why, if they are on different partitions, though you're still > relying on the mapping of sector number --> physical hard disk > location. But if / and /var/spool are on the same partition anyway, > why would it run any faster? > I can't see why it would either. If you're using one large partition changing the directory structure wouldn't be worth anything as far as performance goes. In my case they are on different partitions. > I am sorely tempted to say that you have merely cancelled out the > speed slowdown caused by splitting / and /var onto different > partitions. If they are both on the same partition anyway, and are > being written to a lot, they will end up very close to each other by > virtue of how the filesystem is likely to work. > > I think that splitting / and /var slowed your system down. You have > just cancelled that out. > > Thoughts? I think you're right. Is it uncommon to have / and /var on different partitions? The sysadmins here argue for separate partitions because it lessons the likely hood of the rootfs filling up. They say that it can hose your system to the point that you can't even logon to fix it. So, we split / and /var (and others). I think all of our unix systems are that way. Is this a bad practice? -- Rich -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 308 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/b8649cc0/rich.vcf From jaearick at colby.edu Wed Jul 26 18:46:34 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Jul 26 18:53:37 2006 Subject: how to actually disable MCP checks? In-Reply-To: <44C7A6BA.6080108@ecs.soton.ac.uk> References: <1E293D3FF63A3740B10AD5AAD88535D20226D00C@UBIMAIL1.ubisoft.org> <44C7A6BA.6080108@ecs.soton.ac.uk> Message-ID: Julian, Our twiddles with $speed > 0 for 4.55.8 the other day on the beta mailing list removed spurious MCP and disinfect syslogging if "Log Speed = yes". This sounds like the same issue. This is fixed in 4.55.8 + the patch from the other day. Jeff Earickson Colby College On Wed, 26 Jul 2006, Julian Field wrote: > Date: Wed, 26 Jul 2006 18:30:34 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: how to actually disable MCP checks? > > It's just printing irrelevant log entries. The MCP checks are not being done. > I'll see what I can do to stop them. MCP checks are definitely not being > done. > > Daniel Maher wrote: >> Hello all, >> >> >> I would like to disable MCP checks on one group of my email servers. >> >> >> In MailScanner.conf: >> >> MCP Checks = no >> >> >> However, if I take a look in my logs, it would appear MCP checks are still >> being run: >> >> Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks: Starting >> >> Jul 26 11:38:11 bugs MailScanner[27585]: MCP Checks completed at 546003 >> bytes per second >> >> Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks: Starting >> >> Jul 26 11:38:14 bugs MailScanner[26824]: MCP Checks completed at 607785 >> bytes per second >> >> Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks: Starting >> >> Jul 26 11:38:16 bugs MailScanner[27499]: MCP Checks completed at 546278 >> bytes per second >> >> >> What?s the deal? How do I /actually/ turn off MCP checks? >> >> >> Alternatively, MCP checks are in fact disabled (which is why they appear to >> process so quickly) ? in which case, I can?t help but wonder why such >> misleading output is still sent to the logs? >> >> >> Any comments? Thanks! >> >> >> >> -- >> >> _ >> ?v? Daniel Maher >> /(_)\ Administrateur Syst?me Unix >> >> ^ ^ Unix System Administrator >> >> >> //Sentio aliquos togatos contra me conspirare.// >> >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From HancockS at morganco.com Wed Jul 26 18:51:39 2006 From: HancockS at morganco.com (Hancock, Scott) Date: Wed Jul 26 18:53:55 2006 Subject: Installation of MailScanner on Debian Message-ID: <7A6F9F7356141C42987075747C5B87D30303FE9A@wmail.int.morganco.com> I'm interested in helping. I would need significant training however. I might run from source again for the time being. The Debian package seems to lag each summer. -Scott Hancock > > Hi all > > There doesn't seem to be much in the way of documentation for > installing MailScanner on a Debian system. Users seem to > face two choices: > > Install the Debian package, but that is always somewhat > out of date or > Install from source, but that will result in an > installation that > is not Debianised at all. > > I would like to have the best of both worlds. Ideally what > is needed is for the maintainer of the Debian package to > bring that out within a week or so of the standard RPM and > source packages. Assuming that their resources are limited, > could we not set up a Debian group that could assist in > ensuring that this gets out as quickly as possible? > > Alternatively, what about some basic instructions on > Debianising the source package so that users can do it themselves? > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > From Phil.Udel at salemcorp.com Wed Jul 26 18:55:04 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Wed Jul 26 18:55:13 2006 Subject: WhiteList Error Message-ID: <200607261800.k6QI05JK029370@cat.salemcarriers.com> Today I saw a strange error. A mail was whitelisted even though it was not in the white list. I assume it is because of the 127.0.0.1 but that is not in the white listed either. MS 4.54.6-1 SA 3.1.3 MailWatch 1.0.3 Sendmail 8.12 Here is the header Return-Path: Received: from cnnimail15.cnn.com (cnnimail15.cnn.com [64.236.25.105]) ? ? ?by cat.salemcarriers.com (8.12.8/8.12.8) with SMTP id k6QHTTJK025481 ? ? ?for ; Wed, 26 Jul 2006 13:29:29 -0400 Received: from cnnimail12 (cnnimail12.turner.com) by cnnimail15.cnn.com (LSMTP for Windows NT v1.1b) with SMTP id <13.00001B16@cnnimail15.cnn.com>; Wed, 26 Jul 2006 13:08:13 -0400 Received: from CNNIMAIL12.CNN.COM by CNNIMAIL12.CNN.COM (LISTSERV-TCP/IP release 1.8d) with spool id 6010446 for TEXTBREAKINGNEWS@CNNIMAIL12.CNN.COM; Wed, 26 Jul 2006 13:05:05 -0400 Approved-By: listeditor@EMA8ADM1.TURNER.COM Received: from 10.165.130.62 by CNNIMAIL12.CNN.COM (SMTPL release 1.0d) with TCP; Wed, 26 Jul 2006 13:04:58 -0400 Received: from ema8adm1.turner.com (localhost [127.0.0.1]) by ema8adm1.turner.com (8.12.10/8.12.10) with ESMTP id k6QH64wx017955 for ; Wed, 26 Jul 2006 13:06:04 -0400 (EDT) Received: (from listapprover@localhost) by ema8adm1.turner.com (8.12.10/8.12.11/Submit) id k6QH63Xh017944 for textbreakingnews@cnnimail12.cnn.com; Wed, 26 Jul 2006 13:06:03 -0400 (EDT) Message-ID: <200607261706.k6QH63Xh017944@ema8adm1.turner.com> Date: Wed, 26 Jul 2006 13:06:03 -0400 Reply-To: newseditor@MAIL.CNN.COM Sender: BreakingNews@MAIL.CNN.COM From: CNN Breaking News Subject: CNN Breaking News To: TEXTBREAKINGNEWS@CNNIMAIL12.CNN.COM Spam Assassin Info cached not score=-102.598 6 required spam autolearn=not -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.00 UNPARSEABLE_RELAY Informational: message has unparseable relay lines -100.00 USER_IN_WHITELIST From: address is in the user's white-list Phillip Udel Senior Systems Administrator Admin@SalemCorp.com (800) 877-2536 Ext 212 Rules To Live By: 1) On the keyboard of life, always keep one finger on the escape key. 2) There are absolutely no absolutes. 3) Artificial Intelligence is no match for natural stupidity 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not Truth -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Phil Udel.vcf Type: text/x-vcard Size: 445 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/6e3e7861/PhilUdel.vcf From alex at nkpanama.com Wed Jul 26 18:55:32 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 18:55:54 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7A5D9.2080204@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> Message-ID: <44C7AC94.9010706@nkpanama.com> Julian Field wrote: > I think that splitting / and /var slowed your system down. You have > just cancelled that out. > > Thoughts? There are many ways of doing things. I used to let the OS decide how to partition for me before I developed my own way of doing things. I've seen people who swear by splitting their filesystems across partitions, disks, arrays, machines, sectors, quadrants, galaxies. They say it's better for performance/security/convenience/whatever. Call me obtuse. I just set up a large / and call it a day. I may set up a ramdisk for /var/spool/MailScanner/incoming if I know it's good hardware and the power's good. I may even create a small (100-200mb) /boot and store a few little tools in there. Performance? The performance gains I could get from partitioning are marginal. The performance losses if not managed correctly can be nasty, as has been mentioned. Security? It shouldn't *matter* how I partition my filesystem. Convenience? You can clone a drive onto a bigger one if you need the space. When I read the message, I thought... this is good for all those sysadmins out there who are accustomed to splitting their filesystems for performance/security/convenience reasons. The BOFH in me read the message as ... "If I drop this really big rock I find my running speed increases, thought I'd share it with you". I didn't reply to the message because I didn't want to sound rude, though. Then came Julian and, in a completely deadpan, straight-to-the-point, vulcan-like manner said "but dude, you're carrying a big rock" :-) From alex at nkpanama.com Wed Jul 26 18:59:31 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 18:59:46 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7A75F.2050608@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C76AB2.B662.0038.0@tac.esi.net> <44C7A75F.2050608@ecs.soton.ac.uk> Message-ID: <44C7AD83.40100@nkpanama.com> There are a lot of things people wish MailScanner would do that can easily be accomplished outside of the MailScanner system. It reminds me of the discussions in firewall-related mailing lists where there is a small group of people that wish their firewall would do things outside the scope of a firewall (vs. for example, a security appliance with a built-in firewall). I think as long as people keep updating the wiki with "this three step procedure improves this process by this much" (like putting /var/spool/MailScanner/incoming in a ramdisk) articles, JF can focus on providing more and better core functionality. Julian Field wrote: > A lot more suitable would be a cron job you could easily write to back > it up to another location every hour or so. > It would be harder to configure it to do it in MailScanner than it > would be just to write the cron job yourself. It's only 1 cp command. > > Chris Hammond wrote: >> Maybe this could be a new feature request? Have MailScanner copy the >> bayes db that are used by SA that is being called by it to memory and >> then sync back to the drive at low disk IO times or a maximum time, >> which ever comes first? Or am I out in left field somewhere? Oh >> wait, don't answer that...... >> >> Chris >> >>>>> Richard Lynch 07/26/06 12:25 PM >>> >> uxbod wrote: >> >>> Why not hold the bayes on a RAM partition, and have a cronjob that >>> periodically backs it up throughout the day so that changes are not >>> lost if the server crashes ? >>> >>> >> >> That would definitely improve things. Seek time in RAM is zero! >> >> While monitoring disk I/Os (iostat 1) I was surprised at the high >> number for bayes. I didn't expect to see it so high. One my systems >> it was actually higher than the I/O for the mail queues. >> >> -- Rich >> >>> On Wed, 26 Jul 2006 11:21:57 -0400, Richard Lynch >>> wrote: >>> >>> >>>> Nathan Olson wrote: >>>> >>>> >>>>> Would noatime affect bayes operation on /var/spool? >>>>> >>>>> Nate >>>>> >>>>> >>>> Noatime will probably help since it would reduce the number of I/O >>>> operations to the disk -- fewer I/Os is good for performance. If I >>>> recall correctly, noatime means that the system will not update the >>>> last >>>> access date for the file. One less I/O will certainly help. The >>>> benefit I'm going after comes from reducing disk seek time by putting >>>> the bayes DB closer to the mail queues. For me, using pretty much a >>>> default installation, the benefit was in decreasing the IOWait time to >>>> 1/10th that value it was. >>>> >>>> -- Rich >>>> >>>> -- >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >> >> > From alex at nkpanama.com Wed Jul 26 19:01:31 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 19:01:45 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7AB9C.2030407@mail.wvnet.edu> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> Message-ID: <44C7ADFB.5080104@nkpanama.com> Richard Lynch wrote: > I think you're right. Is it uncommon to have / and /var on different > partitions? The sysadmins here argue for separate partitions because > it lessons the likely hood of the rootfs filling up. They say that it > can hose your system to the point that you can't even logon to fix > it. So, we split / and /var (and others). I think all of our unix > systems are that way. Is this a bad practice? > -- Rich > It isn't. It's just *traditional*. You could set up processes that let you know *beforehand* that your rootfs is getting filled up. And you can always log on using a rescue CD, unless it's impractical for geographic reasons, for example. From dave.list at pixelhammer.com Wed Jul 26 19:20:13 2006 From: dave.list at pixelhammer.com (DAve) Date: Wed Jul 26 19:20:44 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7AB9C.2030407@mail.wvnet.edu> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> Message-ID: <44C7B25D.2070503@pixelhammer.com> Richard Lynch wrote: > Julian Field wrote: >> Richard Lynch wrote: >>> uxbod wrote: >>>> Why not hold the bayes on a RAM partition, and have a cronjob that >>>> periodically backs it up throughout the day so that changes are not >>>> lost if the server crashes ? >>> >>> That would definitely improve things. Seek time in RAM is zero! >>> >>> While monitoring disk I/Os (iostat 1) I was surprised at the high >>> number for bayes. I didn't expect to see it so high. One my systems >>> it was actually higher than the I/O for the mail queues. >> >> That's very interesting. >> >> Most people these days just use 1 big partition for / and nothing >> else. So it won't be available to them. So why is this an improvement >> when /var/spool and /.spamassassin are on the same partition? I can >> see why, if they are on different partitions, though you're still >> relying on the mapping of sector number --> physical hard disk >> location. But if / and /var/spool are on the same partition anyway, >> why would it run any faster? >> > I can't see why it would either. If you're using one large partition > changing the directory structure wouldn't be worth anything as far as > performance goes. In my case they are on different partitions. > >> I am sorely tempted to say that you have merely cancelled out the >> speed slowdown caused by splitting / and /var onto different >> partitions. If they are both on the same partition anyway, and are >> being written to a lot, they will end up very close to each other by >> virtue of how the filesystem is likely to work. >> >> I think that splitting / and /var slowed your system down. You have >> just cancelled that out. >> >> Thoughts? Maybe I am showing my ignorance but how? I'm not seeing any performance issues myself, just curious. I currently have bayes on one controller/disk pair and the queues on another controller/disk pair. I've always believed that to be about the best you could do. Of course it just takes 2 minutes in a terminal if I should move bayes to the same controller/disk as the queues. > > I think you're right. Is it uncommon to have / and /var on different > partitions? The sysadmins here argue for separate partitions because > it lessons the likely hood of the rootfs filling up. They say that it > can hose your system to the point that you can't even logon to fix it. > So, we split / and /var (and others). I think all of our unix systems > are that way. Is this a bad practice? > -- Rich I have always used separate partitions, though others who do as well have told me I am stupid because I use different partitions than they do, everyone has an opinion ;^) I keep separate partitions for the sake of fsck, performance be damned. I've lost data on the far side of a 70gb disk because I had a failure fsck couldn't fix, (SATA drives and a sad story). I've isolated /, /tmp, /var, /usr, /data ever since. I keep websites, backups, ftp directories, mail queues, etc in /data. Depending on the task the server is doing. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From mailscanner at ecs.soton.ac.uk Wed Jul 26 19:26:12 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 19:26:24 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7AB9C.2030407@mail.wvnet.edu> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> Message-ID: <44C7B3C4.8060807@ecs.soton.ac.uk> Richard Lynch wrote: > Julian Field wrote: > >> >> >> Richard Lynch wrote: >> >>> uxbod wrote: >>> >>>> Why not hold the bayes on a RAM partition, and have a cronjob that >>>> periodically backs it up throughout the day so that changes are not >>>> lost if the server crashes ? >>>> >>>> >>> >>> That would definitely improve things. Seek time in RAM is zero! >>> >>> While monitoring disk I/Os (iostat 1) I was surprised at the high >>> number for bayes. I didn't expect to see it so high. One my systems >>> it was actually higher than the I/O for the mail queues. >> >> >> That's very interesting. >> >> Most people these days just use 1 big partition for / and nothing >> else. So it won't be available to them. So why is this an improvement >> when /var/spool and /.spamassassin are on the same partition? I can >> see why, if they are on different partitions, though you're still >> relying on the mapping of sector number --> physical hard disk >> location. But if / and /var/spool are on the same partition anyway, >> why would it run any faster? >> > I can't see why it would either. If you're using one large partition > changing the directory structure wouldn't be worth anything as far as > performance goes. In my case they are on different partitions. > >> I am sorely tempted to say that you have merely cancelled out the >> speed slowdown caused by splitting / and /var onto different >> partitions. If they are both on the same partition anyway, and are >> being written to a lot, they will end up very close to each other by >> virtue of how the filesystem is likely to work. >> >> I think that splitting / and /var slowed your system down. You have >> just cancelled that out. >> >> Thoughts? > > I think you're right. Is it uncommon to have / and /var on different > partitions? The sysadmins here argue for separate partitions because > it lessons the likely hood of the rootfs filling up. They say that it > can hose your system to the point that you can't even logon to fix it. > So, we split / and /var (and others). I think all of our unix systems > are that way. Is this a bad practice? I have found in the past that splitting the installation into many different partitions just causes more problems than it solves. Putting /var separate on Solaris is a classic example. People say "when your logs get big it won't fill /" which is true enough. But disks are huge and cheap these days. Why not just do it properly and roll your logs properly so they never occupy a lot of space? If you have them separate, then as you install more patches, /var/sadm will start to get very large, which there is nothing you can do about, so after 2 or 3 years your /var will fill and you'll have to start bodging things to get them out of /var to give you more room for /var/sadm. I just find it causes more problems than it solves, so long as you set up your system to maintain itself properly. If you never roll /var/log/maillog on a MailScanner system then yes, it will get very large, but set it up properly and keep your logs and quarantines pruned. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Wed Jul 26 19:27:44 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 19:27:55 2006 Subject: WhiteList Error In-Reply-To: <200607261800.k6QI05JK029370@cat.salemcarriers.com> References: <200607261800.k6QI05JK029370@cat.salemcarriers.com> Message-ID: <44C7B420.1070000@ecs.soton.ac.uk> It has an empty sender address. Make sure you aren't inadvertently whitelisting blank sender addresses. Phillip Udel wrote: > Today I saw a strange error. A mail was whitelisted even though it was not > in the white list. I assume it is because of the 127.0.0.1 but that is not > in the white listed either. > > MS 4.54.6-1 > SA 3.1.3 > MailWatch 1.0.3 > Sendmail 8.12 > > Here is the header > Return-Path: <�g> > Received: from cnnimail15.cnn.com (cnnimail15.cnn.com [64.236.25.105]) > by cat.salemcarriers.com (8.12.8/8.12.8) with SMTP id k6QHTTJK025481 > for ; Wed, 26 Jul 2006 13:29:29 -0400 > Received: from cnnimail12 (cnnimail12.turner.com) by cnnimail15.cnn.com > (LSMTP for Windows NT v1.1b) with SMTP id <13.00001B16@cnnimail15.cnn.com>; > Wed, 26 Jul 2006 13:08:13 -0400 > Received: from CNNIMAIL12.CNN.COM by CNNIMAIL12.CNN.COM (LISTSERV-TCP/IP > release 1.8d) with spool id 6010446 for > TEXTBREAKINGNEWS@CNNIMAIL12.CNN.COM; Wed, 26 Jul 2006 13:05:05 -0400 > Approved-By: listeditor@EMA8ADM1.TURNER.COM > Received: from 10.165.130.62 by CNNIMAIL12.CNN.COM (SMTPL release 1.0d) with > TCP; Wed, 26 Jul 2006 13:04:58 -0400 > Received: from ema8adm1.turner.com (localhost [127.0.0.1]) by > ema8adm1.turner.com (8.12.10/8.12.10) with ESMTP id k6QH64wx017955 > for ; Wed, 26 Jul 2006 13:06:04 > -0400 (EDT) > Received: (from listapprover@localhost) by ema8adm1.turner.com > (8.12.10/8.12.11/Submit) id k6QH63Xh017944 for > textbreakingnews@cnnimail12.cnn.com; Wed, 26 Jul 2006 13:06:03 -0400 > (EDT) > Message-ID: <200607261706.k6QH63Xh017944@ema8adm1.turner.com> > Date: Wed, 26 Jul 2006 13:06:03 -0400 > Reply-To: newseditor@MAIL.CNN.COM > Sender: BreakingNews@MAIL.CNN.COM > From: CNN Breaking News > Subject: CNN Breaking News > To: TEXTBREAKINGNEWS@CNNIMAIL12.CNN.COM > > Spam Assassin Info > cached not > score=-102.598 > 6 required > spam autolearn=not > -2.60 BAYES_00 Bayesian spam probability is 0 to 1% > 0.00 UNPARSEABLE_RELAY Informational: message has unparseable relay lines > > -100.00 USER_IN_WHITELIST From: address is in the user's white-list > > > > > > > Phillip Udel > Senior Systems Administrator > Admin@SalemCorp.com > (800) 877-2536 Ext 212 > Rules To Live By: > 1) On the keyboard of life, always keep one finger on the escape key. > 2) There are absolutely no absolutes. > 3) Artificial Intelligence is no match for natural stupidity > 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not > Truth > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mailscanner at ecs.soton.ac.uk Wed Jul 26 19:30:28 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 19:30:41 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7AC94.9010706@nkpanama.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AC94.9010706@nkpanama.com> Message-ID: <44C7B4C4.7020402@ecs.soton.ac.uk> Alex Neuman van der Hans wrote: > Julian Field wrote: >> I think that splitting / and /var slowed your system down. You have >> just cancelled that out. >> >> Thoughts? > There are many ways of doing things. I used to let the OS decide how to > partition for me before I developed my own way of doing things. I've > seen people who swear by splitting their filesystems across partitions, > disks, arrays, machines, sectors, quadrants, galaxies. They say it's > better for performance/security/convenience/whatever. > > Call me obtuse. I just set up a large / and call it a day. I may set up > a ramdisk for /var/spool/MailScanner/incoming if I know it's good > hardware and the power's good. a) Make sure you use tmpfs, not a traditional fixed-size ramdisk. b) It doesn't matter about good hardware or good power. Nothing will be lost if it gets killed due to sudden reboots or power-cycling. I made sure of that a very long time ago. I may even create a small (100-200mb) > /boot and store a few little tools in there. Performance? The > performance gains I could get from partitioning are marginal. The > performance losses if not managed correctly can be nasty, as has been > mentioned. Security? It shouldn't *matter* how I partition my > filesystem. Convenience? You can clone a drive onto a bigger one if you > need the space. > > When I read the message, I thought... this is good for all those > sysadmins out there who are accustomed to splitting their filesystems > for performance/security/convenience reasons. The BOFH in me read the > message as ... "If I drop this really big rock I find my running speed > increases, thought I'd share it with you". I didn't reply to the message > because I didn't want to sound rude, though. > > Then came Julian and, in a completely deadpan, straight-to-the-point, > vulcan-like manner said "but dude, you're carrying a big rock" :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From sailer at bnl.gov Wed Jul 26 19:31:37 2006 From: sailer at bnl.gov (Tim Sailer) Date: Wed Jul 26 19:34:00 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7AC94.9010706@nkpanama.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AC94.9010706@nkpanama.com> Message-ID: <20060726183137.GA18976@bnl.gov> On Wed, Jul 26, 2006 at 12:55:32PM -0500, Alex Neuman van der Hans wrote: > mentioned. Security? It shouldn't *matter* how I partition my Er, no. How about making /tmp and/or /var/tmp separate filesystems and mounting them noexec, nosuid and maybe nodev if you are really paranoid? There *are* good reasons for separate partitions. But, I guess I'm showing my age... Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From rich at mail.wvnet.edu Wed Jul 26 19:34:26 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Wed Jul 26 19:34:29 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7AC94.9010706@nkpanama.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AC94.9010706@nkpanama.com> Message-ID: <44C7B5B2.4080300@mail.wvnet.edu> Alex Neuman van der Hans wrote: > > When I read the message, I thought... this is good for all those > sysadmins out there who are accustomed to splitting their filesystems > for performance/security/convenience reasons. The BOFH in me read the > message as ... "If I drop this really big rock I find my running speed > increases, thought I'd share it with you". I didn't reply to the > message because I didn't want to sound rude, though. > > Then came Julian and, in a completely deadpan, straight-to-the-point, > vulcan-like manner said "but dude, you're carrying a big rock" :-) I offered my experiences because I believed (and still do) that it is common to have / and /var on separate partitions on the same drive. I also think it is easy to overlook the huge performance penalty with bayes defaulting to /. Moving bayes to /var was dramatic enough (a 10 fold reduction in IOWait time) that I believed it was worth sharing with others who may have the same setup. That's why I posted. -- Rich -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 296 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/dc30f9a3/rich.vcf From mailscanner at ecs.soton.ac.uk Wed Jul 26 19:36:41 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 19:36:53 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7ADFB.5080104@nkpanama.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7ADFB.5080104@nkpanama.com> Message-ID: <44C7B639.90301@ecs.soton.ac.uk> Alex Neuman van der Hans wrote: > Richard Lynch wrote: >> I think you're right. Is it uncommon to have / and /var on different >> partitions? The sysadmins here argue for separate partitions because >> it lessons the likely hood of the rootfs filling up. They say that it >> can hose your system to the point that you can't even logon to fix >> it. So, we split / and /var (and others). I think all of our unix >> systems are that way. Is this a bad practice? >> -- Rich >> > > It isn't. It's just *traditional*. You could set up processes that let > you know *beforehand* that your rootfs is getting filled up. Too true! It dates back to when disks were 100Mb and your logs were likely to fill your entire disk in a week if left alone. I've just spent the day setting up a system with 5.0 Tbytes (yes, T) of disk. Do I bother partitioning it up so /var/log can't fill my /, no. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lshaw at emitinc.com Wed Jul 26 19:41:25 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed Jul 26 19:41:35 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B25D.2070503@pixelhammer.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B25D.2070503@pixelhammer.com> Message-ID: On Wed, 26 Jul 2006, DAve wrote: > Maybe I am showing my ignorance but how? I'm not seeing any performance > issues myself, just curious. That's sort of my question about this whole thing. From my perspective, if you're running SpamAssassin and a virus checker, then MailScanner is going to be mostly CPU bound and/or bound by network delays on the network tests (assuming a sufficient number of children). I guess what I'm wondering is how often MailScanner is really I/O bound. I would think not that often: on my server (which is admittedly low-volume), a batch or 2 or 3 messages processes something like 100 kilobytes (if they are large messages) and takes something like 1 or 2 seconds of CPU time. (It's a slow CPU...) At that rate, the I/O system should have no trouble keeping up. > I currently have bayes on one controller/disk > pair and the queues on another controller/disk pair. I've always believed > that to be about the best you could do. You can probably get even more performance with RAID and volume managers. A striped volume with a pretty wide stripe width (wide enough to fit entire e-mail messages) should allow an entire message to be written to one disk without the other disk being involved (not even having to seek) at all, in many cases. Then you can just keep adding disks to this stripe set and getting increased performance (up to a point, probably). There are also volume managers and filesystems that can write the filesystem's journal to a completely separate disk. With a setup like that, you can get close to 100% sequential access. (I believe Solaris ZFS can even get near-100% sequential access even without a separate disk because of its copy-on-write style of updating the disk as well.) Of course, if I'm right that I/O capacity isn't the bottleneck, then none of that matters... :-) - Logan From mailscanner at ecs.soton.ac.uk Wed Jul 26 19:42:11 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 19:43:09 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B25D.2070503@pixelhammer.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B25D.2070503@pixelhammer.com> Message-ID: <44C7B783.20909@ecs.soton.ac.uk> DAve wrote: > Richard Lynch wrote: >> Julian Field wrote: >>> Richard Lynch wrote: >>>> uxbod wrote: >>>>> Why not hold the bayes on a RAM partition, and have a cronjob that >>>>> periodically backs it up throughout the day so that changes are not >>>>> lost if the server crashes ? >>>> >>>> That would definitely improve things. Seek time in RAM is zero! >>>> >>>> While monitoring disk I/Os (iostat 1) I was surprised at the high >>>> number for bayes. I didn't expect to see it so high. One my >>>> systems it was actually higher than the I/O for the mail queues. >>> >>> That's very interesting. >>> >>> Most people these days just use 1 big partition for / and nothing >>> else. So it won't be available to them. So why is this an improvement >>> when /var/spool and /.spamassassin are on the same partition? I can >>> see why, if they are on different partitions, though you're still >>> relying on the mapping of sector number --> physical hard disk >>> location. But if / and /var/spool are on the same partition anyway, >>> why would it run any faster? >>> >> I can't see why it would either. If you're using one large partition >> changing the directory structure wouldn't be worth anything as far as >> performance goes. In my case they are on different partitions. >> >>> I am sorely tempted to say that you have merely cancelled out the >>> speed slowdown caused by splitting / and /var onto different >>> partitions. If they are both on the same partition anyway, and are >>> being written to a lot, they will end up very close to each other by >>> virtue of how the filesystem is likely to work. >>> >>> I think that splitting / and /var slowed your system down. You have >>> just cancelled that out. >>> >>> Thoughts? > > Maybe I am showing my ignorance but how? I'm not seeing any performance > issues myself, just curious. I currently have bayes on one > controller/disk pair and the queues on another controller/disk pair. > I've always believed that to be about the best you could do. On a different controller/disk pair you will get better performance as you can read/write in parallel. But we were talking about putting the whole setup on one disk where you have to read/write one at a time. > > Of course it just takes 2 minutes in a terminal if I should move bayes > to the same controller/disk as the queues. > >> >> I think you're right. Is it uncommon to have / and /var on different >> partitions? The sysadmins here argue for separate partitions because >> it lessons the likely hood of the rootfs filling up. They say that it >> can hose your system to the point that you can't even logon to fix >> it. So, we split / and /var (and others). I think all of our unix >> systems are that way. Is this a bad practice? >> -- Rich > > I have always used separate partitions, though others who do as well > have told me I am stupid because I use different partitions than they > do, everyone has an opinion ;^) > > I keep separate partitions for the sake of fsck, performance be damned. > I've lost data on the far side of a 70gb disk because I had a failure > fsck couldn't fix, (SATA drives and a sad story). I've isolated /, /tmp, > /var, /usr, /data ever since. I keep websites, backups, ftp directories, > mail queues, etc in /data. Depending on the task the server is doing. That's fair enough, that's your choice. Bad experiences with fsck will change your way of working. Personally, I haven't had that trouble, and I always have a reliable well-tested tape backup system in place to handle that, so it's never bitten me badly. But you are quite entitled to your own opinions based on your own experiences, I don't think anyone could have a problem with that, except the trolls :o) > > DAve > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mikej at rogers.com Wed Jul 26 19:47:55 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jul 26 19:47:20 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B3C4.8060807@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B3C4.8060807@ecs.soton.ac.uk> Message-ID: <44C7B8DB.1060102@rogers.com> Julian Field wrote: > I have found in the past that splitting the installation into many > different partitions just causes more problems than it solves. Putting > /var separate on Solaris is a classic example. People say "when your > logs get big it won't fill /" which is true enough. But disks are huge > and cheap these days. Why not just do it properly and roll your logs > properly so they never occupy a lot of space? If you have them > separate, then as you install more patches, /var/sadm will start to > get very large, which there is nothing you can do about, so after 2 or > 3 years your /var will fill and you'll have to start bodging things to > get them out of /var to give you more room for /var/sadm. > > I just find it causes more problems than it solves, so long as you set > up your system to maintain itself properly. If you never roll > /var/log/maillog on a MailScanner system then yes, it will get very > large, but set it up properly and keep your logs and quarantines pruned. > I don't think thats very true. Most systems that are setup with a single / partition are done so by the clueless. Separating your partitions gives you a number of advantage including protection from disk space starvation, and increased performance when they are strategically laid out. Hard drives can transfer data much more quickly from outer tracks than they can from inner tracks. To take advantage of this you should try to pack your smaller file systems and swap closer to the outer tracks, follow with the larger file systems, and end with the largest file systems. Separate partitions also allow different mount options, and in the event of data loss due to power outages, etc, it is more likely that the system will still come up, making it easier for you to restore from backup as necessary. Finally some operating system such as FreeBSD automatically optimize the layout of files on a file system, depending on how the file system is being used. So a file system that contains many small files that are written frequently will have a different optimization to one that contains fewer, larger files. By having one big file system this optimization breaks down. Of course one should always size the partitions according to requirements. From Phil.Udel at salemcorp.com Wed Jul 26 19:54:38 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Wed Jul 26 19:54:47 2006 Subject: WhiteList Error In-Reply-To: <44C7B420.1070000@ecs.soton.ac.uk> Message-ID: <200607261859.k6QIxdRE005606@cat.salemcarriers.com> These are all my entries for the whitelist. I do use Mailscanner SQL option 12.174.5.10 12.42.160.10 intouchmail.com kleinschmidt.com listserv.nai.com kdifacility.com 170.2.52.140 freightliner.com beartransolutions.com 64.143.96.55 peoplenetonline.com 208.137.6.130 63.247.194.242 worknotice@nuvox.net bravocustoms.com postmaster@localhost hanson.biz ronhlder@aol.com I started looking deeper and any mail that is in the white list shows up as a matching rule "whitelisted" and no spam score. Where as this mail had a SA USER_IN_WHITELIST hit. It is also interesting to note that I only have 3 USER_IN_WHITELIST hits in a week. I do not use the SA Whitelist (I don't think) but my spam.assassin.prefs.conf does have use_auto_whitelist 0 set. It seems to me this was done by SA and not MS but don?t understand why. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, July 26, 2006 1:28 PM To: MailScanner discussion Subject: Re: WhiteList Error It has an empty sender address. Make sure you aren't inadvertently whitelisting blank sender addresses. Phillip Udel wrote: > Today I saw a strange error. A mail was whitelisted even though it was not > in the white list. I assume it is because of the 127.0.0.1 but that is not > in the white listed either. > > MS 4.54.6-1 > SA 3.1.3 > MailWatch 1.0.3 > Sendmail 8.12 > > Here is the header > Return-Path: > Received: from cnnimail15.cnn.com (cnnimail15.cnn.com [64.236.25.105]) > by cat.salemcarriers.com (8.12.8/8.12.8) with SMTP id k6QHTTJK025481 > for ; Wed, 26 Jul 2006 13:29:29 -0400 > Received: from cnnimail12 (cnnimail12.turner.com) by cnnimail15.cnn.com > (LSMTP for Windows NT v1.1b) with SMTP id <13.00001B16@cnnimail15.cnn.com>; > Wed, 26 Jul 2006 13:08:13 -0400 > Received: from CNNIMAIL12.CNN.COM by CNNIMAIL12.CNN.COM (LISTSERV-TCP/IP > release 1.8d) with spool id 6010446 for > TEXTBREAKINGNEWS@CNNIMAIL12.CNN.COM; Wed, 26 Jul 2006 13:05:05 -0400 > Approved-By: listeditor@EMA8ADM1.TURNER.COM > Received: from 10.165.130.62 by CNNIMAIL12.CNN.COM (SMTPL release 1.0d) with > TCP; Wed, 26 Jul 2006 13:04:58 -0400 > Received: from ema8adm1.turner.com (localhost [127.0.0.1]) by > ema8adm1.turner.com (8.12.10/8.12.10) with ESMTP id k6QH64wx017955 > for ; Wed, 26 Jul 2006 13:06:04 > -0400 (EDT) > Received: (from listapprover@localhost) by ema8adm1.turner.com > (8.12.10/8.12.11/Submit) id k6QH63Xh017944 for > textbreakingnews@cnnimail12.cnn.com; Wed, 26 Jul 2006 13:06:03 -0400 > (EDT) > Message-ID: <200607261706.k6QH63Xh017944@ema8adm1.turner.com> > Date: Wed, 26 Jul 2006 13:06:03 -0400 > Reply-To: newseditor@MAIL.CNN.COM > Sender: BreakingNews@MAIL.CNN.COM > From: CNN Breaking News > Subject: CNN Breaking News > To: TEXTBREAKINGNEWS@CNNIMAIL12.CNN.COM > > Spam Assassin Info > cached not > score=-102.598 > 6 required > spam autolearn=not > -2.60 BAYES_00 Bayesian spam probability is 0 to 1% > 0.00 UNPARSEABLE_RELAY Informational: message has unparseable relay lines > > -100.00 USER_IN_WHITELIST From: address is in the user's white-list > > > > > > > Phillip Udel > Senior Systems Administrator > Admin@SalemCorp.com > (800) 877-2536 Ext 212 > Rules To Live By: > 1) On the keyboard of life, always keep one finger on the escape key. > 2) There are absolutely no absolutes. > 3) Artificial Intelligence is no match for natural stupidity > 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not > Truth > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Phil.Udel at salemcorp.com Wed Jul 26 20:05:59 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Wed Jul 26 20:06:11 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B8DB.1060102@rogers.com> Message-ID: <200607261911.k6QJB0RE007147@cat.salemcarriers.com> IMO. If you are running a raid system like I do. File placement has even less value. I used to separate almost all my main dir's but back in the 80's lol but now I am less concerned. Now if your running HPUX :) my favorite Unix OS you could control how a IO went down to the arm by file, but modern OS's depend more on cache to replace placement. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Jakubik Sent: Wednesday, July 26, 2006 1:48 PM To: MailScanner discussion Subject: Re: A quick and easy performance improvement Julian Field wrote: > I have found in the past that splitting the installation into many > different partitions just causes more problems than it solves. Putting > /var separate on Solaris is a classic example. People say "when your > logs get big it won't fill /" which is true enough. But disks are huge > and cheap these days. Why not just do it properly and roll your logs > properly so they never occupy a lot of space? If you have them > separate, then as you install more patches, /var/sadm will start to > get very large, which there is nothing you can do about, so after 2 or > 3 years your /var will fill and you'll have to start bodging things to > get them out of /var to give you more room for /var/sadm. > > I just find it causes more problems than it solves, so long as you set > up your system to maintain itself properly. If you never roll > /var/log/maillog on a MailScanner system then yes, it will get very > large, but set it up properly and keep your logs and quarantines pruned. > I don't think thats very true. Most systems that are setup with a single / partition are done so by the clueless. Separating your partitions gives you a number of advantage including protection from disk space starvation, and increased performance when they are strategically laid out. Hard drives can transfer data much more quickly from outer tracks than they can from inner tracks. To take advantage of this you should try to pack your smaller file systems and swap closer to the outer tracks, follow with the larger file systems, and end with the largest file systems. Separate partitions also allow different mount options, and in the event of data loss due to power outages, etc, it is more likely that the system will still come up, making it easier for you to restore from backup as necessary. Finally some operating system such as FreeBSD automatically optimize the layout of files on a file system, depending on how the file system is being used. So a file system that contains many small files that are written frequently will have a different optimization to one that contains fewer, larger files. By having one big file system this optimization breaks down. Of course one should always size the partitions according to requirements. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at ecs.soton.ac.uk Wed Jul 26 20:18:24 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 20:18:37 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B8DB.1060102@rogers.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B3C4.8060807@ecs.soton.ac.uk> <44C7B8DB.1060102@rogers.com> Message-ID: <44C7C000.6030601@ecs.soton.ac.uk> Mike Jakubik wrote: > Julian Field wrote: >> I have found in the past that splitting the installation into many >> different partitions just causes more problems than it solves. Putting >> /var separate on Solaris is a classic example. People say "when your >> logs get big it won't fill /" which is true enough. But disks are huge >> and cheap these days. Why not just do it properly and roll your logs >> properly so they never occupy a lot of space? If you have them >> separate, then as you install more patches, /var/sadm will start to >> get very large, which there is nothing you can do about, so after 2 or >> 3 years your /var will fill and you'll have to start bodging things to >> get them out of /var to give you more room for /var/sadm. >> >> I just find it causes more problems than it solves, so long as you set >> up your system to maintain itself properly. If you never roll >> /var/log/maillog on a MailScanner system then yes, it will get very >> large, but set it up properly and keep your logs and quarantines pruned. >> > > I don't think thats very true. Most systems that are setup with a single > / partition are done so by the clueless. Separating your partitions > gives you a number of advantage including protection from disk space > starvation, and increased performance when they are strategically laid out. > > Hard drives can transfer data much more quickly from outer tracks than > they can from inner tracks. To take advantage of this you should try to > pack your smaller file systems and swap closer to the outer tracks, > follow with the larger file systems, and end with the largest file > systems. But you have absolutely no control whatsoever of the mapping from logical disk block number to physical location on the disk. Who's to say that your disk doesn't start from the inside and work outwards. You have *absolutely* no control nor knowledge of how this is laid out. Do they use a complete platter before the next one, or do they use the platters in turn for each disk block? You have no way of knowing or controlling this configuration. Pretending to know how a disk is laid out these days is a total fallacy. > > Separate partitions also allow different mount options, and in the event > of data loss due to power outages, etc, it is more likely that the > system will still come up, making it easier for you to restore from > backup as necessary. With journalling filesystems this is totally irrelevant. They just replay the log (a matter of milliseconds) and come back up. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dave.list at pixelhammer.com Wed Jul 26 20:22:03 2006 From: dave.list at pixelhammer.com (DAve) Date: Wed Jul 26 20:22:26 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B783.20909@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B25D.2070503@pixelhammer.com> <44C7B783.20909@ecs.soton.ac.uk> Message-ID: <44C7C0DB.3030007@pixelhammer.com> Julian Field wrote: > > > DAve wrote: >> Richard Lynch wrote: >>> Julian Field wrote: >>>> Richard Lynch wrote: >>>>> uxbod wrote: >>>>>> Why not hold the bayes on a RAM partition, and have a cronjob that >>>>>> periodically backs it up throughout the day so that changes are >>>>>> not lost if the server crashes ? >>>>> >>>>> That would definitely improve things. Seek time in RAM is zero! >>>>> >>>>> While monitoring disk I/Os (iostat 1) I was surprised at the high >>>>> number for bayes. I didn't expect to see it so high. One my >>>>> systems it was actually higher than the I/O for the mail queues. >>>> >>>> That's very interesting. >>>> >>>> Most people these days just use 1 big partition for / and nothing >>>> else. So it won't be available to them. So why is this an >>>> improvement when /var/spool and /.spamassassin are on the same >>>> partition? I can see why, if they are on different partitions, >>>> though you're still relying on the mapping of sector number --> >>>> physical hard disk location. But if / and /var/spool are on the same >>>> partition anyway, why would it run any faster? >>>> >>> I can't see why it would either. If you're using one large partition >>> changing the directory structure wouldn't be worth anything as far as >>> performance goes. In my case they are on different partitions. >>> >>>> I am sorely tempted to say that you have merely cancelled out the >>>> speed slowdown caused by splitting / and /var onto different >>>> partitions. If they are both on the same partition anyway, and are >>>> being written to a lot, they will end up very close to each other by >>>> virtue of how the filesystem is likely to work. >>>> >>>> I think that splitting / and /var slowed your system down. You have >>>> just cancelled that out. >>>> >>>> Thoughts? >> >> Maybe I am showing my ignorance but how? I'm not seeing any >> performance issues myself, just curious. I currently have bayes on one >> controller/disk pair and the queues on another controller/disk pair. >> I've always believed that to be about the best you could do. > > On a different controller/disk pair you will get better performance as > you can read/write in parallel. But we were talking about putting the > whole setup on one disk where you have to read/write one at a time. > I got on board after I sent the message, sorry about that. >> >> Of course it just takes 2 minutes in a terminal if I should move bayes >> to the same controller/disk as the queues. >> >>> >>> I think you're right. Is it uncommon to have / and /var on different >>> partitions? The sysadmins here argue for separate partitions >>> because it lessons the likely hood of the rootfs filling up. They >>> say that it can hose your system to the point that you can't even >>> logon to fix it. So, we split / and /var (and others). I think all >>> of our unix systems are that way. Is this a bad practice? >>> -- Rich >> >> I have always used separate partitions, though others who do as well >> have told me I am stupid because I use different partitions than they >> do, everyone has an opinion ;^) >> >> I keep separate partitions for the sake of fsck, performance be >> damned. I've lost data on the far side of a 70gb disk because I had a >> failure fsck couldn't fix, (SATA drives and a sad story). I've >> isolated /, /tmp, /var, /usr, /data ever since. I keep websites, >> backups, ftp directories, mail queues, etc in /data. Depending on the >> task the server is doing. > > That's fair enough, that's your choice. Bad experiences with fsck will > change your way of working. Personally, I haven't had that trouble, and > I always have a reliable well-tested tape backup system in place to > handle that, so it's never bitten me badly. But you are quite entitled > to your own opinions based on your own experiences, I don't think anyone > could have a problem with that, except the trolls :o) I had a tape once, the drive failed and after three months we never did get another drive to read the old tapes without errors. Never trusted tapes much after that. Certainly after HP said "Sometimes that happens, it's a head alignment issue. Have you tried another old drive?". Now I backup to a RAID, to each his own. I love trolls, and lists that cover mail products attract so many! Though, oddly enough, this list doesn't... hmmmm... I have to subscribe to qmail/sendmail/postfix/procmail lists to witness really *good* flames. What am I to make of that? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From campbell at cnpapers.com Wed Jul 26 20:50:44 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Jul 26 20:50:57 2006 Subject: A quick and easy performance improvement References: <44C78895.3090405@mail.wvnet.edu><0de9d617518cc3bcf429359367da7a54@localhost><44C79763.1060201@mail.wvnet.edu><44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AC94.9010706@nkpanama.com> <20060726183137.GA18976@bnl.gov> Message-ID: <002501c6b0ec$c8250e80$0705000a@DDF5DW71> Tim, ----- Original Message ----- From: "Tim Sailer" To: "MailScanner discussion" Sent: Wednesday, July 26, 2006 2:31 PM Subject: Re: A quick and easy performance improvement > On Wed, Jul 26, 2006 at 12:55:32PM -0500, Alex Neuman van der Hans wrote: >> mentioned. Security? It shouldn't *matter* how I partition my > > Er, no. How about making /tmp and/or /var/tmp separate filesystems and > mounting them noexec, nosuid and maybe nodev if you are really paranoid? > > There *are* good reasons for separate partitions. But, I guess I'm > showing my age... Back in the old Unix days, I remember having to make sure "dump" would output only so much data as it would fit on the backup media. And the media was *very* small then. I've sort of continued that theme through todays' systems, as I only want to restore as little as possible. Good to know there are others out there with valid reasons. Steve Campbell campbell@cnpapers.com Charleston Newspapers > > Tim > > -- > Tim Sailer > Information and Special Technologies Program > Northeast Regional Counterintelligence Office > Brookhaven National Laboratory (631) 344-3001 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dave.list at pixelhammer.com Wed Jul 26 20:51:53 2006 From: dave.list at pixelhammer.com (DAve) Date: Wed Jul 26 20:52:19 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C10C4D.2080309@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <44C10C4D.2080309@pixelhammer.com> Message-ID: <44C7C7D9.8080906@pixelhammer.com> DAve wrote: > DAve wrote: >> Good morning, >> >> I have just had a user bring to my attention that since I upgraded to >> 4.54.x we are no longer stopping filenames with double suffixes or >> banned suffixes. >> >> I tried a test and sure enough two files went right through, >> test.svx.doc and test.scr. I double checked my conf files and >> everything looks good, mailscanner --lint shows no errors. >> >> I haven't changed anything in the conf file except to add MailWatch. I >> went through the change log and docs and didn't see anything that I >> thought would affect me. >> >> Has there been a change in how the filename.rules.conf files work? >> >> Thanks, >> >> DAve >> > > Hmm, double checked the filename.rules.conf and filetype.rules.conf and > they looked fine (yes, tabs not spaces). > > Just on a whim I changed the MailScanner.conf to > Filename Rules = %rules-dir%/user.filename.rules > #Filename Rules = %etc-dir%/filename.rules.conf > > Then created %rules-dir%/user.filename.rules as > # Default, disallow for all others > To: default /usr/local/etc/MailScanner/filename.deny.rules.conf > From: default /usr/local/etc/MailScanner/filename.deny.rules.conf > > And filename.deny.rules.conf is a copy of a fresh filename.rules.conf > from the install source. > > Still test.svx.doc gets through as does test.scr. mailscanner --lint > still shows no issues. > > I tried to run in debug mode but I got no unusual output. So I stopped > MailScanner and called with the debug switch with no change. Is there a > way to run in debug and output to the terminal? > > DAve > Well, I've tried using full paths in the Filename Rules = , Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules I've tried adding a file suffix to Deny Filenames = Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$ Nothing works, test.scr just flies right through. I'm pretty much left with reinstall on all my servers unless I can find a way to see what is happening. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From ssilva at sgvwater.com Wed Jul 26 20:57:11 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 26 20:57:54 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7C0DB.3030007@pixelhammer.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B25D.2070503@pixelhammer.com> <44C7B783.20909@ecs.soton.ac.uk> <44C7C0DB.3030007@pixelhammer.com> Message-ID: DAve spake the following on 7/26/2006 12:22 PM: > Julian Field wrote: >> >> >> DAve wrote: >>> Richard Lynch wrote: >>>> Julian Field wrote: >>>>> Richard Lynch wrote: >>>>>> uxbod wrote: >>>>>>> Why not hold the bayes on a RAM partition, and have a cronjob >>>>>>> that periodically backs it up throughout the day so that changes >>>>>>> are not lost if the server crashes ? >>>>>> >>>>>> That would definitely improve things. Seek time in RAM is zero! >>>>>> >>>>>> While monitoring disk I/Os (iostat 1) I was surprised at the high >>>>>> number for bayes. I didn't expect to see it so high. One my >>>>>> systems it was actually higher than the I/O for the mail queues. >>>>> >>>>> That's very interesting. >>>>> >>>>> Most people these days just use 1 big partition for / and nothing >>>>> else. So it won't be available to them. So why is this an >>>>> improvement when /var/spool and /.spamassassin are on the same >>>>> partition? I can see why, if they are on different partitions, >>>>> though you're still relying on the mapping of sector number --> >>>>> physical hard disk location. But if / and /var/spool are on the >>>>> same partition anyway, why would it run any faster? >>>>> >>>> I can't see why it would either. If you're using one large >>>> partition changing the directory structure wouldn't be worth >>>> anything as far as performance goes. In my case they are on >>>> different partitions. >>>> >>>>> I am sorely tempted to say that you have merely cancelled out the >>>>> speed slowdown caused by splitting / and /var onto different >>>>> partitions. If they are both on the same partition anyway, and are >>>>> being written to a lot, they will end up very close to each other >>>>> by virtue of how the filesystem is likely to work. >>>>> >>>>> I think that splitting / and /var slowed your system down. You have >>>>> just cancelled that out. >>>>> >>>>> Thoughts? >>> >>> Maybe I am showing my ignorance but how? I'm not seeing any >>> performance issues myself, just curious. I currently have bayes on >>> one controller/disk pair and the queues on another controller/disk >>> pair. I've always believed that to be about the best you could do. >> >> On a different controller/disk pair you will get better performance as >> you can read/write in parallel. But we were talking about putting the >> whole setup on one disk where you have to read/write one at a time. >> > > I got on board after I sent the message, sorry about that. > >>> >>> Of course it just takes 2 minutes in a terminal if I should move >>> bayes to the same controller/disk as the queues. >>> >>>> >>>> I think you're right. Is it uncommon to have / and /var on >>>> different partitions? The sysadmins here argue for separate >>>> partitions because it lessons the likely hood of the rootfs filling >>>> up. They say that it can hose your system to the point that you >>>> can't even logon to fix it. So, we split / and /var (and others). >>>> I think all of our unix systems are that way. Is this a bad practice? >>>> -- Rich >>> >>> I have always used separate partitions, though others who do as well >>> have told me I am stupid because I use different partitions than they >>> do, everyone has an opinion ;^) >>> >>> I keep separate partitions for the sake of fsck, performance be >>> damned. I've lost data on the far side of a 70gb disk because I had a >>> failure fsck couldn't fix, (SATA drives and a sad story). I've >>> isolated /, /tmp, /var, /usr, /data ever since. I keep websites, >>> backups, ftp directories, mail queues, etc in /data. Depending on the >>> task the server is doing. >> >> That's fair enough, that's your choice. Bad experiences with fsck will >> change your way of working. Personally, I haven't had that trouble, >> and I always have a reliable well-tested tape backup system in place >> to handle that, so it's never bitten me badly. But you are quite >> entitled to your own opinions based on your own experiences, I don't >> think anyone could have a problem with that, except the trolls :o) > > I had a tape once, the drive failed and after three months we never did > get another drive to read the old tapes without errors. Never trusted > tapes much after that. Certainly after HP said "Sometimes that happens, > it's a head alignment issue. Have you tried another old drive?". Now I > backup to a RAID, to each his own. > > I love trolls, and lists that cover mail products attract so many! > Though, oddly enough, this list doesn't... hmmmm... I have to subscribe > to qmail/sendmail/postfix/procmail lists to witness really *good* > flames. What am I to make of that? > > DAve > If you want to see heated discussion, look back to the posts about MailScanner and swap! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mailscanner at ecs.soton.ac.uk Wed Jul 26 21:13:58 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 21:14:09 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C7C7D9.8080906@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <44C10C4D.2080309@pixelhammer.com> <44C7C7D9.8080906@pixelhammer.com> Message-ID: <44C7CD06.2080404@ecs.soton.ac.uk> Can anyone else reproduce this behaviour? I sure can't :-( DAve wrote: > DAve wrote: >> DAve wrote: >>> Good morning, >>> >>> I have just had a user bring to my attention that since I upgraded to >>> 4.54.x we are no longer stopping filenames with double suffixes or >>> banned suffixes. >>> >>> I tried a test and sure enough two files went right through, >>> test.svx.doc and test.scr. I double checked my conf files and >>> everything looks good, mailscanner --lint shows no errors. >>> >>> I haven't changed anything in the conf file except to add MailWatch. >>> I went through the change log and docs and didn't see anything that I >>> thought would affect me. >>> >>> Has there been a change in how the filename.rules.conf files work? >>> >>> Thanks, >>> >>> DAve >>> >> >> Hmm, double checked the filename.rules.conf and filetype.rules.conf >> and they looked fine (yes, tabs not spaces). >> >> Just on a whim I changed the MailScanner.conf to >> Filename Rules = %rules-dir%/user.filename.rules >> #Filename Rules = %etc-dir%/filename.rules.conf >> >> Then created %rules-dir%/user.filename.rules as >> # Default, disallow for all others >> To: default >> /usr/local/etc/MailScanner/filename.deny.rules.conf >> From: default >> /usr/local/etc/MailScanner/filename.deny.rules.conf >> >> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf >> from the install source. >> >> Still test.svx.doc gets through as does test.scr. mailscanner --lint >> still shows no issues. >> >> I tried to run in debug mode but I got no unusual output. So I stopped >> MailScanner and called with the debug switch with no change. Is there >> a way to run in debug and output to the terminal? >> >> DAve >> > > Well, I've tried using full paths in the Filename Rules = , > Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules > > I've tried adding a file suffix to Deny Filenames = > Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$ > > Nothing works, test.scr just flies right through. I'm pretty much left > with reinstall on all my servers unless I can find a way to see what is > happening. > > DAve > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lshaw at emitinc.com Wed Jul 26 21:20:44 2006 From: lshaw at emitinc.com (Logan Shaw) Date: Wed Jul 26 21:21:03 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7C000.6030601@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B3C4.8060807@ecs.soton.ac.uk> <44C7B8DB.1060102@rogers.com> <44C7C000.6030601@ecs.soton.ac.uk> Message-ID: On Wed, 26 Jul 2006, Julian Field wrote: > But you have absolutely no control whatsoever of the mapping from logical > disk block number to physical location on the disk. Who's to say that your > disk doesn't start from the inside and work outwards. You have *absolutely* > no control nor knowledge of how this is laid out. Do they use a complete > platter before the next one, or do they use the platters in turn for each > disk block? You have no way of knowing or controlling this configuration. > Pretending to know how a disk is laid out these days is a total fallacy. Hmm, I have a different understanding about that issue. The way I understand it, in the old days, disks packed the same number of data into a sector regardless of whether it was near the spindle or near the edge of the platter. This made sense because changing the angular velocity of the platter is not even close to feasible and old drives' electronics read at a fixed data rate. Hence, a fixed amount of data would occur within a given change of angle, even though that meant lower linear density on the outside and higher linear density on the inside of the platter. On those old disks, one could really know which head, track, and sector number corresponded to what part of the disk. Then two changes happened. The first change was that the linear density was increased near the outer edge of the platter. This was accomplished not by changing the rotational speed of the platter but by changing the electronics so that they read and write at a data rate (different clock). There is still variation in linear density because there are not that many different clock rates, but the variation is much smaller and thus you can pack more on a disk. The second change was that bad-block remapping can sometimes be done in the disk's on-board controller. So, on to the implications. Both changes make distance from spindle a non-linear function of logical block number. However, as I understand it, the first change makes it non-linear but still leaves it as a non-decreasing function. That is, if block B has a logical block number which is double that of block A, then block B won't be exactly twice as far from the spindle as block A is. BUT, it is still guaranteed to be further away from the spindle (or at least no closer). As for the second change, so few blocks are affected (hopefully!) that the effect is pretty much negligible. To summarize, the way I understand it, the mapping between logical block number and actual location isn't as simple as it used to be, but there still remains a very strong correlation between being far apart in the logical block address space and having high seek times. > With journalling filesystems this is totally irrelevant. They just replay the > log (a matter of milliseconds) and come back up. With one tiny exception: that you're not on an operating system where you've corrupted some important boot files and the boot loader can't understand the journal. Usually the journal replay happens after the kernel is loaded, so if the kernel or other files used early in the boot process are damaged, it could prevent a boot even on a journaled filesystem. Or at least this is the reason Sun gave for a long time for not recommending turning on the journal for the root filesystem. - Logan From campbell at cnpapers.com Wed Jul 26 21:26:10 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Jul 26 21:26:33 2006 Subject: A quick and easy performance improvement References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B25D.2070503@pixelhammer.com> <44C7B783.20909@ecs.soton.ac.uk><44C7C0DB.3030007@pixelhammer.com> Message-ID: <001001c6b0f1$bb737230$0705000a@DDF5DW71> ----- Original Message ----- From: "Scott Silva" To: Sent: Wednesday, July 26, 2006 3:57 PM Subject: Re: A quick and easy performance improvement > DAve spake the following on 7/26/2006 12:22 PM: >> Julian Field wrote: >>> >>> >>> DAve wrote: >>>> Richard Lynch wrote: >>>>> Julian Field wrote: >>>>>> Richard Lynch wrote: >>>>>>> uxbod wrote: >>>>>>>> Why not hold the bayes on a RAM partition, and have a cronjob >>>>>>>> that periodically backs it up throughout the day so that changes >>>>>>>> are not lost if the server crashes ? >>>>>>> >>>>>>> That would definitely improve things. Seek time in RAM is zero! >>>>>>> >>>>>>> While monitoring disk I/Os (iostat 1) I was surprised at the high >>>>>>> number for bayes. I didn't expect to see it so high. One my >>>>>>> systems it was actually higher than the I/O for the mail queues. >>>>>> >>>>>> That's very interesting. >>>>>> >>>>>> Most people these days just use 1 big partition for / and nothing >>>>>> else. So it won't be available to them. So why is this an >>>>>> improvement when /var/spool and /.spamassassin are on the same >>>>>> partition? I can see why, if they are on different partitions, >>>>>> though you're still relying on the mapping of sector number --> >>>>>> physical hard disk location. But if / and /var/spool are on the >>>>>> same partition anyway, why would it run any faster? >>>>>> >>>>> I can't see why it would either. If you're using one large >>>>> partition changing the directory structure wouldn't be worth >>>>> anything as far as performance goes. In my case they are on >>>>> different partitions. >>>>> >>>>>> I am sorely tempted to say that you have merely cancelled out the >>>>>> speed slowdown caused by splitting / and /var onto different >>>>>> partitions. If they are both on the same partition anyway, and are >>>>>> being written to a lot, they will end up very close to each other >>>>>> by virtue of how the filesystem is likely to work. >>>>>> >>>>>> I think that splitting / and /var slowed your system down. You have >>>>>> just cancelled that out. >>>>>> >>>>>> Thoughts? >>>> >>>> Maybe I am showing my ignorance but how? I'm not seeing any >>>> performance issues myself, just curious. I currently have bayes on >>>> one controller/disk pair and the queues on another controller/disk >>>> pair. I've always believed that to be about the best you could do. >>> >>> On a different controller/disk pair you will get better performance as >>> you can read/write in parallel. But we were talking about putting the >>> whole setup on one disk where you have to read/write one at a time. >>> >> >> I got on board after I sent the message, sorry about that. >> >>>> >>>> Of course it just takes 2 minutes in a terminal if I should move >>>> bayes to the same controller/disk as the queues. >>>> >>>>> >>>>> I think you're right. Is it uncommon to have / and /var on >>>>> different partitions? The sysadmins here argue for separate >>>>> partitions because it lessons the likely hood of the rootfs filling >>>>> up. They say that it can hose your system to the point that you >>>>> can't even logon to fix it. So, we split / and /var (and others). >>>>> I think all of our unix systems are that way. Is this a bad practice? >>>>> -- Rich >>>> >>>> I have always used separate partitions, though others who do as well >>>> have told me I am stupid because I use different partitions than they >>>> do, everyone has an opinion ;^) >>>> >>>> I keep separate partitions for the sake of fsck, performance be >>>> damned. I've lost data on the far side of a 70gb disk because I had a >>>> failure fsck couldn't fix, (SATA drives and a sad story). I've >>>> isolated /, /tmp, /var, /usr, /data ever since. I keep websites, >>>> backups, ftp directories, mail queues, etc in /data. Depending on the >>>> task the server is doing. >>> >>> That's fair enough, that's your choice. Bad experiences with fsck will >>> change your way of working. Personally, I haven't had that trouble, >>> and I always have a reliable well-tested tape backup system in place >>> to handle that, so it's never bitten me badly. But you are quite >>> entitled to your own opinions based on your own experiences, I don't >>> think anyone could have a problem with that, except the trolls :o) >> >> I had a tape once, the drive failed and after three months we never did >> get another drive to read the old tapes without errors. Never trusted >> tapes much after that. Certainly after HP said "Sometimes that happens, >> it's a head alignment issue. Have you tried another old drive?". Now I >> backup to a RAID, to each his own. >> >> I love trolls, and lists that cover mail products attract so many! >> Though, oddly enough, this list doesn't... hmmmm... I have to subscribe >> to qmail/sendmail/postfix/procmail lists to witness really *good* >> flames. What am I to make of that? >> >> DAve >> > If you want to see heated discussion, look back to the posts about > MailScanner > and swap! ;-) Did we ever finish that thread? Steve > > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Denis.Beauchemin at USherbrooke.ca Wed Jul 26 21:42:10 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jul 26 21:43:42 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7C000.6030601@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B3C4.8060807@ecs.soton.ac.uk> <44C7B8DB.1060102@rogers.com> <44C7C000.6030601@ecs.soton.ac.uk> Message-ID: <44C7D3A2.80907@USherbrooke.ca> Julian Field a ?crit : >> Separate partitions also allow different mount options, and in the >> event of data loss due to power outages, etc, it is more likely that >> the system will still come up, making it easier for you to restore >> from backup as necessary. > > With journalling filesystems this is totally irrelevant. They just > replay the log (a matter of milliseconds) and come back up. > Unless there hasn't been a check in more than 6 months... then the check is forced at next reboot... not necessarily when you would have liked it... I've had problems with both mailstores in the last 6 months and fsck on 400G partitions with zillions of files takes a lot of time! On our new servers I created 40 10G partitions (easy to manage with Cyrus). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/73c0152c/smime-0001.bin From cparker at swatgear.com Wed Jul 26 21:47:05 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Jul 26 21:47:20 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8F02@ati-ex-02.ati.local> Hello, I've had one user complaining about missing emails. I've done quite a bit of research and at first I didn't think that it was MailScanner's fault and that perhaps it was something to do with the user's Exchange mailbox. But this turns out not to be the case. So what I found in MailScanner's logs was the following: Jul 26 12:35:47 filter sendmail[18495]: k6QJZjmx018495: from=, size=3113, class=0, nrcpts=1, msgid=, proto=SMTP, daemon=MTA, relay=lyris.sunbelt-software.com [64.128.133.151] Jul 26 12:35:47 filter sendmail[18495]: k6QJZjmx018495: to=, delay=00:00:02, mailer=esmtp, pri=33113, stat=queued Jul 26 12:35:56 filter sendmail[18369]: k6QJXqX7018369: from=, size=8126196, class=0, nrcpts=1, msgid=<20060726193329.16524.qmail@web81513.mail.mud.yahoo.com>, proto=SMTP, daemon=MTA, relay=web81513.mail.mud.yahoo.com [68.142.199.33] Jul 26 12:35:56 filter sendmail[18369]: k6QJXqX7018369: to=, delay=00:02:04, mailer=esmtp, pri=8156196, stat=queued Jul 26 12:36:10 filter MailScanner[17767]: New Batch: Scanning 2 messages, 8130378 bytes Jul 26 12:36:10 filter MailScanner[17767]: Spam Checks: Starting Jul 26 12:36:10 filter MailScanner[17767]: Message k6QJZjmx018495 from 64.128.133.151 (bounce-1313649-8033581@lyris.sunbelt-software.com) is whitelisted Jul 26 12:36:18 filter MailScanner[17767]: Virus and Content Scanning: Starting Jul 26 12:36:35 filter MailScanner[17767]: Uninfected: Delivered 2 messages Jul 26 12:36:35 filter MailScanner[17767]: Batch processed in 25.18 seconds Jul 26 12:36:35 filter MailScanner[17767]: Logging message k6QJZjmx018495 to SQL Jul 26 12:36:35 filter MailScanner[17777]: k6QJZjmx018495: Logged to MailWatch SQL Jul 26 12:36:35 filter MailScanner[17767]: Logging message k6QJXqX7018369 to SQL Jul 26 12:36:35 filter MailScanner[17777]: k6QJXqX7018369: Logged to MailWatch SQL Jul 26 12:36:35 filter MailScanner[17767]: "Always Looked Up Last" took 0.03 seconds Jul 26 12:36:36 filter sendmail[18515]: k6QJZjmx018495: to=, delay=00:00:51, xdelay=00:00:01, mailer=esmtp, pri=123113, relay=[10.0.0.6] [10.0.0.6], dsn=2.0.0, stat=Sent ( Queued mail for delivery) As you can see there were two messages that were processed in this batch. One message (k6QJZjmx018495) has a final line that states "Queued mail for delivery". However, the problem email is k6QJXqX7018369. This email NEVER says "Queued mail for delivery". This is strange since it meets all MailScanner checks for spam and content, etc. On top of this I have found this message (k6QJXqX7018369) in the /var/spool/mqueue directory just waiting to be sent. Any ideas what could be causing this? Also, I've just verified that other emails still in the /var/spool/mqueue directory are also missing the line that reads "Queued mail for delivery". Thanks, Chris. From mike at vesol.com Wed Jul 26 21:53:07 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Jul 26 21:53:17 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F02@ati-ex-02.ati.local> Message-ID: Do the emails show up under mailq? Are there corresponding qf/df files for the emails in question? Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris W. Parker > Sent: Wednesday, July 26, 2006 3:47 PM > To: mailscanner@lists.mailscanner.info > Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue > > Hello, > > I've had one user complaining about missing emails. I've done > quite a bit of research and at first I didn't think that it > was MailScanner's fault and that perhaps it was something to > do with the user's Exchange mailbox. But this turns out not > to be the case. > > So what I found in MailScanner's logs was the following: > > Jul 26 12:35:47 filter sendmail[18495]: k6QJZjmx018495: > from=, > size=3113, class=0, nrcpts=1, > msgid= yris.sunbelt-software.com>, proto=SMTP, daemon=MTA, > relay=lyris.sunbelt-software.com [64.128.133.151] Jul 26 > 12:35:47 filter sendmail[18495]: k6QJZjmx018495: > to=, delay=00:00:02, mailer=esmtp, > pri=33113, stat=queued Jul 26 12:35:56 filter > sendmail[18369]: k6QJXqX7018369: > from=, size=8126196, class=0, > nrcpts=1, > msgid=<20060726193329.16524.qmail@web81513.mail.mud.yahoo.com>, > proto=SMTP, daemon=MTA, relay=web81513.mail.mud.yahoo.com > [68.142.199.33] Jul 26 12:35:56 filter sendmail[18369]: > k6QJXqX7018369: > to=, delay=00:02:04, mailer=esmtp, > pri=8156196, stat=queued Jul 26 12:36:10 filter > MailScanner[17767]: New Batch: Scanning 2 messages, 8130378 > bytes Jul 26 12:36:10 filter MailScanner[17767]: Spam Checks: > Starting Jul 26 12:36:10 filter MailScanner[17767]: Message > k6QJZjmx018495 from > 64.128.133.151 > (bounce-1313649-8033581@lyris.sunbelt-software.com) is > whitelisted Jul 26 12:36:18 filter MailScanner[17767]: Virus > and Content Scanning: > Starting > Jul 26 12:36:35 filter MailScanner[17767]: Uninfected: > Delivered 2 messages Jul 26 12:36:35 filter > MailScanner[17767]: Batch processed in 25.18 seconds Jul 26 > 12:36:35 filter MailScanner[17767]: Logging message > k6QJZjmx018495 to SQL > Jul 26 12:36:35 filter MailScanner[17777]: k6QJZjmx018495: > Logged to MailWatch SQL Jul 26 12:36:35 filter > MailScanner[17767]: Logging message > k6QJXqX7018369 to SQL > Jul 26 12:36:35 filter MailScanner[17777]: k6QJXqX7018369: > Logged to MailWatch SQL Jul 26 12:36:35 filter > MailScanner[17767]: "Always Looked Up Last" took > 0.03 seconds > Jul 26 12:36:36 filter sendmail[18515]: k6QJZjmx018495: > to=, delay=00:00:51, xdelay=00:00:01, > mailer=esmtp, pri=123113, relay=[10.0.0.6] [10.0.0.6], > dsn=2.0.0, stat=Sent ( > unbelt-software.com> Queued mail for delivery) > > As you can see there were two messages that were processed in > this batch. One message (k6QJZjmx018495) has a final line > that states "Queued mail for delivery". However, the problem > email is k6QJXqX7018369. This email NEVER says "Queued mail > for delivery". This is strange since it meets all MailScanner > checks for spam and content, etc. On top of this I have found > this message (k6QJXqX7018369) in the /var/spool/mqueue > directory just waiting to be sent. > > > Any ideas what could be causing this? > > Also, I've just verified that other emails still in the > /var/spool/mqueue directory are also missing the line that > reads "Queued mail for delivery". > > > Thanks, > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mike at vesol.com Wed Jul 26 21:53:37 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Jul 26 21:53:42 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F02@ati-ex-02.ati.local> Message-ID: sendmail version and lock type in MailScanner.conf? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris W. Parker > Sent: Wednesday, July 26, 2006 3:47 PM > To: mailscanner@lists.mailscanner.info > Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue > > Hello, > > I've had one user complaining about missing emails. I've done > quite a bit of research and at first I didn't think that it > was MailScanner's fault and that perhaps it was something to > do with the user's Exchange mailbox. But this turns out not > to be the case. > > So what I found in MailScanner's logs was the following: > > Jul 26 12:35:47 filter sendmail[18495]: k6QJZjmx018495: > from=, > size=3113, class=0, nrcpts=1, > msgid= yris.sunbelt-software.com>, proto=SMTP, daemon=MTA, > relay=lyris.sunbelt-software.com [64.128.133.151] Jul 26 > 12:35:47 filter sendmail[18495]: k6QJZjmx018495: > to=, delay=00:00:02, mailer=esmtp, > pri=33113, stat=queued Jul 26 12:35:56 filter > sendmail[18369]: k6QJXqX7018369: > from=, size=8126196, class=0, > nrcpts=1, > msgid=<20060726193329.16524.qmail@web81513.mail.mud.yahoo.com>, > proto=SMTP, daemon=MTA, relay=web81513.mail.mud.yahoo.com > [68.142.199.33] Jul 26 12:35:56 filter sendmail[18369]: > k6QJXqX7018369: > to=, delay=00:02:04, mailer=esmtp, > pri=8156196, stat=queued Jul 26 12:36:10 filter > MailScanner[17767]: New Batch: Scanning 2 messages, 8130378 > bytes Jul 26 12:36:10 filter MailScanner[17767]: Spam Checks: > Starting Jul 26 12:36:10 filter MailScanner[17767]: Message > k6QJZjmx018495 from > 64.128.133.151 > (bounce-1313649-8033581@lyris.sunbelt-software.com) is > whitelisted Jul 26 12:36:18 filter MailScanner[17767]: Virus > and Content Scanning: > Starting > Jul 26 12:36:35 filter MailScanner[17767]: Uninfected: > Delivered 2 messages Jul 26 12:36:35 filter > MailScanner[17767]: Batch processed in 25.18 seconds Jul 26 > 12:36:35 filter MailScanner[17767]: Logging message > k6QJZjmx018495 to SQL > Jul 26 12:36:35 filter MailScanner[17777]: k6QJZjmx018495: > Logged to MailWatch SQL Jul 26 12:36:35 filter > MailScanner[17767]: Logging message > k6QJXqX7018369 to SQL > Jul 26 12:36:35 filter MailScanner[17777]: k6QJXqX7018369: > Logged to MailWatch SQL Jul 26 12:36:35 filter > MailScanner[17767]: "Always Looked Up Last" took > 0.03 seconds > Jul 26 12:36:36 filter sendmail[18515]: k6QJZjmx018495: > to=, delay=00:00:51, xdelay=00:00:01, > mailer=esmtp, pri=123113, relay=[10.0.0.6] [10.0.0.6], > dsn=2.0.0, stat=Sent ( > unbelt-software.com> Queued mail for delivery) > > As you can see there were two messages that were processed in > this batch. One message (k6QJZjmx018495) has a final line > that states "Queued mail for delivery". However, the problem > email is k6QJXqX7018369. This email NEVER says "Queued mail > for delivery". This is strange since it meets all MailScanner > checks for spam and content, etc. On top of this I have found > this message (k6QJXqX7018369) in the /var/spool/mqueue > directory just waiting to be sent. > > > Any ideas what could be causing this? > > Also, I've just verified that other emails still in the > /var/spool/mqueue directory are also missing the line that > reads "Queued mail for delivery". > > > Thanks, > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Wed Jul 26 21:53:47 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jul 26 21:55:15 2006 Subject: A quick and easy performance improvement In-Reply-To: <001001c6b0f1$bb737230$0705000a@DDF5DW71> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B25D.2070503@pixelhammer.com> <44C7B783.20909@ecs.soton.ac.uk><44C7C0DB.3030007@pixelhammer.com> <001001c6b0f1$bb737230$0705000a@DDF5DW71> Message-ID: >> If you want to see heated discussion, look back to the posts about >> MailScanner >> and swap! ;-) > > Did we ever finish that thread? > > Steve >> I think Julian finished it. He kill() ed it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dave.list at pixelhammer.com Wed Jul 26 21:58:03 2006 From: dave.list at pixelhammer.com (DAve) Date: Wed Jul 26 21:58:27 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C7CD06.2080404@ecs.soton.ac.uk> References: <44C0F65D.3070401@pixelhammer.com> <44C10C4D.2080309@pixelhammer.com> <44C7C7D9.8080906@pixelhammer.com> <44C7CD06.2080404@ecs.soton.ac.uk> Message-ID: <44C7D75B.70508@pixelhammer.com> Julian Field wrote: > Can anyone else reproduce this behaviour? > I sure can't :-( I would wager I've done something very stupid. Woods, trees, that whole metaphor thing. For what it's worth, some things are installed, but not showing up in MailScanner -v. MailTools, IO-Stringy, Storable, File-Spec. I am double checking to make sure they did in fact install. bash-2.05b# MailScanner -v Running on FreeBSD avhost2.tls.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 This is Perl version 5.006002 (5.6.2) This is MailScanner version 4.54.6 Module versions are: 1.16 Archive::Zip 1.119 Convert::BinHex 1.03 Fcntl 2.6 File::Basename 2.03 File::Copy 2.00 FileHandle 1.0404 File::Path 0.16 File::Temp 0.68 Filesys::Df 1.35 HTML::Entities 3.54 HTML::Parser 2.37 HTML::TokeParser 1.20 IO 1.08 IO::File 1.121 IO::Pipe 1.74 Mail::Header 3.07 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.07 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.03 POSIX 1.72 Socket 0.01 Sys::Syslog 1.87 Time::HiRes 1.01 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.806 DB_File 1.12 DBD::SQLite 1.50 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001001 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.24 Net::IP 0.57 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.58 Test::Harness 0.62 Test::Simple missing Text::Balanced 1.35 URI bash-2.05b# MailScanner --lint Read 719 hostnames from the phishing whitelist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLHighSpamScores Config: calling custom init function SQLWhitelist Config: calling custom init function SQLBlacklist Config: calling custom init function SQLSpamScores Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav, bitdefender > > DAve wrote: >> DAve wrote: >>> DAve wrote: >>>> Good morning, >>>> >>>> I have just had a user bring to my attention that since I upgraded >>>> to 4.54.x we are no longer stopping filenames with double suffixes >>>> or banned suffixes. >>>> >>>> I tried a test and sure enough two files went right through, >>>> test.svx.doc and test.scr. I double checked my conf files and >>>> everything looks good, mailscanner --lint shows no errors. >>>> >>>> I haven't changed anything in the conf file except to add MailWatch. >>>> I went through the change log and docs and didn't see anything that >>>> I thought would affect me. >>>> >>>> Has there been a change in how the filename.rules.conf files work? >>>> >>>> Thanks, >>>> >>>> DAve >>>> >>> >>> Hmm, double checked the filename.rules.conf and filetype.rules.conf >>> and they looked fine (yes, tabs not spaces). >>> >>> Just on a whim I changed the MailScanner.conf to >>> Filename Rules = %rules-dir%/user.filename.rules >>> #Filename Rules = %etc-dir%/filename.rules.conf >>> >>> Then created %rules-dir%/user.filename.rules as >>> # Default, disallow for all others >>> To: default >>> /usr/local/etc/MailScanner/filename.deny.rules.conf >>> From: default >>> /usr/local/etc/MailScanner/filename.deny.rules.conf >>> >>> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf >>> from the install source. >>> >>> Still test.svx.doc gets through as does test.scr. mailscanner --lint >>> still shows no issues. >>> >>> I tried to run in debug mode but I got no unusual output. So I >>> stopped MailScanner and called with the debug switch with no change. >>> Is there a way to run in debug and output to the terminal? >>> >>> DAve >>> >> >> Well, I've tried using full paths in the Filename Rules = , >> Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules >> >> I've tried adding a file suffix to Deny Filenames = >> Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$ >> >> Nothing works, test.scr just flies right through. I'm pretty much left >> with reinstall on all my servers unless I can find a way to see what >> is happening. >> >> DAve >> > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From cparker at swatgear.com Wed Jul 26 22:06:42 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Jul 26 22:06:55 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8F03@ati-ex-02.ati.local> Mike Kercher on Wednesday, July 26, 2006 1:53 PM said: Sorry about leaving the version numbers out the first time. Here is some output: [root@filter /var/log]# MailScanner -v Running on Linux filter.swatgear.com 2.6.9-11.EL #1 Wed Jun 8 16:59:52 CDT 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.2 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.15 Sendmail 8.13.1 Lock type is blank so I guess that means posix? > Do the emails show up under mailq? Yes they do. (Didn't know about that one.) > Are there corresponding qf/df files for the emails in question? Yes there are. Thanks, Chris. From alex at nkpanama.com Wed Jul 26 22:12:59 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 22:13:14 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7C0DB.3030007@pixelhammer.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B25D.2070503@pixelhammer.com> <44C7B783.20909@ecs.soton.ac.uk> <44C7C0DB.3030007@pixelhammer.com> Message-ID: <44C7DADB.9020600@nkpanama.com> DAve wrote: > > I love trolls, and lists that cover mail products attract so many! > Though, oddly enough, this list doesn't... hmmmm... I have to > subscribe to qmail/sendmail/postfix/procmail lists to witness really > *good* flames. What am I to make of that? > > DAve > Trolls cause swapping. And postfix issues. Or was it the other way around? :-) From mailscanner at ecs.soton.ac.uk Wed Jul 26 22:13:19 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 22:13:34 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7D3A2.80907@USherbrooke.ca> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B3C4.8060807@ecs.soton.ac.uk> <44C7B8DB.1060102@rogers.com> <44C7C000.6030601@ecs.soton.ac.uk> <44C7D3A2.80907@USherbrooke.ca> Message-ID: <44C7DAEF.7010205@ecs.soton.ac.uk> Denis Beauchemin wrote: > Julian Field a ?crit : >>> Separate partitions also allow different mount options, and in the >>> event of data loss due to power outages, etc, it is more likely that >>> the system will still come up, making it easier for you to restore >>> from backup as necessary. >> >> With journalling filesystems this is totally irrelevant. They just >> replay the log (a matter of milliseconds) and come back up. >> > > Unless there hasn't been a check in more than 6 months... then the check > is forced at next reboot... not necessarily when you would have liked it... > > I've had problems with both mailstores in the last 6 months and fsck on > 400G partitions with zillions of files takes a lot of time! On our new > servers I created 40 10G partitions (easy to manage with Cyrus). This is completely dependent on the OS and filesystem. I have 5 Tb on Solaris 10 and it won't ever do a full fsck (at least I'm pretty sure it won't with ZFS). -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From campbell at cnpapers.com Wed Jul 26 22:13:43 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Jul 26 22:13:52 2006 Subject: Wrong lock type error messages Message-ID: <000d01c6b0f8$603b8810$0705000a@DDF5DW71> Another thread caused me to think of this, and I don't recall ever seeing the question asked this way: I have upgraded to 8.13 sendmail using the RPMs from city-fan.org. One of the recently-posted threads reminded me that I hadn't changed my lock type from flock to posix. But I don't see any consequences of not doing this so far. I guess it's possible that the RPMs might have been built to use flock, but I'm not really sure this is an option for sendmail 8.13. What should I be looking for in my maillog to see if this is a problem. The only suspect message is a POP message issued quite frequently about "trying to get a lock on the mailbox". Once in a while, I get df* or qf* orphans in the input queue. This seems to be a normal thing for the df files, but I don't recall seeing qf files before. This does not seem to be an urgent problem, as things are going fairly smoothly. I am using MS 4.52.2-1, and the logs say I am definitely using flock. Thanks for any help. Steve Campbell campbell@cnpapers.com Charleston Newspapers From marc at marcsnet.com Wed Jul 26 22:13:51 2006 From: marc at marcsnet.com (Marc Lucke) Date: Wed Jul 26 22:14:16 2006 Subject: [Repost] Re: won't write sendmail.in.pid Message-ID: <44C7DB0F.4070301@marcsnet.com> I just upgraded to MailScanner-4.54.6-1 using the rpm and following all instructions at the end: service sendmail stop chkconfig sendmail off chkconfig --level 2345 MailScanner on service MailScanner start cd /etc/MailScanner upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf cd /etc/MailScanner/reports/en upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new mv -f languages.conf languages.old mv -f languages.new languages.conf I should have also noted that I had been running MailScanner for a long time with no problem. This problem began "all of a sudden" a couple of days ago. Marc On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: > CPU speed: PIII, 500MHz > Memory: 452MB > Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 > MailScanner version: 4.51.5-1 > MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) > > [blahblah~]# service MailScanner status > Checking MailScanner daemons: > MailScanner: [ OK ] incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' > for reading: No such file or directory > [FAILED] > outgoing sendmail: [ OK ] > > Despite the above, I am receiving email and it is being filtered for spam as normal. /var/run/sendmail.out.pid is written and works fine. /var/run/sendmail.in.pid does not exist at all - whether MailScanner is started or not. INPID is defined as /var/run/sendmail.in.pid as per default. > > What could this be? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Wed Jul 26 22:14:16 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 22:14:32 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B3C4.8060807@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B3C4.8060807@ecs.soton.ac.uk> Message-ID: <44C7DB28.5070809@nkpanama.com> Julian Field wrote: > > I just find it causes more problems than it solves, so long as you set > up your system to maintain itself properly. If you never roll > /var/log/maillog on a MailScanner system then yes, it will get very > large, but set it up properly and keep your logs and quarantines pruned. > > Then why not put /var/log elsewhere, and leave /var on the same disk as the root fs? From mailscanner at ecs.soton.ac.uk Wed Jul 26 22:15:21 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 22:15:31 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F03@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8F03@ati-ex-02.ati.local> Message-ID: <44C7DB69.3090906@ecs.soton.ac.uk> Chris W. Parker wrote: > Mike Kercher > on Wednesday, July 26, 2006 1:53 PM said: > > Sorry about leaving the version numbers out the first time. > > Here is some output: > > [root@filter /var/log]# MailScanner -v > Running on > Linux filter.swatgear.com 2.6.9-11.EL #1 Wed Jun 8 16:59:52 CDT 2005 > i686 i686 i386 GNU/Linux > This is CentOS release 4.2 (Final) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.50.15 > > Sendmail 8.13.1 > > Lock type is blank so I guess that means posix? > >> Do the emails show up under mailq? > > Yes they do. (Didn't know about that one.) > >> Are there corresponding qf/df files for the emails in question? > > Yes there are. In which case the next queue run would have delivered them anyway. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From mike at vesol.com Wed Jul 26 22:17:03 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Jul 26 22:17:12 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F03@ati-ex-02.ati.local> Message-ID: Centos comes with sendmail-8.13.x, so I think you need to specify the posix lock. I may be wrong, but the default lock may be flock. Someone else will surely chime in and correct me if I'm wrong. What does mailq say? Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris W. Parker > Sent: Wednesday, July 26, 2006 4:07 PM > To: MailScanner discussion > Subject: RE: Some mail (up to 7 days old) is stuck in > /var/spool/mqueue > > Mike Kercher > on Wednesday, July 26, 2006 1:53 PM said: > > Sorry about leaving the version numbers out the first time. > > Here is some output: > > [root@filter /var/log]# MailScanner -v > Running on > Linux filter.swatgear.com 2.6.9-11.EL #1 Wed Jun 8 16:59:52 CDT 2005 > i686 i686 i386 GNU/Linux > This is CentOS release 4.2 (Final) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.50.15 > > Sendmail 8.13.1 > > Lock type is blank so I guess that means posix? > > > Do the emails show up under mailq? > > Yes they do. (Didn't know about that one.) > > > Are there corresponding qf/df files for the emails in question? > > Yes there are. > > > Thanks, > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From KGoods at AIAInsurance.com Wed Jul 26 22:16:57 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Jul 26 22:22:52 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8AF3@aiainsurance.com> Chris W. Parker wrote: > Mike Kercher > on Wednesday, July 26, 2006 1:53 PM said: > > Sorry about leaving the version numbers out the first time. > > Here is some output: > > [root@filter /var/log]# MailScanner -v > Running on > Linux filter.swatgear.com 2.6.9-11.EL #1 Wed Jun 8 16:59:52 CDT 2005 > i686 i686 i386 GNU/Linux > This is CentOS release 4.2 (Final) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.50.15 > > Sendmail 8.13.1 > > Lock type is blank so I guess that means posix? > >> Do the emails show up under mailq? > > Yes they do. (Didn't know about that one.) > >> Are there corresponding qf/df files for the emails in question? > > Yes there are. > > > Thanks, > Chris. Try setting Lock Type to posix implicitly... had the same problem a while back and this worked for me. HTH Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From alex at nkpanama.com Wed Jul 26 22:23:03 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 22:23:26 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B8DB.1060102@rogers.com> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B3C4.8060807@ecs.soton.ac.uk> <44C7B8DB.1060102@rogers.com> Message-ID: <44C7DD37.3020103@nkpanama.com> Mike Jakubik wrote: > I don't think thats very true. Most systems that are setup with a > single / partition are done so by the clueless. Separating your > partitions gives you a number of advantage including protection from > disk space starvation, and increased performance when they are > strategically laid out. > I believe the last statement to be somewhat inaccurate. Most systems set up by the clueless are set up not with a single / partition, but with a single C:\ partition ;-) - although, to be honest, I set up 90% of my systems using one big /, one small /boot, and 2x-4x RAM for swap. I *did* acquire a clue some time ago, it isn't much, but it's served me well the past couple of years. > Hard drives can transfer data much more quickly from outer tracks than > they can from inner tracks. To take advantage of this you should try > to pack your smaller file systems and swap closer to the outer tracks, > follow with the larger file systems, and end with the largest file > systems. > Unless you're moving billions of messages per second (I know, I know, I *am* exaggerating), the improvements are marginal. Sounds like when someone asked me the other day what the difference was between, say, a 2Ghz Celeron vs. a 2Ghz P4 on otherwise identical machines. My answer? Your word processor will take 2-3 seconds less to load. Otherwise you won't know the difference. For "ordinary" work, the performance difference can be negligible in many circumstances. > Separate partitions also allow different mount options, and in the > event of data loss due to power outages, etc, it is more likely that > the system will still come up, making it easier for you to restore > from backup as necessary. Of course, you *do* try to keep backups good enough for a bare-metal restore anyways, right? And a rescue cd? There is an expression in Spanish, "cada maestro con su librito", which roughly translates to "every teacher brings his own little book". To each his own, I guess. > > Finally some operating system such as FreeBSD automatically optimize > the layout of files on a file system, depending on how the file system > is being used. So a file system that contains many small files that > are written frequently will have a different optimization to one that > contains fewer, larger files. By having one big file system this > optimization breaks down. > That means it's not automatic, then, right? ;-) > Of course one should always size the partitions according to > requirements. > > Disclaimer: This message is not to be construed as flamebait, trollbait, or disrespect. I'm just trying to contribute my 2c. Now where's that asbestos suit when you need it?... From alex at nkpanama.com Wed Jul 26 22:25:34 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 22:25:48 2006 Subject: A quick and easy performance improvement In-Reply-To: References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AB9C.2030407@mail.wvnet.edu> <44C7B3C4.8060807@ecs.soton.ac.uk> <44C7B8DB.1060102@rogers.com> <44C7C000.6030601@ecs.soton.ac.uk> Message-ID: <44C7DDCE.2010901@nkpanama.com> Logan Shaw wrote: > > With one tiny exception: that you're not on an operating system > where you've corrupted some important boot files and the boot > loader can't understand the journal. Usually the journal > replay happens after the kernel is loaded, so if the kernel > or other files used early in the boot process are damaged, > it could prevent a boot even on a journaled filesystem. > Or at least this is the reason Sun gave for a long time for > not recommending turning on the journal for the root filesystem. > > - Logan I usually keep a couple of copies of the kernel in /boot just in case, along with bash and some other tools. I've only had to use it once or twice in 10 years, but it helps in that situation. From alex at nkpanama.com Wed Jul 26 22:27:54 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 22:28:12 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B4C4.7020402@ecs.soton.ac.uk> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AC94.9010706@nkpanama.com> <44C7B4C4.7020402@ecs.soton.ac.uk> Message-ID: <44C7DE5A.1050606@nkpanama.com> Julian Field wrote: > > a) Make sure you use tmpfs, not a traditional fixed-size ramdisk. > b) It doesn't matter about good hardware or good power. Nothing will > be lost if it gets killed due to sudden reboots or power-cycling. I > made sure of that a very long time ago. You're right. I meant tmpfs. And I also make sure the machine I'm doing the ramdisk on has enough RAM to spare, otherwise it could... CAUSE SWAPPING! ;-) From alex at nkpanama.com Wed Jul 26 22:33:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Jul 26 22:33:53 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7B5B2.4080300@mail.wvnet.edu> References: <44C78895.3090405@mail.wvnet.edu> <0de9d617518cc3bcf429359367da7a54@localhost> <44C79763.1060201@mail.wvnet.edu> <44C7A5D9.2080204@ecs.soton.ac.uk> <44C7AC94.9010706@nkpanama.com> <44C7B5B2.4080300@mail.wvnet.edu> Message-ID: <44C7DFB3.9070909@nkpanama.com> Richard Lynch wrote: > I offered my experiences because I believed (and still do) that it is > common to have / and /var on separate partitions on the same drive. I > also think it is easy to overlook the huge performance penalty with > bayes defaulting to /. Moving bayes to /var was dramatic enough (a 10 > fold reduction in IOWait time) that I believed it was worth sharing > with others who may have the same setup. That's why I posted. > > -- Rich > I know... Please don't take it the wrong way... It's good for people to point these things out, specially for those who will surely be looking for ways to improve their setup in the future. It's just that how you partition your drive is one of those emacs-vs.-vi (I use pico, only because nano is funny about screen refreshes) discussions that stir up valid points and counterpoints about each way of doing things. The good things about these discussions (when they don't degenerate into flamewars) is that you get to see a lot of different ways of doing things, and in turn, discover ways of improving your own ways by incorporating advice from others depending on how it pertains to your particular situation. I know I've learned a thing or two about this topic from watching this thread, and I thank you for starting it. Again, I meant no disrespect. Cheers, From mailscanner at ecs.soton.ac.uk Wed Jul 26 22:52:43 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jul 26 22:52:57 2006 Subject: Wrong lock type error messages In-Reply-To: <000d01c6b0f8$603b8810$0705000a@DDF5DW71> References: <000d01c6b0f8$603b8810$0705000a@DDF5DW71> Message-ID: <44C7E42B.4050709@ecs.soton.ac.uk> Run sendmail -d0.1 -d0.4 -bt Another thread caused me to think of this, and I don't recall ever > seeing the question asked this way: > > I have upgraded to 8.13 sendmail using the RPMs from city-fan.org. One > of the recently-posted threads reminded me that I hadn't changed my lock > type from flock to posix. But I don't see any consequences of not doing > this so far. I guess it's possible that the RPMs might have been built > to use flock, but I'm not really sure this is an option for sendmail 8.13. > > What should I be looking for in my maillog to see if this is a problem. > The only suspect message is a POP message issued quite frequently about > "trying to get a lock on the mailbox". Once in a while, I get df* or qf* > orphans in the input queue. This seems to be a normal thing for the df > files, but I don't recall seeing qf files before. > > This does not seem to be an urgent problem, as things are going fairly > smoothly. I am using MS 4.52.2-1, and the logs say I am definitely using > flock. > > Thanks for any help. > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From cparker at swatgear.com Wed Jul 26 23:37:20 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Jul 26 23:37:34 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8F04@ati-ex-02.ati.local> Ken Goods on Wednesday, July 26, 2006 2:17 PM said: > Try setting Lock Type to posix implicitly... had the same problem a > while back and this worked for me. I've tried it and restarted MailScanner (about 5 mins ago) but I've still got 21 messages in the cue. Chris. From cparker at swatgear.com Wed Jul 26 23:38:29 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Jul 26 23:38:42 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4F01@ati-ex-02.ati.local> Julian Field on Wednesday, July 26, 2006 2:15 PM said: > In which case the next queue run would have delivered them anyway. But the oldest email that is in there is from the 19th. So granted, maybe it WILL come out at some point but 7 days late is too late. :) Chris. From mike at vesol.com Wed Jul 26 23:40:15 2006 From: mike at vesol.com (Mike Kercher) Date: Wed Jul 26 23:40:26 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F04@ati-ex-02.ati.local> Message-ID: try running 'sendmail -q -v' and see what happens. Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris W. Parker > Sent: Wednesday, July 26, 2006 5:37 PM > To: MailScanner discussion > Subject: RE: Some mail (up to 7 days old) is stuck in > /var/spool/mqueue > > Ken Goods > on Wednesday, July 26, 2006 2:17 PM said: > > > Try setting Lock Type to posix implicitly... had the same problem a > > while back and this worked for me. > > I've tried it and restarted MailScanner (about 5 mins ago) > but I've still got 21 messages in the cue. > > > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From cparker at swatgear.com Wed Jul 26 23:42:41 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Jul 26 23:42:54 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4F02@ati-ex-02.ati.local> Mike Kercher on Wednesday, July 26, 2006 2:17 PM said: > What does mailq say? mailq says this: /var/spool/mqueue (21 requests) -----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient----------- k6JIfxwS020007X 629066 Wed Jul 19 11:41 k6OFsrYc027614X 1303 Mon Jul 24 08:54 k6KF8jTP031339X 727037 Thu Jul 20 08:08 k6KF8idL031338X 727037 Thu Jul 20 08:08 k6ONf6b2013846X 1114786 Mon Jul 24 16:41 k6PL68M7029855X 1225273 Tue Jul 25 14:06 k6PMLDFp000499X 1435945 Tue Jul 25 15:21 k6P227Q4019133X 1594532 Mon Jul 24 19:02 k6MMU1Mq018692X 1766901 Sat Jul 22 15:30 k6QLIApv023183X 1850546 Wed Jul 26 14:18 k6KGAq04001663X 2155450 Thu Jul 20 09:10 k6LKaHYh031617X 2306974 Fri Jul 21 13:36 k6PGmhc0018942X 1363 Tue Jul 25 09:48 k6PNZvpF003506X 2657713 Tue Jul 25 16:35 k6QI42gd014685X 2658150 Wed Jul 26 11:04 k6PNAWJr002501X 2665602 Tue Jul 25 16:10 k6KEXxll029607X 2816778 Thu Jul 20 07:34 k6QIs4ln016672X 8124325 Wed Jul 26 11:54 k6QJm8Sd018966X 8125312 Wed Jul 26 12:48 k6QJhDGL018747X 8125302 Wed Jul 26 12:43 k6QJXqX7018369X 8125309 Wed Jul 26 12:33 Total requests: 21 From cparker at swatgear.com Thu Jul 27 00:04:48 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 00:05:18 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4F03@ati-ex-02.ati.local> Mike Kercher on Wednesday, July 26, 2006 3:40 PM said: > try running 'sendmail -q -v' and see what happens. So far nothing. I don't see anything in the log that indicates something has been activated. When I type that and press enter there is no output, it just shows me a new command prompt. It's been a few minutes and mailq still reports stuck mails. (There are now 22.) Thanks, Chris. From ssilva at sgvwater.com Thu Jul 27 00:21:08 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 27 00:21:23 2006 Subject: Wrong lock type error messages In-Reply-To: <000d01c6b0f8$603b8810$0705000a@DDF5DW71> References: <000d01c6b0f8$603b8810$0705000a@DDF5DW71> Message-ID: Steve Campbell spake the following on 7/26/2006 2:13 PM: > Another thread caused me to think of this, and I don't recall ever > seeing the question asked this way: > > I have upgraded to 8.13 sendmail using the RPMs from city-fan.org. One > of the recently-posted threads reminded me that I hadn't changed my lock > type from flock to posix. But I don't see any consequences of not doing > this so far. I guess it's possible that the RPMs might have been built > to use flock, but I'm not really sure this is an option for sendmail 8.13. > > What should I be looking for in my maillog to see if this is a problem. > The only suspect message is a POP message issued quite frequently about > "trying to get a lock on the mailbox". Once in a while, I get df* or qf* > orphans in the input queue. This seems to be a normal thing for the df > files, but I don't recall seeing qf files before. > > This does not seem to be an urgent problem, as things are going fairly > smoothly. I am using MS 4.52.2-1, and the logs say I am definitely using > flock. > It is not IF you will have a problem, it is WHEN will you have a problem. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From derek at adcatanzaro.com Thu Jul 27 02:54:10 2006 From: derek at adcatanzaro.com (derek) Date: Thu Jul 27 02:54:40 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172C4F02@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172C4F02@ati-ex-02.ati.local> Message-ID: <44C81CC2.6050704@adcatanzaro.com> Chris W. Parker wrote: > Mike Kercher > on Wednesday, July 26, 2006 2:17 PM said: > > >> What does mailq say? >> > > mailq says this: > > /var/spool/mqueue (21 requests) > -----Q-ID----- --Size-- -----Q-Time----- > ------------Sender/Recipient----------- > k6JIfxwS020007X 629066 Wed Jul 19 11:41 > > > k6OFsrYc027614X 1303 Mon Jul 24 08:54 > > k6KF8jTP031339X 727037 Thu Jul 20 08:08 > ---snip--- Have you checked /var/spool/mqueue to make sure there is a corresponding "d" and "q" file for the email? for example: take the first email in your mailq results, you should have a file named "d6JIfxwS020007X" and a corresponding "q6JIfxwS020007X" located in /var/spool/mqueue -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cparker at swatgear.com Thu Jul 27 03:48:04 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 03:48:20 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8F05@ati-ex-02.ati.local> Yes. There is are 23 pairs of emails in /var/spool/mqueue (last time I checked a few hours ago). Chris. -----Original Message----- From: derek [mailto:derek@adcatanzaro.com] Sent: Wed 7/26/2006 6:54 PM To: MailScanner discussion Cc: Subject: Re: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Chris W. Parker wrote: > Mike Kercher > on Wednesday, July 26, 2006 2:17 PM said: > > >> What does mailq say? >> > > mailq says this: > > /var/spool/mqueue (21 requests) > -----Q-ID----- --Size-- -----Q-Time----- > ------------Sender/Recipient----------- > k6JIfxwS020007X 629066 Wed Jul 19 11:41 > > > k6OFsrYc027614X 1303 Mon Jul 24 08:54 > > k6KF8jTP031339X 727037 Thu Jul 20 08:08 > ---snip--- Have you checked /var/spool/mqueue to make sure there is a corresponding "d" and "q" file for the email? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 2983 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/6d2ed552/attachment-0001.bin From mike at vesol.com Thu Jul 27 04:31:23 2006 From: mike at vesol.com (Mike Kercher) Date: Thu Jul 27 04:31:32 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F05@ati-ex-02.ati.local> Message-ID: What would happen if you change your lock to posix, stop MailScanner, COPY the qf/df pairs to /var/spool/mqueue.in and restart MailScanner? Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris W. Parker > Sent: Wednesday, July 26, 2006 9:48 PM > To: MailScanner discussion > Subject: RE: Some mail (up to 7 days old) is stuck in > /var/spool/mqueue > > Yes. There is are 23 pairs of emails in /var/spool/mqueue > (last time I checked a few hours ago). > > > Chris. > > > -----Original Message----- > From: derek [mailto:derek@adcatanzaro.com] > Sent: Wed 7/26/2006 6:54 PM > To: MailScanner discussion > Cc: > Subject: Re: Some mail (up to 7 days old) is stuck in > /var/spool/mqueue > > Chris W. Parker wrote: > > Mike Kercher > > on Wednesday, July 26, 2006 2:17 PM said: > > > > > >> What does mailq say? > >> > > > > mailq says this: > > > > /var/spool/mqueue (21 requests) > > -----Q-ID----- --Size-- -----Q-Time----- > > ------------Sender/Recipient----------- > > k6JIfxwS020007X 629066 Wed Jul 19 11:41 > > > > > > k6OFsrYc027614X 1303 Mon Jul 24 08:54 > > > k6KF8jTP031339X > > 727037 Thu Jul 20 08:08 > > > ---snip--- > > Have you checked /var/spool/mqueue to make sure there is a > corresponding "d" and "q" file for the email? > From cparker at swatgear.com Thu Jul 27 04:52:36 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 04:52:51 2006 Subject: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8F06@ati-ex-02.ati.local> Tried that. They move right back into /var/spool/mqueue. I've also tried turning off MS and then starting only sendmail (as well as moving the messages). Same effect. Chris. -----Original Message----- From: Mike Kercher [mailto:mike@vesol.com] Sent: Wed 7/26/2006 8:31 PM To: MailScanner discussion Cc: Subject: RE: Some mail (up to 7 days old) is stuck in /var/spool/mqueue What would happen if you change your lock to posix, stop MailScanner, COPY the qf/df pairs to /var/spool/mqueue.in and restart MailScanner? Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris W. Parker > Sent: Wednesday, July 26, 2006 9:48 PM > To: MailScanner discussion > Subject: RE: Some mail (up to 7 days old) is stuck in > /var/spool/mqueue > > Yes. There is are 23 pairs of emails in /var/spool/mqueue > (last time I checked a few hours ago). > > > Chris. > > > -----Original Message----- > From: derek [mailto:derek@adcatanzaro.com] > Sent: Wed 7/26/2006 6:54 PM > To: MailScanner discussion > Cc: > Subject: Re: Some mail (up to 7 days old) is stuck in > /var/spool/mqueue > > Chris W. Parker wrote: > > Mike Kercher > > on Wednesday, July 26, 2006 2:17 PM said: > > > > > >> What does mailq say? > >> > > > > mailq says this: > > > > /var/spool/mqueue (21 requests) > > -----Q-ID----- --Size-- -----Q-Time----- > > ------------Sender/Recipient----------- > > k6JIfxwS020007X 629066 Wed Jul 19 11:41 > > > > > > k6OFsrYc027614X 1303 Mon Jul 24 08:54 > > > k6KF8jTP031339X > > 727037 Thu Jul 20 08:08 > > > ---snip--- > > Have you checked /var/spool/mqueue to make sure there is a > corresponding "d" and "q" file for the email? > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3499 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060726/30af7dc5/attachment.bin From chrisgreen at hotmail.com Thu Jul 27 07:10:08 2006 From: chrisgreen at hotmail.com (Chris Green) Date: Thu Jul 27 07:10:14 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C7DFB3.9070909@nkpanama.com> Message-ID: >Richard Lynch wrote: >>I offered my experiences because I believed (and still do) that it is >>common to have / and /var on separate partitions on the same drive. I >>also think it is easy to overlook the huge performance penalty with bayes >>defaulting to /. Moving bayes to /var was dramatic enough (a 10 fold >>reduction in IOWait time) that I believed it was worth sharing with others >>who may have the same setup. That's why I posted. >> >>-- Rich >> >I know... Please don't take it the wrong way... It's good for people to >point these things out, specially for those who will surely be looking for >ways to improve their setup in the future. It's just that how you partition >your drive is one of those emacs-vs.-vi (I use pico, only because nano is >funny about screen refreshes) discussions that stir up valid points and >counterpoints about each way of doing things. > >The good things about these discussions (when they don't degenerate into >flamewars) is that you get to see a lot of different ways of doing things, >and in turn, discover ways of improving your own ways by incorporating >advice from others depending on how it pertains to your particular >situation. > >I know I've learned a thing or two about this topic from watching this >thread, and I thank you for starting it. Again, I meant no disrespect. > Hi Alex - I couldn't agree more, this has been one of the most enlightening threads I've seen. Missed the one about swap though, will slip into my kevlar suit and go dig it out of the archives! Was that a 'quick and easy' one too? From carinus.carelse at mrc.ac.za Thu Jul 27 07:57:23 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Thu Jul 27 08:04:05 2006 Subject: Email Aliases Reporting Enhancement request (Repost I think) Message-ID: An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/7cbb255a/attachment.html From martinh at solid-state-logic.com Thu Jul 27 09:21:14 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 27 09:26:00 2006 Subject: [Fwd: ANNOUNCE: Apache SpamAssassin 3.1.4 available!] Message-ID: <44C8777A.8010700@solid-state-logic.com> FYI -------- Original Message -------- Subject: ANNOUNCE: Apache SpamAssassin 3.1.4 available! Date: Wed, 26 Jul 2006 20:00:06 -0400 From: Theo Van Dinter To: Spamassassin Users List , Spamassassin Devel List , Spamassassin Announcements List Apache SpamAssassin 3.1.4 is now available! This is a maintainance release of the 3.1.x branch. Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200607261000 The release file will also be available via CPAN in the near future. md5sum of archive files: c620b0a20791999a8f8091b0888e0195 Mail-SpamAssassin-3.1.4.tar.bz2 6259d1b1c5ce34c37596fc262c0b9663 Mail-SpamAssassin-3.1.4.tar.gz d5b0c02b77b6936beac056bdfa846bbd Mail-SpamAssassin-3.1.4.zip sha1sum of archive files: c764e94a4666c9bcb30b0540183b71e8edef6bb9 Mail-SpamAssassin-3.1.4.tar.bz2 df88c2e27c1c8ede60a1b967443a3b16cc74cd9f Mail-SpamAssassin-3.1.4.tar.gz c524dd619e36a13e86bb14091039613c34b187b4 Mail-SpamAssassin-3.1.4.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B 3.1.4 includes a large number of bug fixes and documentation updates. Here is an abbreviated changelog (since 3.1.3) for major updates (see the Changes file for a complete list): - bug 4941: if the first sa-update run failed and wasn't re-run to successful completion, the local state directory would exist, and therefore SA sees no rules. now, wait as long as possible to create the directory, and try to remove it on failure. - bug 4997: increase module version requirements for Archive::Tar to 1.23 and IO::Zlib to 1.04 - bug 4966: fix major BSMTP bug, which rendered SA unusable with exim4 when BSMTP is used. - bug 4899: Windows had issues with single quotes around filenames so certain things like pyzor, etc, wouldn't function. - bug 4958: sa-update should work on Windows - bug 4908: gtube.t test failed in non-english locales - bug 4488: deal with potential memory leak due to Bayes and BayesStore circular references - bug 4862: update macro values in update channels (ie: @@CONTACT_ADDRESS@@) -- Randomly Generated Tagline: "I'm a programmer: I don't buy software, I write it." - Tom Christiansen -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -------------- next part -------------- A non-text attachment was scrubbed... Name: file:///C|/DOCUME~1/MARTINH/LOCALS~1/TEMP/nsmail.tmp Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/01fbb102/nsmail.bin From garry at glendown.de Thu Jul 27 09:58:24 2006 From: garry at glendown.de (Garry Glendown) Date: Thu Jul 27 09:57:59 2006 Subject: Rise in Viagra spam Message-ID: <44C88030.1080201@glendown.de> Hi, over the last couple days we've had a pretty drastic increase in Viagra spam ... I have some (older) antidrug-cf and several Rules Du Jour configs running, but scores are (though just barely) too low ... here's a sample: --- VlljAGRA from 3 , 35 $ AMjBlIEN CIjALIlS from 3 , 75 $ VAjLIlUM from 1 , 25 $ --- It has an ASCII and HTML version included, and also sports a piece of random text from some literature ... spam scores usually look like this: X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=4.05, benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14, HTML_50_60 0.13, HTML_MESSAGE 0.00, URIBL_SBL 1.64, URIBL_WS_SURBL 2.14) though some have scored BAYES_60 ... (I already ran a couple dozen of the spam mails through sa-learn, but that has not increased bayes enough ...) Anybody have a suggestion as to another Rules Du Jour set or something? Thanks, -gg From rgreen at trayerproducts.com Thu Jul 27 12:47:57 2006 From: rgreen at trayerproducts.com (Green, Rodney) Date: Thu Jul 27 12:48:43 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C76E82.3070407@mail.wvnet.edu> References: <44C76E82.3070407@mail.wvnet.edu> Message-ID: <44C8A7ED.3000708@trayerproducts.com> Hello, I've set the bayes_path option in spam.assassin.prefs.conf, moving the bayes files to a ramdisk When I run sa-learn --sync to merge the journal into the database it doesn't find the files in their new location. I have to add the --dbpath flag to get it to work. Also, when I run spamassassin --lint -D to check things out, it looks for the bayes files in their old location /root/.spamassassin/. I did stop MS before moving and reconfiguring the bayes path. Anyone know what might be wrong? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From a.peacock at chime.ucl.ac.uk Thu Jul 27 13:33:02 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Jul 27 13:33:19 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C8A7ED.3000708@trayerproducts.com> References: <44C76E82.3070407@mail.wvnet.edu> <44C8A7ED.3000708@trayerproducts.com> Message-ID: <44C8B27E.30504@chime.ucl.ac.uk> Hi, You need to tell the SpamAssassin command line tools to read your spam.assassin.prefs.conf file. something like: sa-learn --sync -p /opt/MailScanner/etc/spam.assassin.prefs.conf or spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf Green, Rodney wrote: > > > Hello, > > I've set the bayes_path option in spam.assassin.prefs.conf, moving the > bayes files to a ramdisk When I run sa-learn --sync to merge the journal > into the database it doesn't > find the files in their new location. I have to add the --dbpath flag to > get it to work. Also, when I run spamassassin --lint -D to check things > out, it looks for the bayes files > in their old location /root/.spamassassin/. I did stop MS before moving > and reconfiguring the bayes path. Anyone know what might be wrong? > > Thanks, > Rod > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From daniel.maher at ubisoft.com Thu Jul 27 13:37:52 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Thu Jul 27 13:37:54 2006 Subject: Rise in Viagra spam Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D01D@UBIMAIL1.ubisoft.org> I added the following SA rules to help with those: header BADVIAGRA01 Subject =~ /.*\sV.*AGRA.*/ score BADVIAGRA01 10 describe BADVIAGRA01 Banned "viagra" subject (01) header BADVIAGRA02 Subject =~ /.*\sV.*AGGRA.*/ score BADVIAGRA02 10 describe BADVIAGRA02 Banned "viagra" subject (02) header BADVIAGRA03 Subject =~ /R[eE]:\s.*V.*AGRA.*/ score BADVIAGRA03 10 describe BADVIAGRA03 Banned "viagra" subject (03) I haven't received any un-tagged spam of the sort since. -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry Glendown Sent: Thursday, July 27, 2006 4:58 AM To: MailScanner discussion Subject: Rise in Viagra spam Hi, over the last couple days we've had a pretty drastic increase in Viagra spam ... I have some (older) antidrug-cf and several Rules Du Jour configs running, but scores are (though just barely) too low ... here's a sample: --- VlljAGRA from 3 , 35 $ AMjBlIEN CIjALIlS from 3 , 75 $ VAjLIlUM from 1 , 25 $ --- It has an ASCII and HTML version included, and also sports a piece of random text from some literature ... spam scores usually look like this: X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=4.05, benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14, HTML_50_60 0.13, HTML_MESSAGE 0.00, URIBL_SBL 1.64, URIBL_WS_SURBL 2.14) though some have scored BAYES_60 ... (I already ran a couple dozen of the spam mails through sa-learn, but that has not increased bayes enough ...) Anybody have a suggestion as to another Rules Du Jour set or something? Thanks, -gg -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Thu Jul 27 13:49:46 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 27 13:50:06 2006 Subject: Rise in Viagra spam In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D01D@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D01D@UBIMAIL1.ubisoft.org> Message-ID: <44C8B66A.5010806@solid-state-logic.com> Daniel Maher wrote: > I added the following SA rules to help with those: > > header BADVIAGRA01 Subject =~ /.*\sV.*AGRA.*/ > score BADVIAGRA01 10 > describe BADVIAGRA01 Banned "viagra" subject (01) > > header BADVIAGRA02 Subject =~ /.*\sV.*AGGRA.*/ > score BADVIAGRA02 10 > describe BADVIAGRA02 Banned "viagra" subject (02) > > header BADVIAGRA03 Subject =~ /R[eE]:\s.*V.*AGRA.*/ > score BADVIAGRA03 10 > describe BADVIAGRA03 Banned "viagra" subject (03) > > I haven't received any un-tagged spam of the sort since. > > -- > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > Sentio aliquos togatos contra me conspirare. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry Glendown > Sent: Thursday, July 27, 2006 4:58 AM > To: MailScanner discussion > Subject: Rise in Viagra spam > > Hi, > > over the last couple days we've had a pretty drastic increase in Viagra > spam ... I have some (older) antidrug-cf and several Rules Du Jour > configs running, but scores are (though just barely) too low ... here's > a sample: > > --- > VlljAGRA from 3 , 35 $ > AMjBlIEN > CIjALIlS from 3 , 75 $ > VAjLIlUM from 1 , 25 $ > --- > > It has an ASCII and HTML version included, and also sports a piece of > random text from some literature ... spam scores usually look like this: > > X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=4.05, > benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14, HTML_50_60 0.13, > HTML_MESSAGE 0.00, URIBL_SBL 1.64, URIBL_WS_SURBL 2.14) > > though some have scored BAYES_60 ... (I already ran a couple dozen of > the spam mails through sa-learn, but that has not increased bayes enough > ...) > > Anybody have a suggestion as to another Rules Du Jour set or something? > > Thanks, -gg I find this SARE rule very good http://www.rulesemporium.com/rules/70_sare_obfu.cf -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rgreen at trayerproducts.com Thu Jul 27 13:53:54 2006 From: rgreen at trayerproducts.com (Green, Rodney) Date: Thu Jul 27 13:54:39 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C8B27E.30504@chime.ucl.ac.uk> References: <44C76E82.3070407@mail.wvnet.edu> <44C8A7ED.3000708@trayerproducts.com> <44C8B27E.30504@chime.ucl.ac.uk> Message-ID: <44C8B762.5090201@trayerproducts.com> Anthony Peacock wrote: > Hi, > > You need to tell the SpamAssassin command line tools to read your > spam.assassin.prefs.conf file. something like: > > sa-learn --sync -p /opt/MailScanner/etc/spam.assassin.prefs.conf > > or > > spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf Thanks Anthony. That works fine. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Phil.Udel at salemcorp.com Thu Jul 27 14:04:42 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Thu Jul 27 14:04:51 2006 Subject: Problem with CSV Files Message-ID: <200607271309.k6RD9lvE005989@cat.salemcarriers.com> I had something interesting reported to me today. I looked in the Archives but could not find a reference to the problem. When we email a CSV attachment the file is altered, the CRLF Hex(0d0a) is converted into just a LF Hex (0a) . I can up the file up in Excel but when we try and import it into the outlook contact list we get an error that whines about it not being a CSV. Has anyone seen this before. I upgraded a lot at once on the mail server so not sure if it MS, SA, or a Perl Mod. RH 8.0 MS 4.54.6-1 SA 3.1.3 MailWatch 1.0.3 Sendmail 8.12 Phillip Udel Senior Systems Administrator Admin@SalemCorp.com (800) 877-2536 Ext 212 Rules To Live By: 1) On the keyboard of life, always keep one finger on the escape key. 2) There are absolutely no absolutes. 3) Artificial Intelligence is no match for natural stupidity 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not Truth -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Phil Udel.vcf Type: text/x-vcard Size: 445 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/053598e1/PhilUdel.vcf From dyioulos at firstbhph.com Thu Jul 27 14:11:32 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Jul 27 14:11:37 2006 Subject: Rise in Viagra spam In-Reply-To: <44C8B66A.5010806@solid-state-logic.com> References: <1E293D3FF63A3740B10AD5AAD88535D20226D01D@UBIMAIL1.ubisoft.org> <44C8B66A.5010806@solid-state-logic.com> Message-ID: <200607270911.32955.dyioulos@firstbhph.com> On Thursday July 27 2006 8:49 am, Martin Hepworth wrote: > Daniel Maher wrote: > > I added the following SA rules to help with those: > > > > header BADVIAGRA01 Subject =~ /.*\sV.*AGRA.*/ > > score BADVIAGRA01 10 > > describe BADVIAGRA01 Banned "viagra" subject (01) > > > > header BADVIAGRA02 Subject =~ /.*\sV.*AGGRA.*/ > > score BADVIAGRA02 10 > > describe BADVIAGRA02 Banned "viagra" subject (02) > > > > header BADVIAGRA03 Subject =~ /R[eE]:\s.*V.*AGRA.*/ > > score BADVIAGRA03 10 > > describe BADVIAGRA03 Banned "viagra" subject (03) > > > > I haven't received any un-tagged spam of the sort since. > > > > -- > > _ > > ?v? Daniel Maher > > /(_)\ Administrateur Syst?me Unix > > ^ ^ Unix System Administrator > > > > Sentio aliquos togatos contra me conspirare. > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Garry Glendown Sent: Thursday, July 27, 2006 4:58 AM > > To: MailScanner discussion > > Subject: Rise in Viagra spam > > > > Hi, > > > > over the last couple days we've had a pretty drastic increase in > > Viagra spam ... I have some (older) antidrug-cf and several Rules > > Du Jour configs running, but scores are (though just barely) too > > low ... here's a sample: > > > > --- > > VlljAGRA from 3 , 35 $ > > AMjBlIEN > > CIjALIlS from 3 , 75 $ > > VAjLIlUM from 1 , 25 $ > > --- > > > > It has an ASCII and HTML version included, and also sports a > > piece of random text from some literature ... spam scores usually > > look like this: > > > > X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin > > (Wertung=4.05, benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14, > > HTML_50_60 0.13, HTML_MESSAGE 0.00, URIBL_SBL 1.64, > > URIBL_WS_SURBL 2.14) > > > > though some have scored BAYES_60 ... (I already ran a couple > > dozen of the spam mails through sa-learn, but that has not > > increased bayes enough ...) > > > > Anybody have a suggestion as to another Rules Du Jour set or > > something? > > > > Thanks, -gg > > I find this SARE rule very good > > http://www.rulesemporium.com/rules/70_sare_obfu.cf > > -- Martin, I have this rule in my setup, but it doesn't seem to tag much obfuscated spam, although our server receives its share of that type. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From daniel.maher at ubisoft.com Thu Jul 27 14:15:16 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Thu Jul 27 14:15:20 2006 Subject: [OT] ldap integration Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D020@UBIMAIL1.ubisoft.org> Hi all, This is remarkably off-topic for the list, and I'm sorry for bringing it up, but I'm at my technical-wit's end here, and any help would be good at this point. I am trying to set up OpenLDAP to act as a caching proxy between Postfix and my Active Directory server. Slapd proxies just fine, but I can't get it to cache the results at all. I'll say no more on the topic. If anybody has ever done something like this, I would very much appreciate a response - preferably off-list, since this has nothing to do with MailScanner. Again, I apologise for this off-topic post. The OpenLDAP mailing list is remarkably not helpful - and you folks just seem much more friendly... :) -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/cf41c0b8/attachment.html From jgolden at ci.grand-rapids.mi.us Thu Jul 27 14:20:07 2006 From: jgolden at ci.grand-rapids.mi.us (Golden, James) Date: Thu Jul 27 14:23:20 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C7D75B.70508@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> Message-ID: <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> I'm pretty new to this MailScanner stuff, so this may be too simple. So please excuse me. What about the file permissions on your filename.rules.conf or filetype.rules.conf? One other thought is your max or minimum size for attachments setting in the Mailscanner.conf file? On Wed, 2006-07-26 at 16:58 -0400, DAve wrote: > Julian Field wrote: > > Can anyone else reproduce this behaviour? > > I sure can't :-( > > I would wager I've done something very stupid. Woods, trees, that whole > metaphor thing. > > For what it's worth, some things are installed, but not showing up in > MailScanner -v. MailTools, IO-Stringy, Storable, File-Spec. I am double > checking to make sure they did in fact install. > > bash-2.05b# MailScanner -v > Running on > FreeBSD avhost2.tls.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb > 23 20:45:55 GMT 2004 > root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 > This is Perl version 5.006002 (5.6.2) > > This is MailScanner version 4.54.6 > Module versions are: > 1.16 Archive::Zip > 1.119 Convert::BinHex > 1.03 Fcntl > 2.6 File::Basename > 2.03 File::Copy > 2.00 FileHandle > 1.0404 File::Path > 0.16 File::Temp > 0.68 Filesys::Df > 1.35 HTML::Entities > 3.54 HTML::Parser > 2.37 HTML::TokeParser > 1.20 IO > 1.08 IO::File > 1.121 IO::Pipe > 1.74 Mail::Header > 3.07 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.07 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.03 POSIX > 1.72 Socket > 0.01 Sys::Syslog > 1.87 Time::HiRes > 1.01 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.806 DB_File > 1.12 DBD::SQLite > 1.50 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001001 Mail::SpamAssassin > 1.999001 Mail::SPF::Query > 0.20 Net::CIDR::Lite > 1.24 Net::IP > 0.57 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.58 Test::Harness > 0.62 Test::Simple > missing Text::Balanced > 1.35 URI > > > bash-2.05b# MailScanner --lint > Read 719 hostnames from the phishing whitelist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLHighSpamScores > Config: calling custom init function SQLWhitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function SQLSpamScores > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav, bitdefender > > > > > > > > DAve wrote: > >> DAve wrote: > >>> DAve wrote: > >>>> Good morning, > >>>> > >>>> I have just had a user bring to my attention that since I upgraded > >>>> to 4.54.x we are no longer stopping filenames with double suffixes > >>>> or banned suffixes. > >>>> > >>>> I tried a test and sure enough two files went right through, > >>>> test.svx.doc and test.scr. I double checked my conf files and > >>>> everything looks good, mailscanner --lint shows no errors. > >>>> > >>>> I haven't changed anything in the conf file except to add MailWatch. > >>>> I went through the change log and docs and didn't see anything that > >>>> I thought would affect me. > >>>> > >>>> Has there been a change in how the filename.rules.conf files work? > >>>> > >>>> Thanks, > >>>> > >>>> DAve > >>>> > >>> > >>> Hmm, double checked the filename.rules.conf and filetype.rules.conf > >>> and they looked fine (yes, tabs not spaces). > >>> > >>> Just on a whim I changed the MailScanner.conf to > >>> Filename Rules = %rules-dir%/user.filename.rules > >>> #Filename Rules = %etc-dir%/filename.rules.conf > >>> > >>> Then created %rules-dir%/user.filename.rules as > >>> # Default, disallow for all others > >>> To: default > >>> /usr/local/etc/MailScanner/filename.deny.rules.conf > >>> From: default > >>> /usr/local/etc/MailScanner/filename.deny.rules.conf > >>> > >>> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf > >>> from the install source. > >>> > >>> Still test.svx.doc gets through as does test.scr. mailscanner --lint > >>> still shows no issues. > >>> > >>> I tried to run in debug mode but I got no unusual output. So I > >>> stopped MailScanner and called with the debug switch with no change. > >>> Is there a way to run in debug and output to the terminal? > >>> > >>> DAve > >>> > >> > >> Well, I've tried using full paths in the Filename Rules = , > >> Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules > >> > >> I've tried adding a file suffix to Deny Filenames = > >> Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$ > >> > >> Nothing works, test.scr just flies right through. I'm pretty much left > >> with reinstall on all my servers unless I can find a way to see what > >> is happening. > >> > >> DAve > >> > > > > > -- > Three years now I've asked Google why they don't have a > logo change for Memorial Day. Why do they choose to do logos > for other non-international holidays, but nothing for > Veterans? > > Maybe they forgot who made that choice possible. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/b7333587/attachment.html From rthrush at winbeam.com Thu Jul 27 14:20:40 2006 From: rthrush at winbeam.com (Raymond H Thrush II) Date: Thu Jul 27 14:26:01 2006 Subject: Some mail (up to 7 days old) is stuck in Message-ID: <44C8BDA8.7000100@winbeam.com> I have had this happen occasionally, just write a small script to clean the ques on demand ie, after an upgrade, or a forced shutdown or crash. You need to check all the ques not just mqueue. Here is my lame fix I use for such situations. I have not had success getting Mailscanner to start back up from the bash script so you have to restart it manually. Raymond H Thrush II que_check.sh -------------------------------------------------------------------------- #!/bin/sh # Small script to dump que directory listings into three temp files then # parse each file and do a ls | wc comparison to find and remove orphan # email files stuck in the que's # RHT 2006 # Stop Mailscanner echo " Stopping MailScanner!!! " /etc/init.d/MailScanner stop # create temp files ls /raid/spool/mqueue.in > mqueue.in.temp ls /raid/spool/mqueue > mqueue.temp ls /raid/spool/mqueue.out > mqueue.out.temp # set and clear variables tdf=0 temptest=0 # start first check mqueue.in cat mqueue.in.temp | grep df | awk -F'df' '{print $2}' | while read tdf do # echo $tdf temptest=`ls /raid/spool/mqueue.in/*$tdf | wc -l` # echo $temptest if( `test "$temptest" -lt 2` ); then rm /raid/spool/mqueue.in/*$tdf echo "removed /raid/spool/mqueue.in/*$tdf" else continue fi done # set and clear variables tdf=0 temptest=0 # start second check mqueue cat mqueue.temp | grep df | awk -F'df' '{print $2}' | while read tdf do # echo $tdf temptest=`ls /raid/spool/mqueue/*$tdf | wc -l` # echo $temptest if( `test "$temptest" -lt 2` ); then rm /raid/spool/mqueue/*$tdf echo "removed /raid/spool/mqueue/*$tdf" else continue fi done # set and clear variables tdf=0 temptest=0 # start third check mqueue.out cat mqueue.out.temp | grep df | awk -F'df' '{print $2}' | while read tdf do # echo $tdf temptest=`ls /raid/spool/mqueue.out/*$tdf | wc -l` # echo $temptest if( `test "$temptest" -lt 2` ); then rm /raid/spool/mqueue.out/*$tdf echo "removed /raid/spool/mqueue.out/*$tdf" else continue fi done echo "Don't Forget to /etc/init.d/MailScanner start" ------------------------------------------------------------------------ > Tried that. They move right back into /var/spool/mqueue. I've also > tried turning off MS and then starting only sendmail (as well as > moving the messages). Same effect. > > > Chris. > > > -----Original Message----- > From: Mike Kercher [mailto:mike@vesol.com] > Sent: Wed 7/26/2006 8:31 PM > To: MailScanner discussion > Cc: > Subject: RE: Some mail (up to 7 days old) is stuck in > /var/spool/mqueue > > What would happen if you change your lock to posix, stop MailScanner, > COPY the qf/df pairs to /var/spool/mqueue.in and restart MailScanner? > > Mike > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > Of Chris W. Parker > > > Sent: Wednesday, July 26, 2006 9:48 PM > > > To: MailScanner discussion > > > Subject: RE: Some mail (up to 7 days old) is stuck in > > > /var/spool/mqueue > > > > > > Yes. There is are 23 pairs of emails in /var/spool/mqueue > > > (last time I checked a few hours ago). > > > > > > > > > Chris. > > > > > > > > > -----Original Message----- > > > From: derek [mailto:derek@adcatanzaro.com] > > > Sent: Wed 7/26/2006 6:54 PM > > > To: MailScanner discussion > > > Cc: > > > Subject: Re: Some mail (up to 7 days old) is stuck in > > > /var/spool/mqueue > > > > > > Chris W. Parker wrote: > >> > > Mike Kercher > >> > > on Wednesday, July 26, 2006 2:17 PM said: > >> > > > >> > > > >>> > >> What does mailq say? > >>> > >> > >> > > > >> > > mailq says this: > >> > > > >> > > /var/spool/mqueue (21 requests) > >> > > -----Q-ID----- --Size-- -----Q-Time----- > >> > > ------------Sender/Recipient----------- > >> > > k6JIfxwS020007X 629066 Wed Jul 19 11:41 > >> > > > >> > > > >> > > k6OFsrYc027614X 1303 Mon Jul 24 08:54 > >> > > > > > k6KF8jTP031339X > >> > > 727037 Thu Jul 20 08:08 > >> > > > > > ---snip--- > > > > > > Have you checked /var/spool/mqueue to make sure there is a > > > corresponding "d" and "q" file for the email? > > > From rob at robhq.com Thu Jul 27 14:49:27 2006 From: rob at robhq.com (rob freeman) Date: Thu Jul 27 14:35:21 2006 Subject: MailScanner not seeing AVG 7 installed Message-ID: <17564121.1154008167236.JavaMail.root@gollum.robhq.com> CentOS 4.2 running MailScanner 4.53.8. Installed avglinux-7.1-23_avi0672.rpm on the machine and I am able to run avgscan ok: [root@bouncy ~]# avgscan AVG7 Anti-Virus command line scanner Copyright (c) 2006 GRISOFT, s.r.o. Program version 7.1.28, engine 386 Virus Database: Version 268.10.4/401 2006-07-26 License type is FULL for SERVER. Expiration day: 29. 8. 2007 MailScanner though does not seem to know it is available. When I run a MailScanner --lint I get this: MailScanner.conf says "Virus Scanners = bitdefender avg f-prot clamav" Found these virus scanners installed: bitdefender, f-prot, clamavmodule [root@bouncy MailScanner]# find / -name avgscan /opt/grisoft/avg7/var/update/backup/avgscan /opt/grisoft/avg7/bin/avgscan /usr/bin/avgscan I see in the virus.scanners.conf it is looking at /usr/local for avg: avg /usr/lib/MailScanner/avg-wrapper /usr/local Is it ok to change this and will upgrades to newer versions of MailScanner wipe this out? Thanks in advance. Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/e24964f6/attachment.html From marc at marcsnet.com Thu Jul 27 15:07:52 2006 From: marc at marcsnet.com (Marc Lucke) Date: Thu Jul 27 15:08:18 2006 Subject: [Repost] Re: won't write sendmail.in.pid In-Reply-To: <44C7DB0F.4070301@marcsnet.com> References: <44C7DB0F.4070301@marcsnet.com> Message-ID: <44C8C8B8.2010504@marcsnet.com> Hasn't anyone got any suggestions :-( Marc Lucke wrote: > I just upgraded to MailScanner-4.54.6-1 using the rpm and following all > instructions at the end: > > service sendmail stop > chkconfig sendmail off > chkconfig --level 2345 MailScanner on > service MailScanner start > > cd /etc/MailScanner > upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > > MailScanner.new > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > > cd /etc/MailScanner/reports/en > upgrade_languages_conf languages.conf languages.conf.rpmnew > > languages.new mv -f languages.conf languages.old > mv -f languages.new languages.conf > > I should have also noted that I had been running MailScanner for a long > time with no problem. This problem began "all of a sudden" a couple of > days ago. > > > Marc > > On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: >> CPU speed: PIII, 500MHz >> Memory: 452MB >> Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 >> MailScanner version: 4.51.5-1 >> MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) >> >> [blahblah~]# service MailScanner status >> Checking MailScanner daemons: >> MailScanner: [ OK ] > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' >> for reading: No such file or directory >> [FAILED] >> outgoing sendmail: [ OK ] >> >> Despite the above, I am receiving email and it is being filtered for > spam as normal. /var/run/sendmail.out.pid is written and works fine. > /var/run/sendmail.in.pid does not exist at all - whether MailScanner is > started or not. INPID is defined as /var/run/sendmail.in.pid as per > default. >> >> What could this be? >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > From Phil.Udel at salemcorp.com Thu Jul 27 15:28:54 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Thu Jul 27 15:29:15 2006 Subject: [Repost] Re: won't write sendmail.in.pid In-Reply-To: <44C8C8B8.2010504@marcsnet.com> Message-ID: <200607271434.k6REXxvE018438@cat.salemcarriers.com> You could try creating a new one. touch /var/run/sendmail.in.pid then match the permissions with the out file. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marc Lucke Sent: Thursday, July 27, 2006 9:08 AM To: MailScanner discussion Subject: Re: [Repost] Re: won't write sendmail.in.pid Hasn't anyone got any suggestions :-( Marc Lucke wrote: > I just upgraded to MailScanner-4.54.6-1 using the rpm and following all > instructions at the end: > > service sendmail stop > chkconfig sendmail off > chkconfig --level 2345 MailScanner on > service MailScanner start > > cd /etc/MailScanner > upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > > MailScanner.new > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > > cd /etc/MailScanner/reports/en > upgrade_languages_conf languages.conf languages.conf.rpmnew > > languages.new mv -f languages.conf languages.old > mv -f languages.new languages.conf > > I should have also noted that I had been running MailScanner for a long > time with no problem. This problem began "all of a sudden" a couple of > days ago. > > > Marc > > On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: >> CPU speed: PIII, 500MHz >> Memory: 452MB >> Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 >> MailScanner version: 4.51.5-1 >> MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) >> >> [blahblah~]# service MailScanner status >> Checking MailScanner daemons: >> MailScanner: [ OK ] > incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' >> for reading: No such file or directory >> [FAILED] >> outgoing sendmail: [ OK ] >> >> Despite the above, I am receiving email and it is being filtered for > spam as normal. /var/run/sendmail.out.pid is written and works fine. > /var/run/sendmail.in.pid does not exist at all - whether MailScanner is > started or not. INPID is defined as /var/run/sendmail.in.pid as per > default. >> >> What could this be? >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bpumphrey at WoodMacLaw.com Thu Jul 27 16:16:19 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Jul 27 16:16:23 2006 Subject: Image spam Message-ID: <04D932B0071FE34FA63EBB1977B48D15016F9B11@woodenex.woodmaclaw.local> I have not seen any talk about the image spam that is going on. I am guessing that it has not been a problem. Sophos reports that "mage spam accounts for over 35 percent of all spam seen today". http://s579.link.sophos.com/dozjul06?pl_id=9 Any thoughts or added rules that people have done to combat this? From gmatt at nerc.ac.uk Thu Jul 27 16:18:37 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jul 27 16:18:59 2006 Subject: Problem with CSV Files In-Reply-To: <200607271309.k6RD9lvE005989@cat.salemcarriers.com> References: <200607271309.k6RD9lvE005989@cat.salemcarriers.com> Message-ID: <44C8D94D.4030208@nerc.ac.uk> Phillip Udel wrote: > I had something interesting reported to me today. I looked in the Archives > but could not find a reference to the problem. When we email a CSV > attachment the file is altered, the CRLF Hex(0d0a) is converted into just a > LF Hex (0a) . I can up the file up in Excel but when we try and import it > into the outlook contact list we get an error that whines about it not being > a CSV. Has anyone seen this before. I upgraded a lot at once on the mail > server so not sure if it MS, SA, or a Perl Mod. are you using the signature facility? There is a bug in Perl which appears to be triggered by adding a signature. This was mentioned months ago but no-one seems able to fix it (looks like a hard/deep problem). GREG > > RH 8.0 > MS 4.54.6-1 > SA 3.1.3 > MailWatch 1.0.3 > Sendmail 8.12 > > > Phillip Udel > Senior Systems Administrator > Admin@SalemCorp.com > (800) 877-2536 Ext 212 > Rules To Live By: > 1) On the keyboard of life, always keep one finger on the escape key. > 2) There are absolutely no absolutes. > 3) Artificial Intelligence is no match for natural stupidity > 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not > Truth > > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From bbecken at aafp.org Thu Jul 27 16:24:06 2006 From: bbecken at aafp.org (Brad Beckenhauer) Date: Thu Jul 27 16:24:44 2006 Subject: Using Environment variables in configuration settings Message-ID: <44C8942F.D87E.0068.3@aafp.org> Hello, Using MS 4.54.6 on Centos 4.3 I'm trying to use an environment variable in the X-settings without success. I want to strip off the HOST from the $HOSTNAME and use the results in the X-tag. But it appears that I cannot even use $HOSTNAME in the X-tags. How can I get just the host portion of $HOSTANME in the "X-" header? Desired: X-mx2-SpamCheck: where mx2 is extracted from $HOSTNAME thanks From bpumphrey at WoodMacLaw.com Thu Jul 27 16:27:41 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Jul 27 16:27:48 2006 Subject: Setting MailScanner not to block certain emails because of attachments Message-ID: <04D932B0071FE34FA63EBB1977B48D15016F9B28@woodenex.woodmaclaw.local> I thought that I had this setup correctly, but obviously I am not doing something correct. --- In my MailScanner.conf I have: Filename Rules = %rules-dir%/filenames.rules --- In filenames.rules I have: # Thiss is the file that is configured for the rules in the # /etc/MailScanner.conf file # FromOrTo: default /etc/MailScanner/filename.rules.conf From: 127.0.0.1 /etc/MailScanner/rules/quarantine.release.rules.conf --- In my filename.rules.conf I have not changed anything in there --- In my quarantine.release.rules.conf I have: allow - - - - Is it obvious what I have done wrong to set the rule setup? The process that I am doing. I am releasing emails from MailWatch that got quarintined because of the file attachment. It either used to work or it works on some things and not the other. Thank you for your support. Billy Pumphrey http://www.billypumphrey.com From martinh at solid-state-logic.com Thu Jul 27 16:33:39 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 27 16:33:49 2006 Subject: Image spam In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15016F9B11@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15016F9B11@woodenex.woodmaclaw.local> Message-ID: <44C8DCD3.4030109@solid-state-logic.com> Billy A. Pumphrey wrote: > I have not seen any talk about the image spam that is going on. I am > guessing that it has not been a problem. Sophos reports that "mage spam > accounts for over 35 percent of all spam seen today". > http://s579.link.sophos.com/dozjul06?pl_id=9 > > Any thoughts or added rules that people have done to combat this? > > Billy I find the SARE rules and the URI-RBLS tend to get most of this (<1% getting through) -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From cparker at swatgear.com Thu Jul 27 16:37:16 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 16:37:30 2006 Subject: Some mail (up to 7 days old) is stuck in Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4F05@ati-ex-02.ati.local> Raymond H Thrush II on Thursday, July 27, 2006 6:21 AM said: > I have had this happen occasionally, just write a small script to > clean the ques on demand ie, after an upgrade, or a forced shutdown > or crash. "clean the ques"? I don't understand what your script is doing (even after reading the short summary at the top of it). Could you please explain more detail? Thanks, Chris. From alex at nkpanama.com Thu Jul 27 16:46:23 2006 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jul 27 16:46:35 2006 Subject: A quick and easy performance improvement In-Reply-To: References: Message-ID: <44C8DFCF.50202@nkpanama.com> Chris Green escribi?: >> > Hi Alex - I couldn't agree more, this has been one of the most > enlightening threads I've seen. Missed the one about swap though, will > slip into my kevlar suit and go dig it out of the archives! Was that a > 'quick and easy' one too? > > Oh, sure. Search for "mailscanner causes swapping". It's loads of fun. A friend of mine (not on the list) read through the thread and said something like "water is wet, film at 11!", and another compared it to the statistics about how dihydrogen monoxide kills a lot of people every year, yet we find it in everyday foods. For more info check out http://en.wikipedia.org/wiki/DHMO ... :-) From ka at pacific.net Thu Jul 27 17:26:46 2006 From: ka at pacific.net (Ken A) Date: Thu Jul 27 17:26:01 2006 Subject: [Repost] Re: won't write sendmail.in.pid In-Reply-To: <44C8C8B8.2010504@marcsnet.com> References: <44C7DB0F.4070301@marcsnet.com> <44C8C8B8.2010504@marcsnet.com> Message-ID: <44C8E946.1070703@pacific.net> This is a known (regression) bug in sendmail 8.13.7 http://sendmail.org/releases/8.13.7.html We've reverted to 8.13.6, which doesn't have this trouble. Ken Pacific.Net Marc Lucke wrote: > Hasn't anyone got any suggestions :-( > > Marc Lucke wrote: >> I just upgraded to MailScanner-4.54.6-1 using the rpm and following all >> instructions at the end: >> >> service sendmail stop >> chkconfig sendmail off >> chkconfig --level 2345 MailScanner on >> service MailScanner start >> >> cd /etc/MailScanner >> upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > >> MailScanner.new >> mv -f MailScanner.conf MailScanner.old >> mv -f MailScanner.new MailScanner.conf >> >> cd /etc/MailScanner/reports/en >> upgrade_languages_conf languages.conf languages.conf.rpmnew > >> languages.new mv -f languages.conf languages.old >> mv -f languages.new languages.conf >> >> I should have also noted that I had been running MailScanner for a long >> time with no problem. This problem began "all of a sudden" a couple of >> days ago. >> >> >> Marc >> >> On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: >>> CPU speed: PIII, 500MHz >>> Memory: 452MB >>> Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 >>> MailScanner version: 4.51.5-1 >>> MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) >>> >>> [blahblah~]# service MailScanner status >>> Checking MailScanner daemons: >>> MailScanner: [ OK ] >> incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' >>> for reading: No such file or directory >>> [FAILED] >>> outgoing sendmail: [ OK ] >>> >>> Despite the above, I am receiving email and it is being filtered for >> spam as normal. /var/run/sendmail.out.pid is written and works fine. >> /var/run/sendmail.in.pid does not exist at all - whether MailScanner is >> started or not. INPID is defined as /var/run/sendmail.in.pid as per >> default. >>> >>> What could this be? >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> From bpumphrey at WoodMacLaw.com Thu Jul 27 17:31:31 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Jul 27 17:31:39 2006 Subject: Image spam In-Reply-To: <44C8DCD3.4030109@solid-state-logic.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D15016F9B6D@woodenex.woodmaclaw.local> > > Billy A. Pumphrey wrote: > > I have not seen any talk about the image spam that is going > on. I am > > guessing that it has not been a problem. Sophos reports that "mage > > spam accounts for over 35 percent of all spam seen today". > > http://s579.link.sophos.com/dozjul06?pl_id=9 > > > > Any thoughts or added rules that people have done to combat this? > > > > > Billy > > I find the SARE rules and the URI-RBLS tend to get most of > this (<1% getting through) > > > -- > Martin Hepworth > Senior Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > I have had only one person prompt me about these emails. I have MailWatch but I don't really know how to see how much of the image spam that it is catching and letting through (other than just looking at each email). How are you able to get your statistics so that I can do the same? Thank you From martinh at solid-state-logic.com Thu Jul 27 17:49:14 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Jul 27 17:49:31 2006 Subject: Image spam In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15016F9B6D@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15016F9B6D@woodenex.woodmaclaw.local> Message-ID: <44C8EE8A.7020807@solid-state-logic.com> Billy A. Pumphrey wrote: >> Billy A. Pumphrey wrote: >>> I have not seen any talk about the image spam that is going >> on. I am >>> guessing that it has not been a problem. Sophos reports that "mage >>> spam accounts for over 35 percent of all spam seen today". >>> http://s579.link.sophos.com/dozjul06?pl_id=9 >>> >>> Any thoughts or added rules that people have done to combat this? >>> >>> >> Billy >> >> I find the SARE rules and the URI-RBLS tend to get most of >> this (<1% getting through) >> >> >> -- >> Martin Hepworth >> Senior Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> > > I have had only one person prompt me about these emails. I have > MailWatch but I don't really know how to see how much of the image spam > that it is catching and letting through (other than just looking at each > email). How are you able to get your statistics so that I can do the > same? > > Thank you What I see in my shared imap folder that it used for sa-learn. If people see spam that got through they drop it into the shared spam folder - same for ham. I normally presuse/clean this every few days... -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rthrush at winbeam.com Thu Jul 27 17:56:30 2006 From: rthrush at winbeam.com (Raymond H Thrush II) Date: Thu Jul 27 18:01:51 2006 Subject: Some mail (up to 7 days old) is stuck in In-Reply-To: <200607271635.k6RGZEBP026446@bkserver.blacknight.ie> References: <200607271635.k6RGZEBP026446@bkserver.blacknight.ie> Message-ID: <44C8F03E.3050702@winbeam.com> Basically, The script first stops MailScanner then does a ls of each que dir mqueue, mqueue.in mqueue.out, it then dumps those dir lists into a text files. Then I do comparisons of the contents looking for missing qf or df files, if it finds a part missing it deletes the file from the que dir. it also lists the parts deleted to stout. Once all three text files are checked it then reminds you to /etc/init.d/MailScanner start simply put it checks all que's then removes any unmatched qf and df files. Raymond H Thrush II > I have had this happen occasionally, just write a small script to > clean the ques on demand ie, after an upgrade, or a forced shutdown > or crash. > "clean the ques"? I don't understand what your script is doing (even after reading the short summary at the top of it). Could you please explain more detail? Thanks, Chris. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/91a60b83/attachment.html From cparker at swatgear.com Thu Jul 27 18:09:42 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 18:09:55 2006 Subject: Some mail (up to 7 days old) is stuck in Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4F0C@ati-ex-02.ati.local> Raymond H Thrush II on Thursday, July 27, 2006 9:57 AM said: > simply put it checks all que's then removes any unmatched qf and df > files. Ahh I see. But actually my queue has all matching pairs. There are no orphans(?). Thanks, Chris. From dave.list at pixelhammer.com Thu Jul 27 18:14:19 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Jul 27 18:14:32 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> References: <44C0F65D.3070401@pixelhammer.com> <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: <44C8F46B.9090005@pixelhammer.com> Golden, James wrote: > I'm pretty new to this MailScanner stuff, so this may be too simple. So > please excuse me. What about the file permissions on your > filename.rules.conf or filetype.rules.conf? I am in no position to question anyone's suggestions ;^) bash-2.05b# ls -la total 388 dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 . drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 .. drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS -rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes -r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf -rw-r--r-- 1 root cvs 197 Jul 21 12:59 filename.allow.rules.conf -rw-r--r-- 1 root cvs 6851 Jul 21 12:51 filename.deny.rules.conf -rw-r--r-- 1 root cvs 929 Jul 21 13:01 filetype.allow.rules.conf -rw-r--r-- 1 root cvs 921 Jul 21 12:51 filetype.deny.rules.conf dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp -r--r--r-- 1 root wheel 14618 Jun 4 13:27 phishing.safe.sites.conf drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules -rw-r--r-- 1 root cvs 9692 Jul 21 16:15 spam.assassin.prefs.conf -r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf -r--r--r-- 1 root wheel 2969 Jun 4 13:27 spam.lists.conf.sample -rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf bash-2.05b# ls -la rules total 40 dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 . dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .. drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS -r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES -r--r--r-- 1 root wheel 2964 Jun 4 13:27 README -rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules -rw-r--r-- 1 root cvs 1743 Jun 6 18:40 highscore.delivery.rules -rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules -rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules -rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules -rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules -rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules -rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules -rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules -rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules -rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules -rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules > > One other thought is your max or minimum size for attachments setting in > the Mailscanner.conf file? I'm testing with a 76k text file named test.scr and a copy named test.sxw.doc. Maximum Message Size = 0 Maximum Attachment Size = -1 Minimum Attachment Size = -1 Should be no checking going on (I do RBLs, size checking, max recipients on the MTA). I would be perfectly willing to post any and all conf files online for viewing. DAve > > On Wed, 2006-07-26 at 16:58 -0400, DAve wrote: > >> Julian Field wrote: >>> Can anyone else reproduce this behaviour? >>> I sure can't :-( >> I would wager I've done something very stupid. Woods, trees, that whole >> metaphor thing. >> >> For what it's worth, some things are installed, but not showing up in >> MailScanner -v. MailTools, IO-Stringy, Storable, File-Spec. I am double >> checking to make sure they did in fact install. >> >> bash-2.05b# MailScanner -v >> Running on >> FreeBSD avhost2.tls.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb >> 23 20:45:55 GMT 2004 >> root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 >> This is Perl version 5.006002 (5.6.2) >> >> This is MailScanner version 4.54.6 >> Module versions are: >> 1.16 Archive::Zip >> 1.119 Convert::BinHex >> 1.03 Fcntl >> 2.6 File::Basename >> 2.03 File::Copy >> 2.00 FileHandle >> 1.0404 File::Path >> 0.16 File::Temp >> 0.68 Filesys::Df >> 1.35 HTML::Entities >> 3.54 HTML::Parser >> 2.37 HTML::TokeParser >> 1.20 IO >> 1.08 IO::File >> 1.121 IO::Pipe >> 1.74 Mail::Header >> 3.07 MIME::Base64 >> 5.420 MIME::Decoder >> 5.420 MIME::Decoder::UU >> 5.420 MIME::Head >> 5.420 MIME::Parser >> 3.07 MIME::QuotedPrint >> 5.420 MIME::Tools >> 0.11 Net::CIDR >> 1.03 POSIX >> 1.72 Socket >> 0.01 Sys::Syslog >> 1.87 Time::HiRes >> 1.01 Time::localtime >> >> Optional module versions are: >> 0.17 Convert::TNEF >> 1.806 DB_File >> 1.12 DBD::SQLite >> 1.50 DBI >> 1.15 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> missing Inline >> missing Mail::ClamAV >> 3.001001 Mail::SpamAssassin >> 1.999001 Mail::SPF::Query >> 0.20 Net::CIDR::Lite >> 1.24 Net::IP >> 0.57 Net::DNS >> missing Net::LDAP >> missing Parse::RecDescent >> missing SAVI >> 1.4 Sys::Hostname::Long >> 2.58 Test::Harness >> 0.62 Test::Simple >> missing Text::Balanced >> 1.35 URI >> >> >> bash-2.05b# MailScanner --lint >> Read 719 hostnames from the phishing whitelist >> Config: calling custom init function MailWatchLogging >> Config: calling custom init function SQLHighSpamScores >> Config: calling custom init function SQLWhitelist >> Config: calling custom init function SQLBlacklist >> Config: calling custom init function SQLSpamScores >> Checking for SpamAssassin errors (if you use it)... >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> SpamAssassin reported no errors. >> >> MailScanner.conf says "Virus Scanners = clamav" >> Found these virus scanners installed: clamav, bitdefender >> >> >> >> >>> DAve wrote: >>>> DAve wrote: >>>>> DAve wrote: >>>>>> Good morning, >>>>>> >>>>>> I have just had a user bring to my attention that since I upgraded >>>>>> to 4.54.x we are no longer stopping filenames with double suffixes >>>>>> or banned suffixes. >>>>>> >>>>>> I tried a test and sure enough two files went right through, >>>>>> test.svx.doc and test.scr. I double checked my conf files and >>>>>> everything looks good, mailscanner --lint shows no errors. >>>>>> >>>>>> I haven't changed anything in the conf file except to add MailWatch. >>>>>> I went through the change log and docs and didn't see anything that >>>>>> I thought would affect me. >>>>>> >>>>>> Has there been a change in how the filename.rules.conf files work? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> DAve >>>>>> >>>>> Hmm, double checked the filename.rules.conf and filetype.rules.conf >>>>> and they looked fine (yes, tabs not spaces). >>>>> >>>>> Just on a whim I changed the MailScanner.conf to >>>>> Filename Rules = %rules-dir%/user.filename.rules >>>>> #Filename Rules = %etc-dir%/filename.rules.conf >>>>> >>>>> Then created %rules-dir%/user.filename.rules as >>>>> # Default, disallow for all others >>>>> To: default >>>>> /usr/local/etc/MailScanner/filename.deny.rules.conf >>>>> From: default >>>>> /usr/local/etc/MailScanner/filename.deny.rules.conf >>>>> >>>>> And filename.deny.rules.conf is a copy of a fresh filename.rules.conf >>>>> from the install source. >>>>> >>>>> Still test.svx.doc gets through as does test.scr. mailscanner --lint >>>>> still shows no issues. >>>>> >>>>> I tried to run in debug mode but I got no unusual output. So I >>>>> stopped MailScanner and called with the debug switch with no change. >>>>> Is there a way to run in debug and output to the terminal? >>>>> >>>>> DAve >>>>> >>>> Well, I've tried using full paths in the Filename Rules = , >>>> Filename Rules = /usr/local/etc/MailScanner/rules/user.filename.rules >>>> >>>> I've tried adding a file suffix to Deny Filenames = >>>> Deny Filenames = \.scr$ \.com$ \.pif$ \.exe$ \.cab$ \.ico$ >>>> >>>> Nothing works, test.scr just flies right through. I'm pretty much left >>>> with reinstall on all my servers unless I can find a way to see what >>>> is happening. >>>> >>>> DAve >>>> >> >> -- >> Three years now I've asked Google why they don't have a >> logo change for Memorial Day. Why do they choose to do logos >> for other non-international holidays, but nothing for >> Veterans? >> >> Maybe they forgot who made that choice possible. > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From Phil.Udel at salemcorp.com Thu Jul 27 18:46:21 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Thu Jul 27 18:46:31 2006 Subject: Problem with CSV Files In-Reply-To: <44C8D94D.4030208@nerc.ac.uk> Message-ID: <200607271751.k6RHpRZW012925@cat.salemcarriers.com> Good Call. Thanks Changed Sign Clean Messages to no and that fixed the problem -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Greg Matthews Sent: Thursday, July 27, 2006 10:19 AM To: MailScanner discussion Subject: Re: Problem with CSV Files Phillip Udel wrote: > I had something interesting reported to me today. I looked in the Archives > but could not find a reference to the problem. When we email a CSV > attachment the file is altered, the CRLF Hex(0d0a) is converted into just a > LF Hex (0a) . I can up the file up in Excel but when we try and import it > into the outlook contact list we get an error that whines about it not being > a CSV. Has anyone seen this before. I upgraded a lot at once on the mail > server so not sure if it MS, SA, or a Perl Mod. are you using the signature facility? There is a bug in Perl which appears to be triggered by adding a signature. This was mentioned months ago but no-one seems able to fix it (looks like a hard/deep problem). GREG > > RH 8.0 > MS 4.54.6-1 > SA 3.1.3 > MailWatch 1.0.3 > Sendmail 8.12 > > > Phillip Udel > Senior Systems Administrator > Admin@SalemCorp.com > (800) 877-2536 Ext 212 > Rules To Live By: > 1) On the keyboard of life, always keep one finger on the escape key. > 2) There are absolutely no absolutes. > 3) Artificial Intelligence is no match for natural stupidity > 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not > Truth > > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cparker at swatgear.com Thu Jul 27 19:43:04 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 19:43:17 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in /var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> Thanks to everyone who participated in this discussion and tried to help. At this point I've managed to get the mails out of the queue and to their recipients. Some of you may remember about a thread I started on July 19th (hint hint) called "'I/O error on connection' problem. MailScanner related?". In that thread Julian suggested that I adjust the sendmail QueueLA to something greater than the norm of 8. I thought, "Why increase the number? Instead I'll just temporarily set this to unlimited." So I put a 0 for QueueLA and RefuseLA. I saw another option a few lines down that says: # load average at which we delay connections; 0 means no limit #O DelayLA=0 So I took this to mean that 0 could be put in for all the ***LA values. I'm not sure if I was wrong or not with this assumption but this change is apparently what caused the problem. While looking at the heart-pounding, gut-wrenching, ever growing output of 'mailq' I noticed that each of the message IDs had an X at the end. So I went to the man page to hopefully find out what that meant. While reading I noticed: "... The status characters are either * to indicate the job is being processed; X to indicate that the load is too high to process the job; and - to indicate that the job is too young to process." Aha! Load average. So I stopped MailScanner, went back into sendmail.cf and changed the 0 values back to their original values, moved all the queued messages back into mqueue.in and then restarted MailScanner. While watching maillog with tail -f I noticed that one of the message IDs I was familiar with finally had a line that said "Queued mail for delivery". Great! After a few minutes of repeatedly executing mailq I noticed that as the queue filled up, it also started to be cleaned out. Phew! So for all of us in the future (although this problem is probably pretty rare) if you see someone's output from mailq and all their messages have an X at the end of the message ID, it's probably a good idea to look at the machines load average and possibly adjust the settings in sendmail.cf. Unfortunately though having had this experience I'm afraid to say that I will probably be moving away from MailScanner and going to an all Exchange solution. I attribute this to a high learning curve and a very beginner Linux admin. It's also a second Linux box that I have to keep track of and maintain and one is enough already (web server) for someone like me! :) Anyway, this community is easily one of the best I've ever participated in and I'm glad to have gotten used to some of your names. I haven't been able to contribute much but I've definitely had a lot of questions answered. :) Chris. From ssilva at sgvwater.com Thu Jul 27 19:45:47 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 27 19:46:28 2006 Subject: A quick and easy performance improvement In-Reply-To: <44C8DFCF.50202@nkpanama.com> References: <44C8DFCF.50202@nkpanama.com> Message-ID: Alex Neuman spake the following on 7/27/2006 8:46 AM: > Chris Green escribi?: >>> >> Hi Alex - I couldn't agree more, this has been one of the most >> enlightening threads I've seen. Missed the one about swap though, will >> slip into my kevlar suit and go dig it out of the archives! Was that a >> 'quick and easy' one too? >> >> > Oh, sure. Search for "mailscanner causes swapping". It's loads of fun. A > friend of mine (not on the list) read through the thread and said > something like "water is wet, film at 11!", and another compared it to > the statistics about how dihydrogen monoxide kills a lot of people every > year, yet we find it in everyday foods. > > For more info check out http://en.wikipedia.org/wiki/DHMO ... :-) If you mix it with a little scotch, it seems to be even more dangerous, but you won't care as much! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From naolson at gmail.com Thu Jul 27 19:51:34 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jul 27 19:51:44 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> Message-ID: <8f54b4330607271151i5882a88fx69591baf868ec801@mail.gmail.com> Don't edit sendmail.cf directly. Edit sendmail.mc. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/e10c3f69/attachment.html From dave.list at pixelhammer.com Thu Jul 27 20:01:35 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Jul 27 20:01:43 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> Message-ID: <44C90D8F.4040003@pixelhammer.com> Chris W. Parker wrote: > Unfortunately though having had this experience I'm afraid to say that I > will probably be moving away from MailScanner and going to an all > Exchange solution. I attribute this to a high learning curve and a very > beginner Linux admin. It's also a second Linux box that I have to keep > track of and maintain and one is enough already (web server) for someone > like me! :) > I manage Windows, Solaris, Linux, and FreeBSD servers. They all have their place, but IMO Windows in not a Mail Server. You may find yourself coming back. You just climbed the mountain and slayed the Beast. Don't be so quick to give up, you are a lot less of a beginner now than you were a week ago. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From cparker at swatgear.com Thu Jul 27 20:01:57 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 20:02:12 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in/var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172C4F11@ati-ex-02.ati.local> How does this help me? -----Original Message----- From: Nathan Olson [mailto:naolson@gmail.com] Sent: Thursday, July 27, 2006 11:52 AM To: MailScanner discussion Subject: Re: SOLVED: RE: Some mail (up to 7 days old) is stuck in/var/spool/mqueue Don't edit sendmail.cf directly. Edit sendmail.mc. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/42f0f59c/attachment.html From ssilva at sgvwater.com Thu Jul 27 20:05:54 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 27 20:06:28 2006 Subject: Rise in Viagra spam In-Reply-To: <44C88030.1080201@glendown.de> References: <44C88030.1080201@glendown.de> Message-ID: Garry Glendown spake the following on 7/27/2006 1:58 AM: > Hi, > > over the last couple days we've had a pretty drastic increase in Viagra > spam ... I have some (older) antidrug-cf and several Rules Du Jour > configs running, but scores are (though just barely) too low ... here's > a sample: > > --- > VlljAGRA from 3 , 35 $ > AMjBlIEN > CIjALIlS from 3 , 75 $ > VAjLIlUM from 1 , 25 $ > --- > > It has an ASCII and HTML version included, and also sports a piece of > random text from some literature ... spam scores usually look like this: > > X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=4.05, > benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14, HTML_50_60 0.13, > HTML_MESSAGE 0.00, URIBL_SBL 1.64, URIBL_WS_SURBL 2.14) > > though some have scored BAYES_60 ... (I already ran a couple dozen of > the spam mails through sa-learn, but that has not increased bayes enough > ...) > > Anybody have a suggestion as to another Rules Du Jour set or something? > > Thanks, -gg I don't think you should be running antidrug with spamassassin 3.0.0 or better. Most of it was included, and adding that .cf messes with the scoring. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From naolson at gmail.com Thu Jul 27 20:11:04 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jul 27 20:11:13 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in/var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172C4F11@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172C4F11@ati-ex-02.ati.local> Message-ID: <8f54b4330607271211k117a9fa2sf0a26e76cd8f1b8e@mail.gmail.com> The .mc file contains m4 macros. The .mc file is much simpler to update and understand. The .cf file is generated from the .mc file. Editing the .cf file directly is extremely discouraged. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/139128e2/attachment.html From dave.list at pixelhammer.com Thu Jul 27 20:21:26 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Jul 27 20:21:33 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in/var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172C4F11@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172C4F11@ati-ex-02.ati.local> Message-ID: <44C91236.9060904@pixelhammer.com> Chris W. Parker wrote: > How does this help me? > > -----Original Message----- > From: Nathan Olson [mailto:naolson@gmail.com] > Sent: Thursday, July 27, 2006 11:52 AM > To: MailScanner discussion > Subject: Re: SOLVED: RE: Some mail (up to 7 days old) is stuck > in/var/spool/mqueue > > > Don't edit sendmail.cf directly. Edit sendmail.mc. > > Nate Old admins edit the *.cf file, cause we don't know any better. It is smarter to edit the *.mc and rebuild the *.cf. If you edit the *.mc file first, M4 has a chance to warn you about typos and other errors before you try to convince Sendmail to use the config file. I've seen lots of websites attempting to "help" new users by giving edits to the *.cf file. But that teaches them nothing about how Sendmail works, and less than nothing about how to fix it when your Sendmail borks because you made edits from five different websites. That's experience speaking ;^) DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From jgolden at ci.grand-rapids.mi.us Thu Jul 27 20:22:35 2006 From: jgolden at ci.grand-rapids.mi.us (Golden, James) Date: Thu Jul 27 20:22:11 2006 Subject: Rise in Viagra spam In-Reply-To: References: <44C88030.1080201@glendown.de> Message-ID: <1154028156.4076.21.camel@doit-b8wsw21.grand-rapids.mi.us> Are you saying that are included in the spamassassin base rules or Rules Du Jour? Rules Du Jour still puts the antidrug.cf file as a recommended other. On Thu, 2006-07-27 at 12:05 -0700, Scott Silva wrote: > Garry Glendown spake the following on 7/27/2006 1:58 AM: > > Hi, > > > > over the last couple days we've had a pretty drastic increase in Viagra > > spam ... I have some (older) antidrug-cf and several Rules Du Jour > > configs running, but scores are (though just barely) too low ... here's > > a sample: > > > > --- > > VlljAGRA from 3 , 35 $ > > AMjBlIEN > > CIjALIlS from 3 , 75 $ > > VAjLIlUM from 1 , 25 $ > > --- > > > > It has an ASCII and HTML version included, and also sports a piece of > > random text from some literature ... spam scores usually look like this: > > > > X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=4.05, > > benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14, HTML_50_60 0.13, > > HTML_MESSAGE 0.00, URIBL_SBL 1.64, URIBL_WS_SURBL 2.14) > > > > though some have scored BAYES_60 ... (I already ran a couple dozen of > > the spam mails through sa-learn, but that has not increased bayes enough > > ...) > > > > Anybody have a suggestion as to another Rules Du Jour set or something? > > > > Thanks, -gg > I don't think you should be running antidrug with spamassassin 3.0.0 or > better. Most of it was included, and adding that .cf messes with the scoring. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/e2e0ac7f/attachment.html From admin at thenamegame.com Thu Jul 27 20:33:18 2006 From: admin at thenamegame.com (Michael S.) Date: Thu Jul 27 20:31:23 2006 Subject: Outgoing email flagged as spam then deleted Message-ID: <200607271931.k6RJVMgg030372@bkserver.blacknight.ie> We are seeing a lot of users emails being deleted, outbound because its scoring higher than our threshold, 5.0. I though messages from 127.0.0.1 outbound was not checked? It seems like it is. Which setting in MS prevents Outgoing emails from 127.0.0.1 from being checked for spam? Eg Jul 27 10:12:02 orion MailScanner[54895]: Message 1G66an-000Equ-O1 from 127.0.0.1 (user@orion.server.com) to domain.com is spam, SpamAssassin (score=5.216, required 3.5, BIZ_TLD 2.01, HTML_90_100 0.11, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML _TAG 1.08, HTML_SHORT_LENGTH 1.57, MIME_HTML_ONLY 0.00, NO_RELAYS -0.00, X_PRIORITY_HIGH 0.43) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/42343363/attachment.html From daniel.maher at ubisoft.com Thu Jul 27 20:39:05 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Thu Jul 27 20:39:08 2006 Subject: Rise in Viagra spam Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D02C@UBIMAIL1.ubisoft.org> http://aspn.activestate.com/ASPN/Mail/Message/spamassassin-users/2918233 "Since a lot of people are still using antidrug.cf, I'm making a public announcement here to clarify. Antidrug.cf is deprecated and obsolete for all users of SpamAssassin 3.0.0 or higher. These rules are now a part of the standard SA distribution, and any improvements will likely happen directly in the SA project and not on the .cf file." -- Matt Kettler, the author of antidrug.cf -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Golden, James Sent: Thursday, July 27, 2006 3:23 PM To: MailScanner discussion Subject: Re: Rise in Viagra spam Are you saying that are included in the spamassassin base rules or Rules Du Jour? Rules Du Jour still puts the antidrug.cf file as a recommended other. On Thu, 2006-07-27 at 12:05 -0700, Scott Silva wrote: Garry Glendown spake the following on 7/27/2006 1:58 AM: > Hi, > > over the last couple days we've had a pretty drastic increase in Viagra > spam ... I have some (older) antidrug-cf and several Rules Du Jour > configs running, but scores are (though just barely) too low ... here's > a sample: > > --- > VlljAGRA from 3 , 35 $ > AMjBlIEN > CIjALIlS from 3 , 75 $ > VAjLIlUM from 1 , 25 $ > --- > > It has an ASCII and HTML version included, and also sports a piece of > random text from some literature ... spam scores usually look like this: > > X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=4.05, > benoetigt 5, BAYES_50 0.00, FORGED_RCVD_HELO 0.14, HTML_50_60 0.13, > HTML_MESSAGE 0.00, URIBL_SBL 1.64, URIBL_WS_SURBL 2.14) > > though some have scored BAYES_60 ... (I already ran a couple dozen of > the spam mails through sa-learn, but that has not increased bayes enough > ...) > > Anybody have a suggestion as to another Rules Du Jour set or something? > > Thanks, -gg I don't think you should be running antidrug with spamassassin 3.0.0 or better. Most of it was included, and adding that .cf messes with the scoring. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/c3a03209/attachment.html From alex at nkpanama.com Thu Jul 27 20:38:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Jul 27 20:39:40 2006 Subject: Outgoing email flagged as spam then deleted In-Reply-To: <200607271931.k6RJVMgg030372@bkserver.blacknight.ie> References: <200607271931.k6RJVMgg030372@bkserver.blacknight.ie> Message-ID: <44C91646.7070101@nkpanama.com> Michael S. wrote: > > We are seeing a lot of users emails being deleted, outbound because > its scoring higher than our threshold, 5.0. > > > > I though messages from 127.0.0.1 outbound was not checked? It seems > like it is. Which setting in MS prevents > > Outgoing emails from 127.0.0.1 from being checked for spam? > The same that prevents outgoing emails from any IP from being checked for spam. Rulesets. Look for "spam checks = " and implement a ruleset. You *may* want to hold off on *not* scanning messages sent from 127.0.0.1 if, for example, you host a webserver with forms. Some web forms can be tampered with in order to make them send out spam. Unless you've taken good care not to allow MIME injection within your web forms, you could be vulnerable Good luck with that in any case. > > > Eg Jul 27 10:12:02 orion MailScanner[54895]: Message 1G66an-000Equ-O1 > from 127.0.0.1 (user@orion.server.com) to domain.com is spam, > SpamAssassin (score=5.216, required 3.5, BIZ_TLD 2.01, HTML_90_100 > 0.11, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML > > _TAG 1.08, HTML_SHORT_LENGTH 1.57, MIME_HTML_ONLY 0.00, NO_RELAYS > -0.00, X_PRIORITY_HIGH 0.43) > From admin at thenamegame.com Thu Jul 27 21:01:20 2006 From: admin at thenamegame.com (Michael S.) Date: Thu Jul 27 20:59:07 2006 Subject: Outgoing email flagged as spam then deleted In-Reply-To: <44C91646.7070101@nkpanama.com> Message-ID: <200607271959.k6RJx53K031180@bkserver.blacknight.ie> Ok, I believe I can add 127.0.0.1 to spam.whitelist.rules. That should work. Don't have a problem with user abusing forms as we have strict mod_security rules that prevents these things. Nice thought though. Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Thursday, July 27, 2006 3:39 PM To: MailScanner discussion Subject: Re: Outgoing email flagged as spam then deleted Michael S. wrote: > > We are seeing a lot of users emails being deleted, outbound because > its scoring higher than our threshold, 5.0. > > > > I though messages from 127.0.0.1 outbound was not checked? It seems > like it is. Which setting in MS prevents > > Outgoing emails from 127.0.0.1 from being checked for spam? > The same that prevents outgoing emails from any IP from being checked for spam. Rulesets. Look for "spam checks = " and implement a ruleset. You *may* want to hold off on *not* scanning messages sent from 127.0.0.1 if, for example, you host a webserver with forms. Some web forms can be tampered with in order to make them send out spam. Unless you've taken good care not to allow MIME injection within your web forms, you could be vulnerable Good luck with that in any case. > > > Eg Jul 27 10:12:02 orion MailScanner[54895]: Message 1G66an-000Equ-O1 > from 127.0.0.1 (user@orion.server.com) to domain.com is spam, > SpamAssassin (score=5.216, required 3.5, BIZ_TLD 2.01, HTML_90_100 > 0.11, HTML_MESSAGE 0.00, HTML_MIME_NO_HTML > > _TAG 1.08, HTML_SHORT_LENGTH 1.57, MIME_HTML_ONLY 0.00, NO_RELAYS > -0.00, X_PRIORITY_HIGH 0.43) > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From cparker at swatgear.com Thu Jul 27 21:05:14 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 21:05:29 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuckin/var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8F0D@ati-ex-02.ati.local> Sorry, I was being facetious. I'm aware of the differences between .mc and .cf. Julian instructed me to edit the .cf file since that is where QueueLA is found. A grep on sendmail.mc does not return a hit for QueueLA. It's the same warning Microsoft gives on all their pages that give instructions for editing the registry. "WARNING! YOU MAY DIE AND/OR CAUSE YOUR NEXT OF KIN TO DIE ALSO IF YOU EDIT THE REGISTRY AND MESS IT UP!!" :) Chris. -----Original Message----- From: Nathan Olson [mailto:naolson@gmail.com] Sent: Thursday, July 27, 2006 12:11 PM To: MailScanner discussion Subject: Re: SOLVED: RE: Some mail (up to 7 days old) is stuckin/var/spool/mqueue The .mc file contains m4 macros. The .mc file is much simpler to update and understand. The .cf file is generated from the .mc file. Editing the .cf file directly is extremely discouraged. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/fb23d3f9/attachment.html From Denis.Beauchemin at USherbrooke.ca Thu Jul 27 21:11:20 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jul 27 21:11:46 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuckin/var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F0D@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8F0D@ati-ex-02.ati.local> Message-ID: <44C91DE8.4040605@USherbrooke.ca> Chris W. Parker a ?crit : > Sorry, I was being facetious. I'm aware of the differences between .mc > and .cf. Julian instructed me to edit the .cf file since that is where > QueueLA is found. A grep on sendmail.mc does not return a hit for QueueLA. > It's easy to add the required lines to sendmail.mc: $ grep _LA /etc/mail/sendmail.mc|grep -v ^dnl define(`confDELAY_LA', `8')dnl define(`confQUEUE_LA', `20')dnl define(`confREFUSE_LA', `16')dnl I slow connections down at 8 and refuse at 16... and don't care about queue... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/3ae3096f/smime-0001.bin From ssilva at sgvwater.com Thu Jul 27 21:28:37 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 27 21:28:56 2006 Subject: Rise in Viagra spam In-Reply-To: <1154028156.4076.21.camel@doit-b8wsw21.grand-rapids.mi.us> References: <44C88030.1080201@glendown.de> <1154028156.4076.21.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: Golden, James spake the following on 7/27/2006 12:22 PM: > Are you saying that are included in the spamassassin base rules or Rules > Du Jour? Rules Du Jour still puts the antidrug.cf file as a > recommended other. > Here is a link from the author of antidrug.cf; http://aspn.activestate.com/ASPN/Mail/Message/spamassassin-users/2918233 Basically Matt Kettler states not to use it with 3.0.0 or better. Who better than the author to make that statement? I used the Rulesdujour files from Fortress Systems (www.fsl.com/support.html) It seems to have the best rules, and has bogus_virus_warnings tailored to boxes running MailScanner. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ugob at camo-route.com Thu Jul 27 21:32:06 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Thu Jul 27 21:32:50 2006 Subject: [Repost] Re: won't write sendmail.in.pid In-Reply-To: <44C8E946.1070703@pacific.net> References: <44C7DB0F.4070301@marcsnet.com> <44C8C8B8.2010504@marcsnet.com> <44C8E946.1070703@pacific.net> Message-ID: Ken A wrote: > This is a known (regression) bug in sendmail 8.13.7 > http://sendmail.org/releases/8.13.7.html > We've reverted to 8.13.6, which doesn't have this trouble. > Ken > Pacific.Net > > Marc Lucke wrote: >> Hasn't anyone got any suggestions :-( >> >> Marc Lucke wrote: >>> I just upgraded to MailScanner-4.54.6-1 using the rpm and following all >>> instructions at the end: >>> >>> service sendmail stop >>> chkconfig sendmail off >>> chkconfig --level 2345 MailScanner on >>> service MailScanner start >>> >>> cd /etc/MailScanner >>> upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > >>> MailScanner.new >>> mv -f MailScanner.conf MailScanner.old >>> mv -f MailScanner.new MailScanner.conf >>> >>> cd /etc/MailScanner/reports/en >>> upgrade_languages_conf languages.conf languages.conf.rpmnew > >>> languages.new mv -f languages.conf languages.old >>> mv -f languages.new languages.conf >>> >>> I should have also noted that I had been running MailScanner for a long >>> time with no problem. This problem began "all of a sudden" a couple of >>> days ago. >>> >>> >>> Marc >>> >>> On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: >>>> CPU speed: PIII, 500MHz >>>> Memory: 452MB >>>> Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 >>>> MailScanner version: 4.51.5-1 >>>> MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) >>>> >>>> [blahblah~]# service MailScanner status >>>> Checking MailScanner daemons: >>>> MailScanner: [ OK ] >>> incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' >>>> for reading: No such file or directory >>>> [FAILED] >>>> outgoing sendmail: [ OK ] >>>> >>>> Despite the above, I am receiving email and it is being filtered for >>> spam as normal. /var/run/sendmail.out.pid is written and works fine. >>> /var/run/sendmail.in.pid does not exist at all - whether MailScanner is >>> started or not. INPID is defined as /var/run/sendmail.in.pid as per >>> default. http://www.sendmail.org/releases/8.13.7.html (see errata section), there is a patch: http://sendmail.org/patches/queue.c.20060614 >>>> >>>> What could this be? >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> From ssilva at sgvwater.com Thu Jul 27 21:36:31 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 27 21:36:58 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> Message-ID: > > Unfortunately though having had this experience I'm afraid to say that I > will probably be moving away from MailScanner and going to an all > Exchange solution. I attribute this to a high learning curve and a very You will be back after the flood of spam. > beginner Linux admin. It's also a second Linux box that I have to keep > track of and maintain and one is enough already (web server) for someone > like me! :) I would spend the time with linux. Exchange admins are a dime a dozen, and are flooding the market. But a good linux admin is worth his weight in gold. > > Anyway, this community is easily one of the best I've ever participated > in and I'm glad to have gotten used to some of your names. I haven't > been able to contribute much but I've definitely had a lot of questions > answered. :) > This is an excellent and helpful bunch of people! I even hit this place on the weekends when I am not busy. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dhawal at netmagicsolutions.com Thu Jul 27 21:45:16 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jul 27 21:47:32 2006 Subject: [OT] ldap integration In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D020@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D020@UBIMAIL1.ubisoft.org> Message-ID: <20060728021516.04lahs268004o8wg@mail.netmagicsolutions.com> Quoting Daniel Maher : > Hi all, > > > > This is remarkably off-topic for the list, and I'm sorry for > bringing it up, but I'm at my technical-wit's end here, and any help > would be good at this point. > > I am trying to set up OpenLDAP to act as a caching proxy between > Postfix and my Active Directory server. Slapd proxies just fine, > but I can't get it to cache the results at all. > > I'll say no more on the topic. If anybody has ever done something > like this, I would very much appreciate a response - preferably > off-list, since this has nothing to do with MailScanner. > > Again, I apologise for this off-topic post. The OpenLDAP mailing > list is remarkably not helpful - and you folks just seem much more > friendly... :) What openldap version are you using? See if this helps.. from http://www.postfix.org/ldap_table.5.html cache (IGNORED with a warning) cache_expiry (IGNORED with a warning) cache_size (IGNORED with a warning) The above parameters are NO LONGER SUPPORTED by Postfix. Cache support has been dropped from OpenLDAP as of release 2.1.13. - dhawal From ssilva at sgvwater.com Thu Jul 27 22:02:11 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jul 27 22:04:58 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuckin/var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F0D@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8F0D@ati-ex-02.ati.local> Message-ID: Chris W. Parker spake the following on 7/27/2006 1:05 PM: > Sorry, I was being facetious. I'm aware of the differences between .mc > and .cf. Julian instructed me to edit the .cf file since that is where > QueueLA is found. A grep on sendmail.mc does not return a hit for QueueLA. > > It's the same warning Microsoft gives on all their pages that give > instructions for editing the registry. "WARNING! YOU MAY DIE AND/OR > CAUSE YOUR NEXT OF KIN TO DIE ALSO IF YOU EDIT THE REGISTRY AND MESS IT > UP!!" There are defaults if nothing is specified in sendmail.mc. In RedHat derivatives there is the following; dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA',`18')dnl But as you found the defaults are queue_la 8 and refuse_la 12. That is buried deep in the macros that generate the cf files. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From cparker at swatgear.com Thu Jul 27 22:08:12 2006 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jul 27 22:08:27 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in/var/spool/mqueue Message-ID: <97FD54B5E57A1842AA1A4B232E4761172D8F0F@ati-ex-02.ati.local> Scott Silva on Thursday, July 27, 2006 1:37 PM said: > You will be back after the flood of spam. hehe Well.. Here's my plan. I'm going to move to Exchange 2003 and take advantage of all the new features with regards to spam fighting and whatnot. Then I may or may not add a 3rd party app from Sunbelt Software called Messaging Ninja. It is supposed to be pretty good. But I've still got to plan the whole thing and come up with a proposal for the owner. The one issue about MailScanner that I have is that there is not a plugin for Outlook that allows my users to easily manage their own white/black lists. MailScanner is too separated from Exchange. > I would spend the time with linux. Exchange admins are a dime a > dozen, and are flooding the market. But a good linux admin is worth > his weight in gold. I agree with you but frankly I'm not the type of person that enjoys sitting for hours researching a problem and tweaking files. Where I *am* able to do that (and enjoy it almost all of the time) is one the web. Building web apps is what I enjoy. It's easy to work 10-12 hour days when I'm building something. But overall I don't dislike MailScanner or dislike linux at all. (Well, maybe I hate package dependancies...) Chris. From naolson at gmail.com Thu Jul 27 22:16:45 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jul 27 22:16:49 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuckin/var/spool/mqueue In-Reply-To: References: <97FD54B5E57A1842AA1A4B232E4761172D8F0D@ati-ex-02.ati.local> Message-ID: <8f54b4330607271416m3d98823dnff2267ad1065d2b7@mail.gmail.com> On 7/27/06, Scott Silva wrote: > > There are defaults if nothing is specified in sendmail.mc. > In RedHat derivatives there is the following; > dnl define(`confQUEUE_LA', `12')dnl > dnl define(`confREFUSE_LA',`18')dnl > But as you found the defaults are queue_la 8 and refuse_la 12. > That is buried deep in the macros that generate the cf files. > It's actually 8 x num_processors and 12 x num_processors. (So says the operations manual - op.ps) Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/0728eaf7/attachment.html From naolson at gmail.com Thu Jul 27 22:17:46 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Jul 27 22:17:47 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in/var/spool/mqueue In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761172D8F0F@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761172D8F0F@ati-ex-02.ati.local> Message-ID: <8f54b4330607271417h2ba1b692ufcb6a59fc0e5c151@mail.gmail.com> Worse comes to worse, stick a MailScanner box in front of the Exchange box. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060727/7f4797d7/attachment.html From ka at pacific.net Thu Jul 27 23:22:19 2006 From: ka at pacific.net (Ken A) Date: Thu Jul 27 23:21:37 2006 Subject: [Repost] Re: won't write sendmail.in.pid In-Reply-To: References: <44C7DB0F.4070301@marcsnet.com> <44C8C8B8.2010504@marcsnet.com> <44C8E946.1070703@pacific.net> Message-ID: <44C93C9B.4060205@pacific.net> Ugo Bellavance wrote: > Ken A wrote: >> This is a known (regression) bug in sendmail 8.13.7 >> http://sendmail.org/releases/8.13.7.html >> We've reverted to 8.13.6, which doesn't have this trouble. >> Ken >> Pacific.Net >> >> Marc Lucke wrote: >>> Hasn't anyone got any suggestions :-( >>> >>> Marc Lucke wrote: >>>> I just upgraded to MailScanner-4.54.6-1 using the rpm and following all >>>> instructions at the end: >>>> >>>> service sendmail stop >>>> chkconfig sendmail off >>>> chkconfig --level 2345 MailScanner on >>>> service MailScanner start >>>> >>>> cd /etc/MailScanner >>>> upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > >>>> MailScanner.new >>>> mv -f MailScanner.conf MailScanner.old >>>> mv -f MailScanner.new MailScanner.conf >>>> >>>> cd /etc/MailScanner/reports/en >>>> upgrade_languages_conf languages.conf languages.conf.rpmnew > >>>> languages.new mv -f languages.conf languages.old >>>> mv -f languages.new languages.conf >>>> >>>> I should have also noted that I had been running MailScanner for a long >>>> time with no problem. This problem began "all of a sudden" a couple of >>>> days ago. >>>> >>>> >>>> Marc >>>> >>>> On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: >>>>> CPU speed: PIII, 500MHz >>>>> Memory: 452MB >>>>> Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 >>>>> MailScanner version: 4.51.5-1 >>>>> MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) >>>>> >>>>> [blahblah~]# service MailScanner status >>>>> Checking MailScanner daemons: >>>>> MailScanner: [ OK ] >>>> incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' >>>>> for reading: No such file or directory >>>>> [FAILED] >>>>> outgoing sendmail: [ OK ] >>>>> >>>>> Despite the above, I am receiving email and it is being filtered for >>>> spam as normal. /var/run/sendmail.out.pid is written and works fine. >>>> /var/run/sendmail.in.pid does not exist at all - whether MailScanner is >>>> started or not. INPID is defined as /var/run/sendmail.in.pid as per >>>> default. > > > http://www.sendmail.org/releases/8.13.7.html (see errata section), there > is a patch: http://sendmail.org/patches/queue.c.20060614 It's easier to revert to 8.13.6 using rpm --oldpackage than to rebuild sendmail from source and patch. Maybe one of these days, but not this week! :-) Ken A. Pacific.Net > >>>>> What could this be? >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> > From campbell at cnpapers.com Fri Jul 28 00:07:58 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jul 28 00:08:15 2006 Subject: [Repost] Re: won't write sendmail.in.pid In-Reply-To: <44C93C9B.4060205@pacific.net> References: <44C7DB0F.4070301@marcsnet.com> <44C8C8B8.2010504@marcsnet.com> <44C8E946.1070703@pacific.net> <44C93C9B.4060205@pacific.net> Message-ID: <1154041678.44c9474e6a31f@perdition.cnpapers.net> Quoting Ken A : > > > Ugo Bellavance wrote: > > Ken A wrote: > >> This is a known (regression) bug in sendmail 8.13.7 > >> http://sendmail.org/releases/8.13.7.html > >> We've reverted to 8.13.6, which doesn't have this trouble. > >> Ken > >> Pacific.Net > >> > >> Marc Lucke wrote: > >>> Hasn't anyone got any suggestions :-( > >>> > >>> Marc Lucke wrote: > >>>> I just upgraded to MailScanner-4.54.6-1 using the rpm and following all > >>>> instructions at the end: > >>>> > >>>> service sendmail stop > >>>> chkconfig sendmail off > >>>> chkconfig --level 2345 MailScanner on > >>>> service MailScanner start > >>>> > >>>> cd /etc/MailScanner > >>>> upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > > >>>> MailScanner.new > >>>> mv -f MailScanner.conf MailScanner.old > >>>> mv -f MailScanner.new MailScanner.conf > >>>> > >>>> cd /etc/MailScanner/reports/en > >>>> upgrade_languages_conf languages.conf languages.conf.rpmnew > > >>>> languages.new mv -f languages.conf languages.old > >>>> mv -f languages.new languages.conf > >>>> > >>>> I should have also noted that I had been running MailScanner for a long > >>>> time with no problem. This problem began "all of a sudden" a couple of > >>>> days ago. > >>>> > >>>> > >>>> Marc > >>>> > >>>> On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: > >>>>> CPU speed: PIII, 500MHz > >>>>> Memory: 452MB > >>>>> Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 > >>>>> MailScanner version: 4.51.5-1 > >>>>> MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) > >>>>> > >>>>> [blahblah~]# service MailScanner status > >>>>> Checking MailScanner daemons: > >>>>> MailScanner: [ OK ] > >>>> incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' > >>>>> for reading: No such file or directory > >>>>> [FAILED] > >>>>> outgoing sendmail: [ OK ] > >>>>> > >>>>> Despite the above, I am receiving email and it is being filtered for > >>>> spam as normal. /var/run/sendmail.out.pid is written and works fine. > >>>> /var/run/sendmail.in.pid does not exist at all - whether MailScanner is > >>>> started or not. INPID is defined as /var/run/sendmail.in.pid as per > >>>> default. > > > > > > http://www.sendmail.org/releases/8.13.7.html (see errata section), there > > is a patch: http://sendmail.org/patches/queue.c.20060614 > > It's easier to revert to 8.13.6 using rpm --oldpackage than to rebuild > sendmail from source and patch. Maybe one of these days, but not this > week! :-) > > Ken A. > Pacific.Net Before you revert back to 8.13.6, try the RPMs at http://www.city-fan.org/ftp/contrib/mail/ They have worked for me and fixed a recent problem with the pid file, although, I'm not sure it's the same. He has FC5 RPMs for 8.13.7-4. They are pretty close to RH configurations (so far, I haven't had to change anything after upgrading from RH (Tao & CentOS) rpms). Steve Campbell > > > > > >>>>> What could this be? > >>>>> -- > >>>>> MailScanner mailing list > >>>>> mailscanner@lists.mailscanner.info > >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>> > >>>>> Before posting, read http://wiki.mailscanner.info/posting > >>>>> > >>>>> Support MailScanner development - buy the book off the website! > >>>>> > >>>> > >>>> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From alex at nkpanama.com Fri Jul 28 01:38:20 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Jul 28 01:38:35 2006 Subject: Outgoing email flagged as spam then deleted In-Reply-To: <200607271959.k6RJx53K031180@bkserver.blacknight.ie> References: <200607271959.k6RJx53K031180@bkserver.blacknight.ie> Message-ID: <44C95C7C.7060007@nkpanama.com> Michael S. wrote: > Ok, I believe I can add 127.0.0.1 to spam.whitelist.rules. That should work. > > Don't have a problem with user abusing forms as we have strict mod_security > rules that prevents these things. Nice thought though. > > Thanks. > Can you elaborate for the rest of us? Sounds like wiki fodder to me. :-) From mikej at rogers.com Fri Jul 28 01:55:02 2006 From: mikej at rogers.com (Mike Jakubik) Date: Fri Jul 28 01:54:18 2006 Subject: SA bumps up scores for AWL entries Message-ID: <44C96066.6070509@rogers.com> Does anyone understand why SA bumps scores up instead of down for addresses that are in the auto white-list database? I.e. here is an example spam report: not spam, SpamAssassin (not cached, score=2.302, required 3.5, AWL 1.34, BAYES_50 0.00, NO_REAL_NAME 0.96) Isn't the point of auto white listing to reduce the score? From r.berber at computer.org Fri Jul 28 02:11:07 2006 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Fri Jul 28 02:11:29 2006 Subject: SA bumps up scores for AWL entries In-Reply-To: <44C96066.6070509@rogers.com> References: <44C96066.6070509@rogers.com> Message-ID: Mike Jakubik wrote: > Does anyone understand why SA bumps scores up instead of down for > addresses that are in the auto white-list database? I.e. here is an > example spam report: > > not spam, SpamAssassin (not cached, score=2.302, required 3.5, AWL 1.34, > BAYES_50 0.00, NO_REAL_NAME 0.96) > > Isn't the point of auto white listing to reduce the score? I asked the same question a while ago, here's the answer: http://permalink.gmane.org/gmane.mail.virus.mailscanner/41843 -- Ren? Berber From mikej at rogers.com Fri Jul 28 02:20:24 2006 From: mikej at rogers.com (Mike Jakubik) Date: Fri Jul 28 02:19:37 2006 Subject: SA bumps up scores for AWL entries In-Reply-To: References: <44C96066.6070509@rogers.com> Message-ID: <44C96658.3020002@rogers.com> Ren? Berber wrote: > Mike Jakubik wrote: > > >> Does anyone understand why SA bumps scores up instead of down for >> addresses that are in the auto white-list database? I.e. here is an >> example spam report: >> >> not spam, SpamAssassin (not cached, score=2.302, required 3.5, AWL 1.34, >> BAYES_50 0.00, NO_REAL_NAME 0.96) >> >> Isn't the point of auto white listing to reduce the score? >> > > I asked the same question a while ago, here's the answer: > > http://permalink.gmane.org/gmane.mail.virus.mailscanner/41843 > > Right, thats kind of what i was suspecting, thanks for clearing it up. From mikej at rogers.com Fri Jul 28 03:10:18 2006 From: mikej at rogers.com (Mike Jakubik) Date: Fri Jul 28 03:09:31 2006 Subject: MS unable to detect From address from DSN and failure notice emails Message-ID: <44C9720A.3010207@rogers.com> The other day i noticed that Always looked up last and the mailwatch logging script is not logging the From address on any DSN or failure type emails sent by the mailer-daemon@ or postmaster@. The problem is bigger than just logging itself, as this influences the scoring with the rule NO_REAL_NAME, so a lot of them get marked as spam. Here are two example headers: Received: from mail.kanapure.net (unknown [61.211.239.203]) by mx1.fkpeterson.com (Postfix) with SMTP id D6E41172D1 for ; Thu, 27 Jul 2006 21:58:03 -0400 (EDT) Received: (qmail 19303 invoked for bounce); 28 Jul 2006 02:04:22 -0000 Date: 28 Jul 2006 02:04:22 -0000 From: MAILER-DAEMON@mail.kanapure.net To: yingrown8@fkpeterson.com Subject: failure notice Message-Id: <20060728015803.D6E41172D1@mx1.fkpeterson.com> Received: from mail.fkpeterson.com (unknown [192.168.0.1]) by mx1.fkpeterson.com (Postfix) with ESMTP id 6F85A17306 for ; Thu, 27 Jul 2006 21:44:37 -0400 (EDT) From: postmaster@fkpeterson.com To: anisimi@citizensbankia.com Date: Thu, 27 Jul 2006 21:46:16 -0400 MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C6AF6C96E49C7200000282mail.fkpeterson." X-DSNContext: 7ce717b1 - 1158 - 00000002 - 00000000 Message-ID: Subject: Delivery Status Notification (Failure) This got marked as spam, and the From field is never logged. Any ideas? postfix-2.2.11 p5-Mail-SpamAssassin-3.1.3 MailScanner-4.54.6 From marc at marcsnet.com Fri Jul 28 04:22:26 2006 From: marc at marcsnet.com (Marc Lucke) Date: Fri Jul 28 04:22:52 2006 Subject: [Repost] Re: won't write sendmail.in.pid In-Reply-To: <1154041678.44c9474e6a31f@perdition.cnpapers.net> References: <44C7DB0F.4070301@marcsnet.com> <44C8C8B8.2010504@marcsnet.com> <44C8E946.1070703@pacific.net> <44C93C9B.4060205@pacific.net> <1154041678.44c9474e6a31f@perdition.cnpapers.net> Message-ID: <50028.203.206.179.78.1154056946.squirrel@webmail.marcsnet.com> Sorry about the bottom quoting/top quoting email packages! Guys, thanks a lot for the information. I'm really grateful. I thought it was something I'd done wrong!!! Because everything is working I have decided to take the easy way and simply wait a while until hopefully the default sendmail package for FC5 is updated to solve the problem. Marc On Fri, July 28, 2006 9:07 am, Steve Campbell wrote: > Quoting Ken A : > >> >> >> Ugo Bellavance wrote: >> > Ken A wrote: >> >> This is a known (regression) bug in sendmail 8.13.7 >> >> http://sendmail.org/releases/8.13.7.html >> >> We've reverted to 8.13.6, which doesn't have this trouble. >> >> Ken >> >> Pacific.Net >> >> >> >> Marc Lucke wrote: >> >>> Hasn't anyone got any suggestions :-( >> >>> >> >>> Marc Lucke wrote: >> >>>> I just upgraded to MailScanner-4.54.6-1 using the rpm and following >> all >> >>>> instructions at the end: >> >>>> >> >>>> service sendmail stop >> >>>> chkconfig sendmail off >> >>>> chkconfig --level 2345 MailScanner on >> >>>> service MailScanner start >> >>>> >> >>>> cd /etc/MailScanner >> >>>> upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > >> >>>> MailScanner.new >> >>>> mv -f MailScanner.conf MailScanner.old >> >>>> mv -f MailScanner.new MailScanner.conf >> >>>> >> >>>> cd /etc/MailScanner/reports/en >> >>>> upgrade_languages_conf languages.conf languages.conf.rpmnew > >> >>>> languages.new mv -f languages.conf languages.old >> >>>> mv -f languages.new languages.conf >> >>>> >> >>>> I should have also noted that I had been running MailScanner for a >> long >> >>>> time with no problem. This problem began "all of a sudden" a >> couple of >> >>>> days ago. >> >>>> >> >>>> >> >>>> Marc >> >>>> >> >>>> On Wed, July 26, 2006 11:45 am, Marc Lucke wrote: >> >>>>> CPU speed: PIII, 500MHz >> >>>>> Memory: 452MB >> >>>>> Operating System: Fedora Core 5, 2.6.17-1.2157_FC5 >> >>>>> MailScanner version: 4.51.5-1 >> >>>>> MTA version: sendmail-8.13.7-2.fc5.2 (RPM installed FC5) >> >>>>> >> >>>>> [blahblah~]# service MailScanner status >> >>>>> Checking MailScanner daemons: >> >>>>> MailScanner: [ OK >> ] >> >>>> incoming sendmail: head: cannot open `/var/run/sendmail.in.pid' >> >>>>> for reading: No such file or directory >> >>>>> [FAILED] >> >>>>> outgoing sendmail: [ OK >> ] >> >>>>> >> >>>>> Despite the above, I am receiving email and it is being filtered >> for >> >>>> spam as normal. /var/run/sendmail.out.pid is written and works >> fine. >> >>>> /var/run/sendmail.in.pid does not exist at all - whether >> MailScanner is >> >>>> started or not. INPID is defined as /var/run/sendmail.in.pid as >> per >> >>>> default. >> > >> > >> > http://www.sendmail.org/releases/8.13.7.html (see errata section), >> there >> > is a patch: http://sendmail.org/patches/queue.c.20060614 >> >> It's easier to revert to 8.13.6 using rpm --oldpackage than to rebuild >> sendmail from source and patch. Maybe one of these days, but not this >> week! :-) >> >> Ken A. >> Pacific.Net > > Before you revert back to 8.13.6, try the RPMs at > > http://www.city-fan.org/ftp/contrib/mail/ > > They have worked for me and fixed a recent problem with the pid file, > although, > I'm not sure it's the same. He has FC5 RPMs for 8.13.7-4. They are pretty > close > to RH configurations (so far, I haven't had to change anything after > upgrading > from RH (Tao & CentOS) rpms). > > > Steve Campbell > >> >> >> > >> >>>>> What could this be? >> >>>>> -- >> >>>>> MailScanner mailing list >> >>>>> mailscanner@lists.mailscanner.info >> >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>>>> >> >>>>> Before posting, read http://wiki.mailscanner.info/posting >> >>>>> >> >>>>> Support MailScanner development - buy the book off the website! >> >>>>> >> >>>> >> >>>> >> > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ------------------------------------------------- > This mail sent through IMP: http://horde.org/imp/ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri Jul 28 08:35:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 28 08:35:59 2006 Subject: MailScanner not seeing AVG 7 installed In-Reply-To: <17564121.1154008167236.JavaMail.root@gollum.robhq.com> References: <17564121.1154008167236.JavaMail.root@gollum.robhq.com> Message-ID: <195114C8-5DE9-4ED4-931B-A5F8A152774D@ecs.soton.ac.uk> On 27 Jul 2006, at 14:49, rob freeman wrote: > CentOS 4.2 running MailScanner 4.53.8. > > Installed avglinux-7.1-23_avi0672.rpm on the machine and I am able > to run avgscan ok: > > [root@bouncy ~]# avgscan > AVG7 Anti-Virus command line scanner > Copyright (c) 2006 GRISOFT, s.r.o. > Program version 7.1.28, engine 386 > Virus Database: Version 268.10.4/401 2006-07-26 > License type is FULL for SERVER. > Expiration day: 29. 8. 2007 > MailScanner though does not seem to know it is available. > > When I run a MailScanner --lint I get this: > > MailScanner.conf says "Virus Scanners = bitdefender avg f-prot clamav" > Found these virus scanners installed: bitdefender, f-prot, > clamavmodule > > [root@bouncy MailScanner]# find / -name avgscan > /opt/grisoft/avg7/var/update/backup/avgscan > /opt/grisoft/avg7/bin/avgscan > /usr/bin/avgscan > I see in the virus.scanners.conf it is looking at /usr/local for avg: > > avg /usr/lib/MailScanner/avg-wrapper /usr/local > > Is it ok to change this and will upgrades to newer versions of > MailScanner wipe this out? It is fine to change that. Newer versions of MailScanner will not wipe it out. > > Thanks in advance. > > Rob > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060728/51f8388e/attachment.html From MailScanner at ecs.soton.ac.uk Fri Jul 28 08:38:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 28 08:39:10 2006 Subject: Setting MailScanner not to block certain emails because of attachments In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15016F9B28@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15016F9B28@woodenex.woodmaclaw.local> Message-ID: On 27 Jul 2006, at 16:27, Billy A. Pumphrey wrote: > I thought that I had this setup correctly, but obviously I am not > doing > something correct. > > --- In my MailScanner.conf I have: > Filename Rules = %rules-dir%/filenames.rules > > --- In filenames.rules I have: > # Thiss is the file that is configured for the rules in the > # /etc/MailScanner.conf file > # > > FromOrTo: default /etc/MailScanner/filename.rules.conf > > From: 127.0.0.1 > /etc/MailScanner/rules/quarantine.release.rules.conf > > --- In my filename.rules.conf I have not changed anything in there > > --- In my quarantine.release.rules.conf I have: > allow - - - - You should have allow . - - to allow everything. > > Is it obvious what I have done wrong to set the rule setup? > > The process that I am doing. I am releasing emails from MailWatch > that > got quarintined because of the file attachment. It either used to > work > or it works on some things and not the other. > > Thank you for your support. > > Billy Pumphrey > http://www.billypumphrey.com > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ugob at camo-route.com Fri Jul 28 14:55:28 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Jul 28 14:56:49 2006 Subject: [Repost] Re: won't write sendmail.in.pid In-Reply-To: <1154041678.44c9474e6a31f@perdition.cnpapers.net> References: <44C7DB0F.4070301@marcsnet.com> <44C8C8B8.2010504@marcsnet.com> <44C8E946.1070703@pacific.net> <44C93C9B.4060205@pacific.net> <1154041678.44c9474e6a31f@perdition.cnpapers.net> Message-ID: Steve Campbell wrote: > Quoting Ken A : > > > Before you revert back to 8.13.6, try the RPMs at > > http://www.city-fan.org/ftp/contrib/mail/ > > They have worked for me and fixed a recent problem with the pid file, although, > I'm not sure it's the same. He has FC5 RPMs for 8.13.7-4. They are pretty close > to RH configurations (so far, I haven't had to change anything after upgrading > from RH (Tao & CentOS) rpms). > > I use to use them myself, but the 8.13.7-4 doesn't contain the patch for the pid file problem... From jgolden at ci.grand-rapids.mi.us Fri Jul 28 15:13:50 2006 From: jgolden at ci.grand-rapids.mi.us (Golden, James) Date: Fri Jul 28 15:13:45 2006 Subject: SA bumps up scores for AWL entries In-Reply-To: <44C96066.6070509@rogers.com> References: <44C96066.6070509@rogers.com> Message-ID: <1154096031.12439.8.camel@doit-b8wsw21.grand-rapids.mi.us> On Thu, 2006-07-27 at 20:55 -0400, Mike Jakubik wrote: > Does anyone understand why SA bumps scores up instead of down for > addresses that are in the auto white-list database? I.e. here is an > example spam report: > > not spam, SpamAssassin (not cached, score=2.302, required 3.5, AWL 1.34, > BAYES_50 0.00, NO_REAL_NAME 0.96) > > Isn't the point of auto white listing to reduce the score? > > >From What I understand AWL is not a "white-list" database really. It is an averager. So it looks like that particular email scored a 2.302, but AWL has a higher average for that sender, so it upped the score by 1.34. Hope that makes sense. James -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060728/4487bfab/attachment.html From daniel.maher at ubisoft.com Fri Jul 28 15:22:24 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Fri Jul 28 15:22:27 2006 Subject: chinese-language email Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D031@UBIMAIL1.ubisoft.org> Hello all, I've found that I get very high Spam scores for Chinese-language emails. I have analysed many samples, and concluded that SpamAssassin is assigning them many of the "*FARAWAY*" rules - which, from a Western perspective, makes sense. I can easily tune those rules down (of course), but I'm curious if anybody else out there has had a similar experience; what did you do to prevent false positives on legitimate non-Latin-character-set emails? -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060728/a22a222c/attachment.html From MailScanner at ecs.soton.ac.uk Fri Jul 28 15:39:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jul 28 15:40:32 2006 Subject: chinese-language email In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D031@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D031@UBIMAIL1.ubisoft.org> Message-ID: <8A177E8E-39FC-4317-98AF-BEE763A86950@ecs.soton.ac.uk> Check out the "ok_locales" setting in spam.assassin.prefs.conf. It may help you. You probably want ok_locales en zh This will affect the scoring of the *FARAWAY* rules. On 28 Jul 2006, at 15:22, Daniel Maher wrote: > Hello all, > > > > I?ve found that I get very high Spam scores for Chinese-language > emails. I have analysed many samples, and concluded that > SpamAssassin is assigning them many of the ?*FARAWAY*? rules - > which, from a Western perspective, makes sense. > > > > I can easily tune those rules down (of course), but I?m curious if > anybody else out there has had a similar experience; what did you > do to prevent false positives on legitimate non-Latin-character-set > emails? > > > > -- > > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > > ^ ^ Unix System Administrator > > > > Sentio aliquos togatos contra me conspirare. > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field MailScanner@ecs.soton.ac.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060728/21f6dfff/attachment.html From admin at thenamegame.com Fri Jul 28 15:47:42 2006 From: admin at thenamegame.com (Michael S.) Date: Fri Jul 28 15:45:57 2006 Subject: Unrar command not found Message-ID: <200607281445.k6SEjsEp012957@bkserver.blacknight.ie> MS is complaining about not being able to find unrar. It does not seem to be installed. Where can I download the rpm for for RHEL4? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060728/715e4724/attachment.html From adrik at salesmanager.nl Fri Jul 28 15:46:01 2006 From: adrik at salesmanager.nl (Adri Koppes) Date: Fri Jul 28 15:46:04 2006 Subject: chinese-language email Message-ID: Hi Daniel, In your local.cf or spamassassin.prefs.conf check the settings of ok_languages and ok_locales. These 2 SpamAssassin settings are used for the FARWAY and other rules. Adri. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Daniel Maher Sent: vrijdag 28 juli 2006 16:22 To: mailscanner@lists.mailscanner.info Subject: chinese-language email Hello all, I've found that I get very high Spam scores for Chinese-language emails. I have analysed many samples, and concluded that SpamAssassin is assigning them many of the "*FARAWAY*" rules - which, from a Western perspective, makes sense. I can easily tune those rules down (of course), but I'm curious if anybody else out there has had a similar experience; what did you do to prevent false positives on legitimate non-Latin-character-set emails? -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060728/3d02c110/attachment.html From dave.list at pixelhammer.com Fri Jul 28 15:45:55 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 28 15:46:09 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44C8F46B.9090005@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> <44C8F46B.9090005@pixelhammer.com> Message-ID: <44CA2323.3030001@pixelhammer.com> DAve wrote: > Golden, James wrote: >> I'm pretty new to this MailScanner stuff, so this may be too simple. So >> please excuse me. What about the file permissions on your >> filename.rules.conf or filetype.rules.conf? > > I am in no position to question anyone's suggestions ;^) > > bash-2.05b# ls -la > total 388 > dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 . > drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 .. > drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS > -rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf > drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes > -r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf > -rw-r--r-- 1 root cvs 197 Jul 21 12:59 filename.allow.rules.conf > -rw-r--r-- 1 root cvs 6851 Jul 21 12:51 filename.deny.rules.conf > -rw-r--r-- 1 root cvs 929 Jul 21 13:01 filetype.allow.rules.conf > -rw-r--r-- 1 root cvs 921 Jul 21 12:51 filetype.deny.rules.conf > dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp > -r--r--r-- 1 root wheel 14618 Jun 4 13:27 phishing.safe.sites.conf > drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports > dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules > -rw-r--r-- 1 root cvs 9692 Jul 21 16:15 spam.assassin.prefs.conf > -r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf > -r--r--r-- 1 root wheel 2969 Jun 4 13:27 spam.lists.conf.sample > -rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf > > bash-2.05b# ls -la rules > total 40 > dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 . > dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .. > drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS > -r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES > -r--r--r-- 1 root wheel 2964 Jun 4 13:27 README > -rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules > -rw-r--r-- 1 root cvs 1743 Jun 6 18:40 highscore.delivery.rules > -rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules > -rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules > -rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules > -rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules > -rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules > -rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules > -rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules > -rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules > -rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules > -rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules > >> >> One other thought is your max or minimum size for attachments setting in >> the Mailscanner.conf file? > > I'm testing with a 76k text file named test.scr and a copy named > test.sxw.doc. > > Maximum Message Size = 0 > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > > Should be no checking going on (I do RBLs, size checking, max recipients > on the MTA). > > I would be perfectly willing to post any and all conf files online for > viewing. http://pixelhammer.com/MS/MailScanner.conf http://pixelhammer.com/MS/user.filename.rules Last act of desperation. This is as simple as I can make it and it still is not stopping double suffix or even test.scr. Is there a stupid mistake I am just not seeing or is it time to reinstall everything? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From raymond at prolocation.net Fri Jul 28 15:50:15 2006 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Fri Jul 28 15:50:14 2006 Subject: Unrar command not found In-Reply-To: <200607281445.k6SEjsEp012957@bkserver.blacknight.ie> References: <200607281445.k6SEjsEp012957@bkserver.blacknight.ie> Message-ID: Hi! > MS is complaining about not being able to find unrar. > > It does not seem to be installed. Where can I download the rpm for for > RHEL4? What about downloading the tar? ftp://ftp.rarsoft.com/rar/ Pick your fav one. Bye, Raymond. From rob at robhq.com Fri Jul 28 16:07:26 2006 From: rob at robhq.com (rob freeman) Date: Fri Jul 28 15:53:21 2006 Subject: Unrar command not found In-Reply-To: <200607281445.k6SEjsEp012957@bkserver.blacknight.ie> Message-ID: <30120631.1154099246128.JavaMail.root@gollum.robhq.com> http://dag.wieers.com/packages/unrar/ Rob ----- Original Message ----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Michael S. Sent: Fri, 7/28/2006 10:01am To: mailscanner@lists.mailscanner.info Subject: Unrar command not found MS is complaining about not being able to find unrar. It does not seem to be installed. Where can I download the rpm for for RHEL4? From akostocker at gmail.com Fri Jul 28 16:32:53 2006 From: akostocker at gmail.com (Tony Stocker) Date: Fri Jul 28 16:32:56 2006 Subject: MailScanner logwatch script Message-ID: <7801ad8f0607280832k6c9818ay1df7f7a144464564@mail.gmail.com> Hello All, I'm getting a lot of things listed under "Unmatched Entries" with the logwatch script for MailScanner. They fall into a couple of categories: SpamAssassin: Expired 1 records from the SpamAssassin cache : 42 Time(s) Read 748 hostnames from the phishing whitelist : 30 Time(s) Enabling SpamAssassin auto-whitelist functionality... : 30 Time(s) Using SpamAssassin results cache : 30 Time(s) Connected to SpamAssassin cache database : 30 Time(s) SpamAssassin cache hit for message 2497B8EB51.3A7D5 : 1 Time(s) ClamAV: I have found clamavmodule scanners installed, and will use them all by default. : 30 Time(s) ClamAV update of /usr/local/share/clamav/daily.cvd detected, resetting ClamAV Module : 5 Time(s) ClamAV virus database has been updated, killing this child : 5 Time(s) Batch messages: Batch (1 message) processed in 5.19 seconds : 3 Time(s) Message conversions: 6C2968EB51.6A5A9 to 969018EB6B : 1 Time(s) CC0308EB6F.696B5 to 5152D8EB72 : 1 Time(s) D72728EB43.1582F to 69C2A8EB6B : 1 Time(s) My mail server is currently not very heavily used and already the logwatch report is filled with these types of messages. When we move the rest of our users I imagine that this will increase linearly with the number of users we add. I'd really like to avoid this mass of extraneous information ending up in the logwatch report. Does anyone have any ideas how to tune things so this stuff doesn't end up in there? There are a lot of entry types here so I'm loathe to rewrite the mailscanner logwatch script and I'm not even sure how to write a filter for what I called the "Message conversion" entries that wouldn't catch everything. Tony From ugob at camo-route.com Fri Jul 28 16:40:42 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Jul 28 16:41:13 2006 Subject: MailScanner logwatch script In-Reply-To: <7801ad8f0607280832k6c9818ay1df7f7a144464564@mail.gmail.com> References: <7801ad8f0607280832k6c9818ay1df7f7a144464564@mail.gmail.com> Message-ID: Tony Stocker wrote: > Hello All, > > I'm getting a lot of things listed under "Unmatched Entries" with the > logwatch script for MailScanner. They fall into a couple of > categories: > > Does anyone have any ideas how to tune things so this stuff doesn't > end up in there? There are a lot of entry types here so I'm loathe to > rewrite the mailscanner logwatch script and I'm not even sure how to > write a filter for what I called the "Message conversion" entries that > wouldn't catch everything. Funny, I'm currently working on this... Here are a few tips: 1- Get the latest version of logwatch 2- Get the latest version of the mailscanner script from cvs 3- Copy this file in /etc/logwatch/scripts/services 4- Look at the /etc/logwatch/conf/ignore.conf That should get you started... > > Tony From akostocker at gmail.com Fri Jul 28 16:57:24 2006 From: akostocker at gmail.com (Tony Stocker) Date: Fri Jul 28 16:57:26 2006 Subject: MailScanner logwatch script In-Reply-To: References: <7801ad8f0607280832k6c9818ay1df7f7a144464564@mail.gmail.com> Message-ID: <7801ad8f0607280857o4f12c22hfa93f3cbe3d901ff@mail.gmail.com> On 7/28/06, Ugo Bellavance wrote: > 2- Get the latest version of the mailscanner script from cvs Version 1.24 from April 2006? > 4- Look at the /etc/logwatch/conf/ignore.conf As I currently don't have an /etc/logwatch directory with the version that I'm running (logwatch-5.2.2-1.EL4.1) can I assume that the latest version (7.3) will create this directory and the ignore.conf file? Thanks for the help. From Phil.Udel at salemcorp.com Fri Jul 28 16:59:07 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Fri Jul 28 16:59:20 2006 Subject: Problem with viewmail.php viewing message Message-ID: <200607281604.k6SG4ICa017629@cat.salemcarriers.com> HI All I posted this question to Mailwatch group, but I think there is something wrong with their server. It has not Process a entry since the 24th. So Maybe someone here can help I am a new user of Mail Watch. I am running my First Quarantine Report. I click on the View option but it does not Display the message. I Do Get a MailWatch Page but it is blank under the Gray Options Bar. Do I need to set up something for it to work? The viewmail.ph does not work in the detail.php either. I do get this error in the web log: [Fri Jul 28 10:27:22 2006] [notice] child pid 29514 exit signal Segmentation fault (11) Any Ideas? I checked the MailWatch Tips page and set it up just like it said. RH 8.0 MS 4.54.6-1 SA 3.1.3 MailWatch 1.0.3 Sendmail 8.12 Phillip Udel Senior Systems Administrator Admin@SalemCorp.com (800) 877-2536 Ext 212 Rules To Live By: 1) On the keyboard of life, always keep one finger on the escape key. 2) There are absolutely no absolutes. 3) Artificial Intelligence is no match for natural stupidity 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not Truth -------------- next part -------------- A non-text attachment was scrubbed... Name: Phil Udel.vcf Type: text/x-vcard Size: 445 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060728/86765891/PhilUdel.vcf From dhawal at netmagicsolutions.com Fri Jul 28 17:02:15 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Jul 28 17:02:33 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44CA2323.3030001@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> <44C8F46B.9090005@pixelhammer.com> <44CA2323.3030001@pixelhammer.com> Message-ID: <44CA3507.6040305@netmagicsolutions.com> DAve wrote: > DAve wrote: >> Golden, James wrote: >>> I'm pretty new to this MailScanner stuff, so this may be too simple. So >>> please excuse me. What about the file permissions on your >>> filename.rules.conf or filetype.rules.conf? >> >> I am in no position to question anyone's suggestions ;^) >> >> bash-2.05b# ls -la >> total 388 >> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 . >> drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 .. >> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >> -rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf >> drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes >> -r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf >> -rw-r--r-- 1 root cvs 197 Jul 21 12:59 filename.allow.rules.conf >> -rw-r--r-- 1 root cvs 6851 Jul 21 12:51 filename.deny.rules.conf >> -rw-r--r-- 1 root cvs 929 Jul 21 13:01 filetype.allow.rules.conf >> -rw-r--r-- 1 root cvs 921 Jul 21 12:51 filetype.deny.rules.conf >> dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp >> -r--r--r-- 1 root wheel 14618 Jun 4 13:27 phishing.safe.sites.conf >> drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports >> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules >> -rw-r--r-- 1 root cvs 9692 Jul 21 16:15 spam.assassin.prefs.conf >> -r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf >> -r--r--r-- 1 root wheel 2969 Jun 4 13:27 spam.lists.conf.sample >> -rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf >> >> bash-2.05b# ls -la rules >> total 40 >> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 . >> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .. >> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >> -r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES >> -r--r--r-- 1 root wheel 2964 Jun 4 13:27 README >> -rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules >> -rw-r--r-- 1 root cvs 1743 Jun 6 18:40 highscore.delivery.rules >> -rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules >> -rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules >> -rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules >> -rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules >> -rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules >> -rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules >> -rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules >> -rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules >> -rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules >> -rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules >> >>> >>> One other thought is your max or minimum size for attachments setting in >>> the Mailscanner.conf file? >> >> I'm testing with a 76k text file named test.scr and a copy named >> test.sxw.doc. >> >> Maximum Message Size = 0 >> Maximum Attachment Size = -1 >> Minimum Attachment Size = -1 >> >> Should be no checking going on (I do RBLs, size checking, max >> recipients on the MTA). >> >> I would be perfectly willing to post any and all conf files online for >> viewing. > > http://pixelhammer.com/MS/MailScanner.conf > http://pixelhammer.com/MS/user.filename.rules > > Last act of desperation. This is as simple as I can make it and it still > is not stopping double suffix or even test.scr. > > Is there a stupid mistake I am just not seeing or is it time to > reinstall everything? > > DAve And what is the content of /usr/local/etc/MailScanner/rules/user.content.rules? - dhawal From dave.list at pixelhammer.com Fri Jul 28 17:18:35 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 28 17:18:43 2006 Subject: Problem with viewmail.php viewing message In-Reply-To: <200607281604.k6SG4ICa017629@cat.salemcarriers.com> References: <200607281604.k6SG4ICa017629@cat.salemcarriers.com> Message-ID: <44CA38DB.7010300@pixelhammer.com> Phillip Udel wrote: > HI All > I posted this question to Mailwatch group, but I think there is something > wrong with their server. It has not Process a entry since the 24th. So > Maybe someone here can help > > I am a new user of Mail Watch. I am running my First Quarantine Report. I > click on the View option but it does not Display the message. I Do Get a > MailWatch Page but it is blank under the Gray Options Bar. Do I need to set > up something for it to work? The viewmail.ph does not work in the > detail.php either. > I do get this error in the web log: > [Fri Jul 28 10:27:22 2006] [notice] child pid 29514 exit signal Segmentation > fault (11) > > Any Ideas? I checked the MailWatch Tips page and set it up just like it > said. > > > > RH 8.0 > MS 4.54.6-1 > SA 3.1.3 > MailWatch 1.0.3 > Sendmail 8.12 > > Phillip Udel > Senior Systems Administrator > Admin@SalemCorp.com > (800) 877-2536 Ext 212 > Rules To Live By: > 1) On the keyboard of life, always keep one finger on the escape key. > 2) There are absolutely no absolutes. > 3) Artificial Intelligence is no match for natural stupidity > 4) Information is not Knowledge, Knowledge is not Wisdom, and Wisdom is not > Truth > > Permissions? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From dyioulos at firstbhph.com Fri Jul 28 17:31:25 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Jul 28 17:31:32 2006 Subject: Problem with viewmail.php viewing message In-Reply-To: <200607281604.k6SG4ICa017629@cat.salemcarriers.com> References: <200607281604.k6SG4ICa017629@cat.salemcarriers.com> Message-ID: <200607281231.25592.dyioulos@firstbhph.com> On Friday July 28 2006 11:59 am, Phillip Udel wrote: > HI All > I posted this question to Mailwatch group, but I think there is > something wrong with their server. It has not Process a entry > since the 24th. So Maybe someone here can help > > I am a new user of Mail Watch. I am running my First Quarantine > Report. I click on the View option but it does not Display the > message. I Do Get a MailWatch Page but it is blank under the Gray > Options Bar. Do I need to set up something for it to work? The > viewmail.ph does not work in the detail.php either. > I do get this error in the web log: > [Fri Jul 28 10:27:22 2006] [notice] child pid 29514 exit signal > Segmentation fault (11) > > Any Ideas? I checked the MailWatch Tips page and set it up just > like it said. > > > > RH 8.0 > MS 4.54.6-1 > SA 3.1.3 > MailWatch 1.0.3 > Sendmail 8.12 > > Phillip Udel Did you try read the pertinent section in the FAQ? mailwatch.sourceforge.net/doku.php?id=mailwatch:faq Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Fri Jul 28 17:39:46 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 28 17:39:54 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44CA3507.6040305@netmagicsolutions.com> References: <44C0F65D.3070401@pixelhammer.com> <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> <44C8F46B.9090005@pixelhammer.com> <44CA2323.3030001@pixelhammer.com> <44CA3507.6040305@netmagicsolutions.com> Message-ID: <44CA3DD2.2040808@pixelhammer.com> Dhawal Doshy wrote: > DAve wrote: >> DAve wrote: >>> Golden, James wrote: >>>> I'm pretty new to this MailScanner stuff, so this may be too >>>> simple. So >>>> please excuse me. What about the file permissions on your >>>> filename.rules.conf or filetype.rules.conf? >>> >>> I am in no position to question anyone's suggestions ;^) >>> >>> bash-2.05b# ls -la >>> total 388 >>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 . >>> drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 .. >>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>> -rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf >>> drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes >>> -r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf >>> -rw-r--r-- 1 root cvs 197 Jul 21 12:59 filename.allow.rules.conf >>> -rw-r--r-- 1 root cvs 6851 Jul 21 12:51 filename.deny.rules.conf >>> -rw-r--r-- 1 root cvs 929 Jul 21 13:01 filetype.allow.rules.conf >>> -rw-r--r-- 1 root cvs 921 Jul 21 12:51 filetype.deny.rules.conf >>> dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp >>> -r--r--r-- 1 root wheel 14618 Jun 4 13:27 phishing.safe.sites.conf >>> drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports >>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules >>> -rw-r--r-- 1 root cvs 9692 Jul 21 16:15 spam.assassin.prefs.conf >>> -r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf >>> -r--r--r-- 1 root wheel 2969 Jun 4 13:27 spam.lists.conf.sample >>> -rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf >>> >>> bash-2.05b# ls -la rules >>> total 40 >>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 . >>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .. >>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>> -r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES >>> -r--r--r-- 1 root wheel 2964 Jun 4 13:27 README >>> -rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules >>> -rw-r--r-- 1 root cvs 1743 Jun 6 18:40 highscore.delivery.rules >>> -rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules >>> -rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules >>> -rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules >>> -rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules >>> -rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules >>> -rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules >>> -rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules >>> -rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules >>> -rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules >>> -rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules >>> >>>> >>>> One other thought is your max or minimum size for attachments >>>> setting in >>>> the Mailscanner.conf file? >>> >>> I'm testing with a 76k text file named test.scr and a copy named >>> test.sxw.doc. >>> >>> Maximum Message Size = 0 >>> Maximum Attachment Size = -1 >>> Minimum Attachment Size = -1 >>> >>> Should be no checking going on (I do RBLs, size checking, max >>> recipients on the MTA). >>> >>> I would be perfectly willing to post any and all conf files online >>> for viewing. >> >> http://pixelhammer.com/MS/MailScanner.conf >> http://pixelhammer.com/MS/user.filename.rules >> >> Last act of desperation. This is as simple as I can make it and it >> still is not stopping double suffix or even test.scr. >> >> Is there a stupid mistake I am just not seeing or is it time to >> reinstall everything? >> >> DAve > > And what is the content of > /usr/local/etc/MailScanner/rules/user.content.rules? > > - dhawal http://pixelhammer.com/MS/user.content.rules DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From dhawal at netmagicsolutions.com Fri Jul 28 17:49:00 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Jul 28 17:49:18 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44CA3DD2.2040808@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> <44C8F46B.9090005@pixelhammer.com> <44CA2323.3030001@pixelhammer.com> <44CA3507.6040305@netmagicsolutions.com> <44CA3DD2.2040808@pixelhammer.com> Message-ID: <44CA3FFC.7090509@netmagicsolutions.com> DAve wrote: > Dhawal Doshy wrote: >> DAve wrote: >>> DAve wrote: >>>> Golden, James wrote: >>>>> I'm pretty new to this MailScanner stuff, so this may be too >>>>> simple. So >>>>> please excuse me. What about the file permissions on your >>>>> filename.rules.conf or filetype.rules.conf? >>>> >>>> I am in no position to question anyone's suggestions ;^) >>>> >>>> bash-2.05b# ls -la >>>> total 388 >>>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 . >>>> drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 .. >>>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>>> -rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf >>>> drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes >>>> -r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf >>>> -rw-r--r-- 1 root cvs 197 Jul 21 12:59 >>>> filename.allow.rules.conf >>>> -rw-r--r-- 1 root cvs 6851 Jul 21 12:51 filename.deny.rules.conf >>>> -rw-r--r-- 1 root cvs 929 Jul 21 13:01 >>>> filetype.allow.rules.conf >>>> -rw-r--r-- 1 root cvs 921 Jul 21 12:51 filetype.deny.rules.conf >>>> dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp >>>> -r--r--r-- 1 root wheel 14618 Jun 4 13:27 phishing.safe.sites.conf >>>> drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports >>>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules >>>> -rw-r--r-- 1 root cvs 9692 Jul 21 16:15 spam.assassin.prefs.conf >>>> -r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf >>>> -r--r--r-- 1 root wheel 2969 Jun 4 13:27 spam.lists.conf.sample >>>> -rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf >>>> >>>> bash-2.05b# ls -la rules >>>> total 40 >>>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 . >>>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .. >>>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>>> -r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES >>>> -r--r--r-- 1 root wheel 2964 Jun 4 13:27 README >>>> -rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules >>>> -rw-r--r-- 1 root cvs 1743 Jun 6 18:40 highscore.delivery.rules >>>> -rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules >>>> -rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules >>>> -rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules >>>> -rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules >>>> -rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules >>>> -rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules >>>> -rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules >>>> -rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules >>>> -rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules >>>> -rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules >>>> >>>>> >>>>> One other thought is your max or minimum size for attachments >>>>> setting in >>>>> the Mailscanner.conf file? >>>> >>>> I'm testing with a 76k text file named test.scr and a copy named >>>> test.sxw.doc. >>>> >>>> Maximum Message Size = 0 >>>> Maximum Attachment Size = -1 >>>> Minimum Attachment Size = -1 >>>> >>>> Should be no checking going on (I do RBLs, size checking, max >>>> recipients on the MTA). >>>> >>>> I would be perfectly willing to post any and all conf files online >>>> for viewing. >>> >>> http://pixelhammer.com/MS/MailScanner.conf >>> http://pixelhammer.com/MS/user.filename.rules >>> >>> Last act of desperation. This is as simple as I can make it and it >>> still is not stopping double suffix or even test.scr. >>> >>> Is there a stupid mistake I am just not seeing or is it time to >>> reinstall everything? >>> >>> DAve >> >> And what is the content of >> /usr/local/etc/MailScanner/rules/user.content.rules? >> >> - dhawal > > http://pixelhammer.com/MS/user.content.rules > > DAve Well there lies your problem.. and i had previously hinted on this as well. You have Dangerous Content Scanning = %rules-dir%/user.content.rules and /usr/local/etc/MailScanner/rules/user.content.rules To: default no From: default no Which indicates that you are not checking for 'Dangerous Content Scanning'. Filename/type checks depend on 'Dangerous Content Scanning'.. set the From to 'yes' and re-test. - dhawal From ka at pacific.net Fri Jul 28 17:54:10 2006 From: ka at pacific.net (Ken A) Date: Fri Jul 28 17:53:26 2006 Subject: Outgoing email flagged as spam then deleted In-Reply-To: <44C95C7C.7060007@nkpanama.com> References: <200607271959.k6RJx53K031180@bkserver.blacknight.ie> <44C95C7C.7060007@nkpanama.com> Message-ID: <44CA4132.2060502@pacific.net> Alex Neuman van der Hans wrote: > Michael S. wrote: >> Ok, I believe I can add 127.0.0.1 to spam.whitelist.rules. That should >> work. >> >> Don't have a problem with user abusing forms as we have strict >> mod_security >> rules that prevents these things. Nice thought though. >> >> Thanks. >> > Can you elaborate for the rest of us? Sounds like wiki fodder to me. :-) Mod Security is not really a mailscanner thing. It's an apache module that can block http requests by looking for various naughty behaviour like: GET /cgi-bin/formmail.pl?recipient=victim@aol.com,victim2@aol.com Ken A Pacific.Net From dave.list at pixelhammer.com Fri Jul 28 18:27:50 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 28 18:28:00 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44CA3FFC.7090509@netmagicsolutions.com> References: <44C0F65D.3070401@pixelhammer.com> <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> <44C8F46B.9090005@pixelhammer.com> <44CA2323.3030001@pixelhammer.com> <44CA3507.6040305@netmagicsolutions.com> <44CA3DD2.2040808@pixelhammer.com> <44CA3FFC.7090509@netmagicsolutions.com> Message-ID: <44CA4916.5030001@pixelhammer.com> Dhawal Doshy wrote: > DAve wrote: >> Dhawal Doshy wrote: >>> DAve wrote: >>>> DAve wrote: >>>>> Golden, James wrote: >>>>>> I'm pretty new to this MailScanner stuff, so this may be too >>>>>> simple. So >>>>>> please excuse me. What about the file permissions on your >>>>>> filename.rules.conf or filetype.rules.conf? >>>>> >>>>> I am in no position to question anyone's suggestions ;^) >>>>> >>>>> bash-2.05b# ls -la >>>>> total 388 >>>>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 . >>>>> drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 .. >>>>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>>>> -rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf >>>>> drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes >>>>> -r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf >>>>> -rw-r--r-- 1 root cvs 197 Jul 21 12:59 >>>>> filename.allow.rules.conf >>>>> -rw-r--r-- 1 root cvs 6851 Jul 21 12:51 >>>>> filename.deny.rules.conf >>>>> -rw-r--r-- 1 root cvs 929 Jul 21 13:01 >>>>> filetype.allow.rules.conf >>>>> -rw-r--r-- 1 root cvs 921 Jul 21 12:51 >>>>> filetype.deny.rules.conf >>>>> dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp >>>>> -r--r--r-- 1 root wheel 14618 Jun 4 13:27 >>>>> phishing.safe.sites.conf >>>>> drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports >>>>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules >>>>> -rw-r--r-- 1 root cvs 9692 Jul 21 16:15 >>>>> spam.assassin.prefs.conf >>>>> -r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf >>>>> -r--r--r-- 1 root wheel 2969 Jun 4 13:27 spam.lists.conf.sample >>>>> -rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf >>>>> >>>>> bash-2.05b# ls -la rules >>>>> total 40 >>>>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 . >>>>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .. >>>>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>>>> -r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES >>>>> -r--r--r-- 1 root wheel 2964 Jun 4 13:27 README >>>>> -rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules >>>>> -rw-r--r-- 1 root cvs 1743 Jun 6 18:40 highscore.delivery.rules >>>>> -rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules >>>>> -rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules >>>>> -rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules >>>>> -rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules >>>>> -rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules >>>>> -rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules >>>>> -rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules >>>>> -rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules >>>>> -rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules >>>>> -rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules >>>>> >>>>>> >>>>>> One other thought is your max or minimum size for attachments >>>>>> setting in >>>>>> the Mailscanner.conf file? >>>>> >>>>> I'm testing with a 76k text file named test.scr and a copy named >>>>> test.sxw.doc. >>>>> >>>>> Maximum Message Size = 0 >>>>> Maximum Attachment Size = -1 >>>>> Minimum Attachment Size = -1 >>>>> >>>>> Should be no checking going on (I do RBLs, size checking, max >>>>> recipients on the MTA). >>>>> >>>>> I would be perfectly willing to post any and all conf files online >>>>> for viewing. >>>> >>>> http://pixelhammer.com/MS/MailScanner.conf >>>> http://pixelhammer.com/MS/user.filename.rules >>>> >>>> Last act of desperation. This is as simple as I can make it and it >>>> still is not stopping double suffix or even test.scr. >>>> >>>> Is there a stupid mistake I am just not seeing or is it time to >>>> reinstall everything? >>>> >>>> DAve >>> >>> And what is the content of >>> /usr/local/etc/MailScanner/rules/user.content.rules? >>> >>> - dhawal >> >> http://pixelhammer.com/MS/user.content.rules >> >> DAve > > Well there lies your problem.. and i had previously hinted on this as > well. You have > > Dangerous Content Scanning = %rules-dir%/user.content.rules > > and /usr/local/etc/MailScanner/rules/user.content.rules > To: default no > From: default no > > Which indicates that you are not checking for 'Dangerous Content > Scanning'. Filename/type checks depend on 'Dangerous Content Scanning'.. > set the From to 'yes' and re-test. > > - dhawal I'll test it, but that file has not been changed since my initial setup over two years ago. Hence why I responded that it was OK when you suggested I check it. I say that but, the last upgrade involved SA, ClamAV, MailWatch, and MailScanner on three machines in one night. It is entirely possible I did that. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From Phil.Udel at salemcorp.com Fri Jul 28 18:39:03 2006 From: Phil.Udel at salemcorp.com (Phillip Udel) Date: Fri Jul 28 18:39:18 2006 Subject: Problem with viewmail.php viewing message In-Reply-To: <200607281231.25592.dyioulos@firstbhph.com> Message-ID: <200607281744.k6SHiFCa028351@cat.salemcarriers.com> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dimitri Yioulos Sent: Friday, July 28, 2006 11:31 AM To: MailScanner discussion Subject: Re: Problem with viewmail.php viewing message On Friday July 28 2006 11:59 am, Phillip Udel wrote: > HI All > I posted this question to Mailwatch group, but I think there is > something wrong with their server. It has not Process a entry > since the 24th. So Maybe someone here can help > > I am a new user of Mail Watch. I am running my First Quarantine > Report. I click on the View option but it does not Display the > message. I Do Get a MailWatch Page but it is blank under the Gray > Options Bar. Do I need to set up something for it to work? The > viewmail.ph does not work in the detail.php either. > I do get this error in the web log: > [Fri Jul 28 10:27:22 2006] [notice] child pid 29514 exit signal > Segmentation fault (11) > > Any Ideas? I checked the MailWatch Tips page and set it up just > like it said. > > > > RH 8.0 > MS 4.54.6-1 > SA 3.1.3 > MailWatch 1.0.3 > Sendmail 8.12 > > Phillip Udel Did you try read the pertinent section in the FAQ? mailwatch.sourceforge.net/doku.php?id=mailwatch:faq Dimitri Ya. I followed the FAQ's step by step. Checked the permissions. I can deliver a Quarantine message without problem. I am thinking the Sig (11) might be caused buy the php 4.22-8.0.8 and apache 2.0.40.21 versions I am running. Phil -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Fri Jul 28 18:39:12 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jul 28 18:39:26 2006 Subject: MailScanner logwatch script In-Reply-To: <7801ad8f0607280832k6c9818ay1df7f7a144464564@mail.gmail.com> References: <7801ad8f0607280832k6c9818ay1df7f7a144464564@mail.gmail.com> Message-ID: <44CA4BC0.5000201@USherbrooke.ca> Tony Stocker a ?crit : > Hello All, > > I'm getting a lot of things listed under "Unmatched Entries" with the > logwatch script for MailScanner. They fall into a couple of > categories: > ... > > Does anyone have any ideas how to tune things so this stuff doesn't > end up in there? There are a lot of entry types here so I'm loathe to > rewrite the mailscanner logwatch script and I'm not even sure how to > write a filter for what I called the "Message conversion" entries that > wouldn't catch everything. > > The script is in /etc/log.d/scripts/services/mailscanner and is a standard Perl script. I modify them every time they don't catch the things that annoy me. At the beginning of the script there is a loop that just tosses lines away: ( $ThisLine =~ m/Message .+ added TNEF contents/ ) or ( $ThisLine =~ m/Content Checks: Detected and will convert HTML/ ) ) { # We don't care about these Just add your own patterns BEFORE the last line: ( $ThisLine =~ m/Message .+ added TNEF contents/ ) or ( $ThisLine =~ m/this is my first patterm match/ ) or ( $ThisLine =~ m/this is my second patterm match/ ) or ( $ThisLine =~ m/Content Checks: Detected and will convert HTML/ ) ) { # We don't care about these If you want the script to count some lines you'll have to look further down in the script and copy the behaviour of some other pattern match. Then you also have to add a block to print out the totals you counted. It's really simple. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060728/394fc42b/smime.bin From alex at nkpanama.com Fri Jul 28 18:47:27 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Jul 28 18:47:44 2006 Subject: Outgoing email flagged as spam then deleted In-Reply-To: <44CA4132.2060502@pacific.net> References: <200607271959.k6RJx53K031180@bkserver.blacknight.ie> <44C95C7C.7060007@nkpanama.com> <44CA4132.2060502@pacific.net> Message-ID: <44CA4DAF.9090700@nkpanama.com> Ken A wrote: > > Mod Security is not really a mailscanner thing. It's an apache module > that can block http requests by looking for various naughty behaviour > like: GET /cgi-bin/formmail.pl?recipient=victim@aol.com,victim2@aol.com > > > Ken A > Pacific.Net Precisely. And many MailScanner users have all-in-one boxes at SME's that do web/mail/samba/etc. - and would thus benefit from securing their local webserver from being misused to send spam (specially if scanning from localhost is disabled). Can you recommend a good howto in order to use mod_security to avoid MIME injection? From ugob at camo-route.com Fri Jul 28 18:53:18 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Jul 28 18:54:16 2006 Subject: MailScanner logwatch script In-Reply-To: <7801ad8f0607280857o4f12c22hfa93f3cbe3d901ff@mail.gmail.com> References: <7801ad8f0607280832k6c9818ay1df7f7a144464564@mail.gmail.com> <7801ad8f0607280857o4f12c22hfa93f3cbe3d901ff@mail.gmail.com> Message-ID: Tony Stocker wrote: > On 7/28/06, Ugo Bellavance wrote: >> 2- Get the latest version of the mailscanner script from cvs > > Version 1.24 from April 2006? Yes. But it may come with the new version of logwatch anyway. It was just a way to tell you that if you upgrade MailScanner, have a look at the logwatch cvs... > >> 4- Look at the /etc/logwatch/conf/ignore.conf > > As I currently don't have an /etc/logwatch directory with the version > that I'm running (logwatch-5.2.2-1.EL4.1) can I assume that the latest > version (7.3) will create this directory and the ignore.conf file? Yes, from version 7+ they changed the way they organize files. The tree structure is not the same anymore. > > Thanks for the help. From ugob at camo-route.com Fri Jul 28 18:56:48 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Jul 28 19:00:50 2006 Subject: MailScanner logwatch script In-Reply-To: <44CA4BC0.5000201@USherbrooke.ca> References: <7801ad8f0607280832k6c9818ay1df7f7a144464564@mail.gmail.com> <44CA4BC0.5000201@USherbrooke.ca> Message-ID: Denis Beauchemin wrote: > Tony Stocker a ?crit : >> Hello All, >> >> I'm getting a lot of things listed under "Unmatched Entries" with the >> logwatch script for MailScanner. They fall into a couple of >> categories: >> ... >> >> Does anyone have any ideas how to tune things so this stuff doesn't >> end up in there? There are a lot of entry types here so I'm loathe to >> rewrite the mailscanner logwatch script and I'm not even sure how to >> write a filter for what I called the "Message conversion" entries that >> wouldn't catch everything. >> >> > The script is in /etc/log.d/scripts/services/mailscanner and is a > standard Perl script. I modify them every time they don't catch the > things that annoy me. At the beginning of the script there is a loop > that just tosses lines away: > ( $ThisLine =~ m/Message .+ added TNEF contents/ ) or > ( $ThisLine =~ m/Content Checks: Detected and will convert HTML/ > ) ) { > # We don't care about these In version 7+, this is done in the ignore.conf file. Easier on upgrades... > > Just add your own patterns BEFORE the last line: > ( $ThisLine =~ m/Message .+ added TNEF contents/ ) or > ( $ThisLine =~ m/this is my first patterm match/ ) or > ( $ThisLine =~ m/this is my second patterm match/ ) or > ( $ThisLine =~ m/Content Checks: Detected and will convert HTML/ > ) ) { > # We don't care about these > > If you want the script to count some lines you'll have to look further > down in the script and copy the behaviour of some other pattern match. > Then you also have to add a block to print out the totals you counted. > It's really simple. True, it is rather simple. > > Denis > From dave.list at pixelhammer.com Fri Jul 28 19:21:43 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 28 19:21:51 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44CA4916.5030001@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> <44C8F46B.9090005@pixelhammer.com> <44CA2323.3030001@pixelhammer.com> <44CA3507.6040305@netmagicsolutions.com> <44CA3DD2.2040808@pixelhammer.com> <44CA3FFC.7090509@netmagicsolutions.com> <44CA4916.5030001@pixelhammer.com> Message-ID: <44CA55B7.3050004@pixelhammer.com> DAve wrote: > Dhawal Doshy wrote: >> DAve wrote: >>> Dhawal Doshy wrote: >>>> DAve wrote: >>>>> DAve wrote: >>>>>> Golden, James wrote: >>>>>>> I'm pretty new to this MailScanner stuff, so this may be too >>>>>>> simple. So >>>>>>> please excuse me. What about the file permissions on your >>>>>>> filename.rules.conf or filetype.rules.conf? >>>>>> >>>>>> I am in no position to question anyone's suggestions ;^) >>>>>> >>>>>> bash-2.05b# ls -la >>>>>> total 388 >>>>>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 . >>>>>> drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 .. >>>>>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>>>>> -rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf >>>>>> drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes >>>>>> -r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf >>>>>> -rw-r--r-- 1 root cvs 197 Jul 21 12:59 >>>>>> filename.allow.rules.conf >>>>>> -rw-r--r-- 1 root cvs 6851 Jul 21 12:51 >>>>>> filename.deny.rules.conf >>>>>> -rw-r--r-- 1 root cvs 929 Jul 21 13:01 >>>>>> filetype.allow.rules.conf >>>>>> -rw-r--r-- 1 root cvs 921 Jul 21 12:51 >>>>>> filetype.deny.rules.conf >>>>>> dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp >>>>>> -r--r--r-- 1 root wheel 14618 Jun 4 13:27 >>>>>> phishing.safe.sites.conf >>>>>> drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports >>>>>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules >>>>>> -rw-r--r-- 1 root cvs 9692 Jul 21 16:15 >>>>>> spam.assassin.prefs.conf >>>>>> -r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf >>>>>> -r--r--r-- 1 root wheel 2969 Jun 4 13:27 spam.lists.conf.sample >>>>>> -rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf >>>>>> >>>>>> bash-2.05b# ls -la rules >>>>>> total 40 >>>>>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 . >>>>>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .. >>>>>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>>>>> -r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES >>>>>> -r--r--r-- 1 root wheel 2964 Jun 4 13:27 README >>>>>> -rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules >>>>>> -rw-r--r-- 1 root cvs 1743 Jun 6 18:40 highscore.delivery.rules >>>>>> -rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules >>>>>> -rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules >>>>>> -rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules >>>>>> -rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules >>>>>> -rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules >>>>>> -rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules >>>>>> -rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules >>>>>> -rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules >>>>>> -rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules >>>>>> -rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules >>>>>> >>>>>>> >>>>>>> One other thought is your max or minimum size for attachments >>>>>>> setting in >>>>>>> the Mailscanner.conf file? >>>>>> >>>>>> I'm testing with a 76k text file named test.scr and a copy named >>>>>> test.sxw.doc. >>>>>> >>>>>> Maximum Message Size = 0 >>>>>> Maximum Attachment Size = -1 >>>>>> Minimum Attachment Size = -1 >>>>>> >>>>>> Should be no checking going on (I do RBLs, size checking, max >>>>>> recipients on the MTA). >>>>>> >>>>>> I would be perfectly willing to post any and all conf files online >>>>>> for viewing. >>>>> >>>>> http://pixelhammer.com/MS/MailScanner.conf >>>>> http://pixelhammer.com/MS/user.filename.rules >>>>> >>>>> Last act of desperation. This is as simple as I can make it and it >>>>> still is not stopping double suffix or even test.scr. >>>>> >>>>> Is there a stupid mistake I am just not seeing or is it time to >>>>> reinstall everything? >>>>> >>>>> DAve >>>> >>>> And what is the content of >>>> /usr/local/etc/MailScanner/rules/user.content.rules? >>>> >>>> - dhawal >>> >>> http://pixelhammer.com/MS/user.content.rules >>> >>> DAve >> >> Well there lies your problem.. and i had previously hinted on this as >> well. You have >> >> Dangerous Content Scanning = %rules-dir%/user.content.rules >> >> and /usr/local/etc/MailScanner/rules/user.content.rules >> To: default no From: default no >> Which indicates that you are not checking for 'Dangerous Content >> Scanning'. Filename/type checks depend on 'Dangerous Content >> Scanning'.. set the From to 'yes' and re-test. >> >> - dhawal > > I'll test it, but that file has not been changed since my initial setup > over two years ago. Hence why I responded that it was OK when you > suggested I check it. > > I say that but, the last upgrade involved SA, ClamAV, MailWatch, and > MailScanner on three machines in one night. It is entirely possible I > did that. > > DAve > > user.content.rules changed to the following, To: default yes From: default yes Both test.scr and test.sxw.doc blow right through. X-TLS.net-MailScanner: Found to be clean DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From TGFurnish at herffjones.com Fri Jul 28 21:37:43 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Fri Jul 28 21:37:46 2006 Subject: Filetypes and filenames not being checked Message-ID: <57573D714A832C43B9D80EAFBDA48D03013570E0@inex3.herffjones.hj-int> Do the headers of the message you received by chance include the text "not scanned"? Or, in other words, are you testing from a host or address that you've whitelisted? I can reproduce the behavior you're reporting when sending from a whitelisted host -- unfortunately my updated mailscanner system's not in production yet, so I can't test this specific scenario from a non-whitelisted host yet. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve > Sent: Friday, July 21, 2006 11:44 AM > To: mailscanner@lists.mailscanner.info > Subject: Filetypes and filenames not being checked > > Good morning, > > I have just had a user bring to my attention that since I > upgraded to 4.54.x we are no longer stopping filenames with > double suffixes or banned suffixes. > > I tried a test and sure enough two files went right through, > test.svx.doc and test.scr. I double checked my conf files and > everything looks good, mailscanner --lint shows no errors. > > I haven't changed anything in the conf file except to add > MailWatch. I went through the change log and docs and didn't > see anything that I thought would affect me. > > Has there been a change in how the filename.rules.conf files work? > > Thanks, > > DAve > > -- > Three years now I've asked Google why they don't have a logo > change for Memorial Day. Why do they choose to do logos for > other non-international holidays, but nothing for Veterans? > > Maybe they forgot who made that choice possible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dave.list at pixelhammer.com Fri Jul 28 22:26:41 2006 From: dave.list at pixelhammer.com (DAve) Date: Fri Jul 28 22:26:50 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <57573D714A832C43B9D80EAFBDA48D03013570E0@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D03013570E0@inex3.herffjones.hj-int> Message-ID: <44CA8111.70504@pixelhammer.com> Furnish, Trever G wrote: > Do the headers of the message you received by chance include the text > "not scanned"? Or, in other words, are you testing from a host or > address that you've whitelisted? I can reproduce the behavior you're > reporting when sending from a whitelisted host -- unfortunately my > updated mailscanner system's not in production yet, so I can't test this > specific scenario from a non-whitelisted host yet. Nope. Headers from the most recent test below. X-TLS.net-MailScanner-Information: Please contact support@tls.net for more information X-TLS.net-MailScanner: Found to be clean X-TLS.net-MailScanner-SpamCheck: not spam, SpamAssassin (notcached, score=-2.599, required 5, autolearn=not spam, BAYES_00 -2.60) X-MailScanner-From: yellowhousejake@yahoo.com > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve >> Sent: Friday, July 21, 2006 11:44 AM >> To: mailscanner@lists.mailscanner.info >> Subject: Filetypes and filenames not being checked >> >> Good morning, >> >> I have just had a user bring to my attention that since I >> upgraded to 4.54.x we are no longer stopping filenames with >> double suffixes or banned suffixes. >> >> I tried a test and sure enough two files went right through, >> test.svx.doc and test.scr. I double checked my conf files and >> everything looks good, mailscanner --lint shows no errors. >> >> I haven't changed anything in the conf file except to add >> MailWatch. I went through the change log and docs and didn't >> see anything that I thought would affect me. >> >> Has there been a change in how the filename.rules.conf files work? >> >> Thanks, >> >> DAve >> >> -- >> Three years now I've asked Google why they don't have a logo >> change for Memorial Day. Why do they choose to do logos for >> other non-international holidays, but nothing for Veterans? >> >> Maybe they forgot who made that choice possible. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From AHKAPLAN at PARTNERS.ORG Fri Jul 28 23:50:12 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Fri Jul 28 23:50:26 2006 Subject: SpamAssassin error appearing in mail.warn Message-ID: <9C63A4713C4E3342B90428CE44806A7302679813@PHSXMB5.partners.org> I completed installing MailScanner 4.54 with ClamAV 0.88.3 and SpamAssasin 3.0.3 and am in the process of testing the configuration. Outgoing e-mails are delivered without a problem, but incoming messages are not getting through. I checked the mail.warn file and I noticed the following error: Jul 28 14:49:01 MailScanner[15064]: Unrecognized keyword "spamassasinprefsfile" at line 2169 Jul 28 14:49:01 MailScanner[15064]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. When I checked the /etc/MailScanner directory, I noticed the existence of a spam.assassin.prefs.conf file, while the line in question in MailScanner.conf read as follows: SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf What change(s) do I need to make to correct this? Thanks. From dhawal at netmagicsolutions.com Sat Jul 29 00:25:07 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Jul 29 00:27:36 2006 Subject: SpamAssassin error appearing in mail.warn In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679813@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679813@PHSXMB5.partners.org> Message-ID: <20060729045507.pyng6q190k44okk8@mail.netmagicsolutions.com> Quoting "Kaplan, Andrew H." : > I completed installing MailScanner 4.54 with ClamAV 0.88.3 and > SpamAssasin 3.0.3 > and am in the process of testing the configuration. > Outgoing e-mails are delivered without a problem, but incoming > messages are not > getting through. I checked the mail.warn file and I > noticed the following error: > > Jul 28 14:49:01 MailScanner[15064]: Unrecognized keyword > "spamassasinprefsfile" at line 2169 > Jul 28 14:49:01 MailScanner[15064]: Aborting due to > syntax errors in > /etc/MailScanner/MailScanner.conf. > > When I checked the /etc/MailScanner directory, I noticed the existence of a > spam.assassin.prefs.conf file, while the line > in question in MailScanner.conf read as follows: > > SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf > > What change(s) do I need to make to correct this? Thanks. Did you upgrade your languages.conf file?? see the upgrade_languages_conf command. - dhawal > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From AHKAPLAN at PARTNERS.ORG Sat Jul 29 01:47:51 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Sat Jul 29 01:47:58 2006 Subject: SpamAssassin error appearing in mail.warn Message-ID: <9C63A4713C4E3342B90428CE44806A7302679814@PHSXMB5.partners.org> I had not upgraded the applications from previous versions, this was a scratch install. Therefore I didn't think of running the upgrade_languages_conf command. Isn't that binary used strictly for upgrading from a previous version? From mailscanner at ecs.soton.ac.uk Sat Jul 29 10:56:54 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jul 29 10:57:07 2006 Subject: SpamAssassin error appearing in mail.warn In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679814@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679814@PHSXMB5.partners.org> Message-ID: <44CB30E6.8000702@ecs.soton.ac.uk> Did you by any chance copy your old MailScanner.conf to the new machine? You need to run upgrade_MailScanner_conf and it will remove this setting as it does not exist in newer versions. Kaplan, Andrew H. wrote: > I had not upgraded the applications from previous versions, this was a scratch > install. > Therefore I didn't think of running the upgrade_languages_conf command. Isn't > that > binary used strictly for upgrading from a previous version? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner Customisation? Contact me at MailScanner@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From AHKAPLAN at PARTNERS.ORG Sat Jul 29 17:35:59 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Sat Jul 29 17:36:09 2006 Subject: SpamAssassin error appearing in mail.warn Message-ID: <9C63A4713C4E3342B90428CE44806A7302679815@PHSXMB5.partners.org> I did not copy the MailScanner.conf file from the old to the new machine. This is a scratch install. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Saturday, July 29, 2006 5:57 AM To: MailScanner discussion Subject: Re: SpamAssassin error appearing in mail.warn Did you by any chance copy your old MailScanner.conf to the new machine? You need to run upgrade_MailScanner_conf and it will remove this setting as it does not exist in newer versions. Kaplan, Andrew H. wrote: > I had not upgraded the applications from previous versions, this was a scratch > install. > Therefore I didn't think of running the upgrade_languages_conf command. Isn't > that > binary used strictly for upgrading from a previous version? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner Customisation? Contact me at MailScanner@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at ecs.soton.ac.uk Sat Jul 29 20:32:39 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jul 29 20:32:57 2006 Subject: SpamAssassin error appearing in mail.warn In-Reply-To: <9C63A4713C4E3342B90428CE44806A7302679815@PHSXMB5.partners.org> References: <9C63A4713C4E3342B90428CE44806A7302679815@PHSXMB5.partners.org> Message-ID: <44CBB7D7.6020409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In which case delete that setting, it shouldn't be there. Not sure why it was there, it shouldn't be. Kaplan, Andrew H. wrote: > I did not copy the MailScanner.conf file from the old to the new machine. > This is a scratch install. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Saturday, July 29, 2006 5:57 AM > To: MailScanner discussion > Subject: Re: SpamAssassin error appearing in mail.warn > > Did you by any chance copy your old MailScanner.conf to the new machine? > You need to run > upgrade_MailScanner_conf > and it will remove this setting as it does not exist in newer versions. > > Kaplan, Andrew H. wrote: >> I had not upgraded the applications from previous versions, this was a scratch >> install. >> Therefore I didn't think of running the upgrade_languages_conf command. Isn't >> that >> binary used strictly for upgrading from a previous version? > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@MailScanner.biz PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Get your PCs and servers from Transtec.de, very well built and reliable! -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.7.0 Charset: ISO-8859-1 wj8DBQFEy7fZEfZZRxQVtlQRAugWAKCqlQ+0wjVZ2jYN09oU51UlU3Oo3wCbBS21 ZvG7uFxe8ifl+9BOt4mc/dw= =D2yh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From dave.list at pixelhammer.com Sun Jul 30 07:15:28 2006 From: dave.list at pixelhammer.com (DAve) Date: Sun Jul 30 07:15:45 2006 Subject: Filetypes and filenames not being checked In-Reply-To: <44CA55B7.3050004@pixelhammer.com> References: <44C0F65D.3070401@pixelhammer.com> <1154006407.4076.8.camel@doit-b8wsw21.grand-rapids.mi.us> <44C8F46B.9090005@pixelhammer.com> <44CA2323.3030001@pixelhammer.com> <44CA3507.6040305@netmagicsolutions.com> <44CA3DD2.2040808@pixelhammer.com> <44CA3FFC.7090509@netmagicsolutions.com> <44CA4916.5030001@pixelhammer.com> <44CA55B7.3050004@pixelhammer.com> Message-ID: <44CC4E80.9070606@pixelhammer.com> DAve wrote: > DAve wrote: >> Dhawal Doshy wrote: >>> DAve wrote: >>>> Dhawal Doshy wrote: >>>>> DAve wrote: >>>>>> DAve wrote: >>>>>>> Golden, James wrote: >>>>>>>> I'm pretty new to this MailScanner stuff, so this may be too >>>>>>>> simple. So >>>>>>>> please excuse me. What about the file permissions on your >>>>>>>> filename.rules.conf or filetype.rules.conf? >>>>>>> >>>>>>> I am in no position to question anyone's suggestions ;^) >>>>>>> >>>>>>> bash-2.05b# ls -la >>>>>>> total 388 >>>>>>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 . >>>>>>> drwxr-xr-x 16 root wheel 1024 Jul 25 09:04 .. >>>>>>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>>>>>> -rw-r--r-- 1 root cvs 99589 Jul 26 10:21 MailScanner.conf >>>>>>> drwxr-xr-x 2 root cvs 512 Jul 27 13:02 bayes >>>>>>> -r--r--r-- 1 root wheel 11426 Jun 4 13:27 country.domains.conf >>>>>>> -rw-r--r-- 1 root cvs 197 Jul 21 12:59 >>>>>>> filename.allow.rules.conf >>>>>>> -rw-r--r-- 1 root cvs 6851 Jul 21 12:51 >>>>>>> filename.deny.rules.conf >>>>>>> -rw-r--r-- 1 root cvs 929 Jul 21 13:01 >>>>>>> filetype.allow.rules.conf >>>>>>> -rw-r--r-- 1 root cvs 921 Jul 21 12:51 >>>>>>> filetype.deny.rules.conf >>>>>>> dr-xr-xr-x 2 root cvs 512 Jul 21 16:44 mcp >>>>>>> -r--r--r-- 1 root wheel 14618 Jun 4 13:27 >>>>>>> phishing.safe.sites.conf >>>>>>> drwxr-xr-x 2 root cvs 2048 Jun 4 13:44 reports >>>>>>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 rules >>>>>>> -rw-r--r-- 1 root cvs 9692 Jul 21 16:15 >>>>>>> spam.assassin.prefs.conf >>>>>>> -r--r--r-- 1 root cvs 2969 Feb 14 2005 spam.lists.conf >>>>>>> -r--r--r-- 1 root wheel 2969 Jun 4 13:27 >>>>>>> spam.lists.conf.sample >>>>>>> -rw-r--r-- 1 root cvs 2834 Nov 2 2005 virus.scanners.conf >>>>>>> >>>>>>> bash-2.05b# ls -la rules >>>>>>> total 40 >>>>>>> dr-xr-xr-x 3 root cvs 512 Jul 21 16:43 . >>>>>>> dr-xr-xr-x 7 root cvs 1024 Jul 26 10:21 .. >>>>>>> drwxr-xr-x 2 root cvs 512 Aug 9 2004 CVS >>>>>>> -r--r--r-- 1 root wheel 2817 Jun 4 13:27 EXAMPLES >>>>>>> -r--r--r-- 1 root wheel 2964 Jun 4 13:27 README >>>>>>> -rw-r--r-- 1 root cvs 90 Jun 4 13:50 bounce.rules >>>>>>> -rw-r--r-- 1 root cvs 1743 Jun 6 18:40 >>>>>>> highscore.delivery.rules >>>>>>> -rw-r--r-- 1 root cvs 1529 Jun 6 18:40 mcp.delivery.rules >>>>>>> -rw-r--r-- 1 root cvs 71 Jun 6 18:40 spam.blacklist.rules >>>>>>> -rw-r--r-- 1 root cvs 961 Jun 6 18:40 spam.whitelist.rules >>>>>>> -rw-r--r-- 1 root cvs 369 Jun 6 18:40 user.content.rules >>>>>>> -rw-r--r-- 1 root cvs 1878 Jul 17 17:05 user.delivery.rules >>>>>>> -rw-r--r-- 1 root cvs 636 Jul 21 12:49 user.filename.rules >>>>>>> -rw-r--r-- 1 root cvs 636 Jul 21 12:50 user.filetype.rules >>>>>>> -rw-r--r-- 1 root cvs 722 Jul 19 10:30 user.filtering.rules >>>>>>> -rw-r--r-- 1 root cvs 251 Jun 6 18:40 user.mcp.rules >>>>>>> -rw-r--r-- 1 root cvs 419 Jun 6 18:40 user.scanning.rules >>>>>>> >>>>>>>> >>>>>>>> One other thought is your max or minimum size for attachments >>>>>>>> setting in >>>>>>>> the Mailscanner.conf file? >>>>>>> >>>>>>> I'm testing with a 76k text file named test.scr and a copy named >>>>>>> test.sxw.doc. >>>>>>> >>>>>>> Maximum Message Size = 0 >>>>>>> Maximum Attachment Size = -1 >>>>>>> Minimum Attachment Size = -1 >>>>>>> >>>>>>> Should be no checking going on (I do RBLs, size checking, max >>>>>>> recipients on the MTA). >>>>>>> >>>>>>> I would be perfectly willing to post any and all conf files >>>>>>> online for viewing. >>>>>> >>>>>> http://pixelhammer.com/MS/MailScanner.conf >>>>>> http://pixelhammer.com/MS/user.filename.rules >>>>>> >>>>>> Last act of desperation. This is as simple as I can make it and it >>>>>> still is not stopping double suffix or even test.scr. >>>>>> >>>>>> Is there a stupid mistake I am just not seeing or is it time to >>>>>> reinstall everything? >>>>>> >>>>>> DAve >>>>> >>>>> And what is the content of >>>>> /usr/local/etc/MailScanner/rules/user.content.rules? >>>>> >>>>> - dhawal >>>> >>>> http://pixelhammer.com/MS/user.content.rules >>>> >>>> DAve >>> >>> Well there lies your problem.. and i had previously hinted on this as >>> well. You have >>> >>> Dangerous Content Scanning = %rules-dir%/user.content.rules >>> >>> and /usr/local/etc/MailScanner/rules/user.content.rules >>> To: default no From: default no Which >>> indicates that you are not checking for 'Dangerous Content Scanning'. >>> Filename/type checks depend on 'Dangerous Content Scanning'.. set the >>> From to 'yes' and re-test. >>> >>> - dhawal >> >> I'll test it, but that file has not been changed since my initial >> setup over two years ago. Hence why I responded that it was OK when >> you suggested I check it. >> >> I say that but, the last upgrade involved SA, ClamAV, MailWatch, and >> MailScanner on three machines in one night. It is entirely possible I >> did that. >> >> DAve >> >> > > user.content.rules changed to the following, > > To: default yes > From: default yes > > Both test.scr and test.sxw.doc blow right through. > > X-TLS.net-MailScanner: Found to be clean > > DAve > Sometimes patience is a good thing. I did nothing after my last change, adopting a wait and see attitude. I checked my quarantine this evening and I have files with double suffixes and files with banned suffixes. So now it works. Odd that it did not work after I edited and restarted. The last test I performed was 20 minutes after the restart. Now, 24 hours later, it works. I have two questions now, 1) Why did the restart not make a difference earlier? 2) Why did I have "From: default no" in my user.content.rules? The first question I will have to look into further, it may be an issue with the start script from the FreeBSD port. It is not a MailScanner issue regardless. The second has me baffled completely as my support staff tells me they have been getting requests from clients to release files with double suffixes. Which can only mean, "I changed the user.content.rules". I've no recollection of doing so, but clearly rsync made certain my error was NOC wide. Maybe after 5 years of 24/7/365 a vacation is in order. Thanks to everyone for their patience with me on this problem. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From pravin.rane at gmail.com Sun Jul 30 08:53:00 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Sun Jul 30 08:53:03 2006 Subject: DCC and Razor checks are getting skipped by MailScanner. Message-ID: <13c021a90607300053g13ca3c36l157fc8a78c258474@mail.gmail.com> I have problem with spam checks in mailscanner. Following are the email headers which passed through mailscanner(version 4.46.2) + spamassassin( version 3.1.1) In /etc/MailScanner/MailScanner.conf I am using SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf +++++++++++++++++++++++++++++++++++++++++++++++++++++++ [root@ldap tmp]# cat 1154243669.14559.AOL Return-Path: Delivered-To: xxx Received: (qmail 14538 invoked by uid 508); 30 Jul 2006 07:14:17 -0000 Received: from unknown (HELO dkja.org) (82.61.1.94) by 0 with SMTP; 30 Jul 2006 07:14:17 -0000 Received-SPF: none (0: domain at dkja.org does not designate permitted sender hosts) Message-ID: <000001c6b3a7$4135e800$54fda8c0@pao41> Reply-To: "Korey Dominick" From: "Korey Dominick" To: xxx Subject: Re: jufeqVIAjAGRA Date: Sun, 30 Jul 2006 00:10:36 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C6B36C.94D71000" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-MailScanner-Information: Please contact the ISP for more information www.mailscanner.info X-MailScanner-: Found to be clean X-MailScanner-MCPCheck: X-MailScanner-SpamCheck: spam, SpamAssassin (score=5.994, required 4, BAYES_50 0.00, HTML_MESSAGE 0.00, RCVD_IN_NJABL_DUL 1.95, RCVD_IN_SORBS_DUL 2.05, URIBL_SBL 2.00) X-MailScanner-SpamScore: sssss X-MailScanner-From: dominickor@dkja.org ++++++++++++++++++++++++++++++++++++++ When I manually scan the same message from command prompt I get score = 11.9 [root@ldap tmp]# spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf < 1154243669.14559.AOL Content preview: Hi, VALjLIUM $1 . 25 AMjMBIEN VIAjAGRA $3 . 35 CIAjALIS $3 . 75 http://www.foinneritu.com [...] Content analysis details: (11.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 1.4 DCC_CHECK Listed in DCC ( http://rhyolite.com/anti-spam/dcc/) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [82.61.1.94 listed in dnsbl.sorbs.net] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [82.61.1.94 listed in combined.njabl.org] 1.1 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: foinneritu.com] 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: foinneritu.com] 0.2 DIGEST_MULTIPLE Message hits more than one network digest check Seems like DCC and Razor checks are getting skipped when message passes through MailScanner. -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060730/d8246ed0/attachment.html From mailscanner at ecs.soton.ac.uk Sun Jul 30 15:08:09 2006 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 30 15:08:28 2006 Subject: One idea they haven't tried yet Message-ID: <44CCBD49.5060301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I wonder how many email phishing scam detectors would be confused by something as simple as putting a link in the HTML where the text is htp://url.goes.here or fpt://usl.goes.here or hppt://url.goes.here or even just http:/url.goes.here Do a few people fancy trying this in the email client to see if it detects them? MailScanner itself should catch most of the variations. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@MailScanner.biz PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Get your PCs and servers from Transtec.de, very well built and reliable! -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.7.0 Charset: ISO-8859-1 wj8DBQFEzL1MEfZZRxQVtlQRAmsJAKClD0Gwkz3Ae3E1X3c6JF1gv81i6ACgqVge mZi1svcjRwppwJ73JXFVjeo= =Eodn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From pravin.rane at gmail.com Sun Jul 30 17:16:02 2006 From: pravin.rane at gmail.com (Pravin Rane) Date: Sun Jul 30 17:16:04 2006 Subject: DCC and Razor checks are getting skipped by MailScanner/Spamassassin Message-ID: <13c021a90607300916m53fe12f5wa1d33abda2dd709e@mail.gmail.com> Hi My Query is locate at below link. Seems like my mail to list has been blocked by other servers http://lists.mailscanner.info/pipermail/mailscanner/2006-July/063494.html -- Regards Pravin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060730/1a7ec02e/attachment.html From brad at beckenhauer.com Mon Jul 31 05:51:32 2006 From: brad at beckenhauer.com (Brad Beckenhauer) Date: Mon Jul 31 05:55:15 2006 Subject: $HOSTNAME Message-ID: <20060730T235132Z_A9B700000000@beckenhauer.com> I see in the examples that we can use the $HOSTNAME variable, but I have not been able to make it work. How can I use the $HOSTNAME variable in an X-Header in the MailScanner.conf? Does anyone have a working example? thanks Brad -------------- next part -------------- Skipped content of type multipart/related From alex at nkpanama.com Mon Jul 31 06:32:35 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Jul 31 06:33:11 2006 Subject: One idea they haven't tried yet In-Reply-To: <44CCBD49.5060301@ecs.soton.ac.uk> References: <44CCBD49.5060301@ecs.soton.ac.uk> Message-ID: <44CD95F3.8030801@nkpanama.com> FYI the last one is corrected (http://url.goes.here) by thunderbird on Windows. Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I wonder how many email phishing scam detectors would be confused by > something as simple as putting a link in the HTML where the text is > htp://url.goes.here > or > fpt://usl.goes.here > or > hppt://url.goes.here > or even just > http:/url.goes.here > Do a few people fancy trying this in the email client to see if it > detects them? MailScanner itself should catch most of the variations. > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@MailScanner.biz > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Get your PCs and servers from Transtec.de, very well built and reliable! > > -----BEGIN PGP SIGNATURE----- > Version: PGP SDK 3.7.0 > Charset: ISO-8859-1 > > wj8DBQFEzL1MEfZZRxQVtlQRAmsJAKClD0Gwkz3Ae3E1X3c6JF1gv81i6ACgqVge > mZi1svcjRwppwJ73JXFVjeo= > =Eodn > -----END PGP SIGNATURE----- > > From james at grayonline.id.au Mon Jul 31 03:25:40 2006 From: james at grayonline.id.au (James Gray) Date: Mon Jul 31 07:30:42 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: References: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> Message-ID: <44CD6A24.7050000@grayonline.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > This is an excellent and helpful bunch of people! I even hit this place on the > weekends when I am not busy. I was going to make some joke and tell you that you need a life. Then I went back through my sent items to this list and realised most of my posts are done on weekends and after-hours. We're a sad bunch. ;) - -- James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEzWokwBHpdJO7b9ERAm+oAKDPrLPU1HUTARYmzyeP/EKRGhKpPACgruIf qXOqXMyP1nm/Zp0rByM8y0M= =LG0J -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Mon Jul 31 09:58:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jul 31 09:59:06 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: <44CD6A24.7050000@grayonline.id.au> References: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> <44CD6A24.7050000@grayonline.id.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 31 Jul 2006, at 03:25, James Gray wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Scott Silva wrote: > >> This is an excellent and helpful bunch of people! I even hit this >> place on the >> weekends when I am not busy. > > I was going to make some joke and tell you that you need a life. > Then I > went back through my sent items to this list and realised most of my > posts are done on weekends and after-hours. > > We're a sad bunch. > > ;) Ah, but whose working hours? This is a truly global mailing list, about 80 countries are represented here. - -- Julian Field MailScanner@ecs.soton.ac.uk -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.7.0 Charset: US-ASCII wj8DBQFEzcYyEfZZRxQVtlQRAigwAJ9gZD6jRXwjKTq8pw6Hu2mP//IexwCeN1D/ U1cMah8+oJ36cJUQ7Ozfcvs= =XoIE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From AHKAPLAN at PARTNERS.ORG Mon Jul 31 13:34:16 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Jul 31 13:34:25 2006 Subject: SpamAssassin error appearing in mail.warn Message-ID: <9C63A4713C4E3342B90428CE44806A7302679818@PHSXMB5.partners.org> I have removed the line in question and restarted the mail server. However, the problem has not been resolved. What other steps should I take at this time? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Saturday, July 29, 2006 3:33 PM To: MailScanner discussion Subject: Re: SpamAssassin error appearing in mail.warn -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In which case delete that setting, it shouldn't be there. Not sure why it was there, it shouldn't be. Kaplan, Andrew H. wrote: > I did not copy the MailScanner.conf file from the old to the new machine. > This is a scratch install. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Saturday, July 29, 2006 5:57 AM > To: MailScanner discussion > Subject: Re: SpamAssassin error appearing in mail.warn > > Did you by any chance copy your old MailScanner.conf to the new machine? > You need to run > upgrade_MailScanner_conf > and it will remove this setting as it does not exist in newer versions. > > Kaplan, Andrew H. wrote: >> I had not upgraded the applications from previous versions, this was a scratch >> install. >> Therefore I didn't think of running the upgrade_languages_conf command. Isn't >> that >> binary used strictly for upgrading from a previous version? > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@MailScanner.biz PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Get your PCs and servers from Transtec.de, very well built and reliable! -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.7.0 Charset: ISO-8859-1 wj8DBQFEy7fZEfZZRxQVtlQRAugWAKCqlQ+0wjVZ2jYN09oU51UlU3Oo3wCbBS21 ZvG7uFxe8ifl+9BOt4mc/dw= =D2yh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From AHKAPLAN at PARTNERS.ORG Mon Jul 31 13:45:50 2006 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Mon Jul 31 13:45:54 2006 Subject: SpamAssassin error appearing in mail.warn Message-ID: <9C63A4713C4E3342B90428CE44806A7302679819@PHSXMB5.partners.org> Should I start completely over...including the operating system? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kaplan, Andrew H. Sent: Monday, July 31, 2006 8:34 AM To: MailScanner discussion Subject: RE: SpamAssassin error appearing in mail.warn I have removed the line in question and restarted the mail server. However, the problem has not been resolved. What other steps should I take at this time? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Saturday, July 29, 2006 3:33 PM To: MailScanner discussion Subject: Re: SpamAssassin error appearing in mail.warn -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In which case delete that setting, it shouldn't be there. Not sure why it was there, it shouldn't be. Kaplan, Andrew H. wrote: > I did not copy the MailScanner.conf file from the old to the new machine. > This is a scratch install. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Saturday, July 29, 2006 5:57 AM > To: MailScanner discussion > Subject: Re: SpamAssassin error appearing in mail.warn > > Did you by any chance copy your old MailScanner.conf to the new machine? > You need to run > upgrade_MailScanner_conf > and it will remove this setting as it does not exist in newer versions. > > Kaplan, Andrew H. wrote: >> I had not upgraded the applications from previous versions, this was a scratch >> install. >> Therefore I didn't think of running the upgrade_languages_conf command. Isn't >> that >> binary used strictly for upgrading from a previous version? > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@MailScanner.biz PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Get your PCs and servers from Transtec.de, very well built and reliable! -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.7.0 Charset: ISO-8859-1 wj8DBQFEy7fZEfZZRxQVtlQRAugWAKCqlQ+0wjVZ2jYN09oU51UlU3Oo3wCbBS21 ZvG7uFxe8ifl+9BOt4mc/dw= =D2yh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jgolden at ci.grand-rapids.mi.us Mon Jul 31 15:30:22 2006 From: jgolden at ci.grand-rapids.mi.us (Golden, James) Date: Mon Jul 31 15:34:31 2006 Subject: Settings Questions Message-ID: <1154356222.5553.3.camel@doit-b8wsw21.grand-rapids.mi.us> Hi all, QUESTION 1: I am trying to find the settings that let Mailscanner know to use bayes, dcc, pyzor, razor. I didn't see anything in MailScanner.conf. But I did find, under the MCP folder, a file called "mcp.pspam.assassin.prefs.conf" In there were these settings: ok_locales en skip_rbl_checks 1 use_bayes 0 use_dcc 0 use_pyzor 0 use_razor1 0 use_razor2 0 decode_attachments 1 Does this mean that I'm not using any of these services, or is there another conf file I am misisng? QUESTION 2: I am trying to move the Bayes folder into the /var/spool/Mailscanner directory. Not because of speed, but space issues. But when I do --lint gives me this message: # /usr/bin/spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint [5696] warn: config: failed to parse line, skipping: od to avoid FPs with other rules. [5696] warn: config: SpamAssassin failed to parse line, "/var/spool/spamassassin/bayes" is not valid for "bayes_path", skipping: bayes_path /var/spool/spamassassin/bayes [5696] warn: config: SpamAssassin failed to parse line, "/var/spool/spamassassin/bayes" is not valid for "bayes_path", skipping: bayes_path /var/spool/spamassassin/bayes [5696] warn: lint: 3 issues detected, please rerun with debug enabled for more information Any help would be greatly appreciated. James -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060731/e9f69b0e/attachment.html From jgolden at ci.grand-rapids.mi.us Mon Jul 31 15:40:39 2006 From: jgolden at ci.grand-rapids.mi.us (Golden, James) Date: Mon Jul 31 15:42:01 2006 Subject: Settings Questions In-Reply-To: <1154356222.5553.3.camel@doit-b8wsw21.grand-rapids.mi.us> References: <1154356222.5553.3.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: <1154356839.5553.6.camel@doit-b8wsw21.grand-rapids.mi.us> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smiley-3.png Type: image/png Size: 819 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060731/7612aaf4/smiley-3.png From jgolden at ci.grand-rapids.mi.us Mon Jul 31 15:49:45 2006 From: jgolden at ci.grand-rapids.mi.us (Golden, James) Date: Mon Jul 31 15:49:45 2006 Subject: --lint issue Message-ID: <1154357385.5553.9.camel@doit-b8wsw21.grand-rapids.mi.us> I'm not sure what this is telling me. Can someone translate? [8463] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001003/updates_spamassassin_org/80_additional.cf [8463] dbg: config: using "/var/lib/spamassassin/3.001003/updates_spamassassin_org/80_additional.cf" for included file [8463] dbg: config: read file /var/lib/spamassassin/3.001003/updates_spamassassin_org/80_additional.cf [8463] warn: config: failed to parse line, skipping: od to avoid FPs with other rules. Thanks, James -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060731/84fb14d1/attachment.html From daniel.maher at ubisoft.com Mon Jul 31 15:59:52 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon Jul 31 15:59:57 2006 Subject: SA ignoring a ruleset? Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D039@UBIMAIL1.ubisoft.org> Hello all, I have three incoming mail servers, each identical hardware and software configurations, running MailScanner 4.51.6 and SpamAssassin 3.1.1. There is a custom ruleset, "99_petrosun.cf", located in /etc/mail/spamassassin/ on all three servers. The ruleset is very simple, and is designed to identify a specific type of spam that we've been getting tonnes of lately. Unfortunately, one of my three servers appears to be ignoring it. I'm really not sure why. Two of my servers produce logs such as this: Jul 31 10:26:53 elmer MailScanner[6645]: Message 41DA34BB78.01E46 from 65.54.246.204 (ubitest2006@hotmail.com) to ubisoft.com is spam, SpamAssassin (score=34.986, required 6, autolearn=disabled, MSGID_FROM_MTA_HEADER 0.00, PETROSUN01 10.00, PETROSUN02 10.00, PETROSUN03 10.00, SARE_FWDLOOK 1.67, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66) The server that isn't identifying properly produces this: Jul 31 10:32:07 marvin MailScanner[14159]: Message BB3334BB48.736B5 from 65.54.246.105 (ubitest2006@hotmail.com) to ubisoft.com is not spam, SpamAssassin (score=4.986, required 6, MSGID_FROM_MTA_HEADER 0.00, SARE_FWDLOOK 1.67, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66) Now, clearly, rules form /etc/mail/spamassassin/*.cf are being read, since the SARE rulesets are triggering on both - only the one custom rule appears to be ignored. Oddly, running a lint check shows no problems; quite the opposite, in fact, as the file is read, and no errors are produced: [14995] dbg: config: read file /etc/mail/spamassassin/99_petrosun.cf The file itself, as well as the permissions and ownership are the same on all three servers. I've tried issuing both "MailScanner reload" and "MailScanner restart" to no avail. Any ideas as to what's going on here are welcome. Thanks! -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060731/4150a9d1/attachment.html From TGFurnish at herffjones.com Mon Jul 31 16:06:18 2006 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Mon Jul 31 16:06:37 2006 Subject: A quick and easy performance improvement Message-ID: <57573D714A832C43B9D80EAFBDA48D03013570E4@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Alex Neuman van der Hans > Richard Lynch wrote: > > So, we split / and /var (and others). I think all of our > unix systems > > are that way. Is this a bad practice? > > -- Rich > > > > It isn't. It's just *traditional*. You could set up processes > that let you know *beforehand* that your rootfs is getting filled up. > > And you can always log on using a rescue CD, unless it's > impractical for geographic reasons, for example. Setting up alarms for filling filesystems won't help you out if they fill too quickly to catch. Log rotation and space-monitoring aren't sufficient protection from a filled /. With MailScanner typically also running as root, the feature of many systems where a certain number of process table entries and file-system blocks are reserved for the root user to use in case of a crash also won't help. I appreciated the original post -- I had never really thought about the increase in io time caused by separate filesystems. But on the other hand I never let applications write to / -- to my traditional way of thinking, that's broken behavior. They can write to /var, /tmp, /home, or whatever fs/directory has been set up for them, but never to /, /usr, /bin, or /etc. In some Oses these filesystems are even mounted read-only. Besides avoiding disk space starvation on /, I also use separate filesystems because sometimes I make heavy use of ACLs, which can cause other headaches. I try to restrict the usage of ACLs as much as possible, so only those filesystems that need them have them. I do like the idea of holding the bayes files in ram -- but Julian's suggestion that a simple cp command is sufficient for copying that database seems hard to believe -- seems likely that would lead to a corrupted database that wouldn't be useful for recovery later. I would assume you need to stop MailScanner before copying the file. And since we're talking about tmpfs, "recovery" will need to happen after every server restart, so it's not an infrequent thing. From ashok at netcore.co.in Mon Jul 31 16:19:02 2006 From: ashok at netcore.co.in (Ashok kumar) Date: Mon Jul 31 16:21:02 2006 Subject: Error in Maillog : Failed to create message structures .. Message-ID: <44CE1F66.5060609@netcore.co.in> Hii , I am constantly getting this error message in maillog "Failed to create message structures for AA477784ED.CE0AA, dropping it from the batch". Can any one please tell what is going wrong and how to overcome such problem. I am using Postfix, MS and SA setup having following version. Postfix : 2.2.5 MailScanner : 4.44.6 SpamAssassin : 3.1.0 I hope some one respond immediately ...... -------------- next part -------------- A non-text attachment was scrubbed... Name: ashok.vcf Type: text/x-vcard Size: 368 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060731/255b2ce8/ashok.vcf From glenn.steen at gmail.com Mon Jul 31 16:38:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jul 31 16:38:52 2006 Subject: Settings Questions In-Reply-To: <1154356222.5553.3.camel@doit-b8wsw21.grand-rapids.mi.us> References: <1154356222.5553.3.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: <223f97700607310838o45cf1b16hb4b709a88f6ef500@mail.gmail.com> On 31/07/06, Golden, James wrote: > > Hi all, > > QUESTION 1: I am trying to find the settings that let Mailscanner know to > use bayes, dcc, pyzor, razor. I didn't see anything in MailScanner.conf. > But I did find, under the MCP folder, a file called > "mcp.pspam.assassin.prefs.conf" In there were these settings: > > ok_locales en > > skip_rbl_checks 1 > > use_bayes 0 > use_dcc 0 > use_pyzor 0 > use_razor1 0 > use_razor2 0 > > decode_attachments 1 > > > Does this mean that I'm not using any of these services, or is there > another conf file I am misisng? > (snip) Nope. It means MCP isn't using them (and rightly so:). In modern SA, the inclusion/use of the features you mention (apart from bayes) is controlled by whether you've loaded the corresponding plugin or not. The setting is in your *.pre files (usually /etc/mail/spamassassin/*.pre). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From daniel.maher at ubisoft.com Mon Jul 31 16:39:06 2006 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon Jul 31 16:39:11 2006 Subject: A quick and easy performance improvement Message-ID: <1E293D3FF63A3740B10AD5AAD88535D20226D03D@UBIMAIL1.ubisoft.org> Hello, I actually hold the bayes files on a ram disk, and it is /much/ faster than putting in on a hard disk of any type, in any configuration. Julian's suggestion (a simple cp command) is, in fact, sufficient. I have successfully recovered from a system crash using the method. For reference, my mail servers handle around half a million pieces of mail per day, so the bayes databases are massive... -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator Sentio aliquos togatos contra me conspirare. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Furnish, Trever G Sent: Monday, July 31, 2006 11:06 AM To: MailScanner discussion Subject: RE: A quick and easy performance improvement I do like the idea of holding the bayes files in ram -- but Julian's suggestion that a simple cp command is sufficient for copying that database seems hard to believe -- seems likely that would lead to a corrupted database that wouldn't be useful for recovery later. I would assume you need to stop MailScanner before copying the file. And since we're talking about tmpfs, "recovery" will need to happen after every server restart, so it's not an infrequent thing. From glenn.steen at gmail.com Mon Jul 31 16:42:57 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jul 31 16:43:07 2006 Subject: --lint issue In-Reply-To: <1154357385.5553.9.camel@doit-b8wsw21.grand-rapids.mi.us> References: <1154357385.5553.9.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: <223f97700607310842m64b5b4e9we0458f006fd55b45@mail.gmail.com> On 31/07/06, Golden, James wrote: > > I'm not sure what this is telling me. Can someone translate? > > [8463] dbg: plugin: fixed relative path: > /var/lib/spamassassin/3.001003/updates_spamassassin_org/80_additional.cf > [8463] dbg: config: using > "/var/lib/spamassassin/3.001003/updates_spamassassin_org/80_additional.cf" > for included file > [8463] dbg: config: read file > /var/lib/spamassassin/3.001003/updates_spamassassin_org/80_additional.cf > [8463] warn: config: failed to parse line, skipping: od to avoid FPs with > other rules. > Seems a comment (or similar) has "wrapped" onto the next line in that file and is being ignored. Search the file for "od to avoid FPs with other rules"... A bungled sa-update, no doubt:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Mon Jul 31 16:46:20 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 31 16:46:59 2006 Subject: Settings Questions In-Reply-To: <1154356839.5553.6.camel@doit-b8wsw21.grand-rapids.mi.us> References: <1154356222.5553.3.camel@doit-b8wsw21.grand-rapids.mi.us> <1154356839.5553.6.camel@doit-b8wsw21.grand-rapids.mi.us> Message-ID: Golden, James spake the following on 7/31/2006 7:40 AM: > Forget question 2 I figured that out! :-) > > On Mon, 2006-07-31 at 10:30 -0400, Golden, James wrote: >> Hi all, >> >> QUESTION 1: I am trying to find the settings that let Mailscanner >> know to use bayes, dcc, pyzor, razor. I didn't see anything in >> MailScanner.conf. But I did find, under the MCP folder, a file called >> "mcp.pspam.assassin.prefs.conf" In there were these settings: >> >> ok_locales en >> >> skip_rbl_checks 1 >> >> use_bayes 0 >> use_dcc 0 >> use_pyzor 0 >> use_razor1 0 >> use_razor2 0 >> >> decode_attachments 1 >> >> >> Does this mean that I'm not using any of these services, or is there >> another conf file I am misisng? >> Look in /etc/MailScanner/spam.assassin.prefs.conf -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jul 31 16:48:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 31 16:50:24 2006 Subject: SA ignoring a ruleset? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D039@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D039@UBIMAIL1.ubisoft.org> Message-ID: Daniel Maher spake the following on 7/31/2006 7:59 AM: > Hello all, > > > > I have three incoming mail servers, each identical hardware and software > configurations, running MailScanner 4.51.6 and SpamAssassin 3.1.1. > There is a custom ruleset, ?99_petrosun.cf?, located in > /etc/mail/spamassassin/ on all three servers. The ruleset is very > simple, and is designed to identify a specific type of spam that we?ve > been getting tonnes of lately. > > > > Unfortunately, /one/ of my three servers appears to be ignoring it. I?m > really not sure why. Two of my servers produce logs such as this: > > > > Jul 31 10:26:53 elmer MailScanner[6645]: Message 41DA34BB78.01E46 from > 65.54.246.204 (ubitest2006@hotmail.com) to ubisoft.com is spam, > SpamAssassin (score=34.986, required 6, autolearn=disabled, > MSGID_FROM_MTA_HEADER 0.00, PETROSUN01 10.00, PETROSUN02 10.00, > PETROSUN03 10.00, SARE_FWDLOOK 1.67, SARE_MLB_Stock1 1.66, > SARE_MLB_Stock6 1.66) > > > > The server that isn?t identifying properly produces this: > > > > Jul 31 10:32:07 marvin MailScanner[14159]: Message BB3334BB48.736B5 from > 65.54.246.105 (ubitest2006@hotmail.com) to ubisoft.com is not spam, > SpamAssassin (score=4.986, required 6, MSGID_FROM_MTA_HEADER 0.00, > SARE_FWDLOOK 1.67, SARE_MLB_Stock1 1.66, SARE_MLB_Stock6 1.66) > > > > Now, clearly, rules form /etc/mail/spamassassin/*.cf are being read, > since the SARE rulesets are triggering on both ? only the one custom > rule appears to be ignored. Oddly, running a lint check shows no > problems; quite the opposite, in fact, as the file is read, and no > errors are produced: > > > > [14995] dbg: config: read file /etc/mail/spamassassin/99_petrosun.cf > > > > The file itself, as well as the permissions and ownership are the same > on all three servers. I?ve tried issuing both ?MailScanner reload? and > ?MailScanner restart? to no avail. Any ideas as to what?s going on here > are welcome. Have you tried re-copying the rule? Maybe it is corrupted in some way. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jul 31 16:53:59 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jul 31 16:55:18 2006 Subject: SOLVED: RE: Some mail (up to 7 days old) is stuck in /var/spool/mqueue In-Reply-To: References: <97FD54B5E57A1842AA1A4B232E4761172D8F0C@ati-ex-02.ati.local> <44CD6A24.7050000@grayonline.id.au> Message-ID: Julian Field spake the following on 7/31/2006 1:58 AM: > > On 31 Jul 2006, at 03:25, James Gray wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Scott Silva wrote: >>> >>>> This is an excellent and helpful bunch of people! I even hit this >>>> place on the >>>> weekends when I am not busy. >>> I was going to make some joke and tell you that you need a life. >>> Then I >>> went back through my sent items to this list and realised most of my >>> posts are done on weekends and after-hours. >>> >>> We're a sad bunch. >>> >>> ;) > > Ah, but whose working hours? This is a truly global mailing list, > about 80 countries are represented here. And most likely 18 to 20 timezones. I just didn't think some of the zones in the middle of the ocean get a lot of spam :-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From rich at mail.wvnet.edu Mon Jul 31 18:12:42 2006 From: rich at mail.wvnet.edu (Richard Lynch) Date: Mon Jul 31 18:12:51 2006 Subject: A quick and easy performance improvement In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D20226D03D@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D20226D03D@UBIMAIL1.ubisoft.org> Message-ID: <44CE3A0A.9060102@mail.wvnet.edu> Daniel Maher wrote: > Hello, > > I actually hold the bayes files on a ram disk, and it is /much/ faster than putting in on a hard disk of any type, in any configuration. > > Julian's suggestion (a simple cp command) is, in fact, sufficient. I have successfully recovered from a system crash using the method. > > For reference, my mail servers handle around half a million pieces of mail per day, so the bayes databases are massive... > > Mine too. We do about 700,000/mpd and my bayesDBs grows to about 1.3G. I, too, like the ram disk idea but I don't have 1.5G of ram to spare. Moving bayes to /var was a huge improvement for me. I'd guess that using ram would be phenomenal! ~rich -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060731/ff4b6ee0/rich.vcf